+

WO2006074591A1 - Reseau local sans fil et procede de realisation d'un transfert intercellulaire rapide de terminal mobile - Google Patents

Reseau local sans fil et procede de realisation d'un transfert intercellulaire rapide de terminal mobile Download PDF

Info

Publication number
WO2006074591A1
WO2006074591A1 PCT/CN2005/002351 CN2005002351W WO2006074591A1 WO 2006074591 A1 WO2006074591 A1 WO 2006074591A1 CN 2005002351 W CN2005002351 W CN 2005002351W WO 2006074591 A1 WO2006074591 A1 WO 2006074591A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile station
physical
authentication
basic service
aps
Prior art date
Application number
PCT/CN2005/002351
Other languages
English (en)
Chinese (zh)
Inventor
Zhonghui Yao
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2006074591A1 publication Critical patent/WO2006074591A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/08Reselecting an access point
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to the field of communications, and in particular, to a wireless local area network and a method for implementing fast handover of a mobile station in a wireless local area network.
  • WLAN wireless local area network
  • APs WLAN access point devices
  • MT mobile terminal
  • the MT scans the wireless channel.
  • the MT scans each wireless channel and performs related indicator measurements, such as field strength measurements.
  • related indicator measurements such as field strength measurements.
  • the MT can select the channel with the best radio channel quality as the target AP for handover.
  • the MT initiates a re-association request to the new AP.
  • the new AP After receiving the re-association request, the new AP must cause the system to delete the association established with the old AP before the MT handover, and then establish a new association with the mobile station.
  • the mobile station related data service flow is forwarded by the new AP.
  • the mobile station will continue to scan and measure other wireless channels to determine whether to switch to the new AP 0.
  • 802.11 ⁇ defines a pre-authentication method, that is, a new AP is used as an 802.1X authentication point before re-association, 802.1x authentication is performed between the mobile station and the network authentication server, and the master key is negotiated, and the network authentication server The master key is delivered to the new AP.
  • the new AP and the mobile station can negotiate an air interface encryption key based on the key, thereby effectively reducing service interruption time.
  • PT/CN2005/002351 The above pre-authentication method initiates a complete 802.1X authentication process prior to re-association. Since the authentication process also relies on the current association, the following risks exist:
  • the mobile station Since the mobile station often requests re-association because the currently associated channel signal is weak, it is also dependent on the current association that the communication between the mobile station and the AP may be unreliable, and the 802.1X authentication process may not be completed correctly.
  • the mobile station may have moved outside the range covered by the current channel before the authentication is completed, resulting in the failure to complete the 802.1X authentication process.
  • the present invention provides a wireless local area network and a method for implementing fast handover of a mobile station, so as to solve the problem that the service interruption time may be prolonged when the mobile station switches in the prior art.
  • the present invention provides the following technical solutions:
  • a method for implementing fast handover of a mobile station in a wireless local area network includes a mobile station and an access point (AP) that connects the mobile station to the network, and each AP and its associated mobile station form a basic service set (BSS) Between the mobile station and the AP, the air interface is protected by an encryption material associated with the basic service set identifier; wherein, the plurality of physical APs form a logical AP and share the same basic service set identifier (BBSS-ID).
  • the mobile station directly protects the air interface using the cryptographic material associated with the basic service set identifier prior to handover when switching between the plurality of physical APs.
  • the access controllers in the WLAN manage the mapping relationship between the logical APs and the corresponding physical APs.
  • the same basic service identifier is configured in each physical AP.
  • the access controller is used as an authentication point, and the physical AP only forwards the authentication packet in the authentication process performed between the mobile station and the access controller.
  • a wireless local area network includes a mobile station, an access point (AP) that connects the mobile station to the network; wherein the wireless local area network further includes an access controller (AC), and multiple APs share the same basic service set identifier (BBSS- ID), the access controller configures the basic service set identifier to each of the shared identifiers In the AP.
  • AP access point
  • AC access controller
  • BBSS- ID basic service set identifier
  • the access controller functions as an 802.1X authentication point to complete an authentication process with the mobile station.
  • the mobile station can re-associate to the new AP and can share the previous master key without re-authentication or pre-authentication, which speeds up the handover speed and helps to avoid the temporary service interruption caused by the handover and affects the service quality. .
