WO2018112895A1

WO2018112895A1 - Handover method, terminal and domain master

Info

Publication number: WO2018112895A1
Application number: PCT/CN2016/111751
Authority: WO
Inventors: 姜彤; 董晨; 李强
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2016-12-23
Filing date: 2016-12-23
Publication date: 2018-06-28
Anticipated expiration: 2019-06-23
Also published as: CN110114987A; CN110114987B

Abstract

Disclosed in the embodiments of the present invention are a handover method, a terminal and a domain master. The method comprises: if a terminal needs a domain handover, selecting a target domain master; acquiring bandwidth resources allocated by the target domain master; and before the completion of authentication with the target domain master, using the bandwidth resources allocated by the target domain master to communicate with the target domain master, the frames transmitted during the communication of the terminal with the target domain master being encrypted using a cluster common key. The present invention can reduce the delay during the domain handover of a terminal, ensuring normal service transmission.

Description

Switching method, terminal and domain master node

Technical field

本发明涉及光无线通信技术领域，尤其涉及一种切换方法、终端及域主节点。The present invention relates to the field of optical wireless communication technologies, and in particular, to a handover method, a terminal, and a domain master node.

Background technique

光无线通信(Optical Wireless Communication，OWC)是指所有不使用线缆(如，光纤)的光学通信，可见光通信(Visible Light Communication，VLC)、红外通信等都是光无线通信中的通信方式。VLC指的是利用可见光频谱(380nm-780nm)进行通信的方式。其频谱资源充足，且都是非授权频段，可以免费使用；而且绿色环保，无电磁污染，可用于电磁干扰敏感环境，对人体安全；此外安全性较好，由于VLC的传输只能局限在光线能照射到的地方，因而VLC具有较强的保密安全性。近来来，VLC通信获得了学术界和工业界越来越多的关注，可以预期，VLC将成为未来一种广泛应用的通信技术。Optical Wireless Communication (OWC) refers to all optical communication without using cables (such as optical fibers). Visible Light Communication (VLC) and infrared communication are all communication methods in optical wireless communication. VLC refers to the way of communicating using the visible light spectrum (380 nm - 780 nm). It has sufficient spectrum resources and is unlicensed frequency band, which can be used free of charge; it is environmentally friendly, has no electromagnetic pollution, can be used in electromagnetic interference sensitive environment, and is safe for human body; in addition, it has better security, because VLC transmission can only be limited to light energy. The place where it is irradiated, so VLC has strong security of confidentiality. Recently, VLC communication has received more and more attention from academia and industry. It can be expected that VLC will become a widely used communication technology in the future.

国际电信联盟电信标准化部门(ITU-T)正在制定面向室内应用的VLC标准，即G.vlc。VLC系统可以支持的网络拓扑包括协调拓扑与星型拓扑，其中协调拓扑是通过全局主节点(Global Master，GM)对多个星型拓扑的网络进行的统一协调。每个星型拓扑的VLC网络称为域(Domain)，每个协调拓扑的VLC网络包括一个或多个域，组成一个簇(Cluster)。如果域工作于安全模式，每个域中还应有一个安全控制器(Security Controller，SC)，负责终端(EndPoint，EP)的安全认证及密钥管理等。同一个设备可以同时作为域主节点(Domain Master，DM)和SC，当然SC也可以与DM在不同的设备上。在一个簇中，有多个DM，他们在GM的协调下工作，GM可以进行邻居DM的干扰协调、辅助EP在不同DM间切换等。如图1所示，包括一个GM，DM1-DM3共3个DM，DM1对应的Domain1接入了EP1和EP2，DM2对应的Domain2中接入了EP3，DM3对应的Domain3中接入了EP4。三个Domain构成一个簇。当域(Domain)工作于非安全模式时，网络准入包括注册(Registration)过程；当域工作于安全模式时，网络准入包括注册和认证(Authentication)两个过程。在完成注册之后，DM会为终端分配一个在域内唯一的短地址(DEVICE_ID)。在完成认证之后，EP可以获得用于与DM通信所使用的密钥，然后与DM进行通信。The International Telecommunication Union Telecommunication Standardization Sector (ITU-T) is developing a VLC standard for indoor applications, namely G.vlc. The network topology that the VLC system can support includes a coordinated topology and a star topology. The coordinated topology is a unified coordination of networks of multiple star topologies through a global master (GM). The VLC network of each star topology is called a domain, and the VLC network of each coordinated topology includes one or more domains to form a cluster. If the domain works in the security mode, there should be a security controller (SC) in each domain, which is responsible for the security authentication and key management of the terminal (EndPoint, EP). The same device can serve as both a Domain Master (DM) and an SC. Of course, the SC can also be on a different device than the DM. In a cluster, there are multiple DMs, they work under the coordination of GM, GM can perform interference coordination of neighbor DMs, and assist EP to switch between different DMs. As shown in Figure 1, a GM is included, and DM1-DM3 has three DMs. Domain1 corresponding to DM1 is connected to EP1 and EP2, Domain 2 corresponding to DM2 is connected to EP3, and Domain3 corresponding to DM3 is connected to EP4. The three domains form a cluster. When a domain works in a non-secure mode, network admission includes a registration process; when the domain operates in a secure mode, network admission includes two processes of registration and authentication. After completing the registration, the DM will assign the terminal a unique short address (DEVICE_ID) within the domain. After the authentication is completed, the EP can obtain a key for communication with the DM and then communicate with the DM.

由于EP是可移动的，因此存在从一个域切换到另一个域的情况。如果每次切换都需要完成注册和认证两个过程才能与新的DM进行业务传输，那么时延将非常大，且EP在与新的DM完成认证之前，如果与原DM的链路中断，则会造成业务的传输中断。Since the EP is mobile, there is a case of switching from one domain to another. If the two processes of registration and authentication are required to perform the service transmission with the new DM, the delay will be very large, and if the link with the original DM is interrupted before the EP completes the authentication with the new DM, This will cause the transmission of the service to be interrupted.

发明内容Summary of the invention

本发明实施例提供了一种切换方法、终端及域主节点，可降低终端在切换域时的时延，确保业务传输正常进行。The embodiment of the invention provides a handover method, a terminal, and a domain master node, which can reduce the delay of the terminal when the domain is switched, and ensure that the service transmission is performed normally.

本发明第一方面提供一种切换方法，应用于光无线通信系统，包括：A first aspect of the present invention provides a handover method applied to an optical wireless communication system, including:

若终端需要进行域切换，则选择目标域主节点；If the terminal needs to perform domain switching, select the target domain primary node;

获取所述目标域主节点分配的带宽资源；Obtaining a bandwidth resource allocated by the target domain primary node;

在与所述目标域主节点完成认证之前，使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信，其中，所述终端与所述目标域主节点通信时传输的帧采用簇公共密钥加密。Communicating with the target domain master node by using the bandwidth resource allocated by the target domain master node before completing the authentication with the target domain master node, where the terminal transmits the frame when communicating with the target domain master node Cluster public key encryption.

在一种可能的实现方式中，在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则判断是否需要与目标域安全控制器或所述目标域主节点进行认证；In a possible implementation manner, after using the bandwidth resource allocated by the target domain master node to communicate with the target domain master node for a preset time, determining, according to a preset rule, whether the target domain security controller or The target domain master node performs authentication;

若满足所述预设规则，则与所述目标域安全控制器或所述目标域主节点进行认证。If the preset rule is met, the target domain security controller or the target domain master node is authenticated.

在一种可能的实现方式中，所述预设规则为：In a possible implementation manner, the preset rule is:

所述终端处于所述目标域主节点所在的域，且所述终端当前不需要进行域切换；或者The terminal is in a domain where the target domain primary node is located, and the terminal does not currently need to perform domain switching; or

所述终端处于所述目标域主节点所在的域，且接收到所述目标域主节点的信号的信噪比大于预设阈值，且所述终端当前不需要进行域切换。The terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.

在一种可能的实现方式中，在若终端需要进行域切换，则选择目标域主节点之后，还包括：In a possible implementation manner, after the target domain master node is selected, if the terminal needs to perform domain switching, the method further includes:

所述终端向所述目标域主节点发送切换请求，所述切换请求中包含所述终端的短地址、当前域主节点信息和带宽资源请求信息；Transmitting, by the terminal, a handover request to the target domain primary node, where the handover request includes the end Short address of the end, current domain master node information, and bandwidth resource request information;

接收所述目标域主节点的切换响应；Receiving a handover response of the target domain primary node;

若所述目标域主节点接受所述终端的切换请求，则获取所述目标域主节点分配的带宽资源。And if the target domain master node accepts the handover request of the terminal, acquiring the bandwidth resource allocated by the target domain master node.

所述终端向当前域主节点发送切换请求，所述切换请求中包含所述终端的短地址、所述目标域主节点信息和带宽资源请求信息；Transmitting, by the terminal, a handover request to a current domain primary node, where the handover request includes a short address of the terminal, the target domain primary node information, and bandwidth resource request information;

接收所述当前域主节点的切换响应；Receiving a handover response of the current domain master node;

若所述当前域主节点接受所述终端的切换请求，则获取所述目标域主节点分配的带宽资源。And if the current domain master node accepts the handover request of the terminal, acquiring the bandwidth resource allocated by the target domain master node.

在一种可能的实现方式中，若所述终端在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则确定需要与目标域安全控制器或所述目标域主节点进行认证，则所述终端向所述目标域主节点发送注册请求，进行注册，获取所述目标域节点分配的新的短地址；In a possible implementation manner, if the terminal uses the bandwidth resource allocated by the target domain master node to communicate with the target domain master node for a preset time, determine the need and the target domain security according to a preset rule. The controller or the target domain master node performs authentication, and the terminal sends a registration request to the target domain master node, performs registration, and acquires a new short address allocated by the target domain node;

注册成功后向所述目标域安全控制器或所述目标域主节点发送认证请求，进行认证；After the registration is successful, the authentication request is sent to the target domain security controller or the target domain master node for authentication;

认证成功后，通知所述当前域节点释放为所述终端已分配的资源，所述已分配的资源包括已分配的短地址。After the authentication succeeds, the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.

所述终端向所述目标域主节点发送重新注册请求，所述重新注册请求中包含所述终端的短地址、当前域主节点信息和带宽资源请求信息；Sending, by the terminal, a re-registration request to the target domain primary node, where the re-registration request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;

接收所述目标域主节点的重新注册响应；Receiving a re-registration response of the target domain master node;

若所述目标域主节点接受所述终端的重新注册请求，则获取所述目标域主节点分配的带宽资源和新的短地址。And if the target domain master node accepts the re-registration request of the terminal, acquiring a bandwidth resource and a new short address allocated by the target domain master node.

所述终端向当前域主节点发送重新注册请求，所述重新注册请求中包含所述终端的短地址、所述目标域主节点信息和带宽资源请求信息；Transmitting, by the terminal, a re-registration request to a current domain master node, where the re-registration request includes a short address of the terminal, the target domain primary node information, and bandwidth resource request information;

接收所述当前域主节点的重新注册响应；Receiving a re-registration response of the current domain master node;

若所述当前域主节点接受所述终端的重新注册请求，则获取所述目标域主节点分配的带宽资源和新的短地址。And if the current domain master node accepts the re-registration request of the terminal, acquiring a bandwidth resource and a new short address allocated by the target domain master node.

在一种可能的实现方式中，在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信之后，还包括：In a possible implementation, after the bandwidth resource allocated by the target domain master node is used to communicate with the target domain master node, the method further includes:

通知所述当前域主节点释放为所述终端已分配的资源，所述已分配的资源包括已分配的短地址和已分配的带宽资源。Notifying the current domain master node to release the allocated resources for the terminal, the allocated resources including the allocated short address and the allocated bandwidth resource.

在一种可能的实现方式中，所述终端的短地址由全局主节点对所有的可用短地址进行分组，然后将其中一个与当前域主节点对应的分组分配给所述当前域主节点，再由所述当前域主节点从所述对应的分组中选择并分配给所述终端。In a possible implementation manner, the short address of the terminal is grouped by the global master node for all available short addresses, and then one of the packets corresponding to the current domain master node is allocated to the current domain master node, and then The current domain master node selects and assigns to the terminal from the corresponding group.

在一种可能的实现方式中，所述终端与所述当前域主节点通信时使用所述终端的短地址，所述终端与所述目标域主节点通信时使用所述新的短地址；In a possible implementation manner, the terminal uses a short address of the terminal when communicating with the current domain master node, and uses the new short address when the terminal communicates with the target domain master node;

若所述终端在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则确定需要与目标域安全控制器或所述目标域主节点进行认证，则所述终端向目标域安全控制器或所述目标域主节点发送认证请求，进行认证；After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node If the authentication is performed, the terminal sends an authentication request to the target domain security controller or the target domain master node to perform authentication;

在一种可能的实现方式中，所述簇公共密钥为全局主节点生成；或者In a possible implementation manner, the cluster public key is generated by a global master node; or

所述簇公共密钥为全局主节点与各个域主节点共同协商生成；或者The cluster public key is generated by a global master node and each domain master node; or

所述簇公共密钥为全局主节点与各个域的安全控制器共同协商生成。The cluster public key is generated by the global master node and the security controller of each domain.

在一种可能的实现方式中，所述簇公共密钥为所述终端在入网时，通过与当前域安全控制器或当前域主节点认证时获取；或者In a possible implementation manner, the cluster public key is obtained when the terminal is authenticated by the current domain security controller or the current domain master node when entering the network; or

所述簇公共密钥为所述终端在入网时，通过当前域主节点与主安全控制器认证时获取，所述主安全控制器用于对加入该簇所有域的终端进行统一认证，且统一认证后的终端在进行簇内切换时无需再次认证。The cluster public key is obtained when the terminal is authenticated by the current domain master node and the primary security controller, and the primary security controller is used to perform unified authentication on the terminals joining all the domains of the cluster, and the unified authentication is performed. The latter terminal does not need to be authenticated again when performing intra-cluster handover.

在一种可能的实现方式中，在选择目标域主节点之前，还包括：In a possible implementation manner, before selecting the target domain master node, the method further includes:

所述终端接收当前域主节点通过媒体接入计划帧或专用消息发送的簇内其他域主节点的信息。Receiving, by the terminal, a cluster that is sent by the current domain master node by using a media access plan frame or a dedicated message Information about the primary domain of other domains.

本发明第二方面提供一种切换方法，应用于光无线通信系统，包括：A second aspect of the present invention provides a handover method applied to an optical wireless communication system, including:

若终端需要进行域切换，则目标域主节点在同意切换后，为所述终端分配带宽资源；If the terminal needs to perform domain switching, the target domain master node allocates bandwidth resources to the terminal after agreeing to the handover;

在与所述终端完成认证之前，使用所述分配的带宽资源以及簇公共密钥与所述终端进行通信，其中，所述目标域主节点与所述终端通信时传输的帧采用簇公共密钥加密。Communicating with the terminal using the allocated bandwidth resource and the cluster public key before completing the authentication with the terminal, wherein the frame transmitted by the target domain master node when communicating with the terminal adopts a cluster public key encryption.

在一种可能的实现方式中，所述簇公共密钥为所述终端在入网时，通过与当前域安全控制器或当前域主节点认证时获取；In a possible implementation manner, the cluster public key is obtained when the terminal authenticates with the current domain security controller or the current domain master node when the terminal enters the network;

所述簇公共密钥为全局主节点生成；或者The cluster public key is generated by the global master node; or

在一种可能的实现方式中，所述终端用于与域主节点通信的短地址由全局主节点对所有的可用短地址进行分组，然后将分组对应地分配给各个域主节点，当所述终端与其中一个域主节点注册成功时再由该域主节点从所述全局主节点分配的分组中选择并分配给所述终端。In a possible implementation manner, the short address used by the terminal to communicate with the domain master node is grouped by the global master node for all available short addresses, and then the packets are correspondingly allocated to the domain master nodes, when When the terminal and one of the domain master nodes successfully register, the terminal is selected and assigned to the terminal by the domain master node from the group allocated by the global master node.

本发明第三方面提供一种终端，应用于光无线系统，包括：A third aspect of the present invention provides a terminal, which is applied to an optical wireless system, and includes:

选择单元，用于若终端需要进行域切换，则选择目标域主节点；a selecting unit, configured to select a target domain master node if the terminal needs to perform domain switching;

获取单元，用于获取所述目标域主节点分配的带宽资源；An obtaining unit, configured to acquire a bandwidth resource allocated by the target domain primary node;

通信单元，用于在与所述目标域主节点完成认证之前，使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信，其中，所述终端与所述目标域主节点通信时传输的帧采用簇公共密钥加密。a communication unit, configured to communicate with the target domain master node by using a bandwidth resource allocated by the target domain master node before completing the authentication with the target domain master node, where the terminal and the target domain master node Frames transmitted during communication are encrypted using the cluster public key.

在一种可能的实现方式中，所述终端还包括：In a possible implementation manner, the terminal further includes:

判断单元，用于在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则判断是否需要与目标域安全控制器或所述目标域主节点进行认证；a determining unit, configured to determine, according to a preset rule, whether the target domain security controller or the target domain is required, after the communication with the target domain master node is used to reach a preset time by using the bandwidth resource allocated by the target domain master node The primary node performs authentication;

所述通信单元还用于若满足所述预设规则，则与所述目标域安全控制器或所述目标域主节点进行认证。The communication unit is further configured to perform authentication with the target domain security controller or the target domain master node if the preset rule is met.

