WO2018112895A1 - Procédé de transfert, terminal et maître de domaine - Google Patents

Procédé de transfert, terminal et maître de domaine Download PDF

Info

Publication number
WO2018112895A1
WO2018112895A1 PCT/CN2016/111751 CN2016111751W WO2018112895A1 WO 2018112895 A1 WO2018112895 A1 WO 2018112895A1 CN 2016111751 W CN2016111751 W CN 2016111751W WO 2018112895 A1 WO2018112895 A1 WO 2018112895A1
Authority
WO
WIPO (PCT)
Prior art keywords
master node
terminal
domain
target domain
domain master
Prior art date
Application number
PCT/CN2016/111751
Other languages
English (en)
Chinese (zh)
Inventor
姜彤
董晨
李强
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2016/111751 priority Critical patent/WO2018112895A1/fr
Priority to CN201680091809.7A priority patent/CN110114987B/zh
Publication of WO2018112895A1 publication Critical patent/WO2018112895A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/16Performing reselection for specific purposes
    • H04W36/18Performing reselection for specific purposes for allowing seamless reselection, e.g. soft reselection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/11Arrangements specific to free-space transmission, i.e. transmission through air or vacuum
    • H04B10/114Indoor or close-range type systems
    • H04B10/116Visible light communication

Definitions

  • the present invention relates to the field of optical wireless communication technologies, and in particular, to a handover method, a terminal, and a domain master node.
  • Optical Wireless Communication refers to all optical communication without using cables (such as optical fibers).
  • Visible Light Communication (VLC) and infrared communication are all communication methods in optical wireless communication.
  • VLC refers to the way of communicating using the visible light spectrum (380 nm - 780 nm). It has sufficient spectrum resources and is unlicensed frequency band, which can be used free of charge; it is environmentally friendly, has no electromagnetic pollution, can be used in electromagnetic interference sensitive environment, and is safe for human body; in addition, it has better security, because VLC transmission can only be limited to light energy. The place where it is irradiated, so VLC has strong security of confidentiality. Recently, VLC communication has received more and more attention from academia and industry. It can be expected that VLC will become a widely used communication technology in the future.
  • the International Telecommunication Union Telecommunication Standardization Sector (ITU-T) is developing a VLC standard for indoor applications, namely G.vlc.
  • the network topology that the VLC system can support includes a coordinated topology and a star topology.
  • the coordinated topology is a unified coordination of networks of multiple star topologies through a global master (GM).
  • GM global master
  • the VLC network of each star topology is called a domain, and the VLC network of each coordinated topology includes one or more domains to form a cluster. If the domain works in the security mode, there should be a security controller (SC) in each domain, which is responsible for the security authentication and key management of the terminal (EndPoint, EP).
  • SC security controller
  • the same device can serve as both a Domain Master (DM) and an SC.
  • the SC can also be on a different device than the DM.
  • GM can perform interference coordination of neighbor DMs, and assist EP to switch between different DMs.
  • a GM is included, and DM1-DM3 has three DMs. Domain1 corresponding to DM1 is connected to EP1 and EP2, Domain 2 corresponding to DM2 is connected to EP3, and Domain3 corresponding to DM3 is connected to EP4.
  • the three domains form a cluster.
  • network admission includes a registration process; when the domain operates in a secure mode, network admission includes two processes of registration and authentication. After completing the registration, the DM will assign the terminal a unique short address (DEVICE_ID) within the domain.
  • DEVICE_ID unique short address
  • the EP Since the EP is mobile, there is a case of switching from one domain to another. If the two processes of registration and authentication are required to perform the service transmission with the new DM, the delay will be very large, and if the link with the original DM is interrupted before the EP completes the authentication with the new DM, This will cause the transmission of the service to be interrupted.
  • the embodiment of the invention provides a handover method, a terminal, and a domain master node, which can reduce the delay of the terminal when the domain is switched, and ensure that the service transmission is performed normally.
  • a first aspect of the present invention provides a handover method applied to an optical wireless communication system, including:
  • the target domain security controller or the target domain master node is authenticated.
  • the preset rule is:
  • the terminal is in a domain where the target domain primary node is located, and the terminal does not currently need to perform domain switching;
  • the terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.
  • the method further includes:
  • the terminal Transmitting, by the terminal, a handover request to the target domain primary node, where the handover request includes the end Short address of the end, current domain master node information, and bandwidth resource request information;
  • the target domain master node accepts the handover request of the terminal, acquiring the bandwidth resource allocated by the target domain master node.
  • the method further includes:
  • the terminal uses the bandwidth resource allocated by the target domain master node to communicate with the target domain master node for a preset time, determine the need and the target domain security according to a preset rule.
  • the controller or the target domain master node performs authentication, and the terminal sends a registration request to the target domain master node, performs registration, and acquires a new short address allocated by the target domain node;
  • the authentication request is sent to the target domain security controller or the target domain master node for authentication;
  • the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.
  • the method further includes:
  • a re-registration request to the target domain primary node, where the re-registration request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;
  • the target domain master node accepts the re-registration request of the terminal, acquiring a bandwidth resource and a new short address allocated by the target domain master node.
  • the method further includes:
  • the current domain master node accepts the re-registration request of the terminal, acquiring a bandwidth resource and a new short address allocated by the target domain master node.
  • the method further includes:
  • the allocated resources including the allocated short address and the allocated bandwidth resource.
  • the short address of the terminal is grouped by the global master node for all available short addresses, and then one of the packets corresponding to the current domain master node is allocated to the current domain master node, and then The current domain master node selects and assigns to the terminal from the corresponding group.
  • the terminal uses a short address of the terminal when communicating with the current domain master node, and uses the new short address when the terminal communicates with the target domain master node;
  • the terminal After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node If the authentication is performed, the terminal sends an authentication request to the target domain security controller or the target domain master node to perform authentication;
  • the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.
  • the cluster public key is generated by a global master node
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the cluster public key is obtained when the terminal is authenticated by the current domain security controller or the current domain master node when entering the network;
  • the cluster public key is obtained when the terminal is authenticated by the current domain master node and the primary security controller, and the primary security controller is used to perform unified authentication on the terminals joining all the domains of the cluster, and the unified authentication is performed.
  • the latter terminal does not need to be authenticated again when performing intra-cluster handover.
  • the method before selecting the target domain master node, the method further includes:
  • a second aspect of the present invention provides a handover method applied to an optical wireless communication system, including:
  • the target domain master node allocates bandwidth resources to the terminal after agreeing to the handover;
  • the cluster public key is obtained when the terminal authenticates with the current domain security controller or the current domain master node when the terminal enters the network;
  • the cluster public key is generated by the global master node.
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the short address used by the terminal to communicate with the domain master node is grouped by the global master node for all available short addresses, and then the packets are correspondingly allocated to the domain master nodes, when When the terminal and one of the domain master nodes successfully register, the terminal is selected and assigned to the terminal by the domain master node from the group allocated by the global master node.
  • a third aspect of the present invention provides a terminal, which is applied to an optical wireless system, and includes:
  • a selecting unit configured to select a target domain master node if the terminal needs to perform domain switching
  • An obtaining unit configured to acquire a bandwidth resource allocated by the target domain primary node
  • a communication unit configured to communicate with the target domain master node by using a bandwidth resource allocated by the target domain master node before completing the authentication with the target domain master node, where the terminal and the target domain master node Frames transmitted during communication are encrypted using the cluster public key.
  • the terminal further includes:
  • a determining unit configured to determine, according to a preset rule, whether the target domain security controller or the target domain is required, after the communication with the target domain master node is used to reach a preset time by using the bandwidth resource allocated by the target domain master node
  • the primary node performs authentication
  • the communication unit is further configured to perform authentication with the target domain security controller or the target domain master node if the preset rule is met.
  • the preset rule is:
  • the terminal is in a domain where the target domain primary node is located, and the terminal does not currently need to perform domain switching;
  • the terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.
  • the communication unit is further configured to:
  • the selecting unit selects the target domain primary node, sending a handover request to the target domain primary node, where the handover request includes the short address of the terminal, current domain primary node information, and bandwidth resource request information;
  • the target domain master node accepts the handover request of the terminal, instructing the acquiring unit to acquire the bandwidth resource allocated by the target domain primary node.
  • the communication unit is further configured to:
  • the selecting unit selects the target domain primary node, sending a handover request to the current domain primary node, where the handover request includes the short address of the terminal, the target domain primary node information, and bandwidth resource request information;
  • the acquiring unit is instructed to acquire the bandwidth resource allocated by the target domain master node.
  • the terminal uses the bandwidth resource allocated by the target domain master node to communicate with the target domain master node for a preset time, determine the need and the target domain security according to a preset rule.
  • the controller or the target domain master node performs authentication, and the communication unit is further configured to send a registration request to the target domain master node, perform registration, and acquire a new short address allocated by the target domain node;
  • the authentication request is sent to the target domain security controller or the target domain master node for authentication;
  • the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.
  • the communication unit is further configured to:
  • the selection unit selects the target domain primary node, sending a re-injection to the target domain primary node
  • the request for re-registration includes the short address of the terminal, current domain master node information, and bandwidth resource request information;
  • the target domain master node accepts the re-registration request of the terminal, instructing the acquiring unit to acquire the bandwidth resource and the new short address allocated by the target domain primary node.
  • the communication unit is further configured to:
  • the selecting unit selects the target domain master node, sending a re-registration request to the current domain master node, where the re-registration request includes the short address, the current domain master node information, and the bandwidth resource request information of the terminal;
  • the target domain master node accepts the re-registration request of the terminal, instructing the acquiring unit to acquire the bandwidth resource and the new short address allocated by the target domain primary node.
  • the communication unit is further configured to:
  • the allocated resources including the allocated short address and the allocated bandwidth resource.
  • the short address of the terminal is grouped by the global master node for all available short addresses, and then one of the packets corresponding to the current domain master node is allocated to the current domain master node, and then The current domain master node selects and assigns to the terminal from the corresponding group.
  • the communication unit is further configured to use a short address of the terminal when communicating with the current domain master node, and use the new short address when communicating with the target domain master node;
  • the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node And performing the authentication, where the communication unit is further configured to send an authentication request to the target domain security controller or the target domain master node to perform authentication;
  • the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.
  • the cluster public key is generated by a global master node
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the cluster public key is obtained when the terminal is authenticated by the current domain security controller or the current domain master node when entering the network;
