[go: up one dir, main page]

CN1812366A - Method for realizing wireless local network virtual insertion point to-point communication - Google Patents

Method for realizing wireless local network virtual insertion point to-point communication Download PDF

Info

Publication number
CN1812366A
CN1812366A CNA2005100049165A CN200510004916A CN1812366A CN 1812366 A CN1812366 A CN 1812366A CN A2005100049165 A CNA2005100049165 A CN A2005100049165A CN 200510004916 A CN200510004916 A CN 200510004916A CN 1812366 A CN1812366 A CN 1812366A
Authority
CN
China
Prior art keywords
message
virtual
point
wireless local
access point
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2005100049165A
Other languages
Chinese (zh)
Inventor
曹振奇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNA2005100049165A priority Critical patent/CN1812366A/en
Publication of CN1812366A publication Critical patent/CN1812366A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种实现无线局域网虚拟接入点间通信的方法,以解决现有技术中无线局域网虚拟AP间通信时无法正确的分辨通信消息属于哪个虚拟AP并且无法针对每个虚拟AP设置安全机制的问题。该方法在发送的报文内添加目标虚拟接入点的辨别标识,由接收端的物理接入点根据该辨别标识判别出该报文的目标虚拟接入点,从而实现了无线局域网虚拟接入点间的正确通信,同时本发明可以针对不同的虚拟AP设置不同的安全机制,提高了网络安全性。

Figure 200510004916

The invention discloses a method for realizing communication between virtual access points of a wireless local area network, so as to solve the problem that in the prior art, when communicating between virtual APs of a wireless local area network, it is impossible to correctly distinguish which virtual AP a communication message belongs to and the security cannot be set for each virtual AP. Mechanism problem. The method adds the identification mark of the target virtual access point in the sent message, and the physical access point at the receiving end can distinguish the target virtual access point of the message according to the identification mark, thereby realizing the wireless local area network virtual access point correct communication among them, and at the same time, the present invention can set different security mechanisms for different virtual APs, thereby improving network security.

Figure 200510004916

Description

实现无线局域网虚拟接入点间通信的方法Method for realizing communication between virtual access points of wireless local area network

技术领域technical field

本发明涉及无线局域网的虚拟接入点,尤其涉及一种实现无线局域网虚拟接入点间通信的方法。The invention relates to a virtual access point of a wireless local area network, in particular to a method for realizing communication between virtual access points of a wireless local area network.

背景技术Background technique

在AP(Access Point,接入点)的实际应用中,SSID(Service Set Identifier,服务集标识)可以有多种用途。如:SSID可以标识不同的ISP(Internet ServiceProvider,互联网服务提供商),当AP连接属于多个ISP的STA(Station,端站(无线网卡))时,需要AP支持多个SSID,并实现对不同的SS(Service Set,服务集)标记不同的VLAN(Virtual Local Area Network,虚拟局域网),实现SS(Service Set,服务集)之间的隔离。不同的SSID还可以标识不同的服务类型,如IP电话服务、数据服务、视频服务等。这时需要对不同的SS提供不同的QoS(Quality of Service,服务质量)保证。在实际应用中,这种需求可能存在,如Wi-Fi(Wireless Fidelity,基于IEEE 802.11b标准的无线局域网)手机用户只需要电话低时延服务。In the actual application of AP (Access Point, access point), SSID (Service Set Identifier, service set identifier) can have multiple purposes. For example: SSID can identify different ISPs (Internet Service Provider, Internet Service Provider). When an AP connects to STAs (Stations, end stations (wireless network cards)) belonging to multiple ISPs, it is required that the AP supports multiple SSIDs and realizes the identification of different ISPs. The SS (Service Set, service set) marks different VLANs (Virtual Local Area Network, virtual local area network) to realize the isolation between SS (Service Set, service sets). Different SSIDs can also identify different service types, such as IP telephone service, data service, video service, and so on. At this time, it is necessary to provide different QoS (Quality of Service, service quality) guarantees for different SSs. In practical applications, this requirement may exist. For example, Wi-Fi (Wireless Fidelity, wireless local area network based on IEEE 802.11b standard) mobile phone users only need low-latency phone calls.

