CN102740290B - Pre-authentication and pre-configuration method and system thereof - Google Patents
Pre-authentication and pre-configuration method and system thereof Download PDFInfo
- Publication number
- CN102740290B CN102740290B CN201110080841.4A CN201110080841A CN102740290B CN 102740290 B CN102740290 B CN 102740290B CN 201110080841 A CN201110080841 A CN 201110080841A CN 102740290 B CN102740290 B CN 102740290B
- Authority
- CN
- China
- Prior art keywords
- access point
- virtual
- authentication
- virtual terminal
- request information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 230000004044 response Effects 0.000 claims description 103
- 230000006854 communication Effects 0.000 claims description 83
- 238000004891 communication Methods 0.000 claims description 82
- 230000027455 binding Effects 0.000 description 14
- 238000009739 binding Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 13
- 101100102456 Arabidopsis thaliana VCL1 gene Proteins 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 238000013475 authorization Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
Description
技术领域 technical field
本发明涉及移动通信领域,尤其涉及一种预认证和预配置方法及其系统。The invention relates to the field of mobile communication, in particular to a pre-authentication and pre-configuration method and system thereof.
背景技术 Background technique
当通信终端从802.11网络中的一个接入点安全地切换到另一个接入点时,必须与另一个接入点交换认证信息和配置信息,进行认证和配置后,才能成功连接。其中,基于802.1X的认证过程和基于动态主机配置协议(DynamicHost Configuration Protocol,DHCP)的配置过程是导致切换延时的两个主要因素。图1是现有技术中基于802.1X的802.11认证系统的示意图。如图1所示,局域网中的EAP(EAP Over LAN,EAPOL)架构通常包括认证者(即接入点)以及认证、授权和计费(Authentication Authorization and Accounting,AAA)服务器。认证者一般位于网络边缘位置,与AAA服务器通信相连。该构架提供对通信终端设备的认证授权功能,完整的EAP过程一般需要在请求者(通信终端)与认证者(接入点)之间、认证者与访问AAA服务器之间以及访问AAA服务器与家乡AAA服务器之间进行至少两个来回的交互,造成较长的延时,严重影响服务质量。通过认证授权后,进行配置的过程同样如此。When a communication terminal safely switches from one access point to another in the 802.11 network, it must exchange authentication information and configuration information with another access point, and then successfully connect after authentication and configuration. Among them, the authentication process based on 802.1X and the configuration process based on Dynamic Host Configuration Protocol (DynamicHost Configuration Protocol, DHCP) are the two main factors leading to the handover delay. FIG. 1 is a schematic diagram of an 802.11 authentication system based on 802.1X in the prior art. As shown in Figure 1, the EAP (EAP Over LAN, EAPOL) architecture in a local area network usually includes an authenticator (that is, an access point) and an authentication, authorization, and accounting (Authentication Authorization and Accounting, AAA) server. The authenticator is generally located at the edge of the network and communicates with the AAA server. This framework provides authentication and authorization functions for communication terminal equipment. The complete EAP process generally needs to be between the requester (communication terminal) and the authenticator (access point), between the authenticator and the access AAA server, and between the access AAA server and the hometown There are at least two round-trip interactions between AAA servers, causing a long delay and seriously affecting the quality of service. After passing the authentication and authorization, the process of configuration is the same.
在已有的802.11i标准中,采用预认证的方法来减少这种延时。图2是现有技术中802.11i预认证的示意图。如图2所示,在802.11i预认证中,通信终端(802.1X中的请求者实体)在进行切换前,通过当前连接的接入点与所有候选接入点(802.1X中的认证者实体)间进行身份认证。如果该通信终端切换到了一个经预认证的接入点,将不再需要与该接入点间进行身份认证,而只需花费很短时间执行密钥协商过程。In the existing 802.11i standard, a pre-authentication method is used to reduce this delay. Fig. 2 is a schematic diagram of 802.11i pre-authentication in the prior art. As shown in Figure 2, in 802.11i pre-authentication, the communication terminal (the supplicant entity in 802.1X) passes the currently connected access point and all candidate access points (authenticator entity in 802.1X) before handover ) for identity authentication. If the communication terminal switches to a pre-authenticated access point, it no longer needs to perform identity authentication with the access point, and only needs to spend a short time to execute the key negotiation process.
但是,现在使用的标准802.11i预认证仅仅工作在第二层(MAC层),当两个接入点间不能在MAC层中直接相互通信(例如跨子网和/或跨网域)时,通信终端从一个接入点切换到另一个接入点的预认证是不被支持的。However, the currently used standard 802.11i pre-authentication only works on the second layer (MAC layer). Pre-authentication of a communication terminal handover from one access point to another is not supported.
DHCP是一种简化主机IP地址配置管理的TCP/IP(Transmission ControlProtocol/Internet Protocol,传输控制/网际协议)标准。该标准为DHCP服务器的使用提供了一种有效的方法:即管理网络中通信终端IP地址的动态分配以及启用网络上DHCP客户机的相关配置信息。当通信终端从一个接入点切换到另一个接入点时,将从新连接的接入点处获得新的IP配置信息,这种配置信息的交互以及重新配置过程也将导致较长的延时,但是,现有技术中还没有用于减少这种切换延时的方法/装置。DHCP is a TCP/IP (Transmission Control Protocol/Internet Protocol) standard that simplifies the configuration and management of host IP addresses. This standard provides an effective method for the use of DHCP server: that is to manage the dynamic allocation of IP addresses of communication terminals in the network and enable the related configuration information of DHCP clients on the network. When a communication terminal switches from one access point to another, it will obtain new IP configuration information from the newly connected access point, and this configuration information interaction and reconfiguration process will also cause a long delay , However, there is no method/device for reducing the handover delay in the prior art.
发明内容 Contents of the invention
本发明要解决的技术问题在于,针对现有技术中无法减少跨子网和跨网域切换时由于认证和/或配置过程造成的延时这一缺陷,提供一种用于802.11网络中安全快速切换的预认证和预配置方法。The technical problem to be solved by the present invention is to provide a safe and fast method for 802.11 networks in view of the defect that the delay caused by the authentication and/or configuration process cannot be reduced in the prior art when switching between subnets and domains. Toggle pre-authentication and provisioning methods.
本发明解决其技术问题所采用的技术方案是:The technical solution adopted by the present invention to solve its technical problems is:
提供一种预认证方法,用于在通信终端从当前接入点切换到候选接入点前进行预认证,所述当前接入点和所述候选接入点属于同一网域的不同子网,所述方法包括:A pre-authentication method is provided, which is used to perform pre-authentication before a communication terminal switches from a current access point to a candidate access point, where the current access point and the candidate access point belong to different subnets of the same network domain, The methods include:
当前接入点从通信终端接收预认证请求信息,并通过第一虚拟终端将所述接收的预认证请求信息经由UDP通道传递给第二虚拟终端,所述第一虚拟终端位于当前接入点,所述第二虚拟终端位于候选接入点;The current access point receives the pre-authentication request information from the communication terminal, and transmits the received pre-authentication request information to the second virtual terminal through the UDP channel through the first virtual terminal, and the first virtual terminal is located at the current access point, The second virtual terminal is located at a candidate access point;
所述候选接入点通过所述第二虚拟终端经由UDP通道接收所述预认证请求信息进行认证,并通过所述第二虚拟终端经由UDP通道向所述当前接入点返回预认证响应信息;The candidate access point receives the pre-authentication request information through the UDP channel through the second virtual terminal for authentication, and returns the pre-authentication response information to the current access point through the second virtual terminal through the UDP channel;
所述当前接入点通过所述第一虚拟终端经由UDP通道从所述候选接入点接收所述预认证响应信息,并将所述预认证响应信息传递给所述通信终端。The current access point receives the pre-authentication response information from the candidate access point through the first virtual terminal via a UDP channel, and transmits the pre-authentication response information to the communication terminal.
本发明还提供一种预配置方法,用于在通信终端从当前接入点切换到候选接入点前进行预配置,所述当前接入点和所述候选接入点属于同一网域的不同子网,所述方法包括:The present invention also provides a preconfiguration method, which is used for performing preconfiguration before the communication terminal switches from the current access point to the candidate access point, the current access point and the candidate access point belong to different networks in the same network domain. subnet, the method comprising:
当前接入点从通信终端接收预配置请求信息,并通过第一虚拟终端将所述接收的预配置请求信息经由UDP通道传递给第二虚拟终端,所述第一虚拟终端位于当前接入点,所述第二虚拟终端位于候选接入点;The current access point receives the preconfiguration request information from the communication terminal, and transmits the received preconfiguration request information to the second virtual terminal through the UDP channel through the first virtual terminal, and the first virtual terminal is located at the current access point, The second virtual terminal is located at a candidate access point;
所述候选接入点通过所述第二虚拟终端经由UDP通道接收所述预配置请求信息进行配置,并通过所述第二虚拟终端经由UDP通道向所述当前接入点返回预配置响应信息;The candidate access point configures by receiving the pre-configuration request information through the UDP channel through the second virtual terminal, and returns pre-configuration response information to the current access point through the second virtual terminal through the UDP channel;
所述当前接入点通过所述第一虚拟终端经由UDP通道从所述候选接入点接收所述预配置响应信息,并将所述预配置响应信息传递给所述通信终端进行预配置。The current access point receives the preconfiguration response information from the candidate access point through the first virtual terminal via a UDP channel, and transmits the preconfiguration response information to the communication terminal for preconfiguration.