  • the cluster public key is obtained when the terminal is authenticated by the current domain master node and the primary security controller, and the primary security controller is used to perform unified authentication on the terminals joining all the domains of the cluster, and the unified authentication is performed.
  • the latter terminal does not need to be authenticated again when performing intra-cluster handover.
  • the selecting unit is further configured to receive information about other domain master nodes in the cluster that are sent by the current domain master node by using a media access plan frame or a dedicated message.
  • a fourth aspect of the present invention provides a terminal, which is applied to an optical wireless communication system, and includes:
  • a processor a memory, an interface circuit, and a bus, wherein the processor, the memory, and the interface circuit are connected by a bus, wherein the memory is configured to store a set of program codes, and the processor is configured to call the program code stored in the memory , do the following:
  • the processor is further configured to:
  • the target domain security controller or the target domain master node After the communication with the target domain master node reaches the preset time by using the bandwidth resource allocated by the target domain master node, it is determined according to a preset rule whether the target domain security controller or the target domain master node needs to be authenticated;
  • the target domain security controller or the target domain master node is authenticated.
  • the preset rule is:
  • the terminal is in a domain where the target domain primary node is located, and the terminal does not currently need to perform domain switching;
  • the terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.
  • the processor is further configured to:
  • the handover request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;
  • the target domain master node accepts the handover request of the terminal, acquiring the bandwidth resource allocated by the target domain master node.
  • the processor is further configured to:
  • the handover request includes a short address of the terminal, the target domain primary node information, and bandwidth resource request information;
  • the terminal uses the bandwidth resource allocated by the target domain master node to communicate with the target domain master node for a preset time, determine the need and the target domain security according to a preset rule.
  • the controller or the target domain master node performs authentication, and the processor is further configured to send a registration request to the target domain master node, perform registration, and acquire a new short address allocated by the target domain node;
  • the authentication request is sent to the target domain security controller or the target domain master node for authentication;
  • the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.
  • the processor is further configured to:
  • the target domain primary node Sending a re-registration request to the target domain primary node, where the re-registration request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;
  • the target domain master node accepts the re-registration request of the terminal, acquiring the target domain master The bandwidth resource allocated by the node and the new short address.
  • the processor is further configured to:
  • the re-registration request includes the short address of the terminal, the target domain primary node information, and bandwidth resource request information;
  • the current domain master node accepts the re-registration request of the terminal, acquiring a bandwidth resource and a new short address allocated by the target domain master node.
  • the processor is further configured to:
  • the allocated resources including the allocated short address and the allocated bandwidth resource.
  • the short address of the terminal is grouped by the global master node for all available short addresses, and then one of the packets corresponding to the current domain master node is allocated to the current domain master node, and then The current domain master node selects and assigns to the terminal from the corresponding group.
  • the terminal uses a short address of the terminal when communicating with the current domain master node, and uses the new short address when the terminal communicates with the target domain master node;
  • the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node And performing the authentication, where the processor is further configured to send an authentication request to the target domain security controller or the target domain master node for authentication;
  • the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.
  • the cluster public key is generated by a global master node
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the cluster public key is obtained when the terminal is authenticated by the current domain security controller or the current domain master node when entering the network;
  • the cluster public key is the current domain master node and the primary security controller when the terminal enters the network.
  • the primary security controller is used to perform unified authentication on the terminals that join all the domains of the cluster, and the terminal after the unified authentication does not need to be authenticated again when performing intra-cluster handover.
  • the processor before selecting the target domain master node, is further configured to:
  • a fifth aspect of the present invention provides a domain master node, which is applied to an optical wireless communication system, and includes:
  • An allocating unit configured to: if the terminal needs to perform domain switching, the domain master node allocates a bandwidth resource to the terminal after agreeing to the handover;
  • a communication unit configured to communicate with the terminal by using the allocated bandwidth resource and a cluster public key before completing the authentication with the terminal;
  • the domain master node is a target domain master node that performs domain switching on the terminal, and the frame transmitted by the target domain master node when communicating with the terminal is encrypted by using a cluster public key.
  • the cluster public key is obtained when the terminal authenticates with the current domain security controller or the current domain master node when the terminal enters the network;
  • the cluster public key is generated by the global master node.
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the short address used by the terminal to communicate with the domain master node is grouped by the global master node for all available short addresses, and then the packets are correspondingly allocated to the domain master nodes, when When the terminal and one of the domain master nodes successfully register, the terminal is selected and assigned to the terminal by the domain master node from the group allocated by the global master node.
  • a sixth aspect of the present invention provides a domain master node, which is applied to an optical wireless communication system, and includes:
  • a processor a memory, an interface circuit, and a bus, wherein the processor, the memory, and the interface circuit are connected by a bus, wherein the memory is configured to store a set of program codes, and the processor is configured to call the program code stored in the memory , do the following:
  • the processor allocates a bandwidth resource to the terminal after agreeing to the handover;
  • the cluster public key is obtained when the terminal authenticates with the current domain security controller or the current domain master node when the terminal enters the network;
  • the cluster public key is generated by the global master node.
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the short address used by the terminal to communicate with the domain master node is grouped by the global master node for all available short addresses, and then the packets are correspondingly allocated to the domain master nodes, when When the terminal and one of the domain master nodes successfully register, the terminal is selected and assigned to the terminal by the domain master node from the group allocated by the global master node.
  • the embodiment of the present invention provides a computer storage medium, the computer storage medium comprising a set of program code, for performing the method according to any implementation manner of the first aspect of the embodiment of the present invention.
  • the present invention provides a computer storage medium comprising a set of program code for performing a method as described in any one of the first aspects of the embodiments of the present invention.
  • the embodiment of the present invention provides a computer storage medium, the computer storage medium comprising a set of program code, for performing the method according to any implementation manner of the second aspect of the embodiment of the present invention.
  • the terminal may communicate with the target domain master node by using the bandwidth resource allocated by the target domain master node and the cluster public key before completing the authentication with the target domain master node;
  • secure communication can be ensured without re-registration authentication, which avoids interruption of the current DM link during the authentication process, which causes service interruption, reduces service interruption time caused by handover, and ensures security during handover.
  • the process of determining whether to perform authentication is performed only when the preset rule is met, and the target DM is authenticated. Otherwise, the authentication is not performed, so that the EP does not execute when it "passes quickly" in a certain domain during the handover process.
  • the registration authentication process reduces signaling overhead and avoids waste of resources. By short-addressing and then allocating, it is possible to avoid a short address conflict problem that may occur when the EP is simultaneously communicating with two or more DMs at the same time, or when two or more domains are simultaneously in the handover process.
  • FIG. 1 is a schematic diagram of a system architecture for coordinating a topology in a visible light communication network
  • FIG. 2 is a schematic flowchart of a first embodiment of a handover method according to the present invention
  • FIG. 3 is a schematic flowchart of a second embodiment of a handover method according to the present invention.
  • FIG. 4 is a schematic flowchart of a third embodiment of a handover method according to the present invention.
  • FIG. 5 is a schematic flowchart diagram of a fourth embodiment of a handover method according to the present invention.
  • FIG. 6 is a schematic flowchart of a fifth embodiment of a handover method according to the present invention.
  • FIG. 7 is a schematic flowchart diagram of a sixth embodiment of a handover method according to the present invention.
  • FIG. 8 is a schematic flowchart diagram of a seventh embodiment of a handover method according to the present invention.
  • FIG. 9 is a schematic flowchart of an eighth embodiment of a handover method according to the present invention.
  • FIG. 10 is a schematic structural diagram of a first embodiment of a terminal according to the present invention.
  • FIG. 11 is a schematic structural diagram of a second embodiment of a terminal according to the present invention.
  • FIG. 12 is a schematic structural diagram of a first embodiment of a domain master node according to the present invention.
  • FIG. 13 is a schematic structural diagram of a second embodiment of a domain master node according to the present invention.
  • optical wireless communication may be a visible light communication, an infrared communication, or the like.
  • visible light communication For the convenience of description, the embodiment of the present invention is described by using visible light communication. Those skilled in the art should understand that the embodiment in the embodiment of the present invention can also be used. It is applicable to other optical wireless communication systems, and is not limited in any embodiment of the present invention.
  • FIG. 1 is a schematic diagram of a system architecture for coordinating a topology in a visible light communication network.
  • the primary node of the domain which is also the network access point, is responsible for managing the registration, resource scheduling, coordination, and handover of new devices in the domain.
  • Target DM The DM of the domain to which the EP is to be switched.
  • the terminal performs network access and data transmission through a link such as visible light communication or infrared communication with the DM.
  • the product form may be a mobile phone, a pad, a notebook computer or the like.
  • the global master node coordinates the operation of multiple domains through the backhaul link and the defined interface with the DM, such as interference coordination and handover.
  • the GM can also act as a public security controller for multiple domains, responsible for the security certification of all domains and their nodes that are coordinated.
  • GW Gateway, the source of the EP's business.
  • the EP accesses the network through the AP, and the data source of the AP may be a gateway.
  • the security controller the entity responsible for security authentication and key management in the domain, generally belongs to the same node as the DM, and may belong to different nodes.
  • a GM is included, and DM1-DM3 has three DMs. Domain1 corresponding to DM1 is connected to EP1 and EP2, Domain 2 corresponding to DM2 is connected to EP3, and Domain3 corresponding to DM3 is connected to EP4.
  • the three domains form a cluster.
  • EP1 needs to switch from Domain1 to Domain2 or Domain3, it can communicate with the target DM after it needs to register and authenticate with the target DM. This will cause the service with the current DM to be interrupted, and new registration will be performed each time. And the authentication, the delay is also very large, which is not conducive to the good conduct of the business, and is not conducive to the user experience.
  • the handover method includes the following steps:
  • the EP may select according to factors such as the signal to noise ratio (SNR) of the received neighbor DM signal and the bandwidth resource utilization (bandwidth availability) in the domain of the neighbor DM. For example, if the SNR of the signal of the neighboring DM is high, the neighboring DM may be selected to perform the handover. If the SNR of the signal of the neighboring DM is low, the neighboring DM handover with a higher SNR may not be switched or selected. If the bandwidth resource utilization is low, you can select the neighbor DM to switch. If the bandwidth resource utilization of the neighbor DM is high, you can switch or select other neighbor DMs with lower bandwidth resource utilization.
  • SNR signal to noise ratio
  • bandwidth resource utilization bandwidth resource utilization