每个SSID对应一个虚拟AP。根据用户配置,在一个物理AP上可以配置多个SSID,存在多个虚拟AP,也可能只有一个虚拟AP。每个虚拟AP作为一个独立的管理实体存在于网络中,又存在一定的联系。AP间通讯大都发生在虚拟AP间,因此虚拟AP之间的通信问题需要解决。而在网络规划中,以最常使用的IP协议为例,对每个虚拟AP分配单独的IP地址可能存在资源浪费和冲突问题,因此只能对物理AP分配IP地址。而物理AP间通讯的端口是标准统一规定,也无法针对虚拟AP进行设置。Each SSID corresponds to a virtual AP. According to user configuration, multiple SSIDs can be configured on a physical AP, and there may be multiple virtual APs, or there may be only one virtual AP. Each virtual AP exists in the network as an independent management entity, and there are certain connections. Most of the communication between APs occurs between virtual APs, so the communication problem between virtual APs needs to be solved. In network planning, taking the most commonly used IP protocol as an example, assigning a separate IP address to each virtual AP may cause waste of resources and conflicts, so IP addresses can only be assigned to physical APs. The ports for communication between physical APs are standardized and uniform, and cannot be set for virtual APs.

如图1所示,在现有技术中,没有区分物理AP和虚拟AP的概念,AP间通信仅在物理AP间进行,IAPP(Inter-Access Point Protocol,接入点内部协议)模块或负载均衡模块将需要通信的报文通知通信模块,由通信模块发送到远端AP,远端AP通信模块接收到报文后,将报文通知给相应的IAPP模块或负载均衡模块,反之亦然。As shown in Figure 1, in the prior art, there is no concept of distinguishing between physical APs and virtual APs, the communication between APs is only carried out between physical APs, and the IAPP (Inter-Access Point Protocol, internal access point protocol) module or load balancing The module notifies the communication module of the message that needs to communicate, and the communication module sends it to the remote AP. After the remote AP communication module receives the message, it notifies the corresponding IAPP module or load balancing module, and vice versa.

IAPP模块和负载均衡模块是两个彼此独立的模块,之间没有什么逻辑关系。唯一类似点就是它们都需要在AP间通信,交换报文,才能完成所需的功能。通信模块为IAPP模块和负载均衡模块提供了AP间通讯的服务,且AP间的通信只能通过通信模块进行。The IAPP module and the load balancing module are two independent modules, and there is no logical relationship between them. The only similarity is that they all need to communicate and exchange messages between APs to complete the required functions. The communication module provides the communication service between APs for the IAPP module and the load balancing module, and the communication between APs can only be carried out through the communication module.