  • FIG. 1 is a schematic diagram of a physical AP corresponding to a logical AP in a wireless local area network
  • FIG. 2 is a schematic diagram of multiple physical APs corresponding to one logical AP in a wireless local area network according to the present invention
  • FIG. 3 is an access controller to an AP in the present invention.
  • the best way is to be able to do re-association without pre-authentication or re-authentication.
  • RSN Robot Security Network
  • the best way is that the mobile station can continue to use the previous encryption material after re-association, especially the master key, so that the new AP can share the master key of the old AP. .
  • the encryption material associated with the original AP may have been deleted, and the assumption of implementing master key sharing on the network side does not guarantee compatibility with the mobile station.
  • the root cause is -
  • BSS Basic Service Set
  • the AP generally uses the BSS-ID to identify its corresponding wireless interface.
  • the AP is assumed to be an 802.1X authentication point and the BSS-ID is used as the identification of the authentication point.
  • the master key is bound to the mobile station MAC address and the AP identity (BSS-ID). Therefore, when the mobile station switches from an AP to a new AP, because the BSS-ID is different, the previous master key is only associated with the old AP and cannot be shared.
  • BSS-ID the AP identity
  • a BSS-ID corresponds to an AP or 802.1X authentication point defined by 802.1, and this AP is referred to as a logical AP, and a logical AP is identified by a BSS-ID.
  • a physical AP device corresponds to a logical AP, and its BSS-ID is set to the hardware device at the time of production.
  • Multiple APs can be interconnected by DS (Distributed System), so that different BSSs together form an extended service set to form a local area network.
  • DS Distributed System
  • the present invention forms a logical AP and shares by multiple physical APs.
  • the same basic service set identifier (BSS-ID) that is, these physical APs all have the same BSS-ID, so when the mobile station switches between these physical APs, since the BSS-ID does not change, the mobile station is switched to After the new AP, the air interface can be directly protected by the cryptographic material associated with the BSS-ID before the handover.
  • physical AP1, physical AP2, and physical AP3 correspond to one logical AP, that is, they share the same BSS identifier BSS-ID.
  • a centralized access controller (AC) is introduced in the network architecture, and the AC manages the mapping of physical APs to logical APs.
  • the BSS-ID is configured by the AC to the physical AP after the physical AP is powered on.
  • the AC is the upper-level switch (generally called a Wi-Fi switch) or router (generally called the access router AR) of the AP (see the IETF CAPWAP working group for the WLAN centralized architecture). Summary).
  • the physical AP power-on initialization process completes the negotiation of the communication mechanism between the physical AP and the AC, as shown in Figure 3.
  • the AP sends a configuration request message to the AC, and the AC returns a configuration response message to the AP, where the message carries the BSS-ID of the logical AP.
  • the AP obtains the AC configuration data, it will start running in normal mode.
  • the MAC frame sent by the AP to the mobile station through the air interface uses the identifier of the logical AP BSS-ID. Therefore, when the mobile station switches between the physical AP1, the physical AP2, and the physical AP3, the master key can be shared without re-authentication or pre-authentication, thereby speeding up the switching speed.
  • the mobile station is associated with the logical AP.
  • the 802.1X authentication process will be started.
  • Its authentication point is a logical AP.
  • the logical AP function as an 802.1X authentication point is implemented on the AC, that is, the AC is an 802. IX authentication point.
  • the 802. IX authentication process a physical AP only forwards packets and does not process packets directly.
  • the AC sends the encrypted material to the AP as the logical AP.
  • the AP can perform air interface encryption and decryption.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Cette invention concerne un réseau local LAN sans fil (réseau WLAN) et un procédé de réalisation d'un transfert intercellulaire rapide de terminal mobile, ce réseau WLAN comprenant des terminaux mobiles et des points d'accès (Ap) qui donnent aux terminaux mobiles accès au réseau, chaque point d'accès et les terminaux mobiles associés à lui formant un ensemble services de base (BSS), entre les terminaux mobiles et les points d'accès, utilisant l'équipement cryptographique qui est associé à l'identification BSS pour protéger l'interface aérienne. Dans cette invention, plusieurs points d'accès physiques forment un point d'accès logique et partagent la même identification d'ensemble services de base (BBSS-ID), et, lorsque les terminaux mobiles effectuent un transfert intercellulaire entre plusieurs points d'accès, le point d'accès logique utilise directement l'équipement cryptographique associé à l'identification BSS avant le transfert intercellulaire, afin de protéger l'interface aérienne. Cette invention concerne également un réseau LAN sans fil.
PCT/CN2005/002351 2005-01-13 2005-12-29 Reseau local sans fil et procede de realisation d'un transfert intercellulaire rapide de terminal mobile WO2006074591A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200510001958.3 2005-01-13
CNB2005100019583A CN100428715C (zh) 2005-01-13 2005-01-13 一种无线局域网及实现移动台快速切换的方法