  • the terminal may receive information about other domains in the cluster that are sent by the current domain primary node by using a Media Access Plan (MAP) frame or a dedicated message, where the information includes other
  • MAP Media Access Plan
  • the domain master node information may also include terminal information of other domains in the cluster.
  • the terminal may select the reference information of the target domain master node when the domain is switched, and may also determine the available range of the cluster public key, and the terminal may initiate a handover to the domain within the usable range.
  • the EP should obtain other domain information in the cluster from the current DM, in particular, information about the DM, such as a Media Access Control (MAC) address, and may also include parameters of other domains.
  • Information about each EP is sent by the GM to the DM of each domain.
  • the DM of each domain can send the information of other domains of the cluster to the EP of the local domain through the MAP frame or a dedicated message.
  • the EP can only perform handover according to the method described in the embodiment of the present invention when other domains in the cluster are detected.
  • the information exchange with the current DM and the target DM is performed to confirm the handover, and the bandwidth resource allocated by the target DM is obtained.
  • the frame transmitted when the terminal communicates with the target domain master node is encrypted by using a cluster public key.
  • the EP can perform the target DM before the authentication with the target DM is completed. Secure communication.
  • cluster public key A public encryption key, called a cluster public key, can be used for inter-domain communication or "temporary transfer" state encrypted communication when switching.
  • the method for generating the cluster public key may be, but not limited to, one of the following methods:
  • the cluster public key is generated by the global master node.
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the GM may also periodically update the cluster public key and deliver the updated cluster public key to each EP in time.
  • the EP obtains the cluster public key in such a manner that the SC or DM sends the cluster public key to the EP after each EP is successfully authenticated.
  • the SC and the DM are in the same node, it is equivalent to the DM being sent to the EP.
  • the SC and the DM are not in the same node, it is preferably sent by the SC to the EP, but may also be sent by the SC to the DM and sent by the DM to the EP. But no matter how it is sent, the frame carrying the cluster public key is encrypted.
  • a process of establishing a service flow with the target DM or establishing a communication link may be required before the EP communicates with the DM according to the bandwidth resource allocated by the target DM.
  • the target DM starts to perform the scheduling of the bandwidth resource.
  • the scheduling information is sent in the MAP frame.
  • EP1 can obtain the cluster public key.
  • EP1 can obtain the cluster public key.
  • it can use the cluster public key to perform service transmission in the "temporary transmission" state when switching.
  • frames that communicate with the target DM are encrypted using the cluster public key.
  • the two logical functional entities of the DM and the SC are at the same node. It can also not be on the same node.
  • a VLC network with a non-coordinating topology refers to an entity that is not responsible for centralized coordination among multiple VLC networks. The difference is that the "cluster public key" is obtained in a different way. It can be generated and generated by adjacent domains and then delivered to each authenticated EP.
  • a handover method is provided.
  • the terminal may use the bandwidth resource and the cluster public key allocated by the target domain primary node before completing the authentication with the target domain primary node.
  • the cluster public key it may be acquired when the terminal authenticates with the current domain security controller or the current domain master node when entering the network.
  • the terminal may be obtained when the terminal is authenticated by the current domain master node and the primary security controller, and the primary security controller is used to perform unified authentication on the terminals that join all the domains of the cluster, and the unified authentication is performed.
  • the terminal does not need to be authenticated again when performing intra-cluster switching.
  • each SC in the cluster may be located in the same device as the GM, or may not be in the same device, or may be served by the GM as the SC.
  • Each DM communicates with the SC over a backhaul link.
  • the EP enters the network, it authenticates with the SC or GM through the DM, so that the key that can be encrypted when communicating with other DMs is obtained, and in the handover process, it is not necessary to perform authentication again within the scope of the cluster.
  • the premise of not requiring re-authentication is that the EP key is still valid or still in the validity period. If the EP key has expired, it may still need to be authenticated again.
  • a unified cluster-wide authentication is proposed, so that the EP can ensure secure communication without re-authentication during the handover process, and avoid interruption of the current DM link during the authentication process, resulting in service interruption. It also makes the EP not perform the registration authentication process when the device quickly "passes" a certain domain during the handover process, which can reduce the signaling overhead.
  • the EP “fastly passes” a certain domain during the handover process, that is, during the terminal movement process, it may only pass through a certain domain.
  • EP1 wants to switch to Domain3
  • it needs to pass through Domain2 if it is to The DM2 is registered and verified, and the process is complicated and expensive, resulting in waste of resources.
  • this situation is more serious due to the smaller coverage of the VLC domain.
  • the handover method described in FIG. 3 can also be used for handover.
  • FIG. 3 it is a schematic flowchart of a second embodiment of a handover method according to the present invention.
  • the method includes the following steps:
  • the EP may select according to factors such as the signal to noise ratio (SNR) of the received neighbor DM signal and the bandwidth resource utilization (bandwidth availability) in the domain of the neighbor DM. For example, if the signal of the neighbor DM is higher, the SNR can be selected. If the neighbor DM performs the handover and the SNR of the neighbor DM is low, you can switch or select other neighbor DMs with higher SNR. If the bandwidth of the neighbor DM is lower, you can select the neighbor DM to switch. If the bandwidth resource utilization rate of the neighboring DM is higher, the neighboring DM switch with lower bandwidth resource utilization in other domains may not be switched.
  • SNR signal to noise ratio
  • bandwidth resource utilization bandwidth resource utilization
  • the EP Before determining that the UE needs to switch, the EP should obtain other domain information in the cluster from the current DM, especially the information of the DM (such as the MAC address), and may also include the parameters of other domains and the information of each EP.
  • the information is sent by the GM to the DM of each domain.
  • the DM of each domain can send the information of other domains of the cluster to the EP of the local domain through a Media Access Plan (MAP) frame or a dedicated message.
  • MAP Media Access Plan
  • the EP can only perform handover according to the method described in the embodiment of the present invention when other domains in the cluster are detected.
  • the information exchange with the current DM and the target DM is performed to confirm the handover, and the bandwidth resource allocated by the target DM is obtained.
  • the frame transmitted when the terminal communicates with the target domain master node is encrypted by using a cluster public key.
  • the EP can perform the target DM before the authentication with the target DM is completed. Communication.
  • cluster public key In a coordinated topology network, multiple domains are coordinated by the same GM to form a cluster.
  • Each cluster has a common encryption key, which can be called a cluster public key, which can be used for inter-domain communication or "temporary transmission" state encrypted communication when switching.
  • the method for generating the cluster public key may be, but not limited to, one of the following methods:
  • the cluster public key is generated by the global master node.
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the GM may also periodically update the cluster public key and deliver the updated cluster public key to each EP in time.
  • the EP obtains the cluster public key in such a manner that the SC or DM sends the cluster public key to the EP after each EP is successfully authenticated.
  • the SC and the DM are in the same node, it is equivalent to the DM.
  • EP When the SC and the DM are not in the same node, it is preferably sent by the SC to the EP, but may also be sent by the SC to the DM and sent by the DM to the EP. But no matter how it is sent, the frame carrying the cluster public key is encrypted.
  • a process of establishing a service flow with the target DM or establishing a communication link may be required before the EP communicates with the DM according to the bandwidth resource allocated by the target DM.
  • the target DM starts to perform the scheduling of the bandwidth resource.
  • the scheduling information is sent in the MAP frame.
  • EP1 can obtain the cluster public key.
  • EP1 can obtain the cluster public key.
  • the service transmission in the "temporary transmission" state is “temporary transmission”.
  • frames that communicate with the target DM are encrypted using the cluster public key.
  • the two logical functional entities of the DM and the SC are at the same node. It can also not be on the same node.
  • the preset time can be implemented by setting a timer, and the preset time can be the end of the timer, for example, becoming 0. Since the EP is in the mobile state, it will be removed from the domain of the target DM. At this time, the set timer Timer should be reset.
  • the preset rule may be:
  • the terminal is in the domain where the primary node of the target domain is located, and the terminal does not need to perform domain switching at present;
  • the terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.
  • the domain in which the terminal is located in the target domain primary node indicates that the terminal is still in the signal coverage of the target primary domain primary node, and maintains the communication link connection with the target domain primary node. If the terminal needs to perform domain switching, refer to the content in step S201, for example, according to the neighbor DM signal.
  • the SNR or the bandwidth resource utilization of the neighboring DM and other factors determine whether a handover is required, which is not limited in the embodiment of the present invention.
  • the terminal may not authenticate with the target DM. In this way, when more than two domains are continuously passed during the terminal mobile process, a large number of unnecessary registration and authentication processes are avoided, which can save a lot of resources and overhead, and improve the user experience.
  • a handover method is provided.
  • the terminal may use the bandwidth resource and the cluster public key allocated by the target domain primary node before completing the authentication with the target domain primary node.
  • the service interruption time of the incoming network ensures the secure transmission during the handover process.
  • the judgment process of whether to perform the authentication is added to the target DM only when the preset rule is met. Otherwise, the authentication is not performed, so that the EP is in the handover process.
  • the registration authentication process is no longer performed, which reduces signaling overhead and avoids waste of resources.
  • FIG. 4 it is a schematic flowchart of a third embodiment of the handover method according to the present invention.
  • the target domain master node is selected, and the method further includes:
  • the terminal Transmitting, by the terminal, a handover request to the target domain primary node, where the handover request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;
  • the target domain master node accepts the handover request of the terminal, acquiring the bandwidth resource allocated by the target domain master node.
  • the terminal After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node And performing authentication, the terminal sends a registration request to the target domain primary node, performs registration, and acquires a new short address allocated by the target domain node;
  • the authentication request is sent to the target domain security controller or the target domain master node for authentication;
  • the current domain node is notified to release the allocated resources of the terminal, where the The allocated resources include the assigned short address.
  • the short address of the terminal is grouped by the global primary node for all available short addresses, and then one of the packets corresponding to the current domain primary node is allocated to the current domain primary node, and then the current domain is The master node selects from the corresponding group and assigns to the terminal.
  • the method specifically includes the following steps:
  • the EP determines that it needs to switch, and selects the target DM.
  • the EP may select according to factors such as the SNR of the received neighbor DM signal and the bandwidth resource utilization (bandwidth availability) in the domain of the neighbor DM.
  • the EP Before determining that the UE needs to switch, the EP should obtain other domain information in the cluster from the DM, especially the information of the DM (such as the MAC address), and may also include the parameters of other domains and the information of each EP.
  • the information is sent by the GM to the DM of each domain.
  • the DM of each domain can send the information of other domains of the cluster to the EP of the local domain through the MAP frame or a dedicated message.
  • the EP can only switch according to the present invention when other domains in the cluster are detected.
  • the EP may select multiple target DMs.
  • the present embodiment describes a target DM as an example.
  • the EP sends a handover request to the target DM.
  • the switch request should contain:
  • the EP's own node information such as the Media Access Control (MAC) address, is the physical address, the short address (DEVICE_ID), and so on.
  • MAC Media Access Control
  • DEVICE_ID short address
  • the "current DM information" is information of the DM before the handover, information of the domain to which it belongs, and the like.
  • the bandwidth resource request information is used to request the target DM to allocate bandwidth resources for the EP.
  • dedicated resources may be allocated in the MAC period.