在现有的AP间通信方案中,仅使用物理AP的IP地址和指定端口实现通信,由各应用模块对通信消息内容自行解析分配。物理AP由其内部的IAPP模块、负载均衡模块等对AP间通信的信息进行处理。在现有的AP间通信方案中,根本没有可以用于区分虚拟AP的信息,需要接收方根据信息中所携带的内容,如STA的MAC(Media Access Control,媒体接入控制)地址,AP的BSSID(Basic Service Set Identifier,基本服务集标识)等进行区分。但是仅靠这些信息区分是不可靠的,因为AP上存储的这些信息可能不全,通信的发送端AP和接收端AP保存的这些信息也可能不一致,此时就无法正确的分辨通信消息属于哪个虚拟AP。由于需要应用模块参与到虚拟AP的辨认过程,因此无法针对每个虚拟AP设置安全机制,从而给WLAN(Wireless Local AreaNetwork,无线局域网)网络带来安全隐患,同时增加了各应用模块的工作量,导致效率低下,协议处理层次不清晰。In the existing communication scheme between APs, only the IP address and designated port of the physical AP are used to realize the communication, and each application module analyzes and distributes the content of the communication message by itself. The physical AP processes the communication information between APs by its internal IAPP module and load balancing module. In the existing AP inter-AP communication scheme, there is no information that can be used to distinguish virtual APs. The receiver needs to use the content carried in the information, such as the STA’s MAC (Media Access Control, Media Access Control) address, the AP’s BSSID (Basic Service Set Identifier, Basic Service Set Identifier) etc. to distinguish. However, it is unreliable to distinguish only by these information, because the information stored on the AP may be incomplete, and the information stored by the sending end AP and the receiving end AP of the communication may also be inconsistent. At this time, it is impossible to correctly distinguish which virtual network the communication message belongs to. AP. Due to the need for application modules to participate in the identification process of virtual APs, it is impossible to set a security mechanism for each virtual AP, thereby bringing security risks to the WLAN (Wireless Local Area Network, wireless local area network) network and increasing the workload of each application module. This leads to inefficiency and unclear protocol processing levels.

发明内容Contents of the invention

本发明的目的在于提供一种实现无线局域网虚拟接入点间通信的方法,以解决现有技术中无线局域网中虚拟AP间通信时无法正确的分辨通信消息所属的虚拟AP和无法针对每个虚拟AP设置安全机制的问题。The purpose of the present invention is to provide a method for realizing communication between virtual access points in a wireless local area network, so as to solve the problem that in the prior art, when communicating between virtual APs in a wireless local area The problem of AP setting security mechanism.

为解决上述问题,本发明提供以下技术方案:In order to solve the above problems, the present invention provides the following technical solutions:

一种实现无线局域网虚拟接入点间通信的方法,包括步骤:A method for realizing communication between virtual access points of a wireless local area network, comprising the steps of:

A、发送端的虚拟接入点在发送的报文内添加目标虚拟接入点的辨别标识;A. The virtual access point at the sending end adds the identification mark of the target virtual access point in the sent message;

B、接收端的物理接入点根据所述辨别标识将所述报文传递到对应的目标虚拟接入点。B. The physical access point at the receiving end transfers the message to the corresponding target virtual access point according to the distinguishing identifier.

在步骤A之前发送端的虚拟接入点利用设置的安全机制对发送的报文进行安全处理,以及在步骤B之后目标虚拟接入点利用对应的安全机制对报文进行逆处理。对报文进行的安全处理是加密和/或认证,对报文进行的逆处理是解密和/或校验。发送端的虚拟接入点可以对整个报文或部分报文进行安全处理。Before step A, the virtual access point at the sending end uses the set security mechanism to perform security processing on the sent message, and after step B, the target virtual access point uses the corresponding security mechanism to perform reverse processing on the message. The security processing on the message is encryption and/or authentication, and the inverse processing on the message is decryption and/or verification. The virtual access point at the sending end can perform security processing on the whole message or part of the message.

在所述步骤A和步骤B之间还包括步骤:Also include steps between said step A and step B:

A1、发送端的物理接入点利用设置的安全机制对添加辨别标识的报文进行安全处理;A1. The physical access point at the sending end uses the set security mechanism to perform security processing on the message with the identification mark added;

A2、接收端的物理接入点利用与步骤A1对应的安全机制对添加辨别标识的报文进行逆处理。A2. The physical access point at the receiving end uses the security mechanism corresponding to step A1 to reversely process the message with the identification mark added.

所述步骤A1中的安全处理为加密和/或认证,所述步骤A2中的逆处理为解密和/或校验。在所述步骤A1中可以对整个或部分添加辨别标识的报文进行安全处理。The security processing in the step A1 is encryption and/or authentication, and the inverse processing in the step A2 is decryption and/or verification. In the step A1, security processing may be performed on all or part of the message with the identification mark added.