在一种可能的实现方式中，所述预设规则为： In a possible implementation manner, the preset rule is:

在一种可能的实现方式中，所述通信单元还用于：In a possible implementation manner, the communication unit is further configured to:

在所述选择单元选择目标域主节点之后，向所述目标域主节点发送切换请求，所述切换请求中包含所述终端的短地址、当前域主节点信息和带宽资源请求信息；After the selecting unit selects the target domain primary node, sending a handover request to the target domain primary node, where the handover request includes the short address of the terminal, current domain primary node information, and bandwidth resource request information;

若所述目标域主节点接受所述终端的切换请求，则指示所述获取单元获取所述目标域主节点分配的带宽资源。And if the target domain master node accepts the handover request of the terminal, instructing the acquiring unit to acquire the bandwidth resource allocated by the target domain primary node.

在所述选择单元选择目标域主节点之后，向当前域主节点发送切换请求，所述切换请求中包含所述终端的短地址、所述目标域主节点信息和带宽资源请求信息；After the selecting unit selects the target domain primary node, sending a handover request to the current domain primary node, where the handover request includes the short address of the terminal, the target domain primary node information, and bandwidth resource request information;

若所述当前域主节点接受所述终端的切换请求，则指示所述获取单元获取所述目标域主节点分配的带宽资源。If the current domain master node accepts the handover request of the terminal, the acquiring unit is instructed to acquire the bandwidth resource allocated by the target domain master node.

在一种可能的实现方式中，若所述终端在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则确定需要与目标域安全控制器或所述目标域主节点进行认证，则所述通信单元还用于向所述目标域主节点发送注册请求，进行注册，获取所述目标域节点分配的新的短地址；In a possible implementation manner, if the terminal uses the bandwidth resource allocated by the target domain master node to communicate with the target domain master node for a preset time, determine the need and the target domain security according to a preset rule. The controller or the target domain master node performs authentication, and the communication unit is further configured to send a registration request to the target domain master node, perform registration, and acquire a new short address allocated by the target domain node;

在所述选择单元选择目标域主节点之后，向所述目标域主节点发送重新注册请求，所述重新注册请求中包含所述终端的短地址、当前域主节点信息和带宽资源请求信息；After the selection unit selects the target domain primary node, sending a re-injection to the target domain primary node The request for re-registration includes the short address of the terminal, current domain master node information, and bandwidth resource request information;

若所述目标域主节点接受所述终端的重新注册请求，则指示所述获取单元获取所述目标域主节点分配的带宽资源和新的短地址。And if the target domain master node accepts the re-registration request of the terminal, instructing the acquiring unit to acquire the bandwidth resource and the new short address allocated by the target domain primary node.

在所述选择单元选择目标域主节点之后，向当前域主节点发送重新注册请求，所述重新注册请求中包含所述终端的短地址、当前域主节点信息和带宽资源请求信息；After the selecting unit selects the target domain master node, sending a re-registration request to the current domain master node, where the re-registration request includes the short address, the current domain master node information, and the bandwidth resource request information of the terminal;

在一种可能的实现方式中，在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信之后，所述通信单元还用于：In a possible implementation, after the bandwidth resource allocated by the target domain master node is used to communicate with the target domain master node, the communication unit is further configured to:

在一种可能的实现方式中，所述通信单元还用于与所述当前域主节点通信时使用所述终端的短地址，与所述目标域主节点通信时使用所述新的短地址；In a possible implementation, the communication unit is further configured to use a short address of the terminal when communicating with the current domain master node, and use the new short address when communicating with the target domain master node;

若所述终端在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则确定需要与目标域安全控制器或所述目标域主节点进行认证，则所述通信单元还用于向目标域安全控制器或所述目标域主节点发送认证请求，进行认证；After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node And performing the authentication, where the communication unit is further configured to send an authentication request to the target domain security controller or the target domain master node to perform authentication;

所述簇公共密钥为全局主节点与各个域主节点共同协商生成；或者 The cluster public key is generated by a global master node and each domain master node; or

在一种可能的实现方式中，在选择目标域主节点之前，所述选择单元还用于接收当前域主节点通过媒体接入计划帧或专用消息发送的簇内其他域主节点的信息。In a possible implementation manner, before the target domain master node is selected, the selecting unit is further configured to receive information about other domain master nodes in the cluster that are sent by the current domain master node by using a media access plan frame or a dedicated message.

本发明第四方面提供一种终端，应用于光无线通信系统，包括：A fourth aspect of the present invention provides a terminal, which is applied to an optical wireless communication system, and includes:

处理器、存储器、接口电路和总线，所述处理器、存储器、接口电路通过总线连接，其中，所述存储器用于存储一组程序代码，所述处理器用于调用所述存储器中存储的程序代码，执行以下操作：a processor, a memory, an interface circuit, and a bus, wherein the processor, the memory, and the interface circuit are connected by a bus, wherein the memory is configured to store a set of program codes, and the processor is configured to call the program code stored in the memory , do the following:

在一种可能的实现方式中，所述处理器还用于：In a possible implementation manner, the processor is further configured to:

在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则判断是否需要与目标域安全控制器或所述目标域主节点进行认证；After the communication with the target domain master node reaches the preset time by using the bandwidth resource allocated by the target domain master node, it is determined according to a preset rule whether the target domain security controller or the target domain master node needs to be authenticated;

所述终端处于所述目标域主节点所在的域，且接收到所述目标域主节点的信号的信噪比大于预设阈值，且所述终端当前不需要进行域切换。 The terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.

在一种可能的实现方式中，在若终端需要进行域切换，则选择目标域主节点之后，所述处理器还用于：In a possible implementation manner, after the target domain master node is selected, if the terminal needs to perform domain switching, the processor is further configured to:

向所述目标域主节点发送切换请求，所述切换请求中包含所述终端的短地址、当前域主节点信息和带宽资源请求信息；Sending a handover request to the target domain primary node, where the handover request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;

向当前域主节点发送切换请求，所述切换请求中包含所述终端的短地址、所述目标域主节点信息和带宽资源请求信息；Sending a handover request to the current domain master node, where the handover request includes a short address of the terminal, the target domain primary node information, and bandwidth resource request information;

在一种可能的实现方式中，若所述终端在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则确定需要与目标域安全控制器或所述目标域主节点进行认证，则所述处理器还用于向所述目标域主节点发送注册请求，进行注册，获取所述目标域节点分配的新的短地址；In a possible implementation manner, if the terminal uses the bandwidth resource allocated by the target domain master node to communicate with the target domain master node for a preset time, determine the need and the target domain security according to a preset rule. The controller or the target domain master node performs authentication, and the processor is further configured to send a registration request to the target domain master node, perform registration, and acquire a new short address allocated by the target domain node;

向所述目标域主节点发送重新注册请求，所述重新注册请求中包含所述终端的短地址、当前域主节点信息和带宽资源请求信息；Sending a re-registration request to the target domain primary node, where the re-registration request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;

若所述目标域主节点接受所述终端的重新注册请求，则获取所述目标域主节点分配的带宽资源和新的短地址。If the target domain master node accepts the re-registration request of the terminal, acquiring the target domain master The bandwidth resource allocated by the node and the new short address.

向当前域主节点发送重新注册请求，所述重新注册请求中包含所述终端的短地址、所述目标域主节点信息和带宽资源请求信息；Sending a re-registration request to the current domain master node, where the re-registration request includes the short address of the terminal, the target domain primary node information, and bandwidth resource request information;

在一种可能的实现方式中，在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信之后，所述处理器还用于：In a possible implementation, after the bandwidth resource allocated by the target domain master node is used to communicate with the target domain master node, the processor is further configured to:

若所述终端在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则确定需要与目标域安全控制器或所述目标域主节点进行认证，则所述处理器还用于向目标域安全控制器或所述目标域主节点发送认证请求，进行认证；After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node And performing the authentication, where the processor is further configured to send an authentication request to the target domain security controller or the target domain master node for authentication;

所述簇公共密钥为所述终端在入网时，通过当前域主节点与主安全控制器认证时获取，所述主安全控制器用于对加入该簇所有域的终端进行统一认证，且统一认证后的终端在进行簇内切换时无需再次认证。The cluster public key is the current domain master node and the primary security controller when the terminal enters the network. When the authentication is performed, the primary security controller is used to perform unified authentication on the terminals that join all the domains of the cluster, and the terminal after the unified authentication does not need to be authenticated again when performing intra-cluster handover.

在一种可能的实现方式中，在选择目标域主节点之前，所述处理器还用于：In a possible implementation, before selecting the target domain master node, the processor is further configured to:

接收当前域主节点通过媒体接入计划帧或专用消息发送的簇内其他域主节点的信息。Receiving information of the other domain master nodes in the cluster sent by the current domain master node through the media access plan frame or the dedicated message.

本发明第五方面提供一种域主节点，应用于光无线通信系统，包括：A fifth aspect of the present invention provides a domain master node, which is applied to an optical wireless communication system, and includes:

分配单元，用于若终端需要进行域切换，则所述域主节点在同意切换后，为所述终端分配带宽资源；An allocating unit, configured to: if the terminal needs to perform domain switching, the domain master node allocates a bandwidth resource to the terminal after agreeing to the handover;

通信单元，用于在与所述终端完成认证之前，使用所述分配的带宽资源以及簇公共密钥与所述终端进行通信；a communication unit, configured to communicate with the terminal by using the allocated bandwidth resource and a cluster public key before completing the authentication with the terminal;

其中，所述域主节点为所述终端进行域切换的目标域主节点，所述目标域主节点与所述终端通信时传输的帧采用簇公共密钥加密。The domain master node is a target domain master node that performs domain switching on the terminal, and the frame transmitted by the target domain master node when communicating with the terminal is encrypted by using a cluster public key.

本发明第六方面提供一种域主节点，应用于光无线通信系统，包括：A sixth aspect of the present invention provides a domain master node, which is applied to an optical wireless communication system, and includes:

若终端需要进行域切换，则所述处理器在同意切换后，为所述终端分配带宽资源；If the terminal needs to perform domain switching, the processor allocates a bandwidth resource to the terminal after agreeing to the handover;

在与所述终端完成认证之前，使用所述分配的带宽资源以及簇公共密钥与所述终端进行通信，其中，所述处理器与所述终端通信时传输的帧采用簇公共密钥加密。Communicating with the terminal using the allocated bandwidth resource and the cluster public key before completing the authentication with the terminal, wherein the frame transmitted by the processor when communicating with the terminal adopts a cluster common Key encryption.

第七方面，本发明实施例提供了一种计算机存储介质，所述计算机存储介质包括一组程序代码，用于执行如本发明实施例第一方面任一实现方式所述的方法。In a seventh aspect, the embodiment of the present invention provides a computer storage medium, the computer storage medium comprising a set of program code, for performing the method according to any implementation manner of the first aspect of the embodiment of the present invention.

第七方面，本发明提供了一种计算机存储介质，所述计算机存储介质包括一组程序代码，用于执行如本发明实施例第一方面任一实现方式所述的方法。In a seventh aspect, the present invention provides a computer storage medium comprising a set of program code for performing a method as described in any one of the first aspects of the embodiments of the present invention.

第八方面，本发明实施例提供了一种计算机存储介质，所述计算机存储介质包括一组程序代码，用于执行如本发明实施例第二方面任一实现方式所述的方法。In an eighth aspect, the embodiment of the present invention provides a computer storage medium, the computer storage medium comprising a set of program code, for performing the method according to any implementation manner of the second aspect of the embodiment of the present invention.

实施本发明实施例，具有如下有益效果：Embodiments of the present invention have the following beneficial effects:

终端在需要进行域切换时，可以在与所述目标域主节点完成认证之前，使用所述目标域主节点分配的带宽资源以及簇公共密钥与所述目标域主节点进行通信；从而使得EP在切换初期，可以无需重新注册认证，就可以保证安全通信，避免在认证过程中与当前DM链路中断，造成业务传输中断，减少了切换带来的业务中断时间，保证了切换过程中的安全传输；增加进行是否进行认证的判断过程，只有在满足预设规则时才与目标DM进行认证，否则不进行认证，使得EP在切换过程中“快速路过”某一域的情况时，不再执行注册认证过程，降低了信令开销，避免了资源的浪费。通过短地址分组后再分配的方法，可以避免在切换过程中，EP要同时与两个或以上DM同时通信，或同时处于两个或以上的域时，可能带来的短地址冲突问题。 When the terminal needs to perform domain switching, the terminal may communicate with the target domain master node by using the bandwidth resource allocated by the target domain master node and the cluster public key before completing the authentication with the target domain master node; In the initial stage of the switchover, secure communication can be ensured without re-registration authentication, which avoids interruption of the current DM link during the authentication process, which causes service interruption, reduces service interruption time caused by handover, and ensures security during handover. The process of determining whether to perform authentication is performed only when the preset rule is met, and the target DM is authenticated. Otherwise, the authentication is not performed, so that the EP does not execute when it "passes quickly" in a certain domain during the handover process. The registration authentication process reduces signaling overhead and avoids waste of resources. By short-addressing and then allocating, it is possible to avoid a short address conflict problem that may occur when the EP is simultaneously communicating with two or more DMs at the same time, or when two or more domains are simultaneously in the handover process.

DRAWINGS

为了更清楚地说明本发明实施例或现有技术中的技术方案，下面将对实施例中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本发明的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动的前提下，还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings to be used in the embodiments will be briefly described below. Obviously, the drawings in the following description are only some of the present invention. For the embodiments, those skilled in the art can obtain other drawings according to the drawings without any creative work.

图1为可见光通信网络中协调拓扑的系统架构示意图；1 is a schematic diagram of a system architecture for coordinating a topology in a visible light communication network;

图2为本发明切换方法第一实施例的流程示意图；2 is a schematic flowchart of a first embodiment of a handover method according to the present invention;

图3为本发明切换方法第二实施例的流程示意图；3 is a schematic flowchart of a second embodiment of a handover method according to the present invention;

图4为本发明切换方法第三实施例的流程示意图；4 is a schematic flowchart of a third embodiment of a handover method according to the present invention;

图5为本发明切换方法第四实施例的流程示意图；FIG. 5 is a schematic flowchart diagram of a fourth embodiment of a handover method according to the present invention; FIG.

图6为本发明切换方法第五实施例的流程示意图；6 is a schematic flowchart of a fifth embodiment of a handover method according to the present invention;

图7为本发明切换方法第六实施例的流程示意图；FIG. 7 is a schematic flowchart diagram of a sixth embodiment of a handover method according to the present invention; FIG.

图8为本发明切换方法第七实施例的流程示意图；FIG. 8 is a schematic flowchart diagram of a seventh embodiment of a handover method according to the present invention; FIG.

图9为本发明切换方法第八实施例的流程示意图；9 is a schematic flowchart of an eighth embodiment of a handover method according to the present invention;

图10为本发明终端的第一实施例的组成示意图；10 is a schematic structural diagram of a first embodiment of a terminal according to the present invention;

图11为本发明终端的第二实施例的组成示意图；11 is a schematic structural diagram of a second embodiment of a terminal according to the present invention;

图12为本发明域主节点的第一实施例的组成示意图；12 is a schematic structural diagram of a first embodiment of a domain master node according to the present invention;

图13为本发明域主节点的第二实施例的组成示意图。FIG. 13 is a schematic structural diagram of a second embodiment of a domain master node according to the present invention.

detailed description

本发明的说明书和权利要求书及上述附图中的术语“包括”和“具有”以及它们任何变形，意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或装置没有限定于已列出的步骤或单元，而是可选地还包括没有列出的步骤或单元，或可选地还包括对于这些过程、方法、产品或装置固有的其它步骤或单元。The terms "comprising" and "comprising" and variations of the invention are intended to be in the meaning For example, a process, method, system, product, or device that comprises a series of steps or units is not limited to the listed steps or units, but optionally includes steps or units not listed, or, optionally, Other steps or units inherent to these processes, methods, products or devices.

随着光无线通信的快速发展，其室内应用将变得越来越广泛。光无线通信可以是可见光通信、红外通信等，为了便于说明，本发明实施例中以可见光通信来进行描述，本领域技术人员应当理解，本发明实施例中的实施方式同样可适用于其他光无线通信系统，本发明实施例不作任何限定。With the rapid development of optical wireless communication, its indoor applications will become more and more extensive. The optical wireless communication may be a visible light communication, an infrared communication, or the like. For the convenience of description, the embodiment of the present invention is described by using visible light communication. Those skilled in the art should understand that the embodiment in the embodiment of the present invention can also be used. It is applicable to other optical wireless communication systems, and is not limited in any embodiment of the present invention.

由于光无线通信网络中的终端可移动，且每个终端的业务需求也可能发生变化，因此处于光无线通信网络中的终端需要进行域切换来确保现有业务的正常进行等。请参照图1，为可见光通信网络中协调拓扑的系统架构示意图。Since the terminals in the optical wireless communication network are mobile and the service requirements of each terminal may also change, the terminals in the optical wireless communication network need to perform domain switching to ensure the normal operation of the existing services. Please refer to FIG. 1 , which is a schematic diagram of a system architecture for coordinating a topology in a visible light communication network.