  • the dedicated resources may be dedicated to the handover process or may be used for contention, but the messages in the handover process are transmitted with the highest priority.
  • an Inter-Domain Communication Channel (IDCC) is reserved. In the IDCC, the message of the handover process is sent with the highest priority.
  • the GM is responsible for managing and allocating the total available DEVICE_ID. For example, there are 255 available DEVICE_IDs, and the GM groups the available DEVICE_IDs. Groups are assigned to a domain and sent to the DM of each domain. After receiving the EP registration, each domain DM can only specify the DEVICE_ID that can be used in its own DEVICE_ID group for the EP.
  • the target DM After receiving the handover request, the target DM determines whether to accept the request, and replies to the handover response.
  • the switch response should include: whether to accept the switch request, reason, etc.
  • the target DM may request the gateway (GW) to switch the downlink data service transmission path of the EP from the current DM to the target DM.
  • GW gateway
  • the target DM may determine whether to accept the handover request of the EP according to the downlink data transmission path switching situation (such as whether it is successful), the bandwidth resource availability in the local domain, and the like.
  • the target DM indicates to accept the handover of the EP in the handover response, the corresponding bandwidth resource should be allocated to the EP.
  • the target DM generally delivers the scheduling information of the bandwidth resource allocated to the EP through the MAP frame, and may also be delivered by using a handover response or other message.
  • the EP may enter a “temporary transmission” state.
  • the cluster public key is used to communicate with the target DM according to the resource allocated by the target DM. , continue the original business transmission.
  • cluster public key in a coordinated topology network, multiple domains are coordinated by the same GM to form a cluster.
  • Each cluster has a common encryption key, called a cluster public key, that can be used for inter-domain communication or "temporary transmission" state encrypted communication when switching.
  • the method for generating the cluster public key may be, but not limited to, one of the following methods:
  • the cluster public key is generated by the global master node.
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the GM can also periodically update the cluster public key and deliver the updated cluster public key to each EP in time.
  • the EP obtains the cluster public key in such a manner that the SC or DM sends the cluster public key to the EP after each EP is successfully authenticated.
  • the SC and the DM are in the same node, it is equivalent to the DM being sent to the EP.
  • the SC and the DM are not in the same node, it is preferably sent by the SC to the EP, but may also be sent by the SC to the DM and sent by the DM to the EP. But no matter how it is sent, the frame carrying the cluster public key is plus Send secretly.
  • a process of establishing a service flow with the target DM or establishing a communication link may be required before the EP communicates with the DM according to the resources allocated by the target DM.
  • the target DM starts to perform the scheduling of the bandwidth resource.
  • the scheduling information is sent in the MAP frame.
  • DM and SC are on the same node. It can also not be on the same node.
  • the EP may send a handover indication to the current DM, and notify the current DM that the DM has been switched to the domain where the new target DM is located. After receiving the handover indication, the current DM releases the bandwidth resource originally allocated to the EP.
  • the S406 determines whether the formal registration and authentication can be performed according to a preset rule. Perform the registration and certification process if needed.
  • the preset rules can be but are not limited to:
  • the terminal is in a domain where the target domain primary node is located, and the terminal does not currently need to perform domain switching;
  • the terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.
  • the preset time can be implemented by setting a timer, and the preset time can be the end of the timer, for example, becoming 0. Since the EP is in the mobile state, it will be removed from the domain of the target DM. At this time, the set timer Timer should be reset.
  • the terminal initiates a registration request to the target DM.
  • the target DM replies to the registration response to the terminal. If the registration is agreed, the terminal needs to be assigned a new short address and is included in the registration response.
  • the terminal initiates an authentication request to the target DM or the target SC. Not shown in the target SC map, it can be integrated with the target DM, or it can be set independently.
  • the target DM or the target SC performs an authentication process according to the received authentication request.
  • the terminal After the authentication succeeds, the terminal notifies the current DM to release the short address that has been allocated by the terminal.
  • the current DM releases the short address allocated to the terminal, and the handover is completed.
  • the target DM may send a notification to the current DM through the GM or backhaul link, so that the current DM can release all resources allocated to the handover EP.
  • DEVICE_ID It is also possible that the terminal directly sends a message to the current DM to notify the current DM to release all resources allocated to the terminal, in particular DEVICE_ID.
  • the EP leaves the target DM when the timer is not finished, and switches to the target DM2, it is also executed according to the above procedure, except that since the target DM does not need to allocate a short address for the EP, it is not necessary to release the corresponding DEVICE_ID resource.
  • the key acquisition and authentication process can be integrated and optimized.
  • the EP can ensure secure communication without re-registration authentication in the initial stage of the handover, and avoid interruption of the current DM link during the authentication process, thereby causing service interruption.
  • the EP does not perform the registration authentication process when the device quickly "passes" a certain domain during the handover process, thereby reducing the signaling overhead.
  • the DEVICE_ID allocation method is proposed to avoid the problem of ID conflict that may occur when the EP is simultaneously communicating with two (multiple) DMs at the same time, or in two (multiple) domains at the same time.
  • the service interruption time brought by the handover can be reduced. Ensure secure transmission during the handover process.
  • FIG. 5 is a schematic flowchart of a fourth embodiment of a handover method according to the present invention.
  • the target domain master node is selected, and the method further includes:
  • the terminal After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node Performing authentication, the terminal sends a registration request to the target domain master node, Row registration, obtaining a new short address assigned by the target domain node;
  • the authentication request is sent to the target domain security controller or the target domain master node for authentication;
  • the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.
  • the short address of the terminal is grouped by the global primary node for all available short addresses, and then one of the packets corresponding to the current domain primary node is allocated to the current domain primary node, and then the current domain is The master node selects from the corresponding group and assigns to the terminal.
  • the method specifically includes the following steps:
  • the EP determines that it needs to switch, and selects the target DM.
  • the EP may select according to factors such as the SNR of the received neighbor DM signal and the bandwidth resource utilization (bandwidth availability) in the domain of the neighbor DM.
  • the EP Before determining that the UE needs to switch, the EP should obtain other domain information in the cluster from the DM, especially the information of the DM (such as the MAC address), and may also include the parameters of other domains and the information of each EP.
  • the information is sent by the GM to the DM of each domain.
  • the DM of each domain can send the information of other domains of the cluster to the EP of the local domain through the MAP frame or a dedicated message.
  • the EP can only switch according to the present invention when other domains in the cluster are detected.
  • the EP can select multiple target DMs. This embodiment is described by taking a target DM as an example.
  • the EP sends a handover request to the current DM.
  • the switch request contains:
  • EP's own node information such as MAC address, DEVICE_ID, etc.
  • Target DM information is the target DM information to be switched, the information of the domain to which it belongs, etc.
  • the bandwidth resource request information is used to request the target DM to allocate bandwidth resources for the EP.
  • the GM is responsible for managing and allocating the total available DEVICE_ID. For example, there are 255 available DEVICE_IDs.
  • the GM groups the available DEVICE_IDs, each group is assigned to one domain, and is sent to each domain's DM. . After receiving the EP registration, each domain DM can only specify the DEVICE_ID that can be used in its own DEVICE_ID group for the EP.
  • the current DM After receiving the handover request, the current DM determines whether to accept the request, and replies to the response. Change the response.
  • the current DM may request the GW to switch the downlink data service transmission path of the EP from the current DM to the target DM through the GM or the backhaul link.
  • the current DM may determine whether to accept the handover request of the EP according to the downlink data transmission path switching situation (such as whether it is successful), the feedback result of the target DM (for example, whether its bandwidth resource is available), or the like.
  • the target DM allocates a bandwidth resource to the terminal.
  • the target DM generally delivers the scheduling information of the bandwidth resource allocated to the EP through the MAP frame, and may also be delivered by using a handover response or other message.
  • the EP After receiving the handover response of the current DM reply, and indicating that the handover is successful, the EP should enter a “temporary transmission” state. In this state, the cluster public key is used to communicate with the target DM according to the resource allocated by the target DM. , continue the original business transmission.
  • cluster public key In a coordinated topology network, multiple domains are coordinated by the same GM to form a cluster.
  • Each cluster has a common encryption key, called a cluster public key, that can be used for inter-domain communication or "temporary transmission" state encrypted communication when switching.
  • the method for generating the cluster public key may be, but not limited to, one of the following methods:
  • the cluster public key is generated by the global master node.
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the GM can also periodically update the cluster public key and deliver the updated cluster public key to each EP in time.
  • the EP obtains the cluster public key in such a manner that the SC or DM sends the cluster public key to the EP after each EP is successfully authenticated.
  • the SC and the DM are in the same node, it is equivalent to the DM being sent to the EP.
  • the SC and the DM are not in the same node, it is preferably sent by the SC to the EP, but may also be sent by the SC to the DM and sent by the DM to the EP. But no matter how it is sent, the frame carrying the cluster public key is encrypted.
  • a process of establishing a service flow with the target DM or establishing a communication link may be required before the EP communicates with the DM according to the resources allocated by the target DM.
  • the target DM starts to perform the scheduling of the bandwidth resource.
  • the scheduling information is sent in the MAP frame.
  • DM and SC are on the same node.
  • the EP may send a handover indication to the current DM, and notify the current DM that the DM has successfully switched to the domain where the new target DM is located. After receiving the handover indication, the current DM releases the bandwidth resource originally allocated to the EP.
  • the preset rule may be, but is not limited to, the terminal is in a domain where the target domain primary node is located, and the terminal does not currently need to perform domain switching; or
  • the terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.
  • the preset time can be implemented by setting a timer, and the preset time can be the end of the timer, for example, becoming 0. Since the EP is in the mobile state, it will be removed from the domain of the target DM. At this time, the set timer Timer should be reset.
  • the terminal initiates a registration request to the target DM.
  • the target DM replies to the registration response to the terminal. If the registration is agreed, the terminal needs to be assigned a new short address and is included in the registration response.
  • the terminal initiates an authentication request to the target DM or the target SC. Not shown in the target SC map, it can be integrated with the target DM, or it can be set independently.
  • the target DM or the target SC performs an authentication process according to the received authentication request.
  • the current DM releases the short address allocated to the terminal, and the handover is completed.
  • the target DM may send a notification to the current DM through the GM or backhaul link, so that the current DM can be released. All resources assigned to the switch EP, especially DEVICE_ID. It is also possible that the terminal directly sends a message to the current DM to notify the current DM to release all resources allocated to the terminal, in particular DEVICE_ID.
  • the EP leaves the target DM when the timer is not finished, and switches to the target DM2, it is also executed according to the above procedure, except that since the target DM does not need to allocate a short address for the EP, it is not necessary to release the corresponding DEVICE_ID resource.
  • the EP can ensure secure communication without re-registration authentication in the initial stage of the handover, and avoid interruption of the current DM link during the authentication process, thereby causing service interruption.
  • the EP does not perform the registration authentication process when the device quickly "passes" a certain domain during the handover process, thereby reducing the signaling overhead.
  • the DEVICE_ID allocation method is proposed to avoid the problem of ID conflict that may occur when the EP is simultaneously communicating with two (multiple) DMs at the same time, or in two (multiple) domains at the same time.