所述辨别标识可以位于报文的任意位置。The distinguishing mark can be located anywhere in the message.

所述辨别标识为服务集标识。The distinguishing identifier is a service set identifier.

由于本发明采用了以上技术方案,故具有以下有益效果:Since the present invention adopts the above technical scheme, it has the following beneficial effects:

本发明在发送端的虚拟接入点所发送的报文内添加了目标虚拟接入点的辨别标识,接收端的物理接入点可根据该辨别标识判别出报文的目标虚拟接入点,从而实现了无线局域网虚拟接入点间的正确通信,同时本发明可以针对不同的虚拟AP设置不同的安全机制,提高了网络安全性。The present invention adds the identification mark of the target virtual access point in the message sent by the virtual access point of the sending end, and the physical access point of the receiving end can distinguish the target virtual access point of the message according to the identification mark, thereby realizing The correct communication between virtual access points of the wireless local area network is ensured, and at the same time, the present invention can set different security mechanisms for different virtual APs, thereby improving network security.

附图说明Description of drawings

图1为现有技术中AP间通信的示意图;FIG. 1 is a schematic diagram of communication between APs in the prior art;

图2为本发明的在进行虚拟AP间通信时的处理流程图;Fig. 2 is the processing flow chart when carrying out the communication between virtual APs of the present invention;

图3为虚拟AP间通信发送端报文处理示意图;FIG. 3 is a schematic diagram of message processing at the sending end of communication between virtual APs;

图4为虚拟AP间通信接收端报文处理示意图。FIG. 4 is a schematic diagram of packet processing at a receiving end of communication between virtual APs.

具体实施方式Detailed ways

本发明的实现无线局域网虚拟AP间通信的方法的过程如下:The process of the method for realizing the communication between the virtual APs of the wireless local area network of the present invention is as follows:

发送端的虚拟AP在发送的报文内添加目标虚拟AP的辨别标识,该辨别标识用于标识所发送的报文的目标虚拟AP;接收端的物理AP从报文中得到辨别标识后,根据辨别标识判别出该报文的目标虚拟AP,然后将该报文传递给相应的目标虚拟AP。The virtual AP at the sending end adds the identification of the target virtual AP in the sent message, and the identification is used to identify the target virtual AP of the message sent; after the physical AP at the receiving end obtains the identification from the message, according to the identification Identify the target virtual AP of the message, and then deliver the message to the corresponding target virtual AP.

目标虚拟AP的辨别标识可以位于报文的任意位置,但是在发送端的虚拟AP和目标虚拟AP之间的所有报文内,该辨别标识需要放在一个固定位置,即在每个报文里的位置都一样,这样就可以让接收端能够快速定位辨别标识,不需要对报文内容进行处理后才知道辨别标识存放在哪里。The identification of the target virtual AP can be located anywhere in the message, but in all messages between the virtual AP at the sending end and the target virtual AP, the identification needs to be placed in a fixed position, that is, in each message. The positions are all the same, so that the receiving end can quickly locate the identification mark, and it is not necessary to process the content of the message to know where the identification mark is stored.

由于每个SSID对应一个虚拟AP,因此目标虚拟AP的辨别标识通常选用SSID,该辨别标识也可以是人为定义的其他标识,只要能对目标虚拟AP进行区分即可。Since each SSID corresponds to a virtual AP, the identification identifier of the target virtual AP is usually selected as the SSID, and the identification identifier can also be other identifiers defined manually, as long as the target virtual AP can be distinguished.