本发明一种预配置方法中,包括在发送预配置请求信息给当前接入点前,修改所述预配置请求信息的目标MAC地址为所述获选接入点的MAC地址,且修改所述预配置请求信息的以太型码;在发送预配置请求信息给所述候选接入点前,恢复所述预配置请求信息的以太型码。In a pre-configuration method of the present invention, it includes modifying the target MAC address of the pre-configuration request information to be the MAC address of the selected access point before sending the pre-configuration request information to the current access point, and modifying the The Ethernet type code of the preconfiguration request information; before sending the preconfiguration request information to the candidate access point, restore the Ethernet type code of the preconfiguration request information.
本发明还提供一种预认证方法,用于在通信终端从当前接入点切换到候选接入点前进行预认证,所述当前接入点和所述候选接入点属于不同网域,所述方法包括:The present invention also provides a pre-authentication method, which is used for performing pre-authentication before the communication terminal switches from the current access point to the candidate access point, the current access point and the candidate access point belong to different network domains, so The methods described include:
当前接入点从通信终端接收预认证请求信息,并通过第一虚拟终端将所述接收的预认证请求信息经由UDP通道传递给第一虚拟服务器,所述第一虚拟终端位于当前接入点,所述第一虚拟服务器和所述当前接入点属于同一网域;The current access point receives the pre-authentication request information from the communication terminal, and transmits the received pre-authentication request information to the first virtual server through the UDP channel through the first virtual terminal, and the first virtual terminal is located at the current access point, The first virtual server and the current access point belong to the same network domain;
第三虚拟服务器通过UDP通道从所述第一虚拟服务器接收所述预认证请求信息,并通过UDP通道将所述预认证请求信息传递给第三虚拟终端,所述第三虚拟服务器与候选接入点属于同一网域,所述第三虚拟终端位于所述候选接入点;The third virtual server receives the pre-authentication request information from the first virtual server through the UDP channel, and transmits the pre-authentication request information to the third virtual terminal through the UDP channel, and the third virtual server and the candidate access points belong to the same network domain, and the third virtual terminal is located at the candidate access point;
所述候选接入点通过所述第三虚拟终端经由所述UDP通道接收所述预认证请求信息,并通过所述第三虚拟终端经由所述UDP通道向所述第三虚拟服务器返回预认证响应信息;The candidate access point receives the pre-authentication request information through the UDP channel through the third virtual terminal, and returns a pre-authentication response to the third virtual server through the UDP channel through the third virtual terminal information;
所述第三虚拟服务器通过UDP通道从所述第三虚拟终端接收所述预认证响应信息,并通过UDP通道将所述预认证响应信息传递给所述第一虚拟服务器;The third virtual server receives the pre-authentication response information from the third virtual terminal through a UDP channel, and transmits the pre-authentication response information to the first virtual server through a UDP channel;
所述当前接入点通过所述第一虚拟终端经由UDP通道从所述第一虚拟服务器接收所述预认证响应信息,并将所述预认证响应信息传递给所述通信终端。The current access point receives the pre-authentication response information from the first virtual server via the UDP channel through the first virtual terminal, and transmits the pre-authentication response information to the communication terminal.
本发明还提供一种预配置方法,用于在通信终端从当前接入点切换到候选接入点前进行预配置,所述当前接入点和所述候选接入点属于不同网域,包括:The present invention also provides a preconfiguration method, which is used for performing preconfiguration before the communication terminal switches from the current access point to the candidate access point, the current access point and the candidate access point belong to different network domains, including :
当前接入点从通信终端接收预配置请求信息,并通过第一虚拟终端将所述接收的预配置请求信息经由UDP通道传递给第一虚拟配置服务器,所述第一虚拟终端位于当前接入点,所述第一虚拟配置服务器和所述当前接入点属于同一网域;The current access point receives the preconfiguration request information from the communication terminal, and transmits the received preconfiguration request information to the first virtual configuration server via the UDP channel through the first virtual terminal, and the first virtual terminal is located at the current access point , the first virtual configuration server and the current access point belong to the same network domain;
第三虚拟配置服务器通过UDP通道从所述第一虚拟配置服务器接收所述预配置请求信息,并通过UDP通道将所述预配置请求信息传递给第三虚拟终端,所述第三虚拟配置服务器与候选接入点属于同一网域且与所述第一虚拟配置服务器属于不同网域,所述第三虚拟终端位于所述候选接入点;The third virtual configuration server receives the preconfiguration request information from the first virtual configuration server through a UDP channel, and transmits the preconfiguration request information to a third virtual terminal through a UDP channel, and the third virtual configuration server and The candidate access point belongs to the same network domain and belongs to a different network domain from the first virtual configuration server, and the third virtual terminal is located at the candidate access point;
所述候选接入点通过所述第三虚拟终端经由所述UDP通道接收所述预配置请求信息,并通过所述第三虚拟终端经由所述UDP通道向所述第三虚拟配置服务器返回预配置响应信息;The candidate access point receives the preconfiguration request information through the UDP channel through the third virtual terminal, and returns the preconfiguration request information to the third virtual configuration server through the UDP channel through the third virtual terminal response message;
所述第三虚拟配置服务器通过UDP通道从所述第三虚拟终端接收所述预配置响应信息,并通过UDP通道将所述预配置响应信息传递给所述第一虚拟配置服务器;The third virtual configuration server receives the preconfiguration response information from the third virtual terminal through a UDP channel, and transmits the preconfiguration response information to the first virtual configuration server through a UDP channel;
所述当前接入点通过所述第一虚拟终端经由UDP通道从所述第一虚拟配置服务器接收所述预配置响应信息,并将所述预配置响应信息传递给所述通信终端进行预配置。The current access point receives the preconfiguration response information from the first virtual configuration server via the UDP channel through the first virtual terminal, and transmits the preconfiguration response information to the communication terminal for preconfiguration.
本发明一种预配置方法中,包括在发送预配置请求信息给当前接入点前,修改所述预配置请求信息的目标MAC地址为所述获选接入点的MAC地址,且修改所述预配置请求信息的以太型码;在发送预配置请求信息给所述候选接入点前,恢复所述预配置请求信息的以太型码。In a pre-configuration method of the present invention, it includes modifying the target MAC address of the pre-configuration request information to be the MAC address of the selected access point before sending the pre-configuration request information to the current access point, and modifying the The Ethernet type code of the preconfiguration request information; before sending the preconfiguration request information to the candidate access point, restore the Ethernet type code of the preconfiguration request information.
本发明还提供一种预认证和预配置系统,包括位于同一网域的不同子网内的当前接入点和至少一个候选接入点,还包括位于当前接入点的第一虚拟终端和位于候选接入点的第二虚拟终端;The present invention also provides a pre-authentication and pre-configuration system, which includes the current access point and at least one candidate access point located in different subnets of the same network domain, and also includes the first virtual terminal located at the current access point and the first virtual terminal located at the a second virtual terminal of the candidate access point;
所述第一虚拟终端用于通过UDP通道与所述第二虚拟终端进行预认证和/或预配置请求和/或响应信息的通信;The first virtual terminal is configured to communicate pre-authentication and/or pre-configuration request and/or response information with the second virtual terminal through a UDP channel;
所述第二虚拟终端用于通过UDP通道与所述第一虚拟终端进行所述预认证和/或预配置请求和/或响应信息的通信。The second virtual terminal is configured to communicate the pre-authentication and/or pre-configuration request and/or response information with the first virtual terminal through a UDP channel.
本发明用于预认证和预配置的系统中,所述第二虚拟终端还用于当所述预配置请求信息的以太型码被修改后,在转发所述预配置请求信息前恢复所述预配置请求信息的以太型码。In the pre-authentication and pre-configuration system of the present invention, the second virtual terminal is also used to restore the pre-configuration request information before forwarding the pre-configuration request information after the Ethernet code of the pre-configuration request information Ethercode of configuration request information.
本发明还提供一种预认证和预配置系统,包括位于不同网域的当前接入点和至少一个候选接入点,还包括位于当前接入点的第一虚拟终端、位于候选接入点的第三虚拟终端、与所述当前接入点属于同一网域的第一虚拟服务器以及与所述候选接入点属于同一网域的第三虚拟服务器;The present invention also provides a pre-authentication and pre-configuration system, which includes a current access point located in different network domains and at least one candidate access point, and also includes a first virtual terminal located at the current access point, a virtual terminal located at the candidate access point a third virtual terminal, a first virtual server belonging to the same network domain as the current access point, and a third virtual server belonging to the same network domain as the candidate access point;
所述第一虚拟终端用于通过UDP通道与所述第一虚拟服务器进行预认证和/或预配置请求和/或响应信息的通信;The first virtual terminal is used to communicate pre-authentication and/or pre-configuration request and/or response information with the first virtual server through a UDP channel;
所述第一虚拟服务器用于通过UDP通道分别与所述第一虚拟终端和第三虚拟服务器进行所述预认证和/或预配置请求和/或响应信息的通信;The first virtual server is configured to communicate the pre-authentication and/or pre-configuration request and/or response information with the first virtual terminal and the third virtual server respectively through a UDP channel;
所述第三虚拟服务器用于通过UDP通道分别与所述第一虚拟服务器和第三虚拟终端进行所述预认证和/或预配置请求和/或响应信息的通信;The third virtual server is configured to communicate the pre-authentication and/or pre-configuration request and/or response information with the first virtual server and the third virtual terminal respectively through a UDP channel;
所述第三虚拟终端用于通道UDP通道与所述第三虚拟服务器进行所述预认证和/或预配置请求和/或响应信息的通信。The third virtual terminal is used to communicate the pre-authentication and/or pre-configuration request and/or response information with the third virtual server through a UDP channel.