其中涉及的设备介绍如下：The equipment involved is as follows:

DM：域的主节点，也是网络接入点，负责管理域的新设备入网注册、资源调度、协调与切换等。DM: The primary node of the domain, which is also the network access point, is responsible for managing the registration, resource scheduling, coordination, and handover of new devices in the domain.

当前DM：在切换前，EP所接入的域的DM。Current DM: The DM of the domain to which the EP is connected before the handover.

目标DM：EP要切换的域的DM。Target DM: The DM of the domain to which the EP is to be switched.

EP：终端，通过与DM之间的可见光通信或红外通信等链路进行网络接入、数据传输等，其产品形态可以是手机、pad、笔记本电脑等。EP: The terminal performs network access and data transmission through a link such as visible light communication or infrared communication with the DM. The product form may be a mobile phone, a pad, a notebook computer or the like.

GM：全局主节点，通过回程(backhaul)链路和定义的与DM之间的接口，对多个域的运行进行协调，比如干扰协调、切换等。GM也可作为多个域的公共的安全控制器，负责所协调的所有域及其中节点的安全认证。GM: The global master node coordinates the operation of multiple domains through the backhaul link and the defined interface with the DM, such as interference coordination and handover. The GM can also act as a public security controller for multiple domains, responsible for the security certification of all domains and their nodes that are coordinated.

GW：网关，EP的业务来源。EP通过AP接入网络，而AP的数据来源可能是网关。GW: Gateway, the source of the EP's business. The EP accesses the network through the AP, and the data source of the AP may be a gateway.

SC：安全控制器，域中负责安全认证及密钥管理的实体，一般情况下与DM属于同一节点，也可属于不同节点。SC: The security controller, the entity responsible for security authentication and key management in the domain, generally belongs to the same node as the DM, and may belong to different nodes.

如图1所示，包括一个GM，DM1-DM3共3个DM，DM1对应的Domain1接入了EP1和EP2，DM2对应的Domain2中接入了EP3，DM3对应的Domain3中接入了EP4。三个Domain构成一个簇。当EP1需要从Domain1切换到Domain2或Domain3时，由于需要与目标DM进行新的注册和认证之后才能与目标DM进行通信，这会导致与当前DM的业务中断，且每次都要进行新的注册和认证，时延也非常大，不利于业务的良好进行，也不利于用户的使用体验。As shown in Figure 1, a GM is included, and DM1-DM3 has three DMs. Domain1 corresponding to DM1 is connected to EP1 and EP2, Domain 2 corresponding to DM2 is connected to EP3, and Domain3 corresponding to DM3 is connected to EP4. The three domains form a cluster. When EP1 needs to switch from Domain1 to Domain2 or Domain3, it can communicate with the target DM after it needs to register and authenticate with the target DM. This will cause the service with the current DM to be interrupted, and new registration will be performed each time. And the authentication, the delay is also very large, which is not conducive to the good conduct of the business, and is not conducive to the user experience.

下面将结合图2-图8对本方面的切换方法进行详细说明。The switching method of this aspect will be described in detail below with reference to FIGS. 2-8.

请参照图2，为本发明切换方法的第一实施例的流程示意图；在本实施例中，所述切换方法包括以下步骤：2 is a schematic flowchart of a first embodiment of a handover method according to the present invention. In this embodiment, the handover method includes the following steps:

S201，若终端需要进行域切换，则选择目标域主节点。 S201. If the terminal needs to perform domain switching, select the target domain primary node.

在选择目标DM时，EP可以根据接收到的邻居DM的信号的信噪比(SignaltoNoise Ratio，SNR)和邻居DM所属域中带宽资源利用率(带宽可用情况)等因素进行选择。例如，邻居DM的信号的SNR较高，则可以选择邻居DM进行切换，邻居DM的信号的SNR较低，则可以不切换或者选择其他的SNR较高的邻居DM切换；或者邻居DM所属域中带宽资源利用率较低，则可以选择邻居DM进行切换，若邻居DM所属域中带宽资源利用率较高则可以不切换或者选择其他所属域中带宽资源利用率较低的邻居DM切换。When selecting the target DM, the EP may select according to factors such as the signal to noise ratio (SNR) of the received neighbor DM signal and the bandwidth resource utilization (bandwidth availability) in the domain of the neighbor DM. For example, if the SNR of the signal of the neighboring DM is high, the neighboring DM may be selected to perform the handover. If the SNR of the signal of the neighboring DM is low, the neighboring DM handover with a higher SNR may not be switched or selected. If the bandwidth resource utilization is low, you can select the neighbor DM to switch. If the bandwidth resource utilization of the neighbor DM is high, you can switch or select other neighbor DMs with lower bandwidth resource utilization.

可选地，在选择目标域主节点之前，终端可以接收当前域主节点通过媒体接入计划(Media Access Plan，MAP)帧或专用消息发送的簇内其他域的信息，所述信息中包含其他域主节点信息，也可包含簇内其他各个域的终端信息。终端在获取到这些信息之后可以将这些信息作为域切换时选择目标域主节点的参考信息，同时也可以确定簇公共密钥的可使用范围，终端可以向可使用范围内的域发起切换。Optionally, before selecting the target domain primary node, the terminal may receive information about other domains in the cluster that are sent by the current domain primary node by using a Media Access Plan (MAP) frame or a dedicated message, where the information includes other The domain master node information may also include terminal information of other domains in the cluster. After obtaining the information, the terminal may select the reference information of the target domain master node when the domain is switched, and may also determine the available range of the cluster public key, and the terminal may initiate a handover to the domain within the usable range.

具体地，EP在判断自己需要切换之前，应从当前DM获取本簇中其他域信息，特别是DM的信息，如媒体访问控制(Media Access Control，MAC)地址)，也可以包括其他域的参数及各个EP的信息。这些信息由GM下发到各个域的DM，各个域的DM可通过MAP帧或者一个专用的消息将本簇其他域的信息下发给本域的EP。EP只能在检测到本簇中其他的域时才可以按照本发明实施例中所述的方法进行切换。Specifically, before determining that the UE needs to switch, the EP should obtain other domain information in the cluster from the current DM, in particular, information about the DM, such as a Media Access Control (MAC) address, and may also include parameters of other domains. Information about each EP. The information is sent by the GM to the DM of each domain. The DM of each domain can send the information of other domains of the cluster to the EP of the local domain through the MAP frame or a dedicated message. The EP can only perform handover according to the method described in the embodiment of the present invention when other domains in the cluster are detected.

S202，获取所述目标域主节点分配的带宽资源。S202. Acquire a bandwidth resource allocated by the target domain primary node.

当EP选择好目标DM之后，需要与当前DM以及目标DM进行切换过程的信息交互来确认切换，并获取目标DM分配的带宽资源。After the target DM is selected by the EP, the information exchange with the current DM and the target DM is performed to confirm the handover, and the bandwidth resource allocated by the target DM is obtained.

S203，在与所述目标域主节点完成认证之前，使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信。S203. Communicate with the target domain master node by using the bandwidth resource allocated by the target domain master node before completing the authentication with the target domain master node.

其中，所述终端与所述目标域主节点通信时传输的帧采用簇公共密钥加密。The frame transmitted when the terminal communicates with the target domain master node is encrypted by using a cluster public key.

按照常规方式必须在与目标DM完成认证之后，才能与目标DM进行通信，但是在本实施例中，通过引入簇公共密钥，使得EP可以在与目标DM完成认证之前，就可以与目标DM进行安全通信。In the conventional manner, it is necessary to perform communication with the target DM after the authentication with the target DM is completed, but in the present embodiment, by introducing the cluster public key, the EP can perform the target DM before the authentication with the target DM is completed. Secure communication.

在协调拓扑网络中，多个域由同一GM协调，共同组成一个簇。每个簇有一个公共的加密密钥，可称为簇公共密钥，可用于域间通信或切换时“临时传输”状态加密通信。簇公共密钥的生成方式可以是但不限于以下方式的一种：In a coordinated topology network, multiple domains are coordinated by the same GM to form a cluster. Each cluster has A public encryption key, called a cluster public key, can be used for inter-domain communication or "temporary transfer" state encrypted communication when switching. The method for generating the cluster public key may be, but not limited to, one of the following methods:

可选地，GM还可定期对簇公共密钥进行更新，并把更新后的簇公共密钥及时传递到各个EP。Optionally, the GM may also periodically update the cluster public key and deliver the updated cluster public key to each EP in time.

EP获得该簇公共密钥的方式为：SC或DM在每个EP成功认证后，将簇公共密钥发送给该EP。当SC与DM在同一节点时，也就等同于DM下发给EP。当SC与DM不在同一节点时，优选由SC发送给EP，但是也可以由SC发送给DM，由DM下发给EP。但是无论如何发，携带簇公共密钥的帧是加密发送。The EP obtains the cluster public key in such a manner that the SC or DM sends the cluster public key to the EP after each EP is successfully authenticated. When the SC and the DM are in the same node, it is equivalent to the DM being sent to the EP. When the SC and the DM are not in the same node, it is preferably sent by the SC to the EP, but may also be sent by the SC to the DM and sent by the DM to the EP. But no matter how it is sent, the frame carrying the cluster public key is encrypted.

可选地，在EP按照目标DM分配的带宽资源与DM进行通信之前，可能需要有一个与目标DM建立业务流或者建立通信链路的过程。在建立了业务流或者通信链路之后，目标DM再开始进行带宽资源的调度，一般地，调度信息在MAP帧中下发。Optionally, before the EP communicates with the DM according to the bandwidth resource allocated by the target DM, a process of establishing a service flow with the target DM or establishing a communication link may be required. After the service flow or the communication link is established, the target DM starts to perform the scheduling of the bandwidth resource. Generally, the scheduling information is sent in the MAP frame.

需要说明的，只有已认证的EP才能获取该簇公共密钥。例如，EP1已经在Domain1中认证，则EP1可以获取簇公共密钥，其在切换到Domain2时，便可以使用该簇公共密钥进行切换时“临时传输”状态下的业务传输，即在“临时传输”状态时，与目标DM通信的帧均使用簇公共密钥加密。且在VLC网络中，可选地，DM和SC两个逻辑功能实体在同一节点。也可以不在同一个节点。It should be noted that only the authenticated EP can obtain the cluster public key. For example, if EP1 is already authenticated in Domain1, EP1 can obtain the cluster public key. When switching to Domain2, it can use the cluster public key to perform service transmission in the "temporary transmission" state when switching. In the "transfer" state, frames that communicate with the target DM are encrypted using the cluster public key. And in the VLC network, optionally, the two logical functional entities of the DM and the SC are at the same node. It can also not be on the same node.

此外，本发明实施例的方案同样适用于非协调拓扑的VLC网络。非协调拓扑的VLC网络是指多个VLC网络间没有一个负责集中式协调的实体。不同之处在于，“簇公共密钥”的获取方式不同。可以由相邻的域各自交互并生成，然后下发给各个已认证EP。In addition, the solution of the embodiment of the present invention is also applicable to a VLC network of a non-coordinating topology. A VLC network with a non-coordinating topology refers to an entity that is not responsible for centralized coordination among multiple VLC networks. The difference is that the "cluster public key" is obtained in a different way. It can be generated and generated by adjacent domains and then delivered to each authenticated EP.

在本实施例中，提供了一种切换方法，终端在需要进行域切换时，可以在与所述目标域主节点完成认证之前，使用所述目标域主节点分配的带宽资源以及簇公共密钥与所述目标域主节点进行通信；从而使得EP在切换初期，可以无需重新注册认证，就可以保证安全通信，避免在认证过程中与当前DM链路中断，造成业务传输中断，减少了切换带来的业务中断时间，保证了切换过程中的安全传输。In this embodiment, a handover method is provided. When a terminal needs to perform domain handover, the terminal may use the bandwidth resource and the cluster public key allocated by the target domain primary node before completing the authentication with the target domain primary node. Communicating with the target domain master node; thereby enabling the EP to be in the initial stage of handover No need to re-register the authentication, you can ensure secure communication, avoid interruption of the current DM link during the authentication process, cause service interruption, reduce the service interruption time caused by handover, and ensure secure transmission during handover.

此外，对于簇公共密钥，其可以为所述终端在入网时，通过与当前域安全控制器或当前域主节点认证时获取。In addition, for the cluster public key, it may be acquired when the terminal authenticates with the current domain security controller or the current domain master node when entering the network.

此外，还可以为所述终端在入网时，通过当前域主节点与主安全控制器认证时获取，所述主安全控制器用于对加入该簇所有域的终端进行统一认证，且统一认证后的终端在进行簇内切换时无需再次认证。In addition, the terminal may be obtained when the terminal is authenticated by the current domain master node and the primary security controller, and the primary security controller is used to perform unified authentication on the terminals that join all the domains of the cluster, and the unified authentication is performed. The terminal does not need to be authenticated again when performing intra-cluster switching.

即簇中可以有一个SC作为全簇的安全控制器，可以与GM位于同一个设备，也可以不在同一个设备，或由GM担任SC。每个DM与SC间通过回程(backhaul)链路通信。EP在入网时，通过DM与SC或GM进行认证，从而获得可以与其他DM通信时加密的密钥，且切换过程中，在本簇范围内，无需再次进行认证。需要说明的是，无需再次认证的前提是EP的密钥仍然有效或仍处于有效期内，如果EP的密钥已经失效，可能仍需要再次认证。That is, there may be one SC in the cluster as a security controller of the full cluster, which may be located in the same device as the GM, or may not be in the same device, or may be served by the GM as the SC. Each DM communicates with the SC over a backhaul link. When the EP enters the network, it authenticates with the SC or GM through the DM, so that the key that can be encrypted when communicating with other DMs is obtained, and in the handover process, it is not necessary to perform authentication again within the scope of the cluster. It should be noted that the premise of not requiring re-authentication is that the EP key is still valid or still in the validity period. If the EP key has expired, it may still need to be authenticated again.

提出全簇统一认证，使得EP在切换过程中，可以无需重新认证，就可以保证安全通信，避免在认证过程中与当前DM链路中断，造成业务传输中断。还使得EP在切换过程中“快速路过”某一域的情况时，不再执行注册认证过程，可降低信令开销。A unified cluster-wide authentication is proposed, so that the EP can ensure secure communication without re-authentication during the handover process, and avoid interruption of the current DM link during the authentication process, resulting in service interruption. It also makes the EP not perform the registration authentication process when the device quickly "passes" a certain domain during the handover process, which can reduce the signaling overhead.

且针对EP在切换过程中“快速路过”某一域的情况，即在终端移动过程中，可能仅从某个域穿过，例如EP1要切换到Domain3时，需要穿过Domain2，如果还要与DM2进行注册和验证，流程复杂且开销大，造成资源浪费。且由于VLC域覆盖范围较小，将导致这种情况更加严重，此时，还可参照图3所述的切换方法进行切换。And for the case where the EP "fastly passes" a certain domain during the handover process, that is, during the terminal movement process, it may only pass through a certain domain. For example, when EP1 wants to switch to Domain3, it needs to pass through Domain2, if it is to The DM2 is registered and verified, and the process is complicated and expensive, resulting in waste of resources. Moreover, this situation is more serious due to the smaller coverage of the VLC domain. In this case, the handover method described in FIG. 3 can also be used for handover.

请参照图3，为本发明切换方法的第二实施例的流程示意图；在本实施例中，所述方法包括以下步骤：Referring to FIG. 3, it is a schematic flowchart of a second embodiment of a handover method according to the present invention. In this embodiment, the method includes the following steps:

S301，若终端需要进行域切换，则选择目标域主节点。S301. If the terminal needs to perform domain switching, select the target domain primary node.

在选择目标DM时，EP可以根据接收到的邻居DM的信号的信噪比(SignaltoNoise Ratio，SNR)和邻居DM所属域中带宽资源利用率(带宽可用情况)等因素进行选择。例如，邻居DM的信号的SNR较高，则可以选择邻居DM进行切换，邻居DM的信号的SNR较低，则可以不切换或者选择其他的SNR较高的邻居DM切换；或者邻居DM所属域中带宽资源利用率较低，则可以选择邻居DM进行切换，若邻居DM所属域中带宽资源利用率较高则可以不切换或者选择其他所属域中带宽资源利用率较低的邻居DM切换。When selecting the target DM, the EP may select according to factors such as the signal to noise ratio (SNR) of the received neighbor DM signal and the bandwidth resource utilization (bandwidth availability) in the domain of the neighbor DM. For example, if the signal of the neighbor DM is higher, the SNR can be selected. If the neighbor DM performs the handover and the SNR of the neighbor DM is low, you can switch or select other neighbor DMs with higher SNR. If the bandwidth of the neighbor DM is lower, you can select the neighbor DM to switch. If the bandwidth resource utilization rate of the neighboring DM is higher, the neighboring DM switch with lower bandwidth resource utilization in other domains may not be switched.