  • the service interruption time brought by the handover can be reduced. Ensure secure transmission during the handover process.
  • FIG. 6 is a schematic flowchart of a fifth embodiment of a handover method according to the present invention.
  • the target domain master node is selected, and the method further includes:
  • a re-registration request to the target domain primary node, where the re-registration request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;
  • the target domain master node accepts the re-registration request of the terminal, acquiring a bandwidth resource and a new short address allocated by the target domain master node.
  • the method further includes:
  • the allocated resources including the allocated short address and the allocated bandwidth resource.
  • the short address of the terminal is grouped by the global primary node for all available short addresses, and then one of the packets corresponding to the current domain primary node is allocated to the current domain primary node, and then the current domain is The master node selects from the corresponding group and assigns to the terminal.
  • the grouping of the short addresses is not limited in any embodiment of the present invention.
  • the method specifically includes the following steps:
  • the EP determines that it needs to switch, and selects the target DM.
  • the EP may select according to factors such as the SNR of the received neighbor DM signal and the bandwidth resource utilization (bandwidth availability) in the domain of the neighbor DM.
  • the EP Before determining that the UE needs to switch, the EP should obtain other domain information in the cluster from the DM, especially the information of the DM (such as the MAC address), and may also include the parameters of other domains and the information of each EP.
  • the information is sent by the GM to the DM of each domain.
  • the DM of each domain can send the information of other domains of the cluster to the EP of the local domain through the MAP frame or a dedicated message.
  • the EP can only switch according to the present invention when other domains in the cluster are detected.
  • the EP can select multiple target DMs. This embodiment is described by taking a target DM as an example.
  • the EP sends a re-registration request to the target DM.
  • the re-registration request should include:
  • EP's own node information such as MAC address, DEVICE_ID, etc.
  • the "current DM information" is the DM information before the handover, the information of the domain to which it belongs, and the like.
  • the bandwidth resource request information is used to request the target DM to allocate bandwidth resources for the EP.
  • the re-registration request is slightly different from the handover request in the embodiment of FIG. 4.
  • the main difference from the handover request is that the re-registration request is sent, which is equivalent to the registration process. After the DM receives it, the corresponding operation should be registered for the EP.
  • the target DM After receiving the re-registration request, the target DM determines whether to accept the request and responds to the re-registration response.
  • the re-registration response should include:
  • the target DM may request the GW to switch the downlink data service transmission path of the EP from the current DM to the target DM.
  • the target DM may determine whether to accept the re-registration request of the EP according to the downlink data transmission path switching situation (such as whether it is successful), the availability of bandwidth resources in the domain, and the like.
  • the target DM indicates to accept the handover of the EP in the re-registration response, the corresponding bandwidth resource and the new DEVICE_ID should be allocated to the EP.
  • the target DM generally delivers the scheduling information of the bandwidth resource allocated to the EP through the MAP frame, and may also be delivered by re-registering the response or other messages.
  • the EP may enter a “temporary transmission” state.
  • the cluster public key is used to perform the target DM. Communication, the original service transmission is continued, and the new DEVICE_ID assigned to the EP by the target DM mentioned in step S503 should be used.
  • cluster public key In a coordinated topology network, multiple domains are coordinated by the same GM to form a cluster.
  • Each cluster has a common encryption key, called a cluster public key, that can be used for inter-domain communication or "temporary transmission" state encrypted communication when switching.
  • the method for generating the cluster public key may be, but not limited to, one of the following methods:
  • the cluster public key is generated by the global master node.
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the GM can also periodically update the cluster public key and deliver the updated cluster public key to each EP in time.
  • the EP obtains the cluster public key in such a manner that the SC or DM sends the cluster public key to the EP after each EP is successfully authenticated.
  • the SC and the DM are in the same node, it is equivalent to the DM being sent to the EP.
  • the SC and the DM are not in the same node, it is preferably sent by the SC to the EP, but may also be sent by the SC to the DM and sent by the DM to the EP. But no matter how it is sent, the frame carrying the cluster public key is encrypted.
  • a process of establishing a service flow with the target DM or establishing a communication link may be required before the EP communicates with the DM according to the resources allocated by the target DM.
  • the target DM starts to perform the scheduling of the bandwidth resource.
  • the scheduling information is sent in the MAP frame.
  • DM and SC are on the same node.
  • the EP may send a handover indication to the current DM, to notify the current DM that the DM has been switched to the domain where the new target DM is located.
  • the current DM releases the bandwidth resource, DEVICE_ID, and the like originally allocated to the EP.
  • the EP After the EP enters the Temporary Transfer state and reaches a preset time, it determines whether the authentication can be performed according to a preset rule. If necessary, perform the authentication process.
  • the preset rule may be, but is not limited to, the terminal is in a domain where the target domain primary node is located, and the terminal does not currently need to perform domain switching; or
  • the terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.
  • the preset time can be implemented by setting a timer, and the preset time can be the end of the timer, for example, becoming 0. Since the EP is in the mobile state, it will be removed from the domain of the target DM. At this time, the set timer Timer should be reset.
  • the terminal sends an authentication request to the target DM or the target SC. Not shown in the target SC map, it can be integrated with the target DM, or it can be set independently.
  • the target DM or the target SC performs the authentication process. After the authentication is passed, the handover is completed.
  • the EP can ensure secure communication without re-registration authentication in the initial stage of the handover, and avoid interruption of the current DM link during the authentication process, thereby causing service interruption.
  • the EP does not perform the registration authentication process when the AP quickly "passes" a certain domain during the handover process, which can reduce the signaling overhead.
  • the terminal includes:
  • the terminal Sending, by the terminal, a re-registration request to the current domain master node, where the re-registration request includes the short address of the terminal, the target domain primary node information, and bandwidth resource request information;
  • the current domain master node accepts the re-registration request of the terminal, acquiring a bandwidth resource and a new short address allocated by the target domain master node.
  • the method further includes:
  • the allocated resources including the allocated short address and the allocated bandwidth resource.
  • the short address of the terminal is grouped by the global primary node for all available short addresses, and then one of the packets corresponding to the current domain primary node is allocated to the current domain primary node, and then the current domain is The master node selects from the corresponding group and assigns to the terminal.
  • the short addresses may not be grouped, and the embodiment of the present invention does not limit the present invention.
  • the method specifically includes the following steps:
  • the EP determines that it needs to switch, and selects the target DM.
  • the EP may select according to factors such as the SNR of the received neighbor DM signal and the bandwidth resource utilization (bandwidth availability) in the domain of the neighbor DM.
  • the EP Before determining that the UE needs to switch, the EP should obtain other domain information in the cluster from the DM, especially the information of the DM (such as the MAC address), and may also include the parameters of other domains and the information of each EP.
  • the information is sent by the GM to the DM of each domain.
  • the DM of each domain can send the information of other domains of the cluster to the EP of the local domain through the MAP frame or a dedicated message.
  • the EP can only switch according to the present invention when other domains in the cluster are detected.
  • the EP can select multiple target DMs. This embodiment is described by taking a target DM as an example.
  • the EP sends a re-registration request to the current DM.
  • the re-registration request contains:
  • EP's own node information such as MAC address, DEVICE_ID, etc.
  • the "target DM information” is the target DM information to be switched, the information of the domain to which it belongs, and the like.
  • the bandwidth resource request information is used to request the target DM to allocate bandwidth resources for the EP.
  • the GM is responsible for managing and allocating the total available DEVICE_ID. For example, there are 255 available DEVICE_IDs.
  • the GM groups the available DEVICE_IDs, each group is assigned to one domain, and is sent to each domain's DM. . After receiving the EP registration, each domain DM can only specify the DEVICE_ID that can be used in its own DEVICE_ID group for the EP.
  • the current DM After receiving the re-registration request, the current DM determines whether to accept the request, and answers Re-register the response.
  • the re-registration response should include:
  • the target DM allocates a bandwidth resource and a new short address for the EP.
  • the current DM may request the GW to switch the downlink data service transmission path of the EP from the current DM to the target DM through the GM or backhaul link.
  • the current DM may determine whether to accept the handover request of the EP according to the downlink data transmission path switching situation (such as whether it is successful), the feedback result of the target DM (for example, whether its bandwidth resource is available), or the like.
  • the target DM should include the new DEVICE_ID assigned to the EP in the feedback result.
  • the current DM can release the previous DEVICE_ID assigned to the EP.
  • EP starts using the new DEVICE_ID.
  • the target DM generally delivers the scheduling information of the bandwidth resource allocated to the EP through the MAP frame, and may also be delivered by re-registering the response or other messages.
  • the EP After receiving the re-registration response of the current DM reply, and indicating that the handover is successful, the EP may enter a “temporary transmission” state. In this state, according to the resource allocated by the target DM, the cluster public key is used to perform the target DM. Communication, continue the original service transmission.
  • cluster public key In a coordinated topology network, multiple domains are coordinated by the same GM to form a cluster.
  • Each cluster has a common encryption key, called a cluster public key, that can be used for inter-domain communication or "temporary state" state encrypted communication when switching.
  • the method for generating the cluster public key may be, but not limited to, one of the following methods:
  • the cluster public key is generated by the global master node.
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the GM can also periodically update the cluster public key and deliver the updated cluster public key to each EP in time.
  • the EP obtains the cluster public key in such a manner that the SC or DM sends the cluster public key to the EP after each EP is successfully authenticated.
  • the SC and the DM are in the same node, it is equivalent to the DM.
  • EP When the SC and the DM are not in the same node, it is preferably sent by the SC to the EP, but may also be sent by the SC to the DM and sent by the DM to the EP. But no matter how it is sent, the frame carrying the cluster public key is encrypted.
  • a process of establishing a service flow with the target DM or establishing a communication link may be required before the EP communicates with the DM according to the resources allocated by the target DM.
  • the target DM starts to perform the scheduling of the bandwidth resource.
  • the scheduling information is sent in the MAP frame.
  • DM and SC are on the same node.
  • the EP may send a handover indication to the current DM, and notify the current DM that the DM has successfully switched to the domain where the new target DM is located. After receiving the handover indication, the current DM releases the bandwidth resource short address originally allocated to the EP.
  • the S707 After entering the "temporary transmission" state for a preset time, the S707 determines whether the formal authentication can be performed according to a preset rule. If necessary, perform the authentication process.
  • the preset rule may be, but is not limited to, the terminal is in a domain where the target domain primary node is located, and the terminal does not currently need to perform domain switching; or
  • the terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.
  • the preset time can be implemented by setting a timer, and the preset time can be the end of the timer, for example, becoming 0. Since the EP is in the mobile state, it will be removed from the domain of the target DM. At this time, the set timer Timer should be reset.
  • the terminal sends an authentication request to the target DM or the target SC. Not shown in the target SC map, it can be integrated with the target DM, or it can be set independently.
  • the S709, the target DM, or the target SC performs the authentication process. After the authentication is passed, the handover is completed.
  • the EP can ensure secure communication without re-registration authentication at the initial stage of handover, and avoid interruption with the current DM link during the authentication process. Caused a disruption in business transmission.
  • the EP does not perform the registration authentication process when the device quickly "passes" a certain domain during the handover process, thereby reducing the signaling overhead.