为了保证虚拟AP间所通信的报文的安全性,在报文内添加目标虚拟AP的辨别标识之前,发送端的虚拟AP通常需要设置安全机制对发送的报文进行安全处理,安全处理主要通过加密和/或认证来实现。加密的处理过程是将通信内容中的明文替换成密文,使得非授权者无法得到信息的内容,加密的方式有很多种,如DES、3DES、RC5、RC4、AES等,可根据实际情况任选。认证的处理过程是根据通信内容计算出一个不知道密钥就无法仿制的数字签名,防止通信内容被篡改或伪造,认证的方式同样有很多种,如MD5、SHA、KPDK、SHA2等,可根据实际情况任选。为了保证AP间通讯安全,该安全机制针对发送端的虚拟AP和目标虚拟AP分别进行设置。In order to ensure the security of the messages communicated between virtual APs, before adding the target virtual AP identification in the messages, the virtual AP at the sending end usually needs to set up a security mechanism to process the sent messages safely. The security processing is mainly through encryption. and/or authentication. The encryption process is to replace the plaintext in the communication content with ciphertext, so that unauthorized persons cannot obtain the content of the information. There are many encryption methods, such as DES, 3DES, RC5, RC4, AES, etc., which can be arbitrary according to the actual situation. select. The process of authentication is to calculate a digital signature that cannot be imitated without knowing the key according to the communication content, so as to prevent the communication content from being tampered with or forged. There are also many authentication methods, such as MD5, SHA, KPDK, SHA2, etc., according to The actual situation is optional. In order to ensure the security of communication between APs, the security mechanism is set separately for the virtual AP at the sending end and the target virtual AP.

在进行安全处理时,可以只对报文进行加密处理,也可以只对报文进行认证处理,还可以对报文进行加密和认证双重处理,在对报文进行加密和认证双重处理时,应该先对报文进行加密,然后根据加密后的报文计算出认证所需的数字签名。加密和/或认证可以对整个报文进行,也可以只对报文的某一部分进行。When performing security processing, the message can only be encrypted or authenticated, or it can be encrypted and authenticated. When encrypting and authenticating the message, it should be Encrypt the message first, and then calculate the digital signature required for authentication based on the encrypted message. Encryption and/or authentication can be performed on the entire message, or only on a certain part of the message.

若发送端的虚拟AP对将要发送的报文进行了安全处理,则在接收端的物理AP根据辨别标识将报文传递给相应的目标虚拟AP后,目标虚拟AP需要利用对应的安全机制对报文进行逆处理。如果发送端的虚拟AP对将要发送的报文做了加密,则目标虚拟AP需要对报文进行相应的解密,得到明文;如果发送端的虚拟AP对将要发送的报文做了认证,则目标虚拟AP需要对报文进行校验,保证报文没有被篡改。如果发送端的虚拟AP对将要发送的报文做了加密和认证双重处理,则目标虚拟AP首先根据收到的报文内容计算出数字签名,在保证报文没有被篡改和伪造后,再对报文内容进行解密,得出原始报文。If the virtual AP at the sending end performs security processing on the message to be sent, after the physical AP at the receiving end passes the message to the corresponding target virtual AP according to the identification mark, the target virtual AP needs to use the corresponding security mechanism to process the message. inverse processing. If the virtual AP at the sending end encrypts the message to be sent, the target virtual AP needs to decrypt the message accordingly to obtain the plaintext; if the virtual AP at the sending end authenticates the message to be sent, the target virtual AP The message needs to be verified to ensure that the message has not been tampered with. If the virtual AP at the sending end performs double processing of encryption and authentication on the message to be sent, the target virtual AP first calculates the digital signature based on the content of the received message, and after ensuring that the message has not been tampered with The content of the text is decrypted to obtain the original message.

为了进一步提高安全性,保证目标虚拟AP的辨别标识不被篡改,也可以在对添加辨别标识的报文再按发送端的物理AP所设置的安全机制进行安全处理。该安全处理主要通过加密和/或认证来实现,可以只对报文进行加密处理,也可以只对报文进行认证处理,还可以对报文进行加密和认证双重处理。加密和/或认证可以对整个报文进行,也可以只对报文的某一部分进行。该安全机制处理针对每个物理AP分别设定。In order to further improve security and ensure that the identification mark of the target virtual AP is not tampered with, it is also possible to perform security processing on the message added with the identification mark according to the security mechanism set by the physical AP at the sending end. The security processing is mainly implemented through encryption and/or authentication, and may only encrypt the message, or only perform authentication on the message, or perform both encryption and authentication on the message. Encryption and/or authentication can be performed on the entire message, or only on a certain part of the message. The security mechanism process is set separately for each physical AP.