EP在判断自己需要切换之前，应从当前DM获取本簇中其他域信息，特别是DM的信息(如MAC地址)，也可以包括其他域的参数及各个EP的信息。这些信息由GM下发到各个域的DM，各个域的DM可通过媒体接入计划(Media Access Plan，MAP)帧或者一个专用的消息将本簇其他域的信息下发给本域的EP。EP只能在检测到本簇中其他的域时才可以按照本发明实施例中所述的方法进行切换。Before determining that the UE needs to switch, the EP should obtain other domain information in the cluster from the current DM, especially the information of the DM (such as the MAC address), and may also include the parameters of other domains and the information of each EP. The information is sent by the GM to the DM of each domain. The DM of each domain can send the information of other domains of the cluster to the EP of the local domain through a Media Access Plan (MAP) frame or a dedicated message. The EP can only perform handover according to the method described in the embodiment of the present invention when other domains in the cluster are detected.

S302，获取所述目标域主节点分配的带宽资源。S302. Acquire a bandwidth resource allocated by the target domain primary node.

S303，在与所述目标域主节点完成认证之前，使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信。S303. Communicate with the target domain master node by using the bandwidth resource allocated by the target domain master node before completing the authentication with the target domain master node.

按照常规方式必须在与目标DM完成认证之后，才能与目标DM进行通信，但是在本实施例中，通过引入簇公共密钥，使得EP可以在与目标DM完成认证之前，就可以与目标DM进行通信。In the conventional manner, it is necessary to perform communication with the target DM after the authentication with the target DM is completed, but in the present embodiment, by introducing the cluster public key, the EP can perform the target DM before the authentication with the target DM is completed. Communication.

在协调拓扑网络中，多个域由同一GM协调，共同组成一个簇。每个簇有一个公共的加密密钥，可称为簇公共密钥，可用于域间通信或切换时“临时传输”状态加密通信。簇公共密钥的生成方式可以是但不限于以下方式的一种：In a coordinated topology network, multiple domains are coordinated by the same GM to form a cluster. Each cluster has a common encryption key, which can be called a cluster public key, which can be used for inter-domain communication or "temporary transmission" state encrypted communication when switching. The method for generating the cluster public key may be, but not limited to, one of the following methods:

EP获得该簇公共密钥的方式为：SC或DM在每个EP成功认证后，将簇公共密钥发送给该EP。当SC与DM在同一节点时，也就等同于DM下发给 EP。当SC与DM不在同一节点时，优选由SC发送给EP，但是也可以由SC发送给DM，由DM下发给EP。但是无论如何发，携带簇公共密钥的帧是加密发送。The EP obtains the cluster public key in such a manner that the SC or DM sends the cluster public key to the EP after each EP is successfully authenticated. When the SC and the DM are in the same node, it is equivalent to the DM. EP. When the SC and the DM are not in the same node, it is preferably sent by the SC to the EP, but may also be sent by the SC to the DM and sent by the DM to the EP. But no matter how it is sent, the frame carrying the cluster public key is encrypted.

需要说明的，只有已认证的EP才能获取该簇公共密钥。例如，EP1已经在Domain1中认证，则EP1可以获取簇公共密钥，其在切换到Domain2时，便可以使用该簇公共密钥进行切换时“临时传输”状态下的业务传输即在“临时传输”状态时，与目标DM通信的帧均使用簇公共密钥加密。且在VLC网络中，可选地，DM和SC两个逻辑功能实体在同一节点。也可以不在同一个节点。It should be noted that only the authenticated EP can obtain the cluster public key. For example, if EP1 is already authenticated in Domain1, EP1 can obtain the cluster public key. When switching to Domain2, it can use the cluster public key to switch. The service transmission in the "temporary transmission" state is "temporary transmission". In the state, frames that communicate with the target DM are encrypted using the cluster public key. And in the VLC network, optionally, the two logical functional entities of the DM and the SC are at the same node. It can also not be on the same node.

S304，在使用所述目标域主节点分配的带宽资源以及簇公共密钥与所述目标域主节点进行通信达到预设时间后，根据预设规则判断是否需要与目标域安全控制器或所述目标域主节点进行认证。S304, after using the bandwidth resource allocated by the target domain master node and the cluster public key to communicate with the target domain master node for a preset time, determining, according to a preset rule, whether the target domain security controller or the target domain security controller is required The target domain master node performs authentication.

其中，预设时间可以通过设置一个定时器实现，达到预设时间可以是定时器结束，比如变为0。由于EP处于移动状态，会从目标DM的域中移出，此时应把设置的定时器Timer重置。The preset time can be implemented by setting a timer, and the preset time can be the end of the timer, for example, becoming 0. Since the EP is in the mobile state, it will be removed from the domain of the target DM. At this time, the set timer Timer should be reset.

S305，若满足所述预设规则，则与所述目标域安全控制器或所述目标域主节点进行认证。S305. If the preset rule is met, perform authentication with the target domain security controller or the target domain master node.

可选地，所述预设规则可以为：Optionally, the preset rule may be:

所述终端处于所述目标域主节点所在的域，且所述终端当前不需要进行域切换；或者可以为：The terminal is in the domain where the primary node of the target domain is located, and the terminal does not need to perform domain switching at present; or

其中，终端处于目标域主节点所在的域表示终端仍处于目标该目标域主节点的信号覆盖范围，与该目标域主节点保持通信链路的连接。而终端当前是否需要进行域切换可以参照步骤S201中的内容，如可以根据邻居DM信号的 SNR或邻居DM的带宽资源利用率等因素确定是否需要切换，本发明实施例不作任何限定。The domain in which the terminal is located in the target domain primary node indicates that the terminal is still in the signal coverage of the target primary domain primary node, and maintains the communication link connection with the target domain primary node. If the terminal needs to perform domain switching, refer to the content in step S201, for example, according to the neighbor DM signal. The SNR or the bandwidth resource utilization of the neighboring DM and other factors determine whether a handover is required, which is not limited in the embodiment of the present invention.

当不满足预设规则时，则终端可以不与目标DM进行认证。这样，使得在终端移动过程中连续通过2个以上的域时，避免了大量没必要的注册和认证过程，可以大量节省资源和开销，提升用户的使用体验。When the preset rule is not met, the terminal may not authenticate with the target DM. In this way, when more than two domains are continuously passed during the terminal mobile process, a large number of unnecessary registration and authentication processes are avoided, which can save a lot of resources and overhead, and improve the user experience.

在本实施例中，提供了一种切换方法，终端在需要进行域切换时，可以在与所述目标域主节点完成认证之前，使用所述目标域主节点分配的带宽资源以及簇公共密钥与所述目标域主节点进行通信；从而使得EP在切换初期，可以无需重新注册认证，就可以保证安全通信，避免在认证过程中与当前DM链路中断，造成业务传输中断，减少了切换带来的业务中断时间，保证了切换过程中的安全传输；增加进行是否进行认证的判断过程，只有在满足预设规则时才与目标DM进行认证，否则不进行认证，使得EP在切换过程中“快速路过”某一域的情况时，不再执行注册认证过程，降低了信令开销，避免了资源的浪费。In this embodiment, a handover method is provided. When a terminal needs to perform domain handover, the terminal may use the bandwidth resource and the cluster public key allocated by the target domain primary node before completing the authentication with the target domain primary node. Communicate with the target domain master node; so that the EP can ensure secure communication without re-registration authentication in the initial stage of handover, avoiding interruption of the current DM link during the authentication process, causing service interruption and reducing the handover band. The service interruption time of the incoming network ensures the secure transmission during the handover process. The judgment process of whether to perform the authentication is added to the target DM only when the preset rule is met. Otherwise, the authentication is not performed, so that the EP is in the handover process. When the path of a certain domain is fast, the registration authentication process is no longer performed, which reduces signaling overhead and avoids waste of resources.

对于切换过程中的具体信息交互过程，下面结合图4-图8进行详细说明。For the specific information interaction process in the handover process, a detailed description will be given below with reference to FIG. 4-8.

请参照图4，为本发明切换方法的第三实施例的流程示意图；在本实施例中，在若终端需要进行域切换，则选择目标域主节点之后，还包括：Referring to FIG. 4, it is a schematic flowchart of a third embodiment of the handover method according to the present invention. In this embodiment, after the terminal needs to perform domain switching, the target domain master node is selected, and the method further includes:

所述终端向所述目标域主节点发送切换请求，所述切换请求中包含所述终端的短地址、当前域主节点信息和带宽资源请求信息；Transmitting, by the terminal, a handover request to the target domain primary node, where the handover request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;

若所述终端在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则确定需要与目标域安全控制器或所述目标域主节点进行认证，则所述终端向所述目标域主节点发送注册请求，进行注册，获取所述目标域节点分配的新的短地址；After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node And performing authentication, the terminal sends a registration request to the target domain primary node, performs registration, and acquires a new short address allocated by the target domain node;

认证成功后，通知所述当前域节点释放为所述终端已分配的资源，所述已分配的资源包括已分配的短地址。After the authentication succeeds, the current domain node is notified to release the allocated resources of the terminal, where the The allocated resources include the assigned short address.

可选地，所述终端的短地址由全局主节点对所有的可用短地址进行分组，然后将其中一个与当前域主节点对应的分组分配给所述当前域主节点，再由所述当前域主节点从所述对应的分组中选择并分配给所述终端。Optionally, the short address of the terminal is grouped by the global primary node for all available short addresses, and then one of the packets corresponding to the current domain primary node is allocated to the current domain primary node, and then the current domain is The master node selects from the corresponding group and assigns to the terminal.

如图4所示，所述方法具体包括以下步骤：As shown in FIG. 4, the method specifically includes the following steps:

S401，EP判断自己需要切换，并选择目标DM。S401, the EP determines that it needs to switch, and selects the target DM.

目标DM选择时，EP可以根据接收到的邻居DM的信号的SNR、邻居DM所属域中带宽资源利用率(带宽可用情况)等因素进行选择。When the target DM is selected, the EP may select according to factors such as the SNR of the received neighbor DM signal and the bandwidth resource utilization (bandwidth availability) in the domain of the neighbor DM.

EP在判断自己需要切换之前，应从DM获取本簇中其他域信息，特别是DM的信息(如MAC地址)，也可以包括其他域的参数及各个EP的信息。这些信息由GM下发到各个域的DM，各个域的DM可通过MAP帧或者一个专用的消息将本簇其他域的信息下发给本域的EP。EP只能在检测到本簇中其他的域时才可以按照本发明进行切换。Before determining that the UE needs to switch, the EP should obtain other domain information in the cluster from the DM, especially the information of the DM (such as the MAC address), and may also include the parameters of other domains and the information of each EP. The information is sent by the GM to the DM of each domain. The DM of each domain can send the information of other domains of the cluster to the EP of the local domain through the MAP frame or a dedicated message. The EP can only switch according to the present invention when other domains in the cluster are detected.

需要说明的是，EP可以选择多个目标DM，为了便于描述说明，本实施例以选择一个目标DM为例进行描述。It should be noted that the EP may select multiple target DMs. For the convenience of description, the present embodiment describes a target DM as an example.

S402，EP向目标DM发送切换请求。S402. The EP sends a handover request to the target DM.

切换请求中，应包含：The switch request should contain:

EP自己的节点信息，如媒体接入控制(Media Access Control，MAC)地址即物理地址、短地址(DEVICE_ID)等。The EP's own node information, such as the Media Access Control (MAC) address, is the physical address, the short address (DEVICE_ID), and so on.

“当前DM信息”即切换前DM的信息、所属域的信息等。The "current DM information" is information of the DM before the handover, information of the domain to which it belongs, and the like.

带宽资源请求信息，用于请求目标DM为EP分配带宽资源。The bandwidth resource request information is used to request the target DM to allocate bandwidth resources for the EP.

为了保证切换请求的快速成功发送，可以在MAC周期中分配专用的资源，专用的资源可以是切换过程专用，也可以是竞争使用，但是切换过程中的消息采用最高的优先级发送。如在MAC周期中固定预留一段域间通信信道(Inter-Domain Communication Channel，IDCC)，IDCC中，切换过程的消息采用最高优先级发送。In order to ensure fast and successful transmission of the handover request, dedicated resources may be allocated in the MAC period. The dedicated resources may be dedicated to the handover process or may be used for contention, but the messages in the handover process are transmitted with the highest priority. For example, in the MAC cycle, an Inter-Domain Communication Channel (IDCC) is reserved. In the IDCC, the message of the handover process is sent with the highest priority.

关于短地址DEVICE_ID，本实施例进行了优化，描述如下：Regarding the short address DEVICE_ID, this embodiment is optimized and described as follows:

协调拓扑网络中，GM负责对总的可用的DEVICE_ID进行管理和分配，例如共有255个可用的DEVICE_ID，GM将可用的DEVICE_ID进行分组，每个组分配给一个域，并发送给每个域的DM。每个域的DM在接收到EP注册后，只能为EP指定在自己的DEVICE_ID组内可以使用的DEVICE_ID。In the coordinated topology network, the GM is responsible for managing and allocating the total available DEVICE_ID. For example, there are 255 available DEVICE_IDs, and the GM groups the available DEVICE_IDs. Groups are assigned to a domain and sent to the DM of each domain. After receiving the EP registration, each domain DM can only specify the DEVICE_ID that can be used in its own DEVICE_ID group for the EP.

S403，目标DM在收到切换请求之后，判断是否接受该请求，并答复切换响应。S403. After receiving the handover request, the target DM determines whether to accept the request, and replies to the handover response.

切换响应中，应包含：是否接受切换请求、原因等。The switch response should include: whether to accept the switch request, reason, etc.

目标DM在收到切换请求之后，可以请求网关(Gateway，GW)把EP的下行数据业务传输路径从当前DM切换到目标DM。After receiving the handover request, the target DM may request the gateway (GW) to switch the downlink data service transmission path of the EP from the current DM to the target DM.

目标DM可以根据下行数据传输路径切换情况(如是否成功)、本域中的带宽资源可用情况等判断是否接受该EP的切换请求。The target DM may determine whether to accept the handover request of the EP according to the downlink data transmission path switching situation (such as whether it is successful), the bandwidth resource availability in the local domain, and the like.

目标DM如果在切换响应中指示接受该EP的切换，应为该EP分配对应的带宽资源。目标DM一般通过MAP帧下发为该EP分配的带宽资源的调度信息，也可以通过切换响应或者其他消息下发。If the target DM indicates to accept the handover of the EP in the handover response, the corresponding bandwidth resource should be allocated to the EP. The target DM generally delivers the scheduling information of the bandwidth resource allocated to the EP through the MAP frame, and may also be delivered by using a handover response or other message.

S404、EP在收到目标DM答复的切换响应，且指示切换成功后，可进入一个“临时传输”状态，在这个状态下，按照目标DM分配的资源，使用簇公共密钥与目标DM进行通信，继续进行原来的业务传输。S404. After receiving the handover response of the target DM reply, and indicating that the handover is successful, the EP may enter a “temporary transmission” state. In this state, the cluster public key is used to communicate with the target DM according to the resource allocated by the target DM. , continue the original business transmission.

在“临时传输”状态时，与目标DM通信的帧均使用簇公共密钥加密。In the "temporary transfer" state, frames that communicate with the target DM are encrypted using the cluster public key.

对于簇公共密钥，协调拓扑网络中，多个域由同一GM协调，共同组成一个簇。每个簇有一个公共的加密密钥，称为簇公共密钥，可用于域间通信或切换时“临时传输”状态加密通信。簇公共密钥的生成方式可以是但不限于以下方式的一种：For a cluster public key, in a coordinated topology network, multiple domains are coordinated by the same GM to form a cluster. Each cluster has a common encryption key, called a cluster public key, that can be used for inter-domain communication or "temporary transmission" state encrypted communication when switching. The method for generating the cluster public key may be, but not limited to, one of the following methods:

GM还可定期对簇公共密钥进行更新，并把更新后的簇公共密钥及时传递到各个EP。The GM can also periodically update the cluster public key and deliver the updated cluster public key to each EP in time.

EP获得该簇公共密钥的方式为：SC或DM在每个EP成功认证后，将簇公共密钥发送给该EP。当SC与DM在同一节点时，也就等同于DM下发给EP。当SC与DM不在同一节点时，优选由SC发送给EP，但是也可以由SC发送给DM，由DM下发给EP。但是无论如何发，携带簇公共密钥的帧是加密发送。The EP obtains the cluster public key in such a manner that the SC or DM sends the cluster public key to the EP after each EP is successfully authenticated. When the SC and the DM are in the same node, it is equivalent to the DM being sent to the EP. When the SC and the DM are not in the same node, it is preferably sent by the SC to the EP, but may also be sent by the SC to the DM and sent by the DM to the EP. But no matter how it is sent, the frame carrying the cluster public key is plus Send secretly.

可选地，在EP按照目标DM分配的资源与DM进行通信之前，可能需要有一个与目标DM建立业务流或者建立通信链路的过程。在建立了业务流或者通信链路之后，目标DM再开始进行带宽资源的调度，一般地，调度信息在MAP帧中下发。Optionally, before the EP communicates with the DM according to the resources allocated by the target DM, a process of establishing a service flow with the target DM or establishing a communication link may be required. After the service flow or the communication link is established, the target DM starts to perform the scheduling of the bandwidth resource. Generally, the scheduling information is sent in the MAP frame.

只有已认证的EP才能获取该簇公共密钥。Only the authenticated EP can obtain the cluster public key.

一般地，在VLC网络中，DM和SC两个逻辑功能实体在同一节点。也可以不在同一个节点。Generally, in a VLC network, two logical functional entities, DM and SC, are on the same node. It can also not be on the same node.