  • the DEVICE_ID allocation method is proposed to avoid the problem of ID conflict that may occur when the EP is simultaneously communicating with two (multiple) DMs at the same time, or in two (multiple) domains at the same time.
  • the service interruption time brought by the handover can be reduced. Ensure secure transmission during the handover process.
  • FIG. 8 is a schematic flowchart of a seventh embodiment of a handover method according to the present invention.
  • the terminal includes:
  • the terminal Sending, by the terminal, a re-registration request to the current domain master node, where the re-registration request includes the short address of the terminal, the target domain primary node information, and bandwidth resource request information;
  • the current domain master node accepts the re-registration request of the terminal, acquiring a bandwidth resource and a new short address allocated by the target domain master node.
  • the method further includes:
  • the allocated resources including the allocated short address and the allocated bandwidth resource.
  • the terminal After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node If the authentication is performed, the terminal sends an authentication request to the target domain security controller or the target domain master node to perform authentication;
  • the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.
  • the method specifically includes the following steps:
  • the EP determines that it needs to switch, and selects the target DM.
  • the EP can according to the SNR of the received neighbor DM signal, neighbors The bandwidth resource utilization (bandwidth availability) in the DM domain is selected.
  • the EP Before determining that the UE needs to switch, the EP should obtain other domain information in the cluster from the DM, especially the information of the DM (such as the MAC address), and may also include the parameters of other domains and the information of each EP.
  • the information is sent by the GM to the DM of each domain.
  • the DM of each domain can send the information of other domains of the cluster to the EP of the local domain through the MAP frame or a dedicated message.
  • the EP can only switch according to the present invention when other domains in the cluster are detected.
  • the EP can select multiple target DMs. This embodiment is described by taking a target DM as an example.
  • the EP sends a re-registration request to the current DM.
  • the re-registration request contains:
  • EP's own node information such as MAC address, DEVICE_ID, etc.
  • the "target DM information” is the target DM information to be switched, the information of the domain to which it belongs, and the like.
  • the bandwidth resource request information is used to request the target DM to allocate bandwidth resources for the EP.
  • the current DM After receiving the re-registration request, the current DM determines whether to accept the request and responds to the re-registration response.
  • the target DM allocates a bandwidth resource and a new short address for the EP.
  • the current DM may request the GW to switch the downlink data service transmission path of the EP from the current DM to the target DM through the GM or backhaul link.
  • the current DM may determine whether to accept the handover request of the EP according to the downlink data transmission path switching situation (such as whether it is successful), the feedback result of the target DM (for example, whether its bandwidth resource is available), or the like.
  • the target DM should include the new DEVICE_ID assigned to the EP in the feedback result.
  • the current DM can release the previous DEVICE_ID assigned to the EP.
  • EP starts using the new DEVICE_ID.
  • the target DM generally delivers the scheduling information of the bandwidth resource allocated to the EP through the MAP frame, and may also be delivered by re-registering the response or other messages.
  • the EP communicates with the current DM, uses the DEVICE_ID assigned to the EP before the current DM, communicates with the target DM, and uses the target DM to allocate a new EP. DEVICE_ID.
  • the EP may enter a “temporary transmission” state.
  • the cluster public key is used to perform the target DM. Communication, continue the original service transmission.
  • cluster public key In a coordinated topology network, multiple domains are coordinated by the same GM to form a cluster.
  • Each cluster has a common encryption key, called a cluster public key, that can be used for inter-domain communication or "temporary state" state encrypted communication when switching.
  • the method for generating the cluster public key may be, but not limited to, one of the following methods:
  • the cluster public key is generated by the global master node.
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the GM can also periodically update the cluster public key and deliver the updated cluster public key to each EP in time.
  • the EP obtains the cluster public key in such a manner that the SC or DM sends the cluster public key to the EP after each EP is successfully authenticated.
  • the SC and the DM are in the same node, it is equivalent to the DM being sent to the EP.
  • the SC and the DM are not in the same node, it is preferably sent by the SC to the EP, but may also be sent by the SC to the DM and sent by the DM to the EP. But no matter how it is sent, the frame carrying the cluster public key is encrypted.
  • a process of establishing a service flow with the target DM or establishing a communication link may be required before the EP communicates with the DM according to the resources allocated by the target DM.
  • the target DM starts to perform the scheduling of the bandwidth resource.
  • the scheduling information is sent in the MAP frame.
  • DM and SC are on the same node.
  • the EP may send a handover indication to the current DM, to notify the current DM that the DM has successfully switched to the domain where the new target DM is located. After receiving the handover indication, the current DM releases the bandwidth resource originally allocated to the EP.
  • the terminal sends an authentication request to the target DM or the target SC. Not shown in the target SC map, it can be integrated with the target DM, or it can be set independently.
  • the target DM or the target SC performs an authentication process according to the received authentication request.
  • the terminal After the authentication succeeds, the terminal notifies the current DM to release the short address that has been allocated by the terminal.
  • the current DM releases the short address allocated to the terminal, and the handover is completed.
  • the target DM may send a notification to the current DM through the GM or backhaul link, so that the current DM can release all resources allocated to the handover EP, in particular, the DEVICE_ID. It is also possible that the terminal directly sends a message to the current DM to notify the current DM to release all resources allocated to the terminal, in particular DEVICE_ID.
  • the preset rule may be, but is not limited to, the terminal is in a domain where the target domain primary node is located, and the terminal does not currently need to perform domain switching; or
  • the terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.
  • the preset time can be implemented by setting a timer, and the preset time can be the end of the timer, for example, becoming 0. Since the EP is in the mobile state, it will be removed from the domain of the target DM. At this time, the set timer Timer should be reset.
  • the EP can ensure secure communication without re-registration authentication in the initial stage of the handover, and avoid interruption of the current DM link during the authentication process, thereby causing service interruption.
  • the EP does not perform the registration authentication process when the device quickly "passes" a certain domain during the handover process, thereby reducing the signaling overhead.
  • the service interruption time brought by the handover can be reduced. Ensure secure transmission during the handover process.
  • the present embodiment is different from the embodiment shown in FIG. 7 in that optimization regarding the DEVICE_ID is not performed.
  • the EP should use the new DEVICE_ID.
  • the EP communicates with the current DM, communicates with the target DM using the previous DEVICE_ID, and uses the new DEVICE_ID.
  • the target DM may send a notification to the current DM through the GM or backhaul link, so that the current DM can release all resources allocated to the handover EP, in particular, the DEVICE_ID.
  • FIG. 9 is a schematic flowchart of an eighth embodiment of a handover method according to the present invention. In this embodiment, the following steps are included:
  • the target domain master node allocates bandwidth resources to the terminal after agreeing to the handover.
  • S902 Communicate with the terminal by using the allocated bandwidth resource and the cluster public key before completing the authentication with the terminal.
  • the frame transmitted by the target domain master node when communicating with the terminal is encrypted by using a cluster public key.
  • the cluster public key is obtained when the terminal authenticates with the current domain security controller or the current domain master node when the terminal enters the network;
  • the cluster public key is generated by the global master node.
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the short address used by the terminal to communicate with the domain master node is grouped by the global master node for all available short addresses, and then the packets are correspondingly assigned to the domain master nodes, and the terminal and one of the domain master nodes are successfully registered. The time is then selected and assigned to the terminal by the domain master node from the group allocated by the global master node.
  • FIG. 10 is a schematic diagram of a composition of a first embodiment of a terminal according to the present invention.
  • the terminal includes:
  • the selecting unit 100 is configured to select a target domain master node if the terminal needs to perform domain switching;
  • the obtaining unit 200 is configured to acquire a bandwidth resource allocated by the target domain master node
  • the communication unit 300 is configured to communicate with the target domain master node by using the bandwidth resource allocated by the target domain master node before completing the authentication with the target domain master node, where the terminal and the target domain master Frames transmitted during node communication are encrypted using the cluster public key.
  • the terminal further includes:
  • a determining unit 400 configured to use the bandwidth resource allocated by the target domain master node and the target After the domain master node communicates for a preset time, it is determined according to a preset rule whether it is required to perform authentication with the target domain security controller or the target domain master node;
  • the communication unit 300 is further configured to perform authentication with the target domain security controller or the target domain primary node if the preset rule is met.
  • the preset rule is:
  • the terminal is in a domain where the target domain primary node is located, and the terminal does not currently need to perform domain switching;
  • the terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.
  • the communication unit 300 is further configured to:
  • the selecting unit 100 selects the target domain primary node, sending a handover request to the target domain primary node, where the handover request includes the short address of the terminal, current domain primary node information, and bandwidth resource request information;
  • the acquiring unit 200 is instructed to acquire the bandwidth resource allocated by the target domain master node.
  • the communication unit 300 is further configured to:
  • the selecting unit 100 selects the target domain master node, sending a handover request to the current domain master node, where the handover request includes the short address of the terminal, the target domain master node information, and bandwidth resource request information;
  • the acquiring unit 200 is instructed to acquire the bandwidth resource allocated by the target domain master node.
  • the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, a required domain security controller or the target domain
  • the target domain master node performs authentication
  • the communication unit 300 is further configured to send a registration request to the target domain master node, perform registration, and acquire a new short address allocated by the target domain node;
  • an authentication request is sent to the target domain security controller or the target domain master node.
  • the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.
  • the communication unit 300 is further configured to:
  • the selecting unit 100 selects the target domain master node, sending a re-registration request to the target domain master node, where the re-registration request includes the short address, the current domain master node information, and the bandwidth resource request information of the terminal;
  • the acquiring unit 200 is instructed to acquire the bandwidth resource and the new short address allocated by the target domain master node.
  • the communication unit 300 is further configured to:
  • the selecting unit 100 selects the target domain master node, sending a re-registration request to the current domain master node, where the re-registration request includes the short address, the current domain master node information, and the bandwidth resource request information of the terminal;
  • the acquiring unit 200 is instructed to acquire the bandwidth resource and the new short address allocated by the target domain master node.
  • the communication unit 300 is further configured to:
  • the allocated resources including the allocated short address and the allocated bandwidth resource.
  • the short address of the terminal is grouped by the global primary node for all available short addresses, and then one of the packets corresponding to the current domain primary node is allocated to the current domain primary node, and then the current domain is The master node selects from the corresponding group and assigns to the terminal.
  • the communication unit 300 is further configured to use a short address of the terminal when communicating with the current domain master node, and use the new short address when communicating with the target domain master node;
  • the communication unit 300 After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node For authentication, the communication unit 300 is also used to target the domain security controller or The target domain master node sends an authentication request and performs authentication;
  • the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.
  • the cluster public key is generated by a global primary node
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the cluster public key is obtained when the terminal is authenticated by the current domain security controller or the current domain master node when entering the network; or