本发明用于预认证和预配置的系统中,所述第三虚拟终端还用于当所述预配置请求信息的以太型码被修改后,在转发所述预配置请求信息前恢复所述预配置请求信息的以太型码。In the pre-authentication and pre-configuration system of the present invention, the third virtual terminal is also used to restore the pre-configuration request information before forwarding the pre-configuration request information after the Ethernet code of the pre-configuration request information Ethercode of configuration request information.
本发明一种预认证和预配置方法及其系统的有益效果为:通过使用虚拟终端和/或虚拟服务器在UDP层发送与预认证和预配置相关的信息,能够快速安全地在同一网域的不同子网间甚至不同网域间进行切换,提高了通信服务的质量。The beneficial effects of a pre-authentication and pre-configuration method and its system of the present invention are: by using a virtual terminal and/or a virtual server to send information related to pre-authentication and pre-configuration at the UDP layer, it can be quickly and safely in the same network domain Switching between different subnets or even different network domains improves the quality of communication services.
附图说明 Description of drawings
下面将结合附图及实施例对本发明作进一步说明,附图中:The present invention will be further described below in conjunction with accompanying drawing and embodiment, in the accompanying drawing:
图1是现有技术中基于802.1X的802.11认证系统的示意图。FIG. 1 is a schematic diagram of an 802.11 authentication system based on 802.1X in the prior art.
图2是现有技术中802.11i预认证的示意图。Fig. 2 is a schematic diagram of 802.11i pre-authentication in the prior art.
图3是根据本发明一个实施例的用于跨子网切换的预认证方法的流程图;Fig. 3 is a flowchart of a pre-authentication method for cross-subnet handover according to an embodiment of the present invention;
图4是根据本发明一个实施例的用于跨网域切换的预认证方法的流程图;FIG. 4 is a flow chart of a pre-authentication method for handover across network domains according to an embodiment of the present invention;
图5是根据本发明一个实施例的预认证方法的流程图;FIG. 5 is a flowchart of a pre-authentication method according to an embodiment of the present invention;
图6是根据本发明一个实施例的用于跨子网切换的预配置方法的流程图;6 is a flow chart of a preconfiguration method for cross-subnet handover according to an embodiment of the present invention;
图7是根据本发明一个实施例的用于跨网域切换的预配置方法的流程图;FIG. 7 is a flow chart of a preconfiguration method for cross-network domain handover according to an embodiment of the present invention;
图8是根据本发明一个实施例的预配置方法的流程图;FIG. 8 is a flow chart of a preconfiguration method according to an embodiment of the present invention;
图9是根据本发明一个实施例的用于跨子网切换的预认证和预配置系统的示意图;9 is a schematic diagram of a pre-authentication and pre-configuration system for cross-subnet handover according to an embodiment of the present invention;
图10是根据本发明一个实施例的用于跨网域切换的预认证和预配置系统的示意图。Fig. 10 is a schematic diagram of a pre-authentication and pre-configuration system for cross-domain handover according to an embodiment of the present invention.
具体实施方式 Detailed ways
为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.
图3是根据本发明一个实施例的用于跨子网切换的预认证方法的流程图。在本实施例中,用于跨子网切换的预认证方法开始于步骤110。Fig. 3 is a flowchart of a pre-authentication method for inter-subnet handover according to an embodiment of the present invention. In this embodiment, the pre-authentication method for inter-subnet handover starts at step 110 .
在步骤110中,当前接入点从通信终端接收预认证请求信息,并通过第一虚拟终端将接收的预认证请求信息经由UDP通道传递给第二虚拟终端,其中第一虚拟终端位于当前接入点,第二虚拟终端位于候选接入点。预认证请求信息是标准的802.11i预认证信息,其中包含有源MAC地址和目的MAC地址。第一虚拟终端可以根据预认证请求信息得到目的虚拟终端的UDP地址(包括IP和UDP端口)。第一虚拟终端中可以预先配置有路由表,路由表中存储了MAC地址和虚拟终端/虚拟服务器地址间的全部绑定(binding)。路由表可以预先进行配置,例如对第一虚拟终端的路由表进行如下配置:{第二接入点的MAC地址=>第二虚拟终端的地址},第二接入点为至少一个候选接入点其中之一。还可以对路由表进行动态更新,例如可以将上行帧路由的逆向路由更新到路由表中,以便发送下行帧时使用。第一虚拟终端还可以从中央服务器查询所需路由,中央服务器中存储了同一网域中的所有接入点的全部绑定信息。第一虚拟终端可以根据候选接入点的MAC地址以及查找到的路由将预认证请求信息经由UDP通道发送给第二虚拟终端。In step 110, the current access point receives the pre-authentication request information from the communication terminal, and transmits the received pre-authentication request information to the second virtual terminal through the UDP channel through the first virtual terminal, wherein the first virtual terminal is located at the current access point. point, the second virtual terminal is located at the candidate access point. The pre-authentication request information is standard 802.11i pre-authentication information, which includes the source MAC address and the destination MAC address. The first virtual terminal can obtain the UDP address (including IP and UDP port) of the destination virtual terminal according to the pre-authentication request information. A routing table may be pre-configured in the first virtual terminal, and all bindings (binding) between MAC addresses and virtual terminal/virtual server addresses are stored in the routing table. The routing table can be configured in advance, for example, the routing table of the first virtual terminal is configured as follows: {MAC address of the second access point=>address of the second virtual terminal}, the second access point is at least one candidate access Click on one of them. The routing table can also be dynamically updated, for example, the reverse route of the uplink frame routing can be updated into the routing table for use when sending downlink frames. The first virtual terminal can also query the required route from the central server, where all binding information of all access points in the same network domain is stored. The first virtual terminal may send the pre-authentication request information to the second virtual terminal via the UDP channel according to the MAC address of the candidate access point and the found route.
在步骤120中,候选接入点通过第二虚拟终端经由UDP通道接收预认证请求信息进行认证,并通过第二虚拟终端经由UDP通道向当前接入点返回预认证响应信息。例如,候选接入点可以将预认证请求信息发送给同一网域的认证服务器AS1,AS1根据预认证请求信息对通信终端进行认证,生成包含认证密钥的预认证响应信息,并返回给候选接入点,候选接入点再通过第二虚拟终端经由UDP通道将预认证响应信息发送给当前接入点(即第一虚拟终端)。但是,这仅仅用于举例说明,而不用于限制,在本发明的各种实施例中,可以包括各种基于802.1X的认证方法。候选接入点向通信终端返回预认证响应信息的下行通信中,可以利用通信终端向候选接入点发送预认证请求信息的上行通信的逆向路由进行,第二虚拟终端和第一虚拟终端的功能相似,在此不再详细描述。In step 120, the candidate access point receives the pre-authentication request information through the UDP channel through the second virtual terminal for authentication, and returns the pre-authentication response information to the current access point through the second virtual terminal through the UDP channel. For example, the candidate access point can send the pre-authentication request information to the authentication server AS1 in the same network domain. AS1 authenticates the communication terminal according to the pre-authentication request information, generates the pre-authentication response information including the authentication key, and returns it to the candidate access point. The candidate access point then sends the pre-authentication response information to the current access point (that is, the first virtual terminal) via the UDP channel through the second virtual terminal. However, this is only for illustration rather than limitation, and various 802.1X-based authentication methods may be included in various embodiments of the present invention. In the downlink communication in which the candidate access point returns the pre-authentication response information to the communication terminal, the reverse route of the uplink communication in which the communication terminal sends the pre-authentication request information to the candidate access point can be used. The functions of the second virtual terminal and the first virtual terminal similar and will not be described in detail here.
在步骤130中,当前接入点通过第一虚拟终端经由UDP通道从候选接入点接收预认证响应信息,并将预认证响应信息传递给通信终端。通信终端可以存储并管理来自多个候选接入点的预认证响应信息,并在切换时选择相应的一个进行认证。由于切换前进行了预认证,在切换时的认证过程中只需进行认证密钥的协商,费时极少,提高了通信服务的质量。In step 130, the current access point receives the pre-authentication response information from the candidate access point via the UDP channel through the first virtual terminal, and transmits the pre-authentication response information to the communication terminal. The communication terminal can store and manage the pre-authentication response information from multiple candidate access points, and select a corresponding one for authentication when switching. Since the pre-authentication is performed before the handover, only the negotiation of the authentication key is needed in the handover authentication process, which consumes very little time and improves the quality of the communication service.
图4是根据本发明一个实施例的用于跨网域切换的预认证方法的流程图。在本实施例中,用于跨网域切换的预认证方法开始于步骤210。Fig. 4 is a flowchart of a pre-authentication method for inter-network domain handover according to an embodiment of the present invention. In this embodiment, the pre-authentication method for inter-network handover starts at step 210 .
在步骤210中,当前接入点从通信终端接收预认证请求信息,并通过第一虚拟终端将接收的预认证请求信息和候选接入点的附加网域信息(例如ESSID)一起经由UDP通道传递给第一虚拟服务器,第一虚拟终端位于当前接入点,第一虚拟服务器和当前接入点属于同一网域。In step 210, the current access point receives the pre-authentication request information from the communication terminal, and transmits the received pre-authentication request information together with the additional network domain information (such as ESSID) of the candidate access point through the UDP channel through the first virtual terminal For the first virtual server, the first virtual terminal is located at the current access point, and the first virtual server and the current access point belong to the same network domain.