Publications (1)

Publication Number Publication Date
WO2006074591A1 true WO2006074591A1 (fr) 2006-07-20

Family

ID=36677353

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2005/002351 WO2006074591A1 (fr) 2005-01-13 2005-12-29 Reseau local sans fil et procede de realisation d'un transfert intercellulaire rapide de terminal mobile

Country Status (2)

Country Link
CN (1) CN100428715C (fr)
WO (1) WO2006074591A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110213809A (zh) * 2013-11-21 2019-09-06 华为技术有限公司 用于非蜂窝式无线接入的系统和方法

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321396B (zh) * 2008-04-14 2014-03-12 中兴通讯股份有限公司 移动台的切换实现方法及构建安全接入服务网络的方法
CN101304615B (zh) * 2008-07-09 2011-08-03 杭州华三通信技术有限公司 混合接入方法和设备
CN101640892B (zh) * 2009-08-21 2011-09-28 杭州华三通信技术有限公司 无线网络部署方法及无线接入点
CN109922489B (zh) * 2017-12-13 2022-02-11 中国移动通信集团北京有限公司 一种ap聚合方法、装置和介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003054721A1 (fr) * 2001-12-19 2003-07-03 Thomson Licensing S.A. Procede et appareil de transfert d'un terminal mobile entre un reseau mobile et un reseau local sans fil
CN1438789A (zh) * 2002-02-10 2003-08-27 华为技术有限公司 无线局域网中移动终端在接入点间切换的方法
WO2004054283A2 (fr) * 2002-12-11 2004-06-24 Koninklijke Philips Electronics N.V. Systeme et procede permettant d'effectuer un transfert intercellulaire rapide dans un reseau local sans fil

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7792527B2 (en) * 2002-11-08 2010-09-07 Ntt Docomo, Inc. Wireless network handoff key
CN1186906C (zh) * 2003-05-14 2005-01-26 东南大学 无线局域网安全接入控制方法
US7275157B2 (en) * 2003-05-27 2007-09-25 Cisco Technology, Inc. Facilitating 802.11 roaming by pre-establishing session keys
CN1290362C (zh) * 2003-05-30 2006-12-13 华为技术有限公司 一种无线局域网中用于移动台切换的密钥协商方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003054721A1 (fr) * 2001-12-19 2003-07-03 Thomson Licensing S.A. Procede et appareil de transfert d'un terminal mobile entre un reseau mobile et un reseau local sans fil
CN1438789A (zh) * 2002-02-10 2003-08-27 华为技术有限公司 无线局域网中移动终端在接入点间切换的方法
WO2004054283A2 (fr) * 2002-12-11 2004-06-24 Koninklijke Philips Electronics N.V. Systeme et procede permettant d'effectuer un transfert intercellulaire rapide dans un reseau local sans fil

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110213809A (zh) * 2013-11-21 2019-09-06 华为技术有限公司 用于非蜂窝式无线接入的系统和方法
CN110213809B (zh) * 2013-11-21 2021-01-15 华为技术有限公司 用于非蜂窝式无线接入的系统和方法
US11451362B2 (en) 2013-11-21 2022-09-20 Huawei Technologies Co., Ltd. Systems and methods for non-cellular wireless access using logical entity IDS in a hyper cell

Also Published As

Publication number Publication date
CN1805387A (zh) 2006-07-19
CN100428715C (zh) 2008-10-22

Similar Documents

Publication Publication Date Title
US7864732B2 (en) Systems and methods for handoff in wireless network
KR101467780B1 (ko) 이기종 무선접속망간 핸드오버 방법
JP4639020B2 (ja) 移動ターミナルハンドオーバー中のセキュリティ関連性の転送
KR101490243B1 (ko) 이종망간 핸드오버시 빠른 보안연계 설정방법
US7873352B2 (en) Fast roaming in a wireless network using per-STA pairwise master keys shared across participating access points
EP1414262B1 (fr) Procédé d'authentification pour transferts d'appel rapides dans un réseau local sans fil de type LAN
US7672459B2 (en) Key distribution and caching mechanism to facilitate client handoffs in wireless network systems
CN107690138B (zh) 一种快速漫游方法、装置、系统、接入点和移动站
RU2503147C2 (ru) Способ передачи обслуживания и устройство передачи обслуживания
US20060187878A1 (en) Methods, apparatuses and systems facilitating client handoffs in wireless network systems
CN101217781A (zh) 利用动态信道的移动装置的交递方法
US7961684B2 (en) Fast transitioning resource negotiation
WO2007045147A1 (fr) Procede, systeme et terminal de reseau d’acces du terminal de reseau local sans fil
CN101888630A (zh) 一种切换接入网的认证方法、系统和装置
US8819778B2 (en) Method and system for switching station in centralized WLAN when WPI is performed by access controller
US20240388910A1 (en) Trusted roaming for federation-based networks
US11310724B2 (en) Key management for fast transitions
CN115915315A (zh) 一种wapi无线网络快速漫游方法
WO2006074591A1 (fr) Reseau local sans fil et procede de realisation d'un transfert intercellulaire rapide de terminal mobile
WO2006074592A1 (fr) Procede et dispositif de prise en charge de reseaux logiques multiples dans un reseau wlan
WO2024145946A1 (fr) Appareil, procédé, et programme informatique
KR100473004B1 (ko) 공중 무선 랜의 동일 서브넷 내에서의 로밍 방법
WO2010130138A1 (fr) Procédé et système de commutation de station (sta) tout en établissant une infrastructure de confidentialité de réseau local sans fil (wpi) par un point terminal sans fil (wtp) dans un wlan convergent
WO2023093277A1 (fr) Procédé et système d'itinérance
WO2025073904A1 (fr) Procédé et appareil de fonctionnement en ensemble de services étendu (ess) mélangeant des applications (aps) de confidentialité de données améliorée et des aps non edp

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05824027

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 5824027

Country of ref document: EP

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载