  • the cluster public key is obtained when the terminal is authenticated by the current domain master node and the primary security controller, and the primary security controller is used to perform unified authentication on the terminals joining all the domains of the cluster, and the unified authentication is performed.
  • the latter terminal does not need to be authenticated again when performing intra-cluster handover.
  • the selecting unit is further configured to receive information of the other domain master nodes in the cluster that are sent by the current domain master node by using a media access plan frame or a dedicated message.
  • FIG. 11 is a schematic diagram of a composition of a second embodiment of a terminal according to the present invention. in this embodiment, the terminal includes:
  • the processor 110, the memory 120, the interface circuit 130, and the bus 140 are connected by a bus 140, wherein the memory 120 is configured to store a set of program codes, and the processor 110 For invoking the program code stored in the memory 120, the following operations are performed:
  • the processor 110 is further configured to:
  • the target domain security controller or the target domain master node After the communication with the target domain master node reaches the preset time by using the bandwidth resource allocated by the target domain master node, it is determined according to a preset rule whether the target domain security controller or the target domain master node needs to be authenticated;
  • the target domain security controller or the target domain master node is Line certification.
  • the preset rule is:
  • the terminal is in a domain where the target domain primary node is located, and the terminal does not currently need to perform domain switching;
  • the terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.
  • the processor 110 is further configured to:
  • the handover request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;
  • the target domain master node accepts the handover request of the terminal, acquiring the bandwidth resource allocated by the target domain master node.
  • the processor 110 is further configured to:
  • the handover request includes a short address of the terminal, the target domain primary node information, and bandwidth resource request information;
  • the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, a required domain security controller or the target domain
  • the target domain master node performs authentication
  • the processor 110 is further configured to send a registration request to the target domain master node, perform registration, and acquire a new short address allocated by the target domain node;
  • the authentication request is sent to the target domain security controller or the target domain master node for authentication;
  • the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.
  • the processing is performed.
  • the device 110 is also used to:
  • the target domain primary node Sending a re-registration request to the target domain primary node, where the re-registration request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;
  • the target domain master node accepts the re-registration request of the terminal, acquiring a bandwidth resource and a new short address allocated by the target domain master node.
  • the processor 110 is further configured to:
  • the re-registration request includes the short address of the terminal, the target domain primary node information, and bandwidth resource request information;
  • the current domain master node accepts the re-registration request of the terminal, acquiring a bandwidth resource and a new short address allocated by the target domain master node.
  • the processor 110 is further configured to:
  • the allocated resources including the allocated short address and the allocated bandwidth resource.
  • the short address of the terminal is grouped by the global primary node for all available short addresses, and then one of the packets corresponding to the current domain primary node is allocated to the current domain primary node, and then the current domain is The master node selects from the corresponding group and assigns to the terminal.
  • the terminal uses a short address of the terminal when communicating with the current domain master node, and uses the new short address when the terminal communicates with the target domain master node;
  • the processor 110 is further configured to send an authentication request to the target domain security controller or the target domain master node for authentication;
  • the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.
  • the cluster public key is generated by a global primary node
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the cluster public key is obtained when the terminal is authenticated by the current domain security controller or the current domain master node when entering the network; or
  • the cluster public key is obtained when the terminal is authenticated by the current domain master node and the primary security controller, and the primary security controller is used to perform unified authentication on the terminals joining all the domains of the cluster, and the unified authentication is performed.
  • the latter terminal does not need to be authenticated again when performing intra-cluster handover.
  • the processor 110 before selecting the target domain master node, the processor 110 is further configured to:
  • the target domain master node includes:
  • the allocating unit 500 is configured to: if the terminal needs to perform domain switching, the domain master node allocates a bandwidth resource to the terminal after agreeing to the handover;
  • the communication unit 600 is configured to communicate with the terminal by using the allocated bandwidth resource and the cluster public key before completing the authentication with the terminal;
  • the domain master node is a target domain master node that performs domain switching on the terminal, and the frame transmitted by the target domain master node when communicating with the terminal is encrypted by using a cluster public key.
  • the cluster public key is obtained when the terminal authenticates with the current domain security controller or the current domain master node when the terminal enters the network;
  • the cluster public key is generated by the global master node.
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the short address used by the terminal to communicate with the domain master node is grouped by the global master node for all available short addresses, and then the packets are correspondingly allocated to each domain master node, when the terminal and one of the domains are When the primary node registers successfully, it is selected and assigned to the terminal by the domain master node from the group allocated by the global primary node.
  • FIG. 13 is a schematic diagram of a composition of a second embodiment of a target domain primary node according to the present invention.
  • the target domain primary node includes:
  • the processor 210, the memory 220, the interface circuit 230, and the bus 240, the processor 210, the memory 220, and the interface circuit 230 are connected by a bus 240, wherein the memory 220 is used to store a set of program codes, and the processor 210 For invoking the program code stored in the memory 220, the following operations are performed:
  • the processor 210 allocates a bandwidth resource to the terminal after agreeing to the handover;
  • the frame transmitted when the processor communicates with the terminal is encrypted by using a cluster public key.
  • the cluster public key is obtained when the terminal authenticates with the current domain security controller or the current domain master node when the terminal enters the network;
  • the cluster public key is generated by the global master node.
  • the cluster public key is generated by a global master node and each domain master node;
  • the cluster public key is generated by the global master node and the security controller of each domain.
  • the short address used by the terminal to communicate with the domain master node is grouped by the global master node for all available short addresses, and then the packets are correspondingly allocated to each domain master node, when the terminal and one of the domains are When the primary node registers successfully, it is selected and assigned to the terminal by the domain master node from the group allocated by the global primary node.
  • the terminal introduced in this embodiment may be used to implement some or all of the processes in the method embodiment of the present invention, which are described in conjunction with FIG. 2 and FIG. 8, and perform some or all of the functions of the device embodiment introduced by the present invention in conjunction with FIG.
  • the target domain master node introduced in this embodiment may be used to implement some or all of the processes in the method embodiment described in conjunction with FIG. 9 of the present invention, and perform some or all of the functions of the device embodiment introduced by the present invention in conjunction with FIG. I will not repeat them here.
  • the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted as one or more instructions or code via a computer-readable medium and executed by a hardware-based processing unit.
  • the computer readable medium can comprise a computer readable storage medium (which corresponds to a tangible medium such as a data storage medium) or a communication medium comprising, for example, any medium that facilitates transfer of the computer program from one place to another in accordance with a communication protocol. .
  • the computer readable medium can generally correspond to (1) non Instantaneous tangible computer readable storage medium, or (2) communication medium such as a signal or carrier wave.
  • Data storage media may be any available media that can be accessed by one or more computers or one or more processors to retrieve instructions, code and/or data structures for use in carrying out the techniques described herein.
  • the computer program product can comprise a computer readable medium.
  • certain computer-readable storage media may comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage or other magnetic storage device, flash memory, or may be used to store instructions or data structures. Any other medium in the form of the desired program code and accessible by the computer. Also, any connection is properly termed a computer-readable medium. For example, if you use coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technology (eg, infrared, radio, and microwave) to send commands from a website, server, or other remote source, coaxial cable , fiber optic cable, twisted pair, DSL, or wireless technologies (eg, infrared, radio, and microwave) are included in the definition of the media.
  • coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technology eg, infrared, radio, and microwave
  • a magnetic disk and an optical disk include a compact disk (CD), a laser disk, an optical disk, a digital video disk (DVD), a flexible disk, and a Blu-ray disk, wherein the disk usually reproduces data magnetically, and the disk passes the laser Optically copy data. Combinations of the above should also be included within the scope of computer readable media.
  • processors such as one or more digital signal processors (DSPs), general purpose microprocessors, application specific integrated circuits (ASICs), field programmable logic arrays (FPGAs), or other equivalent integrated or discrete logic circuits
  • DSPs digital signal processors
  • ASICs application specific integrated circuits
  • FPGAs field programmable logic arrays
  • processors may refer to any of the foregoing structures or any other structure suitable for implementing the techniques described herein.
  • the functionality described herein may be provided within dedicated hardware and/or software modules configured for encoding and decoding, or incorporated in a combined codec.
  • the techniques can be fully implemented in one or more circuits or logic elements.
  • the techniques of the present invention can be broadly implemented by a variety of devices or devices, including a wireless handset, an integrated circuit (IC), or a collection of ICs (eg, a chipset).
  • IC integrated circuit
  • Various components, modules or units are described in this disclosure to emphasize functional aspects of the apparatus configured to perform the disclosed techniques, but are not necessarily required to be implemented by different hardware units. Rather, as described above, various units may be combined in a codec hardware unit, or by an interoperable hardware unit (including one or as described above)
  • a collection of multiple processors is provided in conjunction with suitable software and/or firmware.
  • system and “network” are used interchangeably herein. It should be understood that the term “and/or” herein is merely an association relationship describing an associated object, indicating that there may be three relationships, for example, A and/or B, which may indicate that A exists separately, and A and B exist simultaneously. There are three cases of B alone. In addition, the character "/" in this article generally indicates that the contextual object is an "or" relationship.
  • B corresponding to A means that B is associated with A, and B can be determined from A.
  • determining B from A does not mean that B is only determined based on A, and that B can also be determined based on A and/or other information.
  • the disclosed systems, devices, and methods may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division, and the actual implementation may have another
  • the manner of division, such as multiple units or components, may be combined or integrated into another system, or some features may be omitted or not performed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Les modes de réalisation de la présente invention concernent un procédé de transfert, un terminal et un maître de domaine. Le procédé comprend les étapes suivantes : si un terminal a besoin d'un transfert de domaine, sélectionner un maître de domaine cible ; acquérir des ressources de bande passante attribuées par le maître de domaine cible ; et avant l'achèvement de l'authentification auprès du maître de domaine cible, utiliser les ressources de bande passante attribuées par le maître de domaine cible pour communiquer avec le maître de domaine cible, les trames transmises pendant la communication du terminal avec le maître de domaine cible étant chiffrées à l'aide d'une clé commune de grappe. La présente invention permet de réduire le retard pendant le transfert de domaine d'un terminal, assurant ainsi une transmission de service normale.
PCT/CN2016/111751 2016-12-23 2016-12-23 Procédé de transfert, terminal et maître de domaine WO2018112895A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2016/111751 WO2018112895A1 (fr) 2016-12-23 2016-12-23 Procédé de transfert, terminal et maître de domaine
CN201680091809.7A CN110114987B (zh) 2016-12-23 2016-12-23 一种切换方法、终端及域主节点