在步骤220中,第三虚拟服务器通过UDP通道从第一虚拟服务器接收预认证请求信息,并通过UDP通道将预认证请求信息传递给第三虚拟终端,第三虚拟服务器与候选接入点属于同一网域且与第一虚拟服务器属于不同网域,第三虚拟终端位于候选接入点。其中,预认证请求信息是标准的802.11i预认证信息,其中包含有源MAC地址和目的MAC地址。。第一虚拟服务器根据附加网域信息(例如从第一虚拟服务器至第三虚拟服务器)将预认证请求信息传递给候选接入点所属网域中的第三虚拟服务器。例如,可以根据网域间的漫游协议在每个虚拟服务器上预先配置网域信息和相应虚拟服务器间的绑定,例如{“第三网域”=>第三虚拟服务器},还可以根据逆向路由更新虚拟服务器上的绑定信息。当附加网域信息表明该预认证请求信息的目的网域是第三网域时,第一虚拟服务器可以根据绑定信息将该预认证请求信息发送给第三虚拟服务器,其中第三网域即候选接入点所属网域。第三虚拟服务器接收预认证请求信息后,可以根据预认证请求信息得到目的虚拟终端的UDP地址(包括IP和UDP端口)。第三虚拟服务器中可以预先配置有路由表,路由表中存储了MAC地址和同一网域中所有接入点的全部绑定(binding)。路由表可以预先进行配置,例如对第三虚拟服务器的路由表进行如下配置:{第三接入点的MAC地址=>第三虚拟终端的地址},第三接入点为至少一个候选接入点其中之一。还可以对路由表进行动态更新,例如可以将上行帧路由的逆向路由更新到路由表中,以便发送下行帧时使用。第三虚拟服务器还可以从中央服务器查询所需路由,中央服务器中存储了同一网域中的所有接入点的全部绑定信息。第三虚拟服务器可以根据候选接入点的MAC地址以及查找到的路由将预认证请求信息经由UDP通道发送给第三虚拟终端。在上述上行通信过程中,虚拟终端和虚拟服务器可以在接收上行帧时,将被传递的源UDP地址(虚拟终端/虚拟服务器的UDP地址,包括IP和UDP端口)和源MAC地址(通信终端的MAC地址)逆向来更新相应的路由绑定。In step 220, the third virtual server receives the pre-authentication request information from the first virtual server through the UDP channel, and transmits the pre-authentication request information to the third virtual terminal through the UDP channel, and the third virtual server and the candidate access point belong to the same The network domain belongs to a different network domain from the first virtual server, and the third virtual terminal is located at the candidate access point. Wherein, the pre-authentication request information is standard 802.11i pre-authentication information, which includes the source MAC address and the destination MAC address. . The first virtual server transmits the pre-authentication request information to the third virtual server in the network domain to which the candidate access point belongs according to the additional network domain information (for example, from the first virtual server to the third virtual server). For example, the binding between network domain information and the corresponding virtual server can be pre-configured on each virtual server according to the roaming agreement between network domains, such as {"the third network domain" => the third virtual server}, and can also be based on the reverse Routing updates the binding information on the virtual server. When the additional network domain information indicates that the destination network domain of the pre-authentication request information is the third network domain, the first virtual server may send the pre-authentication request information to the third virtual server according to the binding information, wherein the third network domain is The network domain to which the candidate access point belongs. After receiving the pre-authentication request information, the third virtual server can obtain the UDP address (including IP and UDP port) of the destination virtual terminal according to the pre-authentication request information. A routing table may be pre-configured in the third virtual server, and the routing table stores MAC addresses and all bindings (bindings) of all access points in the same network domain. The routing table can be configured in advance, for example, the routing table of the third virtual server is configured as follows: {MAC address of the third access point=>address of the third virtual terminal}, the third access point is at least one candidate access point Click on one of them. The routing table can also be dynamically updated, for example, the reverse route of the uplink frame routing can be updated into the routing table for use when sending downlink frames. The third virtual server can also query the required route from the central server, and the central server stores all binding information of all access points in the same network domain. The third virtual server may send the pre-authentication request information to the third virtual terminal via the UDP channel according to the MAC address of the candidate access point and the found route. In the above-mentioned uplink communication process, when the virtual terminal and the virtual server receive the uplink frame, the source UDP address (the UDP address of the virtual terminal/virtual server, including IP and UDP port) and the source MAC address (the UDP address of the communication terminal) to be delivered MAC address) to update the corresponding routing binding in reverse.
在步骤230中,候选接入点通过第三虚拟终端经由UDP通道接收预认证请求信息,并通过第三虚拟终端经由UDP通道向第三虚拟服务器返回预认证响应信息。例如,候选接入点可以将预认证请求信息发送给同一网域的认证服务器AS3,AS3根据预认证请求信息对通信终端进行认证,生成包含认证密钥的预认证响应信息,并返回给候选接入点,候选接入点再通过第三虚拟终端经由UDP通道将预认证响应信息发送给第三虚拟服务器。但是,这仅仅用于举例说明,而不用于限制,在本发明的各种实施例中,可以包括各种基于802.1X的认证方法。In step 230, the candidate access point receives the pre-authentication request information through the UDP channel through the third virtual terminal, and returns the pre-authentication response information to the third virtual server through the UDP channel through the third virtual terminal. For example, the candidate access point can send the pre-authentication request information to the authentication server AS3 in the same network domain. AS3 authenticates the communication terminal according to the pre-authentication request information, generates the pre-authentication response information including the authentication key, and returns it to the candidate access point. The candidate access point sends the pre-authentication response information to the third virtual server through the UDP channel through the third virtual terminal. However, this is only for illustration rather than limitation, and various 802.1X-based authentication methods may be included in various embodiments of the present invention.
在步骤240中,第三虚拟服务器通过UDP通道从第三虚拟终端接收预认证响应信息,并通过UDP通道将预认证响应信息传递给第一虚拟服务器。返回预认证响应信息的下行通信中,可以利用上述上行通信的逆向路由进行,第三虚拟终端和第一虚拟终端的功能相似,第三虚拟服务器和第一虚拟服务器的功能也相似,在此不再详细描述。In step 240, the third virtual server receives the pre-authentication response information from the third virtual terminal through the UDP channel, and transmits the pre-authentication response information to the first virtual server through the UDP channel. In the downlink communication returning the pre-authentication response information, the reverse route of the above-mentioned uplink communication can be used. The function of the third virtual terminal is similar to that of the first virtual terminal, and the function of the third virtual server is similar to that of the first virtual server. Describe in detail.
在步骤250中,当前接入点通过第一虚拟终端经由UDP通道从第一虚拟服务器接收所述预认证响应信息,并将预认证响应信息传递给通信终端。通信终端可以存储并管理来自多个候选接入点的预认证响应信息,并在切换时选择相应的一个进行认证。由于切换前进行了预认证,在切换时的认证过程中只需进行认证密钥的协商,费时极少,提高了通信服务的质量。In step 250, the current access point receives the pre-authentication response information from the first virtual server via the UDP channel through the first virtual terminal, and transmits the pre-authentication response information to the communication terminal. The communication terminal can store and manage the pre-authentication response information from multiple candidate access points, and select a corresponding one for authentication when switching. Since the pre-authentication is performed before the handover, only the negotiation of the authentication key is needed in the handover authentication process, which consumes very little time and improves the quality of the communication service.
图5是根据本发明一个实施例的预认证方法的流程图。在本实施例中,用于子网内/网域内跨子网/跨网域切换的预认证方法开始于步骤301。Fig. 5 is a flowchart of a pre-authentication method according to an embodiment of the present invention. In this embodiment, the pre-authentication method for inter-subnet/inter-network handover within a subnet/intra-network domain starts at step 301 .
在步骤301中,第一接入点从当前连接的通信终端接收预认证请求信息。在步骤302中,第一接入点根据预认证请求信息中的候选接入点地址判断对应的切换是子网内切换、网域内跨子网切换还是跨网域切换。In step 301, the first access point receives pre-authentication request information from the currently connected communication terminal. In step 302, the first access point determines whether the corresponding handover is an intra-subnet handover, an intra-network inter-subnet handover or an inter-network domain handover according to the candidate access point address in the pre-authentication request information.
若是子网内切换,执行步骤303。在步骤303中,第一接入点直接在MAC层中将预认证请求信息发送给相应的候选接入点。在步骤304中,候选接入点根据接收的预认证请求信息对该通信终端进行认证。在步骤305中,候选接入点向第一接入点返回预认证响应信息。在步骤306中,第一接入点将预认证响应信息发送给该通信终端。If it is an intra-subnet handover, go to step 303. In step 303, the first access point directly sends the pre-authentication request information to the corresponding candidate access point in the MAC layer. In step 304, the candidate access point authenticates the communication terminal according to the received pre-authentication request information. In step 305, the candidate access point returns pre-authentication response information to the first access point. In step 306, the first access point sends pre-authentication response information to the communication terminal.