S405、可选地，EP可以向当前DM发送切换指示，告知当前DM已经切换到新的目标DM所在的域。当前DM收到该切换指示后，释放原来分配给该EP的带宽资源。S405. Optionally, the EP may send a handover indication to the current DM, and notify the current DM that the DM has been switched to the domain where the new target DM is located. After receiving the handover indication, the current DM releases the bandwidth resource originally allocated to the EP.

S406、EP在进入“临时传输”状态达到预设时间后，根据预设规则判断是否可以进行正式注册和认证。如果需要，则执行注册和认证过程。After entering the "temporary transmission" state for a preset time, the S406 determines whether the formal registration and authentication can be performed according to a preset rule. Perform the registration and certification process if needed.

预设规则可以是但不限于：The preset rules can be but are not limited to:

S407、终端向目标DM发起注册请求。S407. The terminal initiates a registration request to the target DM.

S408、目标DM向终端答复注册响应，如果同意注册，需要为终端分配新的短地址，并包含在注册响应中。S408. The target DM replies to the registration response to the terminal. If the registration is agreed, the terminal needs to be assigned a new short address and is included in the registration response.

S409、终端向目标DM或目标SC发起认证请求。目标SC图中未示出，其可以与目标DM集成在一起设置，也可以独立设置。S409. The terminal initiates an authentication request to the target DM or the target SC. Not shown in the target SC map, it can be integrated with the target DM, or it can be set independently.

S410、目标DM或目标SC根据收到的认证请求执行认证流程。S410. The target DM or the target SC performs an authentication process according to the received authentication request.

S411、认证成功后，终端通知当前DM释放为该终端已分配的短地址。S411. After the authentication succeeds, the terminal notifies the current DM to release the short address that has been allocated by the terminal.

S412、当前DM释放为该终端分配的短地址，切换完成。 S412. The current DM releases the short address allocated to the terminal, and the handover is completed.

目标DM在接收到该切换EP发送的注册请求后，并在该EP完成认证后，可通过GM或backhaul链路，向当前DM发送通知，使得当前DM可以释放分配给该切换EP的所有资源，特别是DEVICE_ID。也可以是终端直接向当前DM发送消息以通知当前DM释放为该终端分配的所有资源，特别是DEVICE_ID。After receiving the registration request sent by the handover EP, and after the EP completes the authentication, the target DM may send a notification to the current DM through the GM or backhaul link, so that the current DM can release all resources allocated to the handover EP. Especially DEVICE_ID. It is also possible that the terminal directly sends a message to the current DM to notify the current DM to release all resources allocated to the terminal, in particular DEVICE_ID.

当EP在定时器Timer未结束时离开目标DM，并切换到目标DM2，也按照上面的流程执行，不同之处在于，由于目标DM无需为EP分配短地址，无需释放相应的DEVICE_ID资源。When the EP leaves the target DM when the timer is not finished, and switches to the target DM2, it is also executed according to the above procedure, except that since the target DM does not need to allocate a short address for the EP, it is not necessary to release the corresponding DEVICE_ID resource.

由于一般VLC域中，只需要支持EP与DM间的通信，因此可以将密钥获取与认证过程进行整合优化。Since the communication between the EP and the DM is only required to be supported in the general VLC domain, the key acquisition and authentication process can be integrated and optimized.

在本实施例中，通过提出簇公共密钥，使得EP在切换初期，可以无需重新注册认证，就可以保证安全通信，避免在认证过程中与当前DM链路中断，造成业务传输中断。In this embodiment, by proposing the cluster public key, the EP can ensure secure communication without re-registration authentication in the initial stage of the handover, and avoid interruption of the current DM link during the authentication process, thereby causing service interruption.

通过提出预设时间及判断过程，使得EP在切换过程中“快速路过”某一域的情况时，不再执行注册认证过程，降低信令开销。By proposing the preset time and the judging process, the EP does not perform the registration authentication process when the device quickly "passes" a certain domain during the handover process, thereby reducing the signaling overhead.

提出了DEVICE_ID分配方法，避免在切换过程中，EP要同时与两(多)个DM同时通信，或同时处于两(多)个域，可能带来的ID冲突问题。The DEVICE_ID allocation method is proposed to avoid the problem of ID conflict that may occur when the EP is simultaneously communicating with two (multiple) DMs at the same time, or in two (multiple) domains at the same time.

因而使用本实施例的切换方法，可以减少切换带来的业务中断时间。保证切换过程中能够安全传输。Therefore, by using the handover method of this embodiment, the service interruption time brought by the handover can be reduced. Ensure secure transmission during the handover process.

请参照图5，为本发明切换方法的第四实施例的流程示意图；在本实施例中，在若终端需要进行域切换，则选择目标域主节点之后，还包括：5 is a schematic flowchart of a fourth embodiment of a handover method according to the present invention. In this embodiment, after the terminal needs to perform domain handover, the target domain master node is selected, and the method further includes:

若所述终端在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则确定需要与目标域安全控制器或所述目标域主节点进行认证，则所述终端向所述目标域主节点发送注册请求，进行注册，获取所述目标域节点分配的新的短地址；After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node Performing authentication, the terminal sends a registration request to the target domain master node, Row registration, obtaining a new short address assigned by the target domain node;

如图5所示，所述方法具体包括以下步骤：As shown in FIG. 5, the method specifically includes the following steps:

S501、EP判断自己需要切换，并选择目标DM。S501, the EP determines that it needs to switch, and selects the target DM.

EP可以选择多个目标DM，本实施例以选择一个目标DM为例进行描述。The EP can select multiple target DMs. This embodiment is described by taking a target DM as an example.

S502、EP向当前DM发送切换请求。S502. The EP sends a handover request to the current DM.

切换请求中，包含：The switch request contains:

EP自己的节点信息，如MAC地址、DEVICE_ID等。EP's own node information, such as MAC address, DEVICE_ID, etc.

“目标DM信息”即要切换的目标DM信息、所属域的信息等"Target DM information" is the target DM information to be switched, the information of the domain to which it belongs, etc.

协调拓扑网络中，GM负责对总的可用的DEVICE_ID进行管理和分配，例如共有255个可用的DEVICE_ID，GM将可用的DEVICE_ID进行分组，每个组分配给一个域，并发送给每个域的DM。每个域的DM在接收到EP注册后，只能为EP指定在自己的DEVICE_ID组内可以使用的DEVICE_ID。In the coordinated topology network, the GM is responsible for managing and allocating the total available DEVICE_ID. For example, there are 255 available DEVICE_IDs. The GM groups the available DEVICE_IDs, each group is assigned to one domain, and is sent to each domain's DM. . After receiving the EP registration, each domain DM can only specify the DEVICE_ID that can be used in its own DEVICE_ID group for the EP.

S503、当前DM在收到切换请求之后，判断是否接受该请求，并答复切换响应。S503. After receiving the handover request, the current DM determines whether to accept the request, and replies to the response. Change the response.

切换响应中，应包含：In the switch response, it should contain:

是否接受切换请求、原因等。Whether to accept the switch request, reason, etc.

当前DM在收到切换请求之后，可以通过GM或backhaul链路，请求GW把EP的下行数据业务传输路径从当前DM切换到目标DM。After receiving the handover request, the current DM may request the GW to switch the downlink data service transmission path of the EP from the current DM to the target DM through the GM or the backhaul link.

当前DM可以根据下行数据传输路径切换情况(如是否成功)、目标DM所反馈结果(如，其带宽资源是否可用)等判断是否接受该EP的切换请求。The current DM may determine whether to accept the handover request of the EP according to the downlink data transmission path switching situation (such as whether it is successful), the feedback result of the target DM (for example, whether its bandwidth resource is available), or the like.

S504，目标DM为终端分配带宽资源。S504. The target DM allocates a bandwidth resource to the terminal.

当前DM如果在切换响应中指示接受该EP的切换，意味着，目标DM应为该EP分配对应的带宽资源。目标DM一般通过MAP帧下发为该EP分配的带宽资源的调度信息，也可以通过切换响应或其他消息下发。If the current DM indicates to accept the handover of the EP in the handover response, it means that the target DM should allocate the corresponding bandwidth resource for the EP. The target DM generally delivers the scheduling information of the bandwidth resource allocated to the EP through the MAP frame, and may also be delivered by using a handover response or other message.

S505、EP在收到当前DM答复的切换响应，且指示切换成功后，应进入一个“临时传输”状态，在这个状态下，按照目标DM分配的资源，使用簇公共密钥与目标DM进行通信，继续进行原来的业务传输。S505. After receiving the handover response of the current DM reply, and indicating that the handover is successful, the EP should enter a “temporary transmission” state. In this state, the cluster public key is used to communicate with the target DM according to the resource allocated by the target DM. , continue the original business transmission.

对于簇公共密钥：For cluster public keys:

协调拓扑网络中，多个域由同一GM协调，共同组成一个簇。每个簇有一个公共的加密密钥，称为簇公共密钥，可用于域间通信或切换时“临时传输”状态加密通信。簇公共密钥的生成方式可以是但不限于以下方式的一种：In a coordinated topology network, multiple domains are coordinated by the same GM to form a cluster. Each cluster has a common encryption key, called a cluster public key, that can be used for inter-domain communication or "temporary transmission" state encrypted communication when switching. The method for generating the cluster public key may be, but not limited to, one of the following methods:

EP获得该簇公共密钥的方式为：SC或DM在每个EP成功认证后，将簇公共密钥发送给该EP。当SC与DM在同一节点时，也就等同于DM下发给EP。当SC与DM不在同一节点时，优选由SC发送给EP，但是也可以由SC发送给DM，由DM下发给EP。但是无论如何发，携带簇公共密钥的帧是加密发送。 The EP obtains the cluster public key in such a manner that the SC or DM sends the cluster public key to the EP after each EP is successfully authenticated. When the SC and the DM are in the same node, it is equivalent to the DM being sent to the EP. When the SC and the DM are not in the same node, it is preferably sent by the SC to the EP, but may also be sent by the SC to the DM and sent by the DM to the EP. But no matter how it is sent, the frame carrying the cluster public key is encrypted.

一般地，在VLC网络中，DM和SC两个逻辑功能实体在同一节点。当然，也可以不在同一个节点。Generally, in a VLC network, two logical functional entities, DM and SC, are on the same node. Of course, you can also not be on the same node.

S506、可选地，EP可以向当前DM发送切换指示，告知当前DM已经成功切换到新的目标DM所在的域。当前DM收到该切换指示后，释放原来分配给该EP的带宽资源。S506. Optionally, the EP may send a handover indication to the current DM, and notify the current DM that the DM has successfully switched to the domain where the new target DM is located. After receiving the handover indication, the current DM releases the bandwidth resource originally allocated to the EP.

S507、EP在进入“临时传输”状态达到预设时间后，根据预设规则判断是否可以进行正式注册和认证。如果需要，则执行注册和认证过程。After the S501 and the EP enter the "temporary transmission" state and reach the preset time, it is determined according to the preset rule whether the formal registration and authentication can be performed. Perform the registration and certification process if needed.

预设规则可以是但不限于：所述终端处于所述目标域主节点所在的域，且所述终端当前不需要进行域切换；或者The preset rule may be, but is not limited to, the terminal is in a domain where the target domain primary node is located, and the terminal does not currently need to perform domain switching; or

S508、终端向目标DM发起注册请求。S508. The terminal initiates a registration request to the target DM.

S509、目标DM向终端答复注册响应，如果同意注册，需要为终端分配新的短地址，并包含在注册响应中。S509. The target DM replies to the registration response to the terminal. If the registration is agreed, the terminal needs to be assigned a new short address and is included in the registration response.

S510、终端向目标DM或目标SC发起认证请求。目标SC图中未示出，其可以与目标DM集成在一起设置，也可以独立设置。S510. The terminal initiates an authentication request to the target DM or the target SC. Not shown in the target SC map, it can be integrated with the target DM, or it can be set independently.

S511、目标DM或目标SC根据收到的认证请求执行认证流程。S511. The target DM or the target SC performs an authentication process according to the received authentication request.

S512、认证成功后，终端通知当前DM释放为该终端已分配的短地址。S512: After the authentication succeeds, the terminal notifies the current DM to release the short address that has been allocated by the terminal.

S513、当前DM释放为该终端分配的短地址，切换完成。S513. The current DM releases the short address allocated to the terminal, and the handover is completed.

目标DM在接收到该切换EP发送的注册请求后，并在该EP完成认证后，可通过GM或backhaul链路，向当前DM发送通知，使得当前DM可以释放分配给该切换EP的所有资源，特别是DEVICE_ID。也可以是终端直接向当前DM发送消息以通知当前DM释放为该终端分配的所有资源，特别是DEVICE_ID。After receiving the registration request sent by the handover EP, and after the EP completes the authentication, the target DM may send a notification to the current DM through the GM or backhaul link, so that the current DM can be released. All resources assigned to the switch EP, especially DEVICE_ID. It is also possible that the terminal directly sends a message to the current DM to notify the current DM to release all resources allocated to the terminal, in particular DEVICE_ID.

请参照图6，为本发明切换方法的第五实施例的流程示意图；在本实施例中，在若终端需要进行域切换，则选择目标域主节点之后，还包括：6 is a schematic flowchart of a fifth embodiment of a handover method according to the present invention. In this embodiment, after the domain is switched, the target domain master node is selected, and the method further includes:

在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信之后，还包括：After the bandwidth resource allocated by the target domain master node is used to communicate with the target domain master node, the method further includes:

可选地，所述终端的短地址由全局主节点对所有的可用短地址进行分组，然后将其中一个与当前域主节点对应的分组分配给所述当前域主节点，再由所述当前域主节点从所述对应的分组中选择并分配给所述终端。当然，也可以不对短地址进行分组，本发明实施例不作任何限定。Optionally, the short address of the terminal is grouped by the global primary node for all available short addresses, and then one of the packets corresponding to the current domain primary node is allocated to the current domain primary node, and then the current domain is The master node selects from the corresponding group and assigns to the terminal. Of course, you can also The grouping of the short addresses is not limited in any embodiment of the present invention.

如图6所示，所述方法具体包括以下步骤：As shown in FIG. 6, the method specifically includes the following steps:

S601、EP判断自己需要切换，并选择目标DM。S601, the EP determines that it needs to switch, and selects the target DM.

S602、EP向目标DM发送重新注册请求。S602. The EP sends a re-registration request to the target DM.

重新注册请求中，应包含：The re-registration request should include:

“当前DM信息”即切换前DM信息、所属域的信息等。The "current DM information" is the DM information before the handover, the information of the domain to which it belongs, and the like.

需要说明的是，与图4所示实施例相比，重新注册请求与图4实施例中的切换请求，作用稍不同。除了具备切换请求的功能之外，其与切换请求的主要区别是，发送重新注册请求，等同于注册的过程，DM收到后，应为该EP执行注册相应的操作。It should be noted that, compared with the embodiment shown in FIG. 4, the re-registration request is slightly different from the handover request in the embodiment of FIG. 4. In addition to the function of the handover request, the main difference from the handover request is that the re-registration request is sent, which is equivalent to the registration process. After the DM receives it, the corresponding operation should be registered for the EP.

S603、目标DM在收到重新注册请求之后，判断是否接受该请求，并答复重新注册响应。S603. After receiving the re-registration request, the target DM determines whether to accept the request and responds to the re-registration response.

重新注册响应中，应包含：The re-registration response should include:

是否接受重新注册请求、原因等。并在注册响应中为EP分配的新DEVICE_ID。Whether to accept the re-registration request, reason, etc. And the new DEVICE_ID assigned to the EP in the registration response.

目标DM在收到重新注册请求之后，可以请求GW把EP的下行数据业务传输路径从当前DM切换到目标DM。After receiving the re-registration request, the target DM may request the GW to switch the downlink data service transmission path of the EP from the current DM to the target DM.

目标DM可以根据下行数据传输路径切换情况(如是否成功)、本域中的带宽资源可用情况等判断是否接受该EP的重新注册请求。 The target DM may determine whether to accept the re-registration request of the EP according to the downlink data transmission path switching situation (such as whether it is successful), the availability of bandwidth resources in the domain, and the like.

目标DM如果在重新注册响应中指示接受该EP的切换，应为该EP分配对应的带宽资源及新的DEVICE_ID等。目标DM一般通过MAP帧下发为该EP分配的带宽资源的调度信息，也可以通过重新注册响应或者其他消息下发。If the target DM indicates to accept the handover of the EP in the re-registration response, the corresponding bandwidth resource and the new DEVICE_ID should be allocated to the EP. The target DM generally delivers the scheduling information of the bandwidth resource allocated to the EP through the MAP frame, and may also be delivered by re-registering the response or other messages.

S604、EP在收到目标DM答复的重新注册响应，且指示切换成功后，可进入一个“临时传输”状态，在这个状态下，按照目标DM分配的资源，使用簇公共密钥与目标DM进行通信，继续进行原来的业务传输，此时应使用步骤S503中提到的目标DM为EP分配的新DEVICE_ID。S604. After receiving the re-registration response of the target DM reply, and indicating that the handover is successful, the EP may enter a “temporary transmission” state. In this state, according to the resource allocated by the target DM, the cluster public key is used to perform the target DM. Communication, the original service transmission is continued, and the new DEVICE_ID assigned to the EP by the target DM mentioned in step S503 should be used.