若发送端的物理AP对添加辨别标识的报文进行了安全处理,则接收端的物理AP需要利用对应的安全机制对报文进行逆处理。如果发送端的物理AP对添加辨别标识的报文做了认证,则接收端的物理AP需要进行相应的校验,保证报文没有被篡改,如果发送端的物理AP对添加辨别标识的报文做了加密,则接收端的物理AP需要进行解密,得到明文。如果发送端的物理AP对添加辨别标识的报文做了加密和认证双重处理,则接收端的物理AP首先根据收到的报文内容计算出数字签名,在保证报文没有被篡改和伪造后,再对报文内容进行解密,得出原始报文。If the physical AP at the sending end performs security processing on the message with the identification tag added, the physical AP at the receiving end needs to use the corresponding security mechanism to perform reverse processing on the message. If the physical AP at the sending end authenticates the message with the identification mark added, the physical AP at the receiving end needs to perform a corresponding verification to ensure that the message has not been tampered with. If the physical AP at the sending end encrypts the message with the identification mark , the physical AP at the receiving end needs to decrypt to obtain the plaintext. If the physical AP at the sending end performs double processing of encryption and authentication on the message with the identification mark added, the physical AP at the receiving end first calculates the digital signature based on the content of the received message, and after ensuring that the message has not been tampered with or forged, then The contents of the message are decrypted to obtain the original message.

如图2所示,本发明的实现无线局域网虚拟AP间通信的方法的较佳处理过程如下:As shown in Figure 2, the preferred processing procedure of the method for realizing the communication between virtual APs of the wireless local area network of the present invention is as follows:

S1、发送端的虚拟AP设置安全机制对发送的报文进行安全处理;S1. The virtual AP at the sending end sets up a security mechanism to safely process the sent message;

S2、发送端的虚拟AP在发送的报文内添加目标虚拟AP的辨别标识;S2. The virtual AP at the sending end adds the identification mark of the target virtual AP in the sent message;

S3、发送端的物理AP设置安全机制对添加辨别标识的报文进行安全处理;S3. The physical AP at the sending end sets up a security mechanism to safely process the message with the identification mark added;

S4、接收端的物理AP利用与步骤S3对应的安全机制对报文进行逆处理;S4. The physical AP at the receiving end uses the security mechanism corresponding to step S3 to reversely process the message;

S5、接收端的物理AP根据步骤S2中的辨别标识将报文传递到对应的目标虚拟AP;S5. The physical AP at the receiving end delivers the message to the corresponding target virtual AP according to the identification in step S2;

S6、目标虚拟AP利用与步骤S1对应的安全机制对报文进行逆处理。S6. The target virtual AP uses the security mechanism corresponding to step S1 to reversely process the message.

在上述处理过程中,步骤S1、S2、S3在发送端进行,步骤S4、S5、S6在接收端进行。In the above process, steps S1, S2, and S3 are performed at the sending end, and steps S4, S5, and S6 are performed at the receiving end.

本发明对所有的通信协议(如IP)都有效,如果通讯模块辨认出通信协议中的源地址和目标地址一致,则表明目标虚拟AP和发送端的虚拟AP在同一物理AP上,即可以将本发明应用在内部通讯机制上。The present invention is effective for all communication protocols (such as IP). If the communication module recognizes that the source address and the target address in the communication protocol are consistent, it indicates that the target virtual AP and the virtual AP of the sending end are on the same physical AP, that is, the The invention is applied to the internal communication mechanism.