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/111751 WO2018112895A1 (fr) 2016-12-23 2016-12-23 Procédé de transfert, terminal et maître de domaine

Publications (1)

Publication Number Publication Date
WO2018112895A1 true WO2018112895A1 (fr) 2018-06-28

Family

ID=62624146

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/111751 WO2018112895A1 (fr) 2016-12-23 2016-12-23 Procédé de transfert, terminal et maître de domaine

Country Status (2)

Country Link
CN (1) CN110114987B (fr)
WO (1) WO2018112895A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021165203A1 (fr) * 2020-02-20 2021-08-26 Signify Holding B.V. Transfert sécurisé dans un réseau lifi
US11824787B2 (en) 2019-09-29 2023-11-21 Beijing Kingsoft Cloud Network Technology Co., Ltd Method and apparatus for node speed limiting, electronic device and storage medium
US12035186B2 (en) 2020-03-06 2024-07-09 Signify Holding B.V. Fast handover for an optical multi-cell communication system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101271293B1 (ko) * 2006-09-06 2013-06-04 삼성전자주식회사 조명광 통신에서의 핸드오버 시스템 및 방법
CN103973365A (zh) * 2013-01-29 2014-08-06 中兴通讯股份有限公司 一种可见光通信设备及终端设备在接入点的切换方法

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101442773B (zh) * 2007-11-21 2011-08-17 上海寰创通信科技有限公司 一种无线网状网快速切换方法
CN101222523A (zh) * 2008-01-18 2008-07-16 南开大学 多参量光纤光栅无线传感器网络
CN101394271A (zh) * 2008-10-28 2009-03-25 上海电力学院 传感器网络中同时建立对密钥和组密钥的方法
CN106131081A (zh) * 2010-12-30 2016-11-16 交互数字专利控股公司 从应用服务器接入服务的方法及移动装置
US8526932B2 (en) * 2011-12-08 2013-09-03 At&T Intellectual Property I, L.P. Performance zones
EP2888922B1 (fr) * 2012-08-23 2021-12-22 Interdigital Patent Holdings, Inc. Effectuation d'une découverte de dispositif à dispositif
CN104768195B (zh) * 2014-01-03 2019-02-01 上海宽带技术及应用工程研究中心 能实现无缝切换的异构无线网络系统及无缝切换方法
CN103841556A (zh) * 2014-03-21 2014-06-04 北京航空航天大学 无线局域网快速切换方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101271293B1 (ko) * 2006-09-06 2013-06-04 삼성전자주식회사 조명광 통신에서의 핸드오버 시스템 및 방법
CN103973365A (zh) * 2013-01-29 2014-08-06 中兴通讯股份有限公司 一种可见光通信设备及终端设备在接入点的切换方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
VEGNI, A.M. ET AL.: "Handover in VLC Systems with Cooperating Mobile Devices", 2012 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC, 12 March 2012 (2012-03-12) *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11824787B2 (en) 2019-09-29 2023-11-21 Beijing Kingsoft Cloud Network Technology Co., Ltd Method and apparatus for node speed limiting, electronic device and storage medium
WO2021165203A1 (fr) * 2020-02-20 2021-08-26 Signify Holding B.V. Transfert sécurisé dans un réseau lifi
JP2023510637A (ja) * 2020-02-20 2023-03-14 シグニファイ ホールディング ビー ヴィ 高速セキュアハンドオーバ
JP7266759B2 (ja) 2020-02-20 2023-04-28 シグニファイ ホールディング ビー ヴィ 高速セキュアハンドオーバ
US12035186B2 (en) 2020-03-06 2024-07-09 Signify Holding B.V. Fast handover for an optical multi-cell communication system

Also Published As

Publication number Publication date
CN110114987B (zh) 2020-12-01
CN110114987A (zh) 2019-08-09

Similar Documents

Publication Publication Date Title
TWI655877B (zh) 用以選擇網路切片的使用者設備註冊方法、及使用此方法的網路控制器與網路通訊系統
US7836189B2 (en) Multiple simultaneous wireless connections in a wireless local area network
EP3577952B1 (fr) Procédé et système de sélection d'une fonction de gestion d'accès et de mobilité dans un environnement de réseau d'accès
WO2018170704A1 (fr) Procédé, appareil et système d'établissement de session
WO2019196811A1 (fr) Procédé de communication, et appareil associé
WO2014040506A1 (fr) Procédé et dispositif de découverte de terminal et de traitement de découverte
WO2020135850A1 (fr) Procédé et appareil de communication
WO2015017968A1 (fr) Procédé, dispositif et système de configuration de réseau
JP2022550517A (ja) サービスオフロード方法、装置、システム、電子機器、及びコンピュータプログラム
CN110557265B (zh) 一种组播方法及装置
WO2012000271A1 (fr) Procédé d'accès à un terminal et réseau de communication sans fil
JP2010279057A (ja) 無線アクセスポイント間での安全なローミング
JP5551805B2 (ja) インターネットにアクセスする方法および装置
TWI692989B (zh) 上行資料包資源配置方法和使用者終端
WO2018233451A1 (fr) Procédé, appareil et système de communication
CN111480356A (zh) 频谱共享适配功能
WO2019029740A1 (fr) Procédé de gestion d'associations et nœud de réseau
KR20190103382A (ko) 라우팅 방법 및 장치
TWI775009B (zh) 用於行動通訊系統之基地台及其資料傳輸方法
JP2009532959A (ja) ユーザネットワークにおける通信方法および通信システム
WO2015101040A1 (fr) Procédé et dispositif de commutation dans un réseau local sans fil
WO2018112895A1 (fr) Procédé de transfert, terminal et maître de domaine
WO2014117599A1 (fr) Procédé, dispositif et système de sélection de domaine d'acheminement
TWI488538B (zh) 建立資料傳輸通道的Wi-Fi無線網路存取點及系統
TW201824900A (zh) 一種接入控制的方法及設備

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16924556

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16924556

Country of ref document: EP

Kind code of ref document: A1