对于簇公共密钥：For cluster public keys:

一般地，在VLC网络中，DM和SC两个逻辑功能实体在同一节点。当然，也可以不在同一个节点。 Generally, in a VLC network, two logical functional entities, DM and SC, are on the same node. Of course, you can also not be on the same node.

S605、可选地，EP可以向当前DM发送切换指示，告知当前DM已经切换到新的目标DM所在的域。当前DM收到该切换指示后，释放原来分配给该EP的带宽资源及DEVICE_ID等。S605. Optionally, the EP may send a handover indication to the current DM, to notify the current DM that the DM has been switched to the domain where the new target DM is located. After receiving the handover indication, the current DM releases the bandwidth resource, DEVICE_ID, and the like originally allocated to the EP.

S606、EP在进入“临时传输”状态达到预设时间后，根据预设规则判断是否可以进行认证。如果需要，则执行认证过程。S606. After the EP enters the Temporary Transfer state and reaches a preset time, it determines whether the authentication can be performed according to a preset rule. If necessary, perform the authentication process.

当EP在定时器Timer未结束时离开目标DM，并切换到目标DM2，也可以按照上面的流程执行。When the EP leaves the target DM when the timer Timer is not finished, and switches to the target DM2, it can also be executed according to the above process.

S607、终端向目标DM或目标SC发送认证请求。目标SC图中未示出，其可以与目标DM集成在一起设置，也可以独立设置。S607. The terminal sends an authentication request to the target DM or the target SC. Not shown in the target SC map, it can be integrated with the target DM, or it can be set independently.

S608、目标DM或目标SC执行认证流程，认证通过后，切换完成。S608. The target DM or the target SC performs the authentication process. After the authentication is passed, the handover is completed.

通过提出预设时间及判断过程，使得EP在切换过程中“快速路过”某一域的情况时，不再执行注册认证过程，可降低信令开销。By proposing the preset time and the judging process, the EP does not perform the registration authentication process when the AP quickly "passes" a certain domain during the handover process, which can reduce the signaling overhead.

请参照图7，为本发明切换方法的第六实施例的流程示意图；在本实施例中，在若终端需要进行域切换，则选择目标域主节点之后，还包括：7 is a schematic flowchart of a sixth embodiment of a handover method according to the present invention. In this embodiment, after the target domain master node is selected, the terminal includes:

所述终端向当前域主节点发送重新注册请求，所述重新注册请求中包含所述终端的短地址、所述目标域主节点信息和带宽资源请求信息；Sending, by the terminal, a re-registration request to the current domain master node, where the re-registration request includes the short address of the terminal, the target domain primary node information, and bandwidth resource request information;

若所述当前域主节点接受所述终端的重新注册请求，则获取所述目标域主节点分配的带宽资源和新的短地址。 And if the current domain master node accepts the re-registration request of the terminal, acquiring a bandwidth resource and a new short address allocated by the target domain master node.

可选地，所述终端的短地址由全局主节点对所有的可用短地址进行分组，然后将其中一个与当前域主节点对应的分组分配给所述当前域主节点，再由所述当前域主节点从所述对应的分组中选择并分配给所述终端。当然，也可以不对短地址进行分组，本发明实施例不作任何限定。Optionally, the short address of the terminal is grouped by the global primary node for all available short addresses, and then one of the packets corresponding to the current domain primary node is allocated to the current domain primary node, and then the current domain is The master node selects from the corresponding group and assigns to the terminal. Of course, the short addresses may not be grouped, and the embodiment of the present invention does not limit the present invention.

如图7所示，所述方法具体包括以下步骤：As shown in FIG. 7, the method specifically includes the following steps:

S701、EP判断自己需要切换，并选择目标DM。S701, the EP determines that it needs to switch, and selects the target DM.

S702、EP向当前DM发送重新注册请求。S702. The EP sends a re-registration request to the current DM.

重新注册请求中，包含：The re-registration request contains:

“目标DM信息”即要切换的目标DM信息、所属域的信息等。The "target DM information" is the target DM information to be switched, the information of the domain to which it belongs, and the like.

S703、当前DM在收到重新注册请求之后，判断是否接受该请求，并答复重新注册响应。S703. After receiving the re-registration request, the current DM determines whether to accept the request, and answers Re-register the response.

是否接受重新注册请求、原因等。Whether to accept the re-registration request, reason, etc.

S704，目标DM为EP分配带宽资源和新的短地址。S704. The target DM allocates a bandwidth resource and a new short address for the EP.

当前DM在收到重新注册请求之后，可以通过GM或backhaul链路，请求GW把EP的下行数据业务传输路径从当前DM切换到目标DM。After receiving the re-registration request, the current DM may request the GW to switch the downlink data service transmission path of the EP from the current DM to the target DM through the GM or backhaul link.

当前DM可以根据下行数据传输路径切换情况(如是否成功)、目标DM所反馈结果(如，其带宽资源是否可用)等判断是否接受该EP的切换请求。目标DM应在反馈结果中，包含分配给该EP的新的DEVICE_ID。此时，当前DM可以将分配给该EP的之前的DEVICE_ID释放。EP开始使用新的DEVICE_ID。The current DM may determine whether to accept the handover request of the EP according to the downlink data transmission path switching situation (such as whether it is successful), the feedback result of the target DM (for example, whether its bandwidth resource is available), or the like. The target DM should include the new DEVICE_ID assigned to the EP in the feedback result. At this time, the current DM can release the previous DEVICE_ID assigned to the EP. EP starts using the new DEVICE_ID.

当前DM如果在重新注册响应中指示接受该EP的切换，意味着，目标DM应为该EP分配对应的带宽资源。目标DM一般通过MAP帧下发为该EP分配的带宽资源的调度信息，也可以通过重新注册响应或者其他消息下发。If the current DM indicates to accept the handover of the EP in the re-registration response, it means that the target DM should allocate the corresponding bandwidth resource for the EP. The target DM generally delivers the scheduling information of the bandwidth resource allocated to the EP through the MAP frame, and may also be delivered by re-registering the response or other messages.

S705、EP在收到当前DM答复的重新注册响应，且指示切换成功后，可进入一个“临时传输”状态，在这个状态下，按照目标DM分配的资源，使用簇公共密钥与目标DM进行通信，继续进行原来的业务传输。S705. After receiving the re-registration response of the current DM reply, and indicating that the handover is successful, the EP may enter a “temporary transmission” state. In this state, according to the resource allocated by the target DM, the cluster public key is used to perform the target DM. Communication, continue the original service transmission.

对于簇公共密钥：For cluster public keys:

协调拓扑网络中，多个域由同一GM协调，共同组成一个簇。每个簇有一个公共的加密密钥，称为簇公共密钥，可用于域间通信或切换时“临时状态”状态加密通信。簇公共密钥的生成方式可以是但不限于以下方式的一种：In a coordinated topology network, multiple domains are coordinated by the same GM to form a cluster. Each cluster has a common encryption key, called a cluster public key, that can be used for inter-domain communication or "temporary state" state encrypted communication when switching. The method for generating the cluster public key may be, but not limited to, one of the following methods:

S706、可选地，EP可以向当前DM发送切换指示，告知当前DM已经成功切换到新的目标DM所在的域。当前DM收到该切换指示后，释放原来分配给该EP的带宽资源短地址。S706. Optionally, the EP may send a handover indication to the current DM, and notify the current DM that the DM has successfully switched to the domain where the new target DM is located. After receiving the handover indication, the current DM releases the bandwidth resource short address originally allocated to the EP.

S707、EP在进入“临时传输”状态达到预设时间后，根据预设规则判断是否可以进行正式认证。如果需要，则执行认证过程。After entering the "temporary transmission" state for a preset time, the S707 determines whether the formal authentication can be performed according to a preset rule. If necessary, perform the authentication process.

S708、终端向目标DM或目标SC发送认证请求。目标SC图中未示出，其可以与目标DM集成在一起设置，也可以独立设置。S708. The terminal sends an authentication request to the target DM or the target SC. Not shown in the target SC map, it can be integrated with the target DM, or it can be set independently.

S709、目标DM或目标SC执行认证流程，认证通过后，切换完成。The S709, the target DM, or the target SC performs the authentication process. After the authentication is passed, the handover is completed.

在本实施例中，通过提出簇公共密钥，使得EP在切换初期，可以无需重新注册认证，就可以保证安全通信，避免在认证过程中与当前DM链路中断，造成业务传输中断。In this embodiment, by proposing the cluster public key, the EP can ensure secure communication without re-registration authentication at the initial stage of handover, and avoid interruption with the current DM link during the authentication process. Caused a disruption in business transmission.

请参照图8，为本发明切换方法的第七实施例的流程示意图；在本实施例中，在若终端需要进行域切换，则选择目标域主节点之后，还包括：FIG. 8 is a schematic flowchart of a seventh embodiment of a handover method according to the present invention. In this embodiment, after the target domain master node is selected, the terminal includes:

所述终端与所述当前域主节点通信时基于所述终端的短地址进行，所述终端与所述目标域主节点通信时，基于所述新的短地址进行；When the terminal communicates with the current domain master node, based on the short address of the terminal, when the terminal communicates with the target domain master node, based on the new short address;

如图8所示，所述方法具体包括以下步骤：As shown in FIG. 8, the method specifically includes the following steps:

S801、EP判断自己需要切换，并选择目标DM。S801, the EP determines that it needs to switch, and selects the target DM.

目标DM选择时，EP可以根据接收到的邻居DM的信号的SNR、邻居 DM所属域中带宽资源利用率(带宽可用情况)等因素进行选择。When the target DM is selected, the EP can according to the SNR of the received neighbor DM signal, neighbors The bandwidth resource utilization (bandwidth availability) in the DM domain is selected.

S802、EP向当前DM发送重新注册请求。S802. The EP sends a re-registration request to the current DM.

重新注册请求中，包含：The re-registration request contains:

S803、当前DM在收到重新注册请求之后，判断是否接受该请求，并答复重新注册响应。S803. After receiving the re-registration request, the current DM determines whether to accept the request and responds to the re-registration response.

切换响应中，应包含：In the switch response, it should contain:

S804，目标DM为该EP分配带宽资源和新的短地址。S804. The target DM allocates a bandwidth resource and a new short address for the EP.

当前DM如果在切换响应中指示接受该EP的切换，意味着，目标DM应为该EP分配对应的带宽资源。目标DM一般通过MAP帧下发为该EP分配的带宽资源的调度信息，也可以通过重新注册响应或者其他消息下发。If the current DM indicates to accept the handover of the EP in the handover response, it means that the target DM should allocate the corresponding bandwidth resource for the EP. The target DM generally delivers the scheduling information of the bandwidth resource allocated to the EP through the MAP frame, and may also be delivered by re-registering the response or other messages.

在步骤S803和S804的过程中，EP与当前DM通信，使用当前DM之前为EP分配的DEVICE_ID，和目标DM通信，使用目标DM为EP分配的新的 DEVICE_ID。In the process of steps S803 and S804, the EP communicates with the current DM, uses the DEVICE_ID assigned to the EP before the current DM, communicates with the target DM, and uses the target DM to allocate a new EP. DEVICE_ID.

S805、EP在收到当前DM答复的重新注册响应，且指示切换成功后，可进入一个“临时传输”状态，在这个状态下，按照目标DM分配的资源，使用簇公共密钥与目标DM进行通信，继续进行原来的业务传输。S805. After receiving the re-registration response of the current DM reply, and indicating that the handover is successful, the EP may enter a “temporary transmission” state. In this state, according to the resource allocated by the target DM, the cluster public key is used to perform the target DM. Communication, continue the original service transmission.

对于簇公共密钥：For cluster public keys:

S806、可选地，EP可以向当前DM发送切换指示，告知当前DM已经成功切换到新的目标DM所在的域。当前DM收到该切换指示后，释放原来分配给该EP的带宽资源。 S806. Optionally, the EP may send a handover indication to the current DM, to notify the current DM that the DM has successfully switched to the domain where the new target DM is located. After receiving the handover indication, the current DM releases the bandwidth resource originally allocated to the EP.

S807、EP在进入“临时传输”状态达到预设时间后，根据预设规则判断是否可以进行正式认证。如果需要，则执行认证过程。S807: After entering the "temporary transmission" state for a preset time, the EP determines whether the formal authentication can be performed according to a preset rule. If necessary, perform the authentication process.

S808，终端向目标DM或目标SC发送认证请求。目标SC图中未示出，其可以与目标DM集成在一起设置，也可以独立设置。S808. The terminal sends an authentication request to the target DM or the target SC. Not shown in the target SC map, it can be integrated with the target DM, or it can be set independently.

S809，目标DM或目标SC根据收到的认证请求执行认证流程。S809. The target DM or the target SC performs an authentication process according to the received authentication request.

S810，认证成功后，终端通知当前DM释放为该终端已分配的短地址。S810. After the authentication succeeds, the terminal notifies the current DM to release the short address that has been allocated by the terminal.

S811，当前DM释放为该终端分配的短地址，切换完成。S811, the current DM releases the short address allocated to the terminal, and the handover is completed.

目标DM在在该EP完成认证后，可通过GM或backhaul链路，向当前DM发送通知，使得当前DM可以释放分配给该切换EP的所有资源，特别是DEVICE_ID。也可以是终端直接向当前DM发送消息以通知当前DM释放为该终端分配的所有资源，特别是DEVICE_ID。After the target DM completes the authentication, the target DM may send a notification to the current DM through the GM or backhaul link, so that the current DM can release all resources allocated to the handover EP, in particular, the DEVICE_ID. It is also possible that the terminal directly sends a message to the current DM to notify the current DM to release all resources allocated to the terminal, in particular DEVICE_ID.

需要说明的是，本实施例与图7所示实施例相比，不同点在于，不执行关于DEVICE_ID的优化。步骤S705-S709之后，EP应使用新的DEVICE_ID。而步骤S803-S804中，EP与当前DM通信，使用之前的DEVICE_ID，和目标DM通信，使用新的DEVICE_ID。步骤S806中，增加了“目标DM在该EP完成认证后，可通过GM或backhaul链路，向当前DM发送通知，使得当前DM可以释放分配给该切换EP的所有资源，特别是DEVICE_ID”。It should be noted that the present embodiment is different from the embodiment shown in FIG. 7 in that optimization regarding the DEVICE_ID is not performed. After steps S705-S709, the EP should use the new DEVICE_ID. In steps S803-S804, the EP communicates with the current DM, communicates with the target DM using the previous DEVICE_ID, and uses the new DEVICE_ID. In step S806, after the target DM completes the authentication, the target DM may send a notification to the current DM through the GM or backhaul link, so that the current DM can release all resources allocated to the handover EP, in particular, the DEVICE_ID.

请参照图9，为本发明切换方法的第八实施例的流程示意图，在本实施例中，包括以下步骤：9 is a schematic flowchart of an eighth embodiment of a handover method according to the present invention. In this embodiment, the following steps are included:

S901、若终端需要进行域切换，则目标域主节点在同意切换后，为所述终端分配带宽资源。S901. If the terminal needs to perform domain switching, the target domain master node allocates bandwidth resources to the terminal after agreeing to the handover.

S902、在与所述终端完成认证之前，使用所述分配的带宽资源以及簇公共密钥与所述终端进行通信。S902: Communicate with the terminal by using the allocated bandwidth resource and the cluster public key before completing the authentication with the terminal.

其中，所述目标域主节点与所述终端通信时传输的帧采用簇公共密钥加密。The frame transmitted by the target domain master node when communicating with the terminal is encrypted by using a cluster public key.

可选地，所述簇公共密钥为所述终端在入网时，通过与当前域安全控制器或当前域主节点认证时获取；Optionally, the cluster public key is obtained when the terminal authenticates with the current domain security controller or the current domain master node when the terminal enters the network;

所述终端用于与域主节点通信的短地址由全局主节点对所有的可用短地址进行分组，然后将分组对应地分配给各个域主节点，当所述终端与其中一个域主节点注册成功时再由该域主节点从所述全局主节点分配的分组中选择并分配给所述终端。The short address used by the terminal to communicate with the domain master node is grouped by the global master node for all available short addresses, and then the packets are correspondingly assigned to the domain master nodes, and the terminal and one of the domain master nodes are successfully registered. The time is then selected and assigned to the terminal by the domain master node from the group allocated by the global master node.

请参照图10，为本发明终端的第一实施例的组成示意图；在本实施例中，所述终端包括：10 is a schematic diagram of a composition of a first embodiment of a terminal according to the present invention; in this embodiment, the terminal includes:

选择单元100，用于若终端需要进行域切换，则选择目标域主节点；The selecting unit 100 is configured to select a target domain master node if the terminal needs to perform domain switching;

获取单元200，用于获取所述目标域主节点分配的带宽资源；The obtaining unit 200 is configured to acquire a bandwidth resource allocated by the target domain master node;

通信单元300，用于在与所述目标域主节点完成认证之前，使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信，其中，所述终端与所述目标域主节点通信时传输的帧采用簇公共密钥加密。The communication unit 300 is configured to communicate with the target domain master node by using the bandwidth resource allocated by the target domain master node before completing the authentication with the target domain master node, where the terminal and the target domain master Frames transmitted during node communication are encrypted using the cluster public key.