若是网域内跨子网切换,执行步骤307。在步骤307中,第一接入点通过第一虚拟终端将接收的预认证请求信息通过UDP通道传递给候选接入点处的第二虚拟终端。在步骤308中,候选接入点通过第二虚拟终端经由UDP通道接收预认证请求信息,并进行认证。在步骤309中,候选接入点通过第二虚拟终端将预认证响应信息经由UDP通道传递给第一虚拟终端。在步骤310中,第一接入点通过第一虚拟终端经由UDP通道接收预认证响应信息,并将接收的预认证响应信息传递给发送预认证请求的通信终端以便在切换时进行快速认证。If it is inter-subnet switching within the network domain, go to step 307. In step 307, the first access point transmits the received pre-authentication request information to the second virtual terminal at the candidate access point through the UDP channel through the first virtual terminal. In step 308, the candidate access point receives the pre-authentication request information through the UDP channel through the second virtual terminal, and performs authentication. In step 309, the candidate access point transmits the pre-authentication response information to the first virtual terminal through the UDP channel through the second virtual terminal. In step 310, the first access point receives the pre-authentication response information via the UDP channel through the first virtual terminal, and transmits the received pre-authentication response information to the communication terminal sending the pre-authentication request for fast authentication during handover.
若是跨网域切换,执行步骤311。在步骤311中,第一接入点通过第一虚拟终端将接收的预认证请求信息和候选接入点的附加网域信息(例如ESSID)通过UDP通道传递给本网域的第一虚拟服务器。在步骤312中,第一虚拟服务器根据附加的网域信息通过UDP通道将预认证请求信息传递给与候选接入点属于同一网域的第三虚拟服务器。在步骤313中,第三虚拟服务器根据目的地MAC地址和预配置的路由表(虚拟服务器中存储有同一网域中的所有接入点的全部绑定)将预认证请求信息传递到位于候选接入点处的第三虚拟终端。在步骤314中,候选接入点通过第三虚拟终端经由UDP通道接收预认证请求信息,并进行认证。在步骤315中,候选接入点通过第三虚拟终端将预认证响应信息经由UDP通道传递给第三虚拟服务器。在步骤316中,第三虚拟服务器根据上行通信时的逆向路由通过UDP通道将预认证响应信息传递给第一虚拟服务器。在步骤317中,第一虚拟服务器通过UDP通道将接收的预认证响应信息传递给第一虚拟终端。在步骤318中,第一接入点通过第一虚拟终端经由UDP通道接收预认证响应信息,并将接收的预认证响应信息传递给发送预认证请求的通信终端以便在切换时进行快速认证。If switching across network domains, go to step 311. In step 311, the first access point transmits the received pre-authentication request information and the additional network domain information (such as ESSID) of the candidate access point to the first virtual server in the network domain through the UDP channel through the first virtual terminal. In step 312, the first virtual server transmits the pre-authentication request information to the third virtual server belonging to the same network domain as the candidate access point through the UDP channel according to the additional network domain information. In step 313, the third virtual server transmits the pre-authentication request information to the pre-authentication request information based on the destination MAC address and the pre-configured routing table (all bindings of all access points in the same network domain are stored in the virtual server). A third virtual terminal at the entry point. In step 314, the candidate access point receives the pre-authentication request information through the UDP channel through the third virtual terminal, and performs authentication. In step 315, the candidate access point transmits the pre-authentication response information to the third virtual server through the UDP channel through the third virtual terminal. In step 316, the third virtual server transmits the pre-authentication response information to the first virtual server through the UDP channel according to the reverse route during the uplink communication. In step 317, the first virtual server transmits the received pre-authentication response information to the first virtual terminal through a UDP channel. In step 318, the first access point receives the pre-authentication response information via the UDP channel through the first virtual terminal, and transmits the received pre-authentication response information to the communication terminal sending the pre-authentication request for quick authentication during handover.
图6是根据本发明一个实施例的用于跨子网切换的预配置方法的流程图。在本实施例中,用于跨子网切换的预配置方法开始于步骤410。Fig. 6 is a flowchart of a pre-configuration method for inter-subnet handover according to an embodiment of the present invention. In this embodiment, the pre-configuration method for inter-subnet handover starts at step 410 .
在步骤410中,当前接入点从通信终端接收预配置请求信息,并通过第一虚拟终端将接收的预配置请求信息经由UDP通道传递给第二虚拟终端,其中第一虚拟终端位于当前接入点,第二虚拟终端位于候选接入点。预配置请求信息中可以包括候选接入点或第二虚拟终端的地址信息(例如MAC地址)和DHCP信息。原始DHCP信息数据包包括底层数据包头,虚拟终端/虚拟服务器需要使用MAC地址。第一虚拟终端可以根据预配置请求信息得到目的虚拟终端的UDP地址(包括UDP和IP端口)。由位于通信终端或接入点的DHCP客户端生成的标准DHCP数据包的目标接入点的MAC是广播地址(0xfffffffffff),它不能由虚拟终端通过路由表路由。本发明中采用的DHCP数据包与标准DHCP数据包相比,除了将目的地MAC地址修改为候选接入点的MAC地址,实质内容并没有改变,因此不会影响协议流程。在大多数实施例中,位于接入点的DHCP服务器将接收很多预配置请求信息(又称为DHCP请求信息),这些DHCP请求信息的MAC地址可能与服务器的MAC地址并不相同。这会导致当前接入点上的DHCP服务器会接受并处理预配置请求信息。为了避免这种情况,在本发明的一些实施例中,可以修改预配置请求信息的目标MAC地址为获选接入点的MAC地址,且可以改变通信终端的DHCP客户端发送的DHCP信息的MAC层的以太型码(即IP为0x0800),只要将其改为未使用的形式即可。In step 410, the current access point receives the preconfiguration request information from the communication terminal, and transmits the received preconfiguration request information to the second virtual terminal through the UDP channel through the first virtual terminal, wherein the first virtual terminal is located in the current access point. point, the second virtual terminal is located at the candidate access point. The preconfiguration request information may include address information (such as MAC address) and DHCP information of the candidate access point or the second virtual terminal. The original DHCP information packet includes the underlying packet header, and the virtual terminal/virtual server needs to use the MAC address. The first virtual terminal can obtain the UDP address (including UDP and IP port) of the destination virtual terminal according to the pre-configuration request information. The MAC of the target access point of the standard DHCP packet generated by the DHCP client located at the communication terminal or access point is the broadcast address (0xfffffffffff), which cannot be routed by the virtual terminal through the routing table. Compared with the standard DHCP data packet, the DHCP data packet adopted in the present invention does not change the essential content except that the destination MAC address is changed to the MAC address of the candidate access point, so the protocol flow will not be affected. In most embodiments, the DHCP server located at the access point will receive many pre-configuration request messages (also called DHCP request messages), and the MAC addresses of these DHCP request messages may be different from the MAC address of the server. This will cause the DHCP server on the current access point to accept and process the provisioning request message. In order to avoid this situation, in some embodiments of the present invention, the target MAC address of the pre-configuration request information can be modified to be the MAC address of the selected access point, and the MAC address of the DHCP information sent by the DHCP client of the communication terminal can be changed. Layer Ethernet type code (ie IP is 0x0800), as long as it is changed to an unused form.
在步骤420中,候选接入点通过第二虚拟终端经由UDP通道接收预配置请求信息进行配置,并通过第二虚拟终端经由UDP通道向当前接入点返回预配置响应信息。例如,候选接入点可以将预配置请求信息发送给同一网域的配置服务器,配置服务器根据预配置请求信息对通信终端进行配置,生成包含配置信息的预配置响应信息,并返回给候选接入点,候选接入点再通过第二虚拟终端经由UDP通道将预配置响应信息发送给当前接入点(即第一虚拟终端)。但是,这仅仅用于举例说明,而不用于限制,在本发明的各种实施例中,可以包括各种基于DHCP的配置方法。另外,若在上述步骤410中改变了以太型码,为了不影响DHCP服务器的响应,第二虚拟终端在将预配置请求信息发送给配置者之前,要将预配置请求信息的MAC层的以太型码修改还原。In step 420, the candidate access point performs configuration by receiving the preconfiguration request information through the UDP channel through the second virtual terminal, and returns the preconfiguration response information to the current access point through the UDP channel through the second virtual terminal. For example, the candidate access point can send the pre-configuration request information to the configuration server in the same network domain, and the configuration server configures the communication terminal according to the pre-configuration request information, generates a pre-configuration response information containing the configuration information, and returns it to the candidate access point point, the candidate access point then sends the preconfiguration response information to the current access point (that is, the first virtual terminal) via the UDP channel through the second virtual terminal. However, this is only for illustration and not for limitation. In various embodiments of the present invention, various configuration methods based on DHCP may be included. In addition, if the Ethernet type code is changed in the above step 410, in order not to affect the response of the DHCP server, the second virtual terminal should send the Ethernet type code of the MAC layer of the pre-configuration request information before sending the pre-configuration request information to the configurer. Code modification restore.
在步骤430中,当前接入点通过第一虚拟终端经由UDP通道从候选接入点接收预配置响应信息,并将预配置响应信息传递给通信终端。通信终端可以存储并管理来自多个候选接入点的预配置响应信息,并在切换时选择合适的一个进行配置。由于切换前进行了预配置,节省了切换时进行配置的时间,减少了时延,提高了通信服务的质量。In step 430, the current access point receives the preconfiguration response information from the candidate access point via the UDP channel through the first virtual terminal, and transmits the preconfiguration response information to the communication terminal. The communication terminal can store and manage pre-configuration response information from multiple candidate access points, and select an appropriate one for configuration when switching. Since the pre-configuration is carried out before the handover, the configuration time during the handover is saved, the time delay is reduced, and the quality of the communication service is improved.