下面以一个具体实施例对本发明的虚拟AP间通信的全过程进行说明:The whole process of communication between virtual APs of the present invention is described below with a specific embodiment:

如图3、图4所示,在WLAN的IAPP协议中,为实现STA在AP间的切换,AP之间需要通信以便交流有关此STA的相关信息,发送端AP对原有的IAPP报文按虚拟AP独立设置安全机制,对原IAPP报文进行DES加密,然后对报文扩充,增加SSID作为辨别标识,并对增加辨别标识的报文进行MD5认证后发送到接收端AP;接收端AP收到报文后,首先对MD5认证字进行校验,保证报文没有被仿造或篡改,然后按虚拟AP独立设置的安全机制,对报文进行DES解密,得到原IAPP报文,即可解决虚拟AP下IAPP协议工作的安全问题和效率问题。As shown in Figure 3 and Figure 4, in the IAPP protocol of WLAN, in order to realize the switching between STAs between APs, APs need to communicate in order to exchange relevant information about this STA. The virtual AP sets the security mechanism independently, encrypts the original IAPP message with DES, then expands the message, adds SSID as the identification mark, and sends the message with the identification mark to the receiving end AP after MD5 authentication; the receiving end AP receives After receiving the message, first check the MD5 authentication word to ensure that the message has not been counterfeited or tampered with, and then perform DES decryption on the message according to the security mechanism independently set by the virtual AP to obtain the original IAPP message, which can solve the virtual The security and efficiency issues of the IAPP protocol work under the AP.

以上仅以较佳实施例对本发明进行说明,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。The present invention is described above only with preferred embodiments, and those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalent technologies, the present invention also intends to include these modifications and variations.

Claims (9)

1, a kind of method that realizes wireless local network virtual insertion point to-point communication is characterized in that comprising step:
The virtual access point of A, transmitting terminal adds the sign of distinguishing of target virtual access point in the message that sends;
The physical access point of B, receiving terminal is delivered to corresponding target virtual access point according to the described sign of distinguishing with described message.
2, the method for realization wireless local network virtual insertion point to-point communication according to claim 1, it is characterized in that: the security mechanism of the virtual access point utilization setting of transmitting terminal is carried out safe handling to the message that sends before steps A, and the security mechanism of target virtual access point utilization correspondence is carried out contrary the processing to message after step B.
3, the method for realization wireless local network virtual insertion point to-point communication according to claim 2 is characterized in that: the safe handling that message is carried out is to encrypt and/or authentication, and contrary processing that message is carried out is deciphering and/or verification.
4, the method for realization wireless local network virtual insertion point to-point communication according to claim 2 is characterized in that: the virtual access point of transmitting terminal can carry out safe handling to whole message or part message.
5, the method for realization wireless local network virtual insertion point to-point communication according to claim 1 and 2 is characterized in that: also comprise step between described steps A and step B:
The security mechanism of the physical access point utilization setting of A1, transmitting terminal distinguishes that to interpolation the message of sign carries out safe handling;
The physical access point utilization of A2, receiving terminal and steps A 1 corresponding security mechanism distinguishes that to interpolation the message of sign carries out contrary the processing.
6, the method for realization wireless local network virtual insertion point to-point communication according to claim 5 is characterized in that: the safe handling in the described steps A 1 is for encrypting and/or authentication, and contrary being treated in the described steps A 2 deciphered and/or verification.
7, the method for realization wireless local network virtual insertion point to-point communication according to claim 5 is characterized in that: can add whole or part in described steps A 1 and distinguish that the message of sign carries out safe handling.
8, the method for realization wireless local network virtual insertion point to-point communication according to claim 1 is characterized in that: the described sign of distinguishing can be positioned at the optional position of message.
9, the method for realization wireless local network virtual insertion point to-point communication according to claim 1 is characterized in that: described distinguishing is designated service set.
CNA2005100049165A 2005-01-28 2005-01-28 Method for realizing wireless local network virtual insertion point to-point communication Pending CN1812366A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2005100049165A CN1812366A (en) 2005-01-28 2005-01-28 Method for realizing wireless local network virtual insertion point to-point communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2005100049165A CN1812366A (en) 2005-01-28 2005-01-28 Method for realizing wireless local network virtual insertion point to-point communication