可选地，所述终端还包括：Optionally, the terminal further includes:

判断单元400，用于在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则判断是否需要与目标域安全控制器或所述目标域主节点进行认证；a determining unit 400, configured to use the bandwidth resource allocated by the target domain master node and the target After the domain master node communicates for a preset time, it is determined according to a preset rule whether it is required to perform authentication with the target domain security controller or the target domain master node;

所述通信单元300还用于若满足所述预设规则，则与所述目标域安全控制器或所述目标域主节点进行认证。The communication unit 300 is further configured to perform authentication with the target domain security controller or the target domain primary node if the preset rule is met.

可选地，所述预设规则为：Optionally, the preset rule is:

可选地，所述通信单元300还用于：Optionally, the communication unit 300 is further configured to:

在所述选择单元100选择目标域主节点之后，向所述目标域主节点发送切换请求，所述切换请求中包含所述终端的短地址、当前域主节点信息和带宽资源请求信息；After the selecting unit 100 selects the target domain primary node, sending a handover request to the target domain primary node, where the handover request includes the short address of the terminal, current domain primary node information, and bandwidth resource request information;

若所述目标域主节点接受所述终端的切换请求，则指示所述获取单元200获取所述目标域主节点分配的带宽资源。If the target domain master node accepts the handover request of the terminal, the acquiring unit 200 is instructed to acquire the bandwidth resource allocated by the target domain master node.

在所述选择单元100选择目标域主节点之后，向当前域主节点发送切换请求，所述切换请求中包含所述终端的短地址、所述目标域主节点信息和带宽资源请求信息；After the selecting unit 100 selects the target domain master node, sending a handover request to the current domain master node, where the handover request includes the short address of the terminal, the target domain master node information, and bandwidth resource request information;

若所述当前域主节点接受所述终端的切换请求，则指示所述获取单元200获取所述目标域主节点分配的带宽资源。If the current domain master node accepts the handover request of the terminal, the acquiring unit 200 is instructed to acquire the bandwidth resource allocated by the target domain master node.

可选地，若所述终端在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则确定需要与目标域安全控制器或所述目标域主节点进行认证，则所述通信单元300还用于向所述目标域主节点发送注册请求，进行注册，获取所述目标域节点分配的新的短地址；Optionally, if the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, a required domain security controller or the target domain The target domain master node performs authentication, and the communication unit 300 is further configured to send a registration request to the target domain master node, perform registration, and acquire a new short address allocated by the target domain node;

注册成功后向所述目标域安全控制器或所述目标域主节点发送认证请求，进行认证；After the registration is successful, an authentication request is sent to the target domain security controller or the target domain master node. Authenticate;

在所述选择单元100选择目标域主节点之后，向所述目标域主节点发送重新注册请求，所述重新注册请求中包含所述终端的短地址、当前域主节点信息和带宽资源请求信息；After the selecting unit 100 selects the target domain master node, sending a re-registration request to the target domain master node, where the re-registration request includes the short address, the current domain master node information, and the bandwidth resource request information of the terminal;

若所述目标域主节点接受所述终端的重新注册请求，则指示所述获取单元200获取所述目标域主节点分配的带宽资源和新的短地址。If the target domain master node accepts the re-registration request of the terminal, the acquiring unit 200 is instructed to acquire the bandwidth resource and the new short address allocated by the target domain master node.

在所述选择单元100选择目标域主节点之后，向当前域主节点发送重新注册请求，所述重新注册请求中包含所述终端的短地址、当前域主节点信息和带宽资源请求信息；After the selecting unit 100 selects the target domain master node, sending a re-registration request to the current domain master node, where the re-registration request includes the short address, the current domain master node information, and the bandwidth resource request information of the terminal;

可选地，在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信之后，所述通信单元300还用于：Optionally, after the communication with the target domain master node is performed by using the bandwidth resource allocated by the target domain master node, the communication unit 300 is further configured to:

可选地，所述通信单元300还用于与所述当前域主节点通信时使用所述终端的短地址，与所述目标域主节点通信时使用所述新的短地址；Optionally, the communication unit 300 is further configured to use a short address of the terminal when communicating with the current domain master node, and use the new short address when communicating with the target domain master node;

若所述终端在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则确定需要与目标域安全控制器或所述目标域主节点进行认证，则所述通信单元300还用于向目标域安全控制器或所述目标域主节点发送认证请求，进行认证；After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node For authentication, the communication unit 300 is also used to target the domain security controller or The target domain master node sends an authentication request and performs authentication;

可选地，所述簇公共密钥为全局主节点生成；或者Optionally, the cluster public key is generated by a global primary node; or

可选地，所述簇公共密钥为所述终端在入网时，通过与当前域安全控制器或当前域主节点认证时获取；或者Optionally, the cluster public key is obtained when the terminal is authenticated by the current domain security controller or the current domain master node when entering the network; or

可选地，在选择目标域主节点之前，所述选择单元还用于接收当前域主节点通过媒体接入计划帧或专用消息发送的簇内其他域主节点的信息。Optionally, before the target domain master node is selected, the selecting unit is further configured to receive information of the other domain master nodes in the cluster that are sent by the current domain master node by using a media access plan frame or a dedicated message.

请参照图11，为本发明终端的第二实施例的组成示意图；在本实施例中，所述终端包括：FIG. 11 is a schematic diagram of a composition of a second embodiment of a terminal according to the present invention; in this embodiment, the terminal includes:

处理器110、存储器120、接口电路130和总线140，所述处理器110、存储器120、接口电路130通过总线140连接，其中，所述存储器120用于存储一组程序代码，所述处理器110用于调用所述存储器120中存储的程序代码，执行以下操作：The processor 110, the memory 120, the interface circuit 130, and the bus 140 are connected by a bus 140, wherein the memory 120 is configured to store a set of program codes, and the processor 110 For invoking the program code stored in the memory 120, the following operations are performed:

可选地，所述处理器110还用于：Optionally, the processor 110 is further configured to:

若满足所述预设规则，则与所述目标域安全控制器或所述目标域主节点进行认证。If the preset rule is met, the target domain security controller or the target domain master node is Line certification.

可选地，所述预设规则为：Optionally, the preset rule is:

可选地，在若终端需要进行域切换，则选择目标域主节点之后，所述处理器110还用于：Optionally, after the target domain master node is selected, if the terminal needs to perform domain switching, the processor 110 is further configured to:

可选地，若所述终端在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则确定需要与目标域安全控制器或所述目标域主节点进行认证，则所述处理器110还用于向所述目标域主节点发送注册请求，进行注册，获取所述目标域节点分配的新的短地址；Optionally, if the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, a required domain security controller or the target domain The target domain master node performs authentication, and the processor 110 is further configured to send a registration request to the target domain master node, perform registration, and acquire a new short address allocated by the target domain node;

可选地，在若终端需要进行域切换，则选择目标域主节点之后，所述处理器110还用于：Optionally, after the target domain master node is selected, if the terminal needs to perform domain switching, the processing is performed. The device 110 is also used to:

可选地，在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信之后，所述处理器110还用于：Optionally, after the bandwidth resource allocated by the target domain master node is used to communicate with the target domain master node, the processor 110 is further configured to:

可选地，所述终端与所述当前域主节点通信时使用所述终端的短地址，所述终端与所述目标域主节点通信时使用所述新的短地址；Optionally, the terminal uses a short address of the terminal when communicating with the current domain master node, and uses the new short address when the terminal communicates with the target domain master node;

若所述终端在使用所述目标域主节点分配的带宽资源与所述目标域主节点进行通信达到预设时间后，根据预设规则确定需要与目标域安全控制器或所述目标域主节点进行认证，则所述处理器110还用于向目标域安全控制器或所述目标域主节点发送认证请求，进行认证；After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node The processor 110 is further configured to send an authentication request to the target domain security controller or the target domain master node for authentication;

可选地，所述簇公共密钥为全局主节点生成；或者 Optionally, the cluster public key is generated by a global primary node; or

可选地，在选择目标域主节点之前，所述处理器110还用于：Optionally, before selecting the target domain master node, the processor 110 is further configured to:

请参照图12，为本发明目标域主节点的第一实施例的组成示意图，在本实施例中，所述目标域主节点包括：Referring to FIG. 12, it is a schematic diagram of a composition of a primary node of a target domain according to the present invention. In this embodiment, the target domain master node includes:

分配单元500，用于若终端需要进行域切换，则所述域主节点在同意切换后，为所述终端分配带宽资源；The allocating unit 500 is configured to: if the terminal needs to perform domain switching, the domain master node allocates a bandwidth resource to the terminal after agreeing to the handover;

通信单元600，用于在与所述终端完成认证之前，使用所述分配的带宽资源以及簇公共密钥与所述终端进行通信；The communication unit 600 is configured to communicate with the terminal by using the allocated bandwidth resource and the cluster public key before completing the authentication with the terminal;

可选地，所述终端用于与域主节点通信的短地址由全局主节点对所有的可用短地址进行分组，然后将分组对应地分配给各个域主节点，当所述终端与其中一个域主节点注册成功时再由该域主节点从所述全局主节点分配的分组中选择并分配给所述终端。Optionally, the short address used by the terminal to communicate with the domain master node is grouped by the global master node for all available short addresses, and then the packets are correspondingly allocated to each domain master node, when the terminal and one of the domains are When the primary node registers successfully, it is selected and assigned to the terminal by the domain master node from the group allocated by the global primary node.

请参照图13，为本发明目标域主节点的第二实施例的组成示意图；在本实施例中，所述目标域主节点包括： FIG. 13 is a schematic diagram of a composition of a second embodiment of a target domain primary node according to the present invention; in this embodiment, the target domain primary node includes:

处理器210、存储器220、接口电路230和总线240，所述处理器210、存储器220、接口电路230通过总线240连接，其中，所述存储器220用于存储一组程序代码，所述处理器210用于调用所述存储器220中存储的程序代码，执行以下操作：The processor 210, the memory 220, the interface circuit 230, and the bus 240, the processor 210, the memory 220, and the interface circuit 230 are connected by a bus 240, wherein the memory 220 is used to store a set of program codes, and the processor 210 For invoking the program code stored in the memory 220, the following operations are performed:

若终端需要进行域切换，则所述处理器210在同意切换后，为所述终端分配带宽资源；If the terminal needs to perform domain switching, the processor 210 allocates a bandwidth resource to the terminal after agreeing to the handover;

在与所述终端完成认证之前，使用所述分配的带宽资源以及簇公共密钥与所述终端进行通信。Communicating with the terminal using the allocated bandwidth resource and the cluster public key before completing the authentication with the terminal.

其中，所述处理器与所述终端通信时传输的帧采用簇公共密钥加密。The frame transmitted when the processor communicates with the terminal is encrypted by using a cluster public key.

本实施例中介绍的终端可以用以实施本发明结合图2-图8介绍的方法实施例中的部分或全部流程，以及执行本发明结合图10介绍的装置实施例中的部分或全部功能，本实施例中介绍的目标域主节点可以用以实施本发明结合图9介绍的方法实施例中的部分或全部流程，以及执行本发明结合图12介绍的装置实施例中的部分或全部功能，在此不再赘述。The terminal introduced in this embodiment may be used to implement some or all of the processes in the method embodiment of the present invention, which are described in conjunction with FIG. 2 and FIG. 8, and perform some or all of the functions of the device embodiment introduced by the present invention in conjunction with FIG. The target domain master node introduced in this embodiment may be used to implement some or all of the processes in the method embodiment described in conjunction with FIG. 9 of the present invention, and perform some or all of the functions of the device embodiment introduced by the present invention in conjunction with FIG. I will not repeat them here.

在一个或多个实例中，所描述的功能可以硬件、软件、固件或其任何组合来实施。如果以软件实施，则功能可作为一个或多个指令或代码而存储于计算机可读媒体上或经由计算机可读媒体而发送，且通过基于硬件的处理单元执行。计算机可读媒体可包含计算机可读存储媒体(其对应于例如数据存储媒体等有形媒体)或通信媒体，通信媒体包含(例如)根据通信协议促进计算机程序从一处传送到另一处的任何媒体。以此方式，计算机可读媒体大体上可对应于(1)非瞬时的有形计算机可读存储媒体，或(2)例如信号或载波等通信媒体。数据存储媒体可为可由一个或多个计算机或一个或多个处理器存取以检索指令、代码及/或数据结构以用于实施本发明中所描述的技术的任何可用媒体。计算机程序产品可包含计算机可读媒体。In one or more examples, the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted as one or more instructions or code via a computer-readable medium and executed by a hardware-based processing unit. The computer readable medium can comprise a computer readable storage medium (which corresponds to a tangible medium such as a data storage medium) or a communication medium comprising, for example, any medium that facilitates transfer of the computer program from one place to another in accordance with a communication protocol. . In this manner, the computer readable medium can generally correspond to (1) non Instantaneous tangible computer readable storage medium, or (2) communication medium such as a signal or carrier wave. Data storage media may be any available media that can be accessed by one or more computers or one or more processors to retrieve instructions, code and/or data structures for use in carrying out the techniques described herein. The computer program product can comprise a computer readable medium.

通过实例而非限制，某些计算机可读存储媒体可包括RAM、ROM、EEPROM、CD-ROM或其它光盘存储器、磁盘存储器或其它磁性存储装置、快闪存储器，或可用以存储呈指令或数据结构的形式的所要程序代码且可由计算机存取的任何其它媒体。而且，任何连接可适当地称为计算机可读媒体。举例来说，如果使用同轴电缆、光缆、双绞线、数字用户线(DSL)或无线技术(例如，红外线、无线电及微波)而从网站、服务器或其它远程源发送指令，则同轴电缆、光缆、双绞线、DSL或无线技术(例如，红外线、无线电及微波)包含于媒体的定义中。然而，应理解，计算机可读存储媒体及数据存储媒体不包含连接、载波、信号或其它瞬时媒体，而是有关非瞬时有形存储媒体。如本文中所使用，磁盘及光盘包含压缩光盘(CD)、激光光盘、光学光盘、数字影音光盘(DVD)、软性磁盘及蓝光光盘，其中磁盘通常以磁性方式复制数据，而光盘通过激光以光学方式复制数据。以上各物的组合还应包含于计算机可读媒体的范围内。By way of example and not limitation, certain computer-readable storage media may comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage or other magnetic storage device, flash memory, or may be used to store instructions or data structures. Any other medium in the form of the desired program code and accessible by the computer. Also, any connection is properly termed a computer-readable medium. For example, if you use coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technology (eg, infrared, radio, and microwave) to send commands from a website, server, or other remote source, coaxial cable , fiber optic cable, twisted pair, DSL, or wireless technologies (eg, infrared, radio, and microwave) are included in the definition of the media. However, it should be understood that computer readable storage media and data storage media do not include connections, carrier waves, signals, or other transient media, but rather non-transitory tangible storage media. As used herein, a magnetic disk and an optical disk include a compact disk (CD), a laser disk, an optical disk, a digital video disk (DVD), a flexible disk, and a Blu-ray disk, wherein the disk usually reproduces data magnetically, and the disk passes the laser Optically copy data. Combinations of the above should also be included within the scope of computer readable media.

可由例如一个或多个数字信号处理器(DSP)、通用微处理器、专用集成电路(ASIC)、现场可编程逻辑阵列(FPGA)或其它等效集成或离散逻辑电路等一个或多个处理器来执行指令。因此，如本文中所使用的术语“处理器”可指代前述结构或适于实施本文中所描述的技术的任何其它结构中的任一者。另外，在一些方面中，可将本文中所描述的功能性提供于经配置以用于编码及解码的专用硬件及/或软件模块内，或并入于组合式编解码器中。而且，所述技术可完全实施于一个或多个电路或逻辑元件中。One or more processors, such as one or more digital signal processors (DSPs), general purpose microprocessors, application specific integrated circuits (ASICs), field programmable logic arrays (FPGAs), or other equivalent integrated or discrete logic circuits To execute the instructions. Accordingly, the term "processor," as used herein, may refer to any of the foregoing structures or any other structure suitable for implementing the techniques described herein. In addition, in some aspects, the functionality described herein may be provided within dedicated hardware and/or software modules configured for encoding and decoding, or incorporated in a combined codec. Moreover, the techniques can be fully implemented in one or more circuits or logic elements.

本发明的技术可以广泛地由多种装置或设备来实施，所述装置或设备包含无线手持机、集成电路(IC)或IC集合(例如，芯片组)。在本发明中描述各种组件、模块或单元以强调经配置以执行所揭示技术的装置的功能方面，但未必要求通过不同硬件单元来实现。确切地说，如上文所描述，各种单元可组合于编解码器硬件单元中，或通过交互操作性硬件单元(包含如上文所描述的一个或多个处理器)的集合结合合适软件及/或固件来提供。The techniques of the present invention can be broadly implemented by a variety of devices or devices, including a wireless handset, an integrated circuit (IC), or a collection of ICs (eg, a chipset). Various components, modules or units are described in this disclosure to emphasize functional aspects of the apparatus configured to perform the disclosed techniques, but are not necessarily required to be implemented by different hardware units. Rather, as described above, various units may be combined in a codec hardware unit, or by an interoperable hardware unit (including one or as described above) A collection of multiple processors) is provided in conjunction with suitable software and/or firmware.