图7是根据本发明一个实施例的用于跨网域切换的预配置方法的流程图。在本实施例中,用于跨网域切换的预配置方法开始于步骤510。Fig. 7 is a flow chart of a pre-configuration method for inter-network handover according to an embodiment of the present invention. In this embodiment, the preconfiguration method for inter-network handover starts at step 510 .
在步骤510中,当前接入点从通信终端接收预配置请求信息,并通过第一虚拟终端将接收的预配置请求信息和候选接入点的附加网域信息(例如ESSID)一起经由UDP通道传递给第一虚拟服务器,第一虚拟终端位于当前接入点,第一虚拟服务器和当前接入点属于同一网域。预配置请求信息中可以包括候选接入点或第三虚拟终端的地址信息(例如MAC地址)和DHCP信息。原始DHCP信息数据包包括底层数据包头,虚拟终端/虚拟服务器需要使用MAC地址。第一虚拟终端可以根据预配置请求信息得到目的虚拟终端的UDP地址(包括UDP和IP端口)。由位于通信终端或接入点的DHCP客户端生成的标准DHCP数据包的目标接入点的MAC是广播地址(0xfffffffffff),它不能由虚拟终端通过路由表路由。本发明中采用的DHCP数据包与标准DHCP数据包相比,除了将目的地MAC地址修改为目标接入点的MAC地址,实质内容并没有改变,因此不会影响协议流程。在大多数实施例中,位于接入点的DHCP服务器将接收很多预配置请求信息(又称为DHCP请求信息),这些DHCP请求信息的MAC地址可能与服务器的MAC地址并不相同。这会导致当前接入点上的DHCP服务器会接受并处理预配置请求信息。为了避免这种情况,在本发明的一些实施例中,可以改变通信终端的DHCP客户端发送的DHCP信息的MAC层的以太型码(即IP为0x0800),只要将其改为未使用的形式即可。In step 510, the current access point receives the provisioning request information from the communication terminal, and transmits the received provisioning request information and the additional network domain information (such as ESSID) of the candidate access point through the UDP channel through the first virtual terminal For the first virtual server, the first virtual terminal is located at the current access point, and the first virtual server and the current access point belong to the same network domain. The preconfiguration request information may include address information (such as MAC address) and DHCP information of the candidate access point or the third virtual terminal. The original DHCP information packet includes the underlying packet header, and the virtual terminal/virtual server needs to use the MAC address. The first virtual terminal can obtain the UDP address (including UDP and IP port) of the destination virtual terminal according to the pre-configuration request information. The MAC of the target access point of the standard DHCP packet generated by the DHCP client located at the communication terminal or access point is the broadcast address (0xfffffffffff), which cannot be routed by the virtual terminal through the routing table. Compared with the standard DHCP data packet, the DHCP data packet adopted in the present invention does not change the essential content except that the destination MAC address is changed to the MAC address of the target access point, so the protocol flow will not be affected. In most embodiments, the DHCP server located at the access point will receive many pre-configuration request messages (also called DHCP request messages), and the MAC addresses of these DHCP request messages may be different from the MAC address of the server. This will cause the DHCP server on the current access point to accept and process the provisioning request message. In order to avoid this situation, in some embodiments of the present invention, it is possible to change the Ethernet type code (that is, IP is 0x0800) of the MAC layer of the DHCP information sent by the DHCP client of the communication terminal, as long as it is changed into an unused form That's it.
在步骤520中,第三虚拟服务器通过UDP通道从第一虚拟服务器接收预配置请求信息,并通过UDP通道将预配置请求信息传递给第三虚拟终端,第三虚拟服务器与候选接入点属于同一网域且与第一虚拟服务器属于不同网域,第三虚拟终端位于候选接入点。其中,预配置请求信息中可以包括候选接入点或第三虚拟终端的地址信息(例如MAC地址)和DHCP信息。第一虚拟服务器根据附加网域信息(例如从第一虚拟服务器至第三虚拟服务器)将预配置请求信息传递给候选接入点所属网域中的第三虚拟服务器。例如,可以根据网域间的漫游协议在每个虚拟服务器上预先配置网域信息和相应虚拟服务器间的绑定,例如{“第三网域”=>第三虚拟服务器},还可以根据逆向路由更新虚拟服务器上的绑定信息。当附加网域信息表明该预配置请求信息的目的网域是第三网域时,第一虚拟服务器可以根据绑定信息将该预配置请求信息发送给第三虚拟服务器,其中第三网域即候选接入点所属网域。In step 520, the third virtual server receives the preconfiguration request information from the first virtual server through the UDP channel, and transmits the preconfiguration request information to the third virtual terminal through the UDP channel, and the third virtual server and the candidate access point belong to the same The network domain belongs to a different network domain from the first virtual server, and the third virtual terminal is located at the candidate access point. Wherein, the preconfiguration request information may include address information (such as MAC address) and DHCP information of the candidate access point or the third virtual terminal. The first virtual server transmits the preconfiguration request information to the third virtual server in the network domain to which the candidate access point belongs according to the additional network domain information (for example, from the first virtual server to the third virtual server). For example, the binding between network domain information and the corresponding virtual server can be pre-configured on each virtual server according to the roaming agreement between network domains, such as {"the third network domain" => the third virtual server}, and can also be based on the reverse Routing updates the binding information on the virtual server. When the additional network domain information indicates that the destination network domain of the preconfiguration request information is the third network domain, the first virtual server may send the preconfiguration request information to the third virtual server according to the binding information, wherein the third network domain is The network domain to which the candidate access point belongs.
在步骤530中,候选接入点通过第三虚拟终端经由UDP通道接收预配置请求信息,并通过第三虚拟终端经由UDP通道向第三虚拟服务器返回预配置响应信息。若在上述步骤510中改变了以太型码,为了不影响DHCP服务器的运行,第三虚拟终端在将预配置请求信息发送给配置者之前,要将预配置请求信息的MAC层的以太型码修改还原。另外,候选接入点可以将预配置请求信息发送给同一网域的配置服务器,配置服务器根据预配置请求信息对通信终端进行配置,生成包含配置信息的预配置响应信息,并返回给候选接入点,候选接入点再通过第三虚拟终端经由UDP通道将预配置响应信息发送给第三虚拟服务器。但是,这仅仅用于举例说明,而不用于限制,在本发明的各种实施例中,可以包括各种基于DHCP的配置方法。In step 530, the candidate access point receives the preconfiguration request information through the UDP channel through the third virtual terminal, and returns the preconfiguration response information to the third virtual server through the UDP channel through the third virtual terminal. If the Ethernet type code is changed in the above step 510, in order not to affect the operation of the DHCP server, the third virtual terminal will modify the Ethernet type code of the MAC layer of the pre-configuration request information before sending the pre-configuration request information to the configurator. reduction. In addition, the candidate access point can send the pre-configuration request information to the configuration server in the same network domain, and the configuration server configures the communication terminal according to the pre-configuration request information, generates a pre-configuration response information containing the configuration information, and returns it to the candidate access point point, the candidate access point sends the preconfiguration response information to the third virtual server through the UDP channel through the third virtual terminal. However, this is only for illustration and not for limitation. In various embodiments of the present invention, various configuration methods based on DHCP may be included.
在步骤540中,第三虚拟服务器通过UDP通道从第三虚拟终端接收预配置响应信息,并通过UDP通道将预配置响应信息传递给第一虚拟服务器。返回预配置响应信息的下行通信中,可以利用上述上行通信的逆向路由进行,第三虚拟终端和第一虚拟终端的功能相似,第三虚拟服务器和第一虚拟服务器的功能也相似,在此不再详细描述。In step 540, the third virtual server receives the preconfiguration response information from the third virtual terminal through the UDP channel, and transmits the preconfiguration response information to the first virtual server through the UDP channel. In the downlink communication of returning the pre-configuration response information, the reverse route of the above-mentioned uplink communication can be used. The function of the third virtual terminal is similar to that of the first virtual terminal, and the function of the third virtual server is also similar to that of the first virtual server. Describe in detail.
在步骤550中,当前接入点通过第一虚拟终端经由UDP通道从第一虚拟服务器接收所述预配置响应信息,并将预配置响应信息传递给通信终端。通信终端可以存储并管理来自多个候选接入点的预配置响应信息,并在切换时选择合适的一个进行配置。由于切换前进行了预配置,节省了切换时进行配置的时间,减少了时延,提高了通信服务的质量。In step 550, the current access point receives the preconfiguration response information from the first virtual server via the UDP channel through the first virtual terminal, and transmits the preconfiguration response information to the communication terminal. The communication terminal can store and manage pre-configuration response information from multiple candidate access points, and select an appropriate one for configuration when switching. Since the pre-configuration is carried out before the handover, the configuration time during the handover is saved, the time delay is reduced, and the quality of the communication service is improved.
图8是根据本发明一个实施例的预配置方法的流程图。在本实施例中,用于子网内/网域内跨子网/跨网域切换的预配置方法开始于步骤601。Fig. 8 is a flowchart of a provisioning method according to an embodiment of the present invention. In this embodiment, the preconfiguration method for inter-subnet/inter-network handover within a subnet/intra-network domain starts at step 601 .