Publications (1)

Publication Number Publication Date
CN1812366A true CN1812366A (en) 2006-08-02

Family

ID=36845064

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2005100049165A Pending CN1812366A (en) 2005-01-28 2005-01-28 Method for realizing wireless local network virtual insertion point to-point communication

Country Status (1)

Country Link
CN (1) CN1812366A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101959196A (en) * 2010-10-20 2011-01-26 中国电信股份有限公司 WLAN (Wireless Local Area Network) resource sharing method and WLAN network system
WO2014005461A1 (en) * 2012-07-06 2014-01-09 Hangzhou H3C Technologies Co., Ltd. Virtual access point
CN107148578A (en) * 2014-11-10 2017-09-08 高通股份有限公司 Method, equipment and device for the mobile device location estimation using virtual access point
CN108668326A (en) * 2017-03-10 2018-10-16 联发科技(新加坡)私人有限公司 virtual roaming method and device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101959196A (en) * 2010-10-20 2011-01-26 中国电信股份有限公司 WLAN (Wireless Local Area Network) resource sharing method and WLAN network system
CN101959196B (en) * 2010-10-20 2015-07-15 中国电信股份有限公司 WLAN (Wireless Local Area Network) resource sharing method and WLAN network system
WO2014005461A1 (en) * 2012-07-06 2014-01-09 Hangzhou H3C Technologies Co., Ltd. Virtual access point
CN107148578A (en) * 2014-11-10 2017-09-08 高通股份有限公司 Method, equipment and device for the mobile device location estimation using virtual access point
CN108668326A (en) * 2017-03-10 2018-10-16 联发科技(新加坡)私人有限公司 virtual roaming method and device
CN108668326B (en) * 2017-03-10 2021-05-04 联发科技(新加坡)私人有限公司 Virtual roaming method and device

Similar Documents

Publication Publication Date Title
US7434047B2 (en) System, method and computer program product for detecting a rogue member in a multicast group
US7231521B2 (en) Scheme for authentication and dynamic key exchange
US8417218B2 (en) SIM based authentication
CN1268093C (en) Distribution method of wireless local area network encrypted keys
CN105706390B (en) Method and apparatus for performing device-to-device communication in a wireless communication network
US20020196764A1 (en) Method and system for authentication in wireless LAN system
US8458481B2 (en) Using watermarking to reduce communication overhead
US8302183B2 (en) Apparatus and method of security identity checker
US20050188194A1 (en) Automatic hardware-enabled virtual private network system
WO2015144050A1 (en) Method for allocating addressing identifier, access point, station and communication system
JP2012217207A (en) Exchange of key material
US20120170743A1 (en) Methods for establishing a secure point-to-point call on a trunked network
CN1567868A (en) Authentication method based on Ethernet authentication system
US20030188012A1 (en) Access control system and method for a networked computer system
CN117501653A (en) Devices, systems and methods for operating wireless networks
CN101197828B (en) A method for implementing secure ARP and network equipment
CN1864386A (en) Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains
CN1668000A (en) Authentication and encryption method for wireless network
CN1700639A (en) Method for leading-in and leading-out WLAN authentication and privacy infrastructure certificate information
TWI307232B (en) Wireless local area network with protection function and method for preventing attack
CN1697370A (en) Method for mobile terminal in WLAN to apply for certificate
US20060005007A1 (en) System, method and computer program product for authenticating a data source in multicast communications
CN101379861B (en) Opaque UE identities is used to send the method and apparatus of signaling in a communications system
CN108494764B (en) Identity authentication method and device
CN1812366A (en) Method for realizing wireless local network virtual insertion point to-point communication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Open date: 20060802