应理解，说明书通篇中提到的“一个实施例”或“一实施例”意味着与实施例有关的特定特征、结构或特性包括在本发明的至少一个实施例中。因此，在整个说明书各处出现的“在一个实施例中”或“在一实施例中”未必一定指相同的实施例。此外，这些特定的特征、结构或特性可以任意适合的方式结合在一个或多个实施例中。It is to be understood that the phrase "one embodiment" or "an embodiment" or "an" Thus, "in one embodiment" or "in an embodiment" or "an" In addition, these particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

在本发明的各种实施例中，应理解，上述各过程的序号的大小并不意味着执行顺序的先后，各过程的执行顺序应以其功能和内在逻辑确定，而不应对本发明实施例的实施过程构成任何限定。In the various embodiments of the present invention, it should be understood that the size of the sequence numbers of the above processes does not mean the order of execution, and the order of execution of each process should be determined by its function and internal logic, and should not be taken to the embodiments of the present invention. The implementation process constitutes any limitation.

另外，本文中术语“系统”和“网络”在本文中常可互换使用。应理解，本文中术语“和/或”，仅仅是一种描述关联对象的关联关系，表示可以存在三种关系，例如，A和/或B，可以表示：单独存在A，同时存在A和B，单独存在B这三种情况。另外，本文中字符“/”，一般表示前后关联对象是一种“或”的关系。Additionally, the terms "system" and "network" are used interchangeably herein. It should be understood that the term "and/or" herein is merely an association relationship describing an associated object, indicating that there may be three relationships, for example, A and/or B, which may indicate that A exists separately, and A and B exist simultaneously. There are three cases of B alone. In addition, the character "/" in this article generally indicates that the contextual object is an "or" relationship.

在本申请所提供的实施例中，应理解，“与A相应的B”表示B与A相关联，根据A可以确定B。但还应理解，根据A确定B并不意味着仅仅根据A确定B，还可以根据A和/或其它信息确定B。In the embodiments provided herein, it should be understood that "B corresponding to A" means that B is associated with A, and B can be determined from A. However, it should also be understood that determining B from A does not mean that B is only determined based on A, and that B can also be determined based on A and/or other information.

本领域普通技术人员可以意识到，结合本文中所公开的实施例描述的各示例的单元及算法步骤，能够以电子硬件、计算机软件或者二者的结合来实现，为了清楚地说明硬件和软件的可互换性，在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行，取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能，但是这种实现不应认为超出本发明的范围。Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the various examples described in connection with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both, for clarity of hardware and software. Interchangeability, the composition and steps of the various examples have been generally described in terms of function in the above description. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.

所属领域的技术人员可以清楚地了解到，为描述的方便和简洁，上述描述的系统、装置和单元的具体工作过程，可以参考前述方法实施例中的对应过程，在此不再赘述。A person skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the system, the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.

在本申请所提供的几个实施例中，应该理解到，所揭露的系统、装置和方法，可以通过其它的方式实现。例如，以上所描述的装置实施例仅仅是示意性的，例如，所述单元的划分，仅仅为一种逻辑功能划分，实际实现时可以有另外的划分方式，例如多个单元或组件可以结合或者可以集成到另一个系统，或一些特征可以忽略，或不执行。另一点，所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口，装置或单元的间接耦合或通信连接，可以是电性，机械或其它的形式。In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division, and the actual implementation may have another The manner of division, such as multiple units or components, may be combined or integrated into another system, or some features may be omitted or not performed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的，作为单元显示的部件可以是或者也可以不是物理单元，即可以位于一个地方，或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.

另外，在本发明各个实施例中的各功能单元可以集成在一个处理单元中，也可以是各个单元单独物理存在，也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.

以上所述，仅为本发明的具体实施方式，但本发明的保护范围并不局限于此，任何熟悉本技术领域的技术人员在本发明揭露的技术范围内，可轻易想到变化或替换，都应涵盖在本发明的保护范围之内。因此，本发明的保护范围应以所述权利要求的保护范围为准。 The above is only a specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the appended claims.

Claims

A switching method is applied to an optical wireless communication system, and includes:

If the terminal needs to perform domain switching, select the target domain primary node;

Obtaining a bandwidth resource allocated by the target domain primary node;

Communicating with the target domain master node by using the bandwidth resource allocated by the target domain master node before completing the authentication with the target domain master node, where the terminal transmits the frame when communicating with the target domain master node Cluster public key encryption.

The switching method according to claim 1, wherein

After the communication with the target domain master node reaches the preset time by using the bandwidth resource allocated by the target domain master node, it is determined according to a preset rule whether the target domain security controller or the target domain master node needs to be authenticated;

If the preset rule is met, the target domain security controller or the target domain master node is authenticated.

The switching method according to claim 2, wherein the preset rule is:

The terminal is in a domain where the target domain primary node is located, and the terminal does not currently need to perform domain switching; or

The terminal is in the domain where the target domain primary node is located, and the signal to noise ratio of the signal received by the target domain primary node is greater than a preset threshold, and the terminal does not currently need to perform domain switching.

The handover method according to claim 1, wherein after the target domain master node is selected, if the terminal needs to perform domain handover, the method further includes:

Transmitting, by the terminal, a handover request to the target domain primary node, where the handover request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;

Receiving a handover response of the target domain primary node;

And if the target domain master node accepts the handover request of the terminal, acquiring the bandwidth resource allocated by the target domain master node.

Transmitting, by the terminal, a handover request to a current domain primary node, where the handover request includes a short address of the terminal, the target domain primary node information, and bandwidth resource request information;

Receiving a handover response of the current domain master node;

And if the current domain master node accepts the handover request of the terminal, acquiring the bandwidth resource allocated by the target domain master node.

The handover method according to claim 4 or 5, wherein, if the terminal uses the bandwidth resource allocated by the target domain master node to communicate with the target domain master node for a preset time, according to the preset The rule determines that the target domain security controller or the target domain primary node needs to be authenticated, and the terminal sends a registration request to the target domain primary node to perform registration, and acquires a new short address allocated by the target domain node;

After the registration is successful, the authentication request is sent to the target domain security controller or the target domain master node for authentication;

After the authentication succeeds, the current domain node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.

Sending, by the terminal, a re-registration request to the target domain primary node, where the re-registration request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;

Receiving a re-registration response of the target domain master node;

And if the target domain master node accepts the re-registration request of the terminal, acquiring a bandwidth resource and a new short address allocated by the target domain master node.

Sending, by the terminal, a re-registration request to the current domain master node, where the re-registration request includes the short address of the terminal, the target domain primary node information, and bandwidth resource request information;

Receiving a re-registration response of the current domain master node;

And if the current domain master node accepts the re-registration request of the terminal, acquiring a bandwidth resource and a new short address allocated by the target domain master node.

The handover method according to claim 7 or 8, wherein after the communication with the target domain master node is performed by using the bandwidth resource allocated by the target domain master node, the method further includes:

Notifying the current domain master node to release the allocated resources for the terminal, the allocated resources including the allocated short address and the allocated bandwidth resource.

The handover method according to any one of claims 4, 5, 7, or 8, wherein the short address of the terminal is grouped by the global master node for all available short addresses, and then one of the terminals is associated with the current domain. The packet corresponding to the node is allocated to the current domain master node, and then the current domain master node selects and allocates the corresponding group to the terminal.

The handover method according to claim 7 or 8, wherein the terminal uses a short address of the terminal when communicating with the current domain master node, and uses the terminal when the terminal communicates with the target domain master node. State the new short address;

After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node If the authentication is performed, the terminal sends an authentication request to the target domain security controller or the target domain master node to perform authentication;

After the authentication succeeds, the current domain master node is notified to release the allocated resources for the terminal, and the allocated resources include the allocated short addresses.

The switching method according to claim 1, wherein

The cluster public key is generated by the global master node; or

The cluster public key is generated by a global master node and each domain master node; or

The cluster public key is generated by the global master node and the security controller of each domain.

The switching method according to claim 1, wherein

The cluster public key is obtained when the terminal is authenticated by the current domain security controller or the current domain master node when entering the network; or

The cluster public key is obtained when the terminal is authenticated by the current domain master node and the primary security controller, and the primary security controller is used to perform unified authentication on the terminals joining all the domains of the cluster, and the unified authentication is performed. The latter terminal does not need to be authenticated again when performing intra-cluster handover.

The handover method according to claim 1, further comprising: before selecting the target domain master node, further comprising:

The terminal receives information of other domain master nodes in the cluster that are sent by the current domain master node through the media access plan frame or the dedicated message.

If the terminal needs to perform domain switching, the target domain master node allocates bandwidth resources to the terminal after agreeing to the handover;

Communicating with the terminal using the allocated bandwidth resource and the cluster public key before completing the authentication with the terminal, wherein the frame transmitted by the target domain master node when communicating with the terminal adopts a cluster public key encryption.

The handover method according to claim 15, wherein the cluster public key is obtained when the terminal authenticates with the current domain security controller or the current domain master node when the terminal enters the network;

The cluster public key is generated by the global master node; or

The handover method according to claim 15, wherein the short address used by the terminal for communicating with the domain master node is grouped by the global master node for all available short addresses, and then the packet pair is Assigned to each domain master node, when the terminal and one of the domain master nodes successfully register, the domain master node selects and assigns to the terminal from the group allocated by the global master node.

A terminal applied to an optical wireless communication system, comprising:

a selecting unit, configured to select a target domain master node if the terminal needs to perform domain switching;

An obtaining unit, configured to acquire a bandwidth resource allocated by the target domain primary node;

a communication unit, configured to communicate with the target domain master node by using a bandwidth resource allocated by the target domain master node before completing the authentication with the target domain master node, where the terminal and the target domain master node Frames transmitted during communication are encrypted using the cluster public key.

The terminal according to claim 18, wherein the terminal further comprises:

a determining unit, configured to determine, according to a preset rule, whether the target domain security controller or the target domain is required, after the communication with the target domain master node is used to reach a preset time by using the bandwidth resource allocated by the target domain master node The primary node performs authentication;

The communication unit is further configured to perform authentication with the target domain security controller or the target domain master node if the preset rule is met.

The terminal according to claim 19, wherein the preset rule is:

The terminal according to claim 18, wherein the communication unit is further configured to:

After the selecting unit selects the target domain primary node, sending a handover request to the target domain primary node, where the handover request includes the short address of the terminal, current domain primary node information, and bandwidth resource request information;

Receiving a handover response of the target domain primary node;

If the target domain master node accepts the handover request of the terminal, instructing the acquiring unit to acquire The bandwidth resource allocated by the target domain master node.

After the selecting unit selects the target domain primary node, sending a handover request to the current domain primary node, where the handover request includes the short address of the terminal, the target domain primary node information, and bandwidth resource request information;

Receiving a handover response of the current domain master node;

If the current domain master node accepts the handover request of the terminal, the acquiring unit is instructed to acquire the bandwidth resource allocated by the target domain master node.

The terminal according to claim 21 or 22, wherein, if the terminal uses the bandwidth resource allocated by the target domain master node to communicate with the target domain master node for a preset time, according to a preset rule Determining that the target domain security controller or the target domain primary node needs to be authenticated, the communication unit is further configured to send a registration request to the target domain primary node, perform registration, and acquire a new one allocated by the target domain node. Short address

After the selecting unit selects the target domain master node, sending a re-registration request to the target domain master node, where the re-registration request includes the short address of the terminal, current domain master node information, and bandwidth resource request information;

Receiving a re-registration response of the target domain master node;

And if the target domain master node accepts the re-registration request of the terminal, instructing the acquiring unit to acquire the bandwidth resource and the new short address allocated by the target domain primary node.

After the selecting unit selects the target domain master node, sending a re-registration request to the current domain master node, where the re-registration request includes the short address, the current domain master node information, and the bandwidth resource request information of the terminal;

Receiving a re-registration response of the target domain master node;

The terminal according to claim 24 or 25, wherein after the communication with the target domain master node is performed by using the bandwidth resource allocated by the target domain master node, the communication unit is further configured to:

The terminal according to any one of claims 21, 22, 24, 25, wherein the short address of the terminal is grouped by the global master node for all available short addresses, and then one of the terminals is associated with the current domain master node. A corresponding group is allocated to the current domain master node, and the current domain master node selects and assigns to the terminal from the corresponding group.

The terminal according to claim 24 or 25, wherein the communication unit is further configured to use a short address of the terminal when communicating with the current domain master node, and use the terminal when communicating with the target domain master node. State the new short address;

After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node And performing the authentication, where the communication unit is further configured to send an authentication request to the target domain security controller or the target domain master node to perform authentication;

The terminal of claim 18, wherein

The cluster public key is generated by the global master node; or

The terminal of claim 18, wherein

The terminal according to claim 18, wherein the selecting unit is further configured to receive another domain master node in the cluster that is sent by the current domain master node through a media access plan frame or a dedicated message before selecting the target domain master node. Information.

A terminal applied to an optical wireless communication system, comprising:

a processor, a memory, an interface circuit, and a bus, wherein the processor, the memory, and the interface circuit are connected by a bus, wherein the memory is configured to store a set of program codes, and the processor is configured to call the program code stored in the memory , do the following:

Obtaining a bandwidth resource allocated by the target domain primary node;

The terminal according to claim 32, wherein the processor is further configured to:

If the preset rule is met, the target domain security controller or the target domain master node is Line certification.

The terminal according to claim 33, wherein the preset rule is:

The terminal according to claim 32, wherein after the target domain master node is selected, if the terminal needs to perform domain switching, the processor is further configured to:

Sending a handover request to the target domain primary node, where the handover request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;

Receiving a handover response of the target domain primary node;

Sending a handover request to the current domain master node, where the handover request includes a short address of the terminal, the target domain primary node information, and bandwidth resource request information;

Receiving a handover response of the current domain master node;

The terminal according to claim 35 or claim 36, wherein, if the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node for a preset time, according to a preset rule Determining that the target domain security controller or the target domain primary node needs to be authenticated, the processor is further configured to send a registration request to the target domain primary node, perform registration, and acquire a new one allocated by the target domain node. Short address

Sending a re-registration request to the target domain primary node, where the re-registration request includes a short address, current domain primary node information, and bandwidth resource request information of the terminal;

Receiving a re-registration response of the target domain master node;

Sending a re-registration request to the current domain master node, where the re-registration request includes the short address of the terminal, the target domain primary node information, and bandwidth resource request information;

Receiving a re-registration response of the current domain master node;

The terminal according to claim 38 or 39, wherein after the communication with the target domain master node is performed by using the bandwidth resource allocated by the target domain master node, the processor is further configured to:

The terminal according to any one of claims 35, 36, 38, 39, wherein the short address of the terminal is grouped by the global master node for all available short addresses, and then one of the terminals is associated with the current domain master node. Corresponding packets are assigned to the current domain master node, and then by the current domain master node The corresponding group is selected and assigned to the terminal.

The terminal according to claim 38 or 39, wherein the terminal uses a short address of the terminal when communicating with the current domain master node, and uses the terminal when the terminal communicates with the target domain master node. New short address;

After the terminal communicates with the target domain master node by using the bandwidth resource allocated by the target domain master node to reach a preset time, determining, according to a preset rule, the required domain security controller or the target domain master node And performing the authentication, where the processor is further configured to send an authentication request to the target domain security controller or the target domain master node for authentication;

The terminal of claim 32, wherein:

The cluster public key is generated by the global master node; or

The terminal of claim 42, wherein

The terminal according to claim 32, wherein before selecting the target domain master node, the processor is further configured to:

Receiving information of the other domain master nodes in the cluster sent by the current domain master node through the media access plan frame or the dedicated message.

A domain master node is applied to an optical wireless communication system, and includes:

An allocating unit, configured to: if the terminal needs to perform domain switching, the domain master node allocates a bandwidth resource to the terminal after agreeing to the handover;

a communication unit, configured to communicate with the terminal by using the allocated bandwidth resource and a cluster public key before completing the authentication with the terminal;

The domain master node is a target domain master node that performs domain switching on the terminal, and the frame transmitted by the target domain master node when communicating with the terminal is encrypted by using a cluster public key.

The domain master node according to claim 46, wherein the cluster public key is obtained when the terminal authenticates with the current domain security controller or the current domain master node when the terminal enters the network;

The cluster public key is generated by the global master node; or

The domain master node according to claim 46, wherein the short address used by the terminal to communicate with the domain master node is grouped by the global master node for all available short addresses, and then the packets are correspondingly assigned to the domains. The master node selects and allocates to the terminal by the domain master node from the group allocated by the global master node when the terminal and one of the domain master nodes successfully register.

If the terminal needs to perform domain switching, the processor allocates a bandwidth resource to the terminal after agreeing to the handover;

Before the authentication with the terminal is completed, the allocated bandwidth resource and the cluster public key are used to communicate with the terminal, wherein the frame transmitted when the processor communicates with the terminal is encrypted by using a cluster public key.

The domain master node according to claim 49, wherein the cluster public key is obtained when the terminal authenticates with the current domain security controller or the current domain master node when the terminal enters the network;

The cluster public key is generated by the global master node; or

The domain master node according to claim 49, wherein the short address used by the terminal for communicating with the domain master node is grouped by the global master node for all available short addresses, and then the packets are correspondingly assigned to the domains. The master node selects and allocates to the terminal by the domain master node from the group allocated by the global master node when the terminal and one of the domain master nodes successfully register.