在步骤601中,第一接入点从当前连接的通信终端接收预配置请求信息。在步骤602中,第一接入点根据预配置请求信息中的候选接入点地址判断对应的切换是子网内切换、网域内跨子网切换还是跨网域切换。In step 601, the first access point receives preconfiguration request information from a currently connected communication terminal. In step 602, the first access point determines whether the corresponding handover is an intra-subnet handover, an intra-network inter-subnet handover or an inter-network domain handover according to the candidate access point address in the pre-configuration request information.
若是子网内切换,执行步骤603。在步骤603中,第一接入点直接在MAC层中将预配置请求信息发送给相应的候选接入点。在步骤604中,候选接入点根据接收的预配置请求信息对该通信终端进行配置。在步骤605中,候选接入点向第一接入点返回预配置响应信息。在步骤606中,第一接入点将预配置响应信息发送给该通信终端。If it is an intra-subnet handover, go to step 603. In step 603, the first access point directly sends the preconfiguration request information to the corresponding candidate access point in the MAC layer. In step 604, the candidate access point configures the communication terminal according to the received pre-configuration request information. In step 605, the candidate access point returns preconfiguration response information to the first access point. In step 606, the first access point sends preconfiguration response information to the communication terminal.
若是网域内跨子网切换,执行步骤607。在步骤607中,第一接入点通过第一虚拟终端将接收的预配置请求信息通过UDP通道传递给候选接入点处的第二虚拟终端。在步骤608中,候选接入点通过第二虚拟终端经由UDP通道接收预配置请求信息,并进行配置。在步骤609中,候选接入点通过第二虚拟终端将预配置响应信息经由UDP通道传递给第一虚拟终端;在步骤610中,第一接入点通过第一虚拟终端经由UDP通道接收预配置响应信息,并将接收的预配置响应信息传递给发送预配置请求的通信终端以便在切换时进行快速配置。If the intra-network handover is performed across subnets, step 607 is performed. In step 607, the first access point transmits the received preconfiguration request information to the second virtual terminal at the candidate access point through the UDP channel through the first virtual terminal. In step 608, the candidate access point receives the preconfiguration request information through the UDP channel through the second virtual terminal, and performs configuration. In step 609, the candidate access point transmits the preconfiguration response information to the first virtual terminal through the UDP channel through the second virtual terminal; in step 610, the first access point receives the preconfiguration response information through the UDP channel through the first virtual terminal Response information, and pass the received pre-configuration response information to the communication terminal that sent the pre-configuration request for quick configuration during handover.
若是跨网域切换,执行步骤611。在步骤611中,第一接入点通过第一虚拟终端将接收的预配置请求信息和候选接入点的附加网域信息(例如ESSID)通过UDP通道传递给本网域的第一虚拟服务器。在步骤612中,第一虚拟服务器根据附加的网域信息通过UDP通道将预配置请求信息传递给与候选接入点属于同一网域的第三虚拟服务器。在步骤613中,第三虚拟服务器将预配置请求信息传递到位于候选接入点处的第三虚拟终端。在步骤614中,候选接入点通过第三虚拟终端经由UDP通道接收预配置请求信息,并进行配置。在步骤615中,候选接入点通过第三虚拟终端将预配置响应信息经由UDP通道传递给第三虚拟服务器。在步骤616中,第三虚拟服务器通过UDP通道将预配置响应信息传递给第一虚拟服务器。在步骤617中,第一虚拟服务器通过UDP通道将接收的预配置响应信息传递给第一虚拟终端。在步骤618中,第一接入点通过第一虚拟终端经由UDP通道接收预配置响应信息,并将接收的预配置响应信息传递给发送预配置请求的通信终端以便在切换时进行快速配置。If it is switching across network domains, go to step 611. In step 611, the first AP transmits the received pre-configuration request information and additional network domain information (such as ESSID) of the candidate AP to the first virtual server in the network domain through the UDP channel through the first virtual terminal. In step 612, the first virtual server transmits the preconfiguration request information to the third virtual server belonging to the same network domain as the candidate access point through the UDP channel according to the additional network domain information. In step 613, the third virtual server transmits the preconfiguration request information to the third virtual terminal located at the candidate access point. In step 614, the candidate access point receives the preconfiguration request information through the UDP channel through the third virtual terminal, and performs configuration. In step 615, the candidate access point transmits the preconfiguration response information to the third virtual server through the UDP channel through the third virtual terminal. In step 616, the third virtual server transmits the preconfiguration response information to the first virtual server through the UDP channel. In step 617, the first virtual server transmits the received preconfiguration response information to the first virtual terminal through a UDP channel. In step 618, the first access point receives the pre-configuration response information via the UDP channel through the first virtual terminal, and transmits the received pre-configuration response information to the communication terminal that sent the pre-configuration request for quick configuration during handover.
图6-8所示的预配置方法和图3-5所示的预认证方法除了传递的内容不同外(预认证传递的是802.11i预认证帧,预配置传递的是DHCP数据包),其它大致相同。The pre-configuration method shown in Figure 6-8 is different from the pre-authentication method shown in Figure 3-5 (802.11i pre-authentication frames are passed for pre-authentication, and DHCP packets are passed for pre-configuration). Much the same.
图9是根据本发明一个实施例的用于跨子网切换的预配置和预配置系统的示意图。在本实施例中,预认证和预配置系统包括位于同一网域的不同子网内的当前接入点和至少一个候选接入点(如图9所示,位于第一子网内的第一接入点AP1和位于第二子网内的第二接入点AP2),还包括位于当前接入点的第一虚拟终端VCL1和位于候选接入点的第二虚拟终端VCL2。FIG. 9 is a schematic diagram of pre-configuration and a pre-configuration system for inter-subnet handover according to an embodiment of the present invention. In this embodiment, the pre-authentication and pre-configuration system includes the current access point and at least one candidate access point located in different subnets of the same network domain (as shown in FIG. 9, the first The access point AP1 and the second access point AP2 located in the second subnet) further include a first virtual terminal VCL1 located at the current access point and a second virtual terminal VCL2 located at the candidate access point.
VCL1用于通过UDP通道与VCL2进行预认证和/或预配置请求和/或响应信息的通信。VCL2可以用于通过UDP通道与VCL1进行所述预认证和/或预配置请求和/或响应信息的通信。VCL2还可以用于当预配置请求信息的以太型码被修改后,在转发该预配置请求信息前恢复该预配置请求信息的以太型码。具体过程可以参考针对图3和6的描述。VCL1可以在当前接入点上运行,VCL2可以在候选接入点上运行。尽管图9只示出了一个候选接入点AP2,但这仅仅是为了简化说明,而不用于限制,在本发明的各种实施例中,可以包括任意合适数量的候选接入点。VCL1 is used to communicate pre-authentication and/or pre-configuration request and/or response information with VCL2 through a UDP channel. VCL2 may be used to communicate the pre-authentication and/or pre-configuration request and/or response information with VCL1 through a UDP channel. The VCL2 can also be used to restore the Ethernet type code of the preconfiguration request information before forwarding the preconfiguration request information after the Ethernet type code of the preconfiguration request information is modified. For the specific process, reference may be made to the description of FIGS. 3 and 6 . VCL1 can run on the current access point, and VCL2 can run on the candidate access point. Although FIG. 9 only shows one candidate access point AP2, this is only for simplification of illustration and not for limitation. In various embodiments of the present invention, any suitable number of candidate access points may be included.
图10是根据本发明一个实施例的用于跨网域切换的预配置和预配置系统的示意图。在本实施例中,预认证和预配置系统包括位于不同网域的当前接入点和至少一个候选接入点(如图10所示,位于第一网域的当前接入点AP1和位于第二网域的候选接入点AP3),还包括位于当前接入点的第一虚拟终端VCL1、位于候选接入点的第三虚拟终端VCL3、与当前接入点属于同一网域的第一虚拟服务器VS1以及与候选接入点属于同一网域的第三虚拟服务器VS3。Fig. 10 is a schematic diagram of pre-configuration and pre-configuration system for cross-domain handover according to an embodiment of the present invention. In this embodiment, the pre-authentication and pre-configuration system includes current access points located in different network domains and at least one candidate access point (as shown in FIG. 10, the current access point AP1 located in the first network domain and the current access point AP1 located in the The candidate access point AP3 of the second network domain also includes the first virtual terminal VCL1 located at the current access point, the third virtual terminal VCL3 located at the candidate access point, and the first virtual terminal VCL3 belonging to the same network domain as the current access point. The server VS1 and the third virtual server VS3 belonging to the same network domain as the candidate access point.
VCL1用于通过UDP通道与VS 1进行预认证和/或预配置请求和/或响应信息的通信。VS1用于通过UDP通道分别与VCL1和VS3进行所述预认证和/或预配置请求和/或响应信息的通信。VS3用于通过UDP通道分别与VS1和VCL3进行预认证和/或预配置请求和/或响应信息的通信。VCL3用于通道UDP通道与VS3进行预认证和/或预配置请求和/或响应信息的通信。VCL3还可以用于当预配置请求信息的以太型码被修改后,在转发该预配置请求信息前恢复该预配置请求信息的以太型码。具体过程可以参考针对图4和7的描述。VCL1可以在当前接入点上运行,VCL3可以在候选接入点上运行。VS1和VS3分别可以在相应的服务器上运行,例如认证服务器。尽管图10只示出了一个候选接入点AP3,但这仅仅是为了简化说明,而不用于限制,在本发明的各种实施例中,可以包括任意合适数量的候选接入点。VCL1 is used to communicate pre-authentication and/or pre-configuration request and/or response information with VS 1 through UDP channel. VS1 is used to communicate the pre-authentication and/or pre-configuration request and/or response information with VCL1 and VS3 respectively through the UDP channel. VS3 is used to communicate pre-authentication and/or pre-configuration request and/or response information with VS1 and VCL3 respectively through the UDP channel. VCL3 is used for communication of pre-authentication and/or pre-configuration request and/or response information with VS3 through UDP channel. The VCL3 can also be used to restore the Ethernet type code of the preconfiguration request information before forwarding the preconfiguration request information after the Ethernet type code of the preconfiguration request information is modified. For the specific process, reference may be made to the description of FIGS. 4 and 7 . VCL1 can run on the current access point, and VCL3 can run on the candidate access point. VS1 and VS3 can run on corresponding servers, such as authentication servers. Although FIG. 10 only shows one candidate access point AP3, this is only for simplification of illustration and not for limitation. In various embodiments of the present invention, any suitable number of candidate access points may be included.
除了图9和图10所示的系统外,在本发明的其它实施例中,还可以将图9和图10所示的实施例相结合,同时实现跨子网和跨网域地安全快速切换。In addition to the systems shown in Fig. 9 and Fig. 10, in other embodiments of the present invention, the embodiments shown in Fig. 9 and Fig. 10 can also be combined to simultaneously realize safe and fast switching across subnets and cross-network domains .
总之,本发明通过引入两种新的实体虚拟终端和虚拟服务器,将标准802.11i预认证扩展到跨子网/跨网域情景中,且本发明支持具有标准DHCP(用于几乎所有的802.11网络中)的预配置以减少切换过程中的认证和配置延时。本发明还可以利用定位/路由机制结合MAC地址实现子网和/或网域间的接入点的通信,以便进行802.11i预配置和DHCP预配置,例如利用MAC地址来路由802.11i预认证信息和DHCP信息。同时本发明与现有标准802.11i和DHCP标准兼容,且不需修改现有网络侧的软件实体。In a word, the present invention extends standard 802.11i pre-authentication to cross-subnet/cross-domain scenarios by introducing two new types of entity virtual terminals and virtual servers, and the present invention supports Medium) to reduce authentication and configuration delays during handover. The present invention can also use the positioning/routing mechanism combined with the MAC address to realize the communication of the access points between subnets and/or network domains, so as to perform 802.11i pre-configuration and DHCP pre-configuration, for example, use the MAC address to route 802.11i pre-authentication information and DHCP information. At the same time, the invention is compatible with the existing standard 802.11i and the DHCP standard, and does not need to modify the software entity of the existing network side.
本发明应用于802.11(Wi-Fi)网络中,使其支持移动客户端的安全快速切换(子网内/网域内/跨子网/跨网域),以便更好地支持时间敏感度较高的应用,例如VoIP(Skype)。The present invention is applied in the 802.11 (Wi-Fi) network, so that it can support the safe and fast switching of the mobile client (intra-subnet/intra-network domain/cross-subnet/cross-network domain), so as to better support time-sensitive applications such as VoIP (Skype).
虽然本发明是通过具体实施例进行说明的,本领域技术人员应当明白,在不脱离本发明范围的情况下,还可以对本发明进行各种变换及等同替代。另外,针对特定情形或材料,可以对本发明做各种修改,而不脱离本发明的范围。因此,本发明不局限于所公开的具体实施例,而应当包括落入本发明权利要求范围内的全部实施方式。Although the present invention is described through specific embodiments, those skilled in the art should understand that various changes and equivalent substitutions can be made to the present invention without departing from the scope of the present invention. In addition, various modifications may be made to the invention for a particular situation or material without departing from the scope of the invention. Therefore, it is intended that the invention not be limited to the particular embodiments disclosed, but should include all implementations falling within the scope of the appended claims.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110080841.4A CN102740290B (en) | 2011-03-31 | 2011-03-31 | Pre-authentication and pre-configuration method and system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110080841.4A CN102740290B (en) | 2011-03-31 | 2011-03-31 | Pre-authentication and pre-configuration method and system thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102740290A CN102740290A (en) | 2012-10-17 |
| CN102740290B true CN102740290B (en) | 2015-03-11 |
Family
ID=46994895
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110080841.4A Active CN102740290B (en) | 2011-03-31 | 2011-03-31 | Pre-authentication and pre-configuration method and system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102740290B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2899927B1 (en) | 2013-12-06 | 2017-04-19 | Huawei Technologies Co., Ltd. | Method, device and system for implementing packet routing in network |
| CN107006068B (en) * | 2015-03-27 | 2020-09-11 | 华为技术有限公司 | Wireless access network equipment, configuration method and configuration device |
| CN105430695A (en) * | 2015-11-30 | 2016-03-23 | 中国联合网络通信集团有限公司 | AP switching method |
| BR112018013467B1 (en) * | 2015-12-30 | 2024-04-30 | Deutsche Telekom Ag | COMMUNICATION SYSTEM FOR COMMUNICATION IN A COMMUNICATION NETWORK |
| CN114697965B (en) * | 2020-12-30 | 2024-02-20 | 展讯半导体(南京)有限公司 | Configuration method and device of access equipment, storage medium, access equipment and server |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1969568A (en) * | 2004-01-22 | 2007-05-23 | 株式会社东芝 | Mobile architecture using pre-authentication, pre-configuration and/or virtual soft handover |
| CN101088300A (en) * | 2004-12-22 | 2007-12-12 | 艾利森电话股份有限公司 | Distributed Picocell Mobility |
| CN101107813A (en) * | 2004-04-28 | 2008-01-16 | 英特尔公司 | Apparatus, method and article for pre-authentication of wireless stations in a wireless local area network |
| CN101193427A (en) * | 2006-11-24 | 2008-06-04 | 中兴通讯股份有限公司 | Pre-authentication method for supporting quick switch |
| CN101828343A (en) * | 2007-10-17 | 2010-09-08 | Lg电子株式会社 | Method for handover between heterogeneous radio access networks |
| CN101841880A (en) * | 2010-05-14 | 2010-09-22 | 华中科技大学 | LTE and WLAN interconnecting system and switching method |
| CN101841811A (en) * | 2009-03-18 | 2010-09-22 | 华为技术有限公司 | Pre-authentication method, equipment and system |
| CN101951418A (en) * | 2010-09-30 | 2011-01-19 | 中兴通讯股份有限公司 | Method and device for realizing Internet surfing based on Wimax base stations |
-
2011
- 2011-03-31 CN CN201110080841.4A patent/CN102740290B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1969568A (en) * | 2004-01-22 | 2007-05-23 | 株式会社东芝 | Mobile architecture using pre-authentication, pre-configuration and/or virtual soft handover |
| CN101107813A (en) * | 2004-04-28 | 2008-01-16 | 英特尔公司 | Apparatus, method and article for pre-authentication of wireless stations in a wireless local area network |
| CN101088300A (en) * | 2004-12-22 | 2007-12-12 | 艾利森电话股份有限公司 | Distributed Picocell Mobility |
| CN101193427A (en) * | 2006-11-24 | 2008-06-04 | 中兴通讯股份有限公司 | Pre-authentication method for supporting quick switch |
| CN101828343A (en) * | 2007-10-17 | 2010-09-08 | Lg电子株式会社 | Method for handover between heterogeneous radio access networks |
| CN101841811A (en) * | 2009-03-18 | 2010-09-22 | 华为技术有限公司 | Pre-authentication method, equipment and system |
| CN101841880A (en) * | 2010-05-14 | 2010-09-22 | 华中科技大学 | LTE and WLAN interconnecting system and switching method |
| CN101951418A (en) * | 2010-09-30 | 2011-01-19 | 中兴通讯股份有限公司 | Method and device for realizing Internet surfing based on Wimax base stations |
Non-Patent Citations (1)
| Title |
|---|
| Cheng Chen,Jui-Chi Liang,Siao-Ting Wang,Shin-Ying Pan,Yin-Sh.Fast Handoff in Mobile Virtual Private Networks.《IEEE》.2006, * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102740290A (en) | 2012-10-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11652889B2 (en) | Communication method and communications device | |
| US11647452B2 (en) | Application-driven user slice selection for mobile networks | |
| US9961016B2 (en) | Method and apparatus for a mobile node to connect different access routers while maintaining a consistent network address | |
| KR100999761B1 (en) | Service and Address Management System and Method in LAN Interconnection | |
| JP5502905B2 (en) | Method for secure network-based route optimization in mobile networks | |
| US8189567B2 (en) | Method and nodes for registering a terminal | |
| US11743716B2 (en) | Establishing untrusted non-3GPP sessions without compromising security | |
| US11303636B2 (en) | Systems and methods for routing traffic originating from a communication device | |
| AU2014261983B2 (en) | Communication managing method and communication system | |
| US11006339B2 (en) | Handling at least one communication exchange between a telecommunications network and at least one user equipment | |
| WO2006137982A1 (en) | Method and apparatus to facilitate handover key derivation | |
| CN102740290B (en) | Pre-authentication and pre-configuration method and system thereof | |
| US20100118774A1 (en) | Method for changing radio channels, composed network and access router | |
| US8667564B1 (en) | Mobile internet protocol V6 SIP proxy bootstrapping | |
| JP5624112B2 (en) | Quality of service control in wireless local area networks | |
| WO2012075779A1 (en) | Method and system for guaranteeing quality of service of mobile node | |
| Sénica | Mecanismos de Mobilidade Rápida com Suporte de Qds |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |