The network selecting method of a kind of dual-mode terminal and dual-mode terminal
Technical field
The present invention relates to the communications field, relate in particular to the network selecting method of a kind of dual-mode terminal and dual-mode terminal.
Background technology
Along with TD-SCDMA (Time Division-Synchronous Code Division MultipleAccess, Time Division-Synchronous Code Division Multiple Access) network and WLAN (Wireless Local Area Networks, WLAN (wireless local area network)) construction, the dual-mode terminal (being referred to as the TD-WLAN dual-mode terminal herein) that possesses TD-SCDMA and WLAN communication capacity simultaneously also will come into the market.
The signal cover of TD-SCDMA network is wide, and is safe; And the signal cover of WLAN is little, and fail safe is lower.The TD-WLAN dual-mode terminal not only can be the user abundanter business is provided, and also provides according to rate and to the different chances that require to select different transmission networks of message transmission rate and fail safe for the user.Traditional voice service and 3G data service that the user can use the TD-SCDMA network to provide, and use this transmission network cheap and that speed is higher of WLAN to finish data service in the overlayable zone of WLAN signal.
For security mechanism WEP (the Wried Equivalent Privacy that tackles WLAN (wireless local area network); wired equivalent privacy) and WPA (Wi-Fi Protected Access; Wireless Fidelity protection visit) potential safety hazard that exists; correlative study mechanism has proposed WAPI (WLAN Authentication PrivacyInfrastructure, wireless local area network (WLAN) verification and confidentiality foundation structure) security protocol.WLAN module in the TD-WLAN dual-mode terminal also will adopt the access authentication agreement of WAPI as WLAN (wireless local area network).
The WAPI agreement is supported two types discriminating and key management method, is respectively:
WAI (WLAN Authentication Infrastructure, wireless local area network authentication infrastructure) certificate is differentiated and key management: the fail safe of this method is higher, needing to carry out two-way certificate between terminal and the AP differentiates, and in the process that certificate is differentiated, negotiate base key (BK), use this base key to generate various session keys;
The WAI wildcard is differentiated and key management: the fail safe of this method is lower, need not to carry out certificate between terminal and AP and differentiates, uses wildcard (PSK) directly to derive base key, and uses this base key to generate various session keys.
AP is included in the discriminating of its support and key management method information in the WAPI information element structure and issues.In addition, also comprise the information such as cryptographic algorithm that AP supports in the WAPI information element structure.Discriminating that we support AP and key management method and cryptographic algorithm are referred to as the security mechanism that AP supports.
Fig. 1 is the schematic diagram of WAPI information element structure, wherein:
The length of discriminating and key management external member count area (its value is designated as m) is 2 bytes, represents the number of follow-up discriminating of following and key management external member;
The length of discriminating and key management external member field is 4 * m byte, has comprised m and has differentiated and the key management external member; Two kinds of discriminatings of the current support of WAPI agreement and key management external member (promptly differentiating and key management method for two kinds) are respectively that above-mentioned WAI certificate is differentiated and key management external member and discriminating of WAI wildcard and key management external member;
The length of clean culture cipher suite count field (its value is designated as n) is 2 bytes, represents the number of follow-up clean culture cipher suite of following;
The length of clean culture cipher suite field is 4 * n byte, has comprised n clean culture cipher suite; The clean culture cipher suite (being the unicast encryption algorithm) that the WAPI agreement is supported comprises SMS4 algorithm etc.
The length of multicast cipher suite field is 4 bytes, and the multicast cipher suite (being the multicast cryptographic algorithm) that the WAPI agreement is supported comprises SMS4 algorithm etc.
As from the foregoing, the WAPI agreement provides multiple alternative security mechanism, the user can select the higher mode of fail safe to insert WLAN or select fail safe lower but more efficiently mode insert WLAN.
When using dual-mode terminal in the prior art, all be to carry out network selection by the user before starting business usually, the shortcoming that adopts this method is behind initiation of services, can't carry out network selection in real time according to the current shift position of terminal.
In addition, adopt existing dual-mode terminal to carry out network selection according to the title and the signal strength signal intensity of network, the information of network selecting institute foundation is comparatively single, can't satisfy the requirement of user to fail safe.
Summary of the invention
Technical problem to be solved by this invention is, overcomes the deficiencies in the prior art, and the network selecting method of a kind of dual-mode terminal and dual-mode terminal is provided, so that carry out network selection in the process that business is carried out, and satisfies the security of users requirement.
In order to address the above problem, the invention provides a kind of network selecting method of dual-mode terminal, this method comprises:
When on the dual-mode terminal of supporting mobile communications network and WLAN (wireless local area network), carrying out the transmission of business datum by mobile communications network, dual-mode terminal carries out the search of wireless lan signal, after searching the access point AP that can connect WLAN (wireless local area network), dual-mode terminal obtains the wireless local area network (WLAN) verification and the confidentiality foundation structure WAPI security mechanism information that can connect AP;
User or dual-mode terminal judge whether current business is switched to WLAN (wireless local area network) according to the WAPI security mechanism information that can connect AP.
In addition, if current business is switched to WLAN (wireless local area network), user or dual-mode terminal also satisfy the level of security of current business according to described WAPI security mechanism Information Selection or satisfy the target AP of the AP of predefined level of security as switching.
In addition, search can connect AP after, dual-mode terminal obtains the WAPI security mechanism information that can connect AP in the following way:
Dual-mode terminal receives and can connect the beacon frame that AP sends, and extracts the WAPI security mechanism information of this AP in the WAPI information element structure from beacon frame; Or
Dual-mode terminal sends and to inquire after claim frame to connecting AP, and inquires after the WAPI security mechanism information of extracting this AP in the WAPI information element structure the response frame from what this AP returned.
In addition, described WAPI security mechanism information comprises: the multicast cryptographic algorithm that unicast encryption algorithm that discriminating that AP adopts and key management method and/or AP support and/or AP support.
In addition, described mobile communications network is: Time Division-Synchronous Code Division Multiple Access network or global system for mobile communications network or CDMA network or WCDMA network.
The present invention also provides a kind of dual-mode terminal, comprises: business data processing module, mobile communications network communication module and wireless local area network communications module; Described mobile communications network communication module is used for carrying out data interaction with mobile communications network, and described wireless local area network communications module is used for carrying out data interaction with WLAN (wireless local area network); Described business data processing module is used for carrying out the transmission of business datum by described mobile communications network communication module or described wireless local area network communications module; It is characterized in that, also be provided with in the described dual-mode terminal: network selection module; Wherein,
Described wireless local area network communications module also is used to carry out the search of wireless lan signal and obtains the WAPI security mechanism information that can connect AP;
Described network selection module is used for when described business data processing module is carried out the transmission of business datum by described mobile communications network communication module, carry out the search of wireless lan signal by described wireless local area network communications module, search can connect AP after, obtain the WAPI security mechanism information that can connect AP by described wireless local area network communications module;
Described network selection module judges whether to indicate described business data processing module to carry out the transmission of described business datum by described wireless local area network communications module according to the WAPI security mechanism information that can connect AP; Or described network selection module is shown to the user by the WAPI security mechanism information that is arranged on user interactive module in the described dual-mode terminal and can connects AP, judge whether to be undertaken the transmission of described business datum by described wireless local area network communications module according to the WAPI security mechanism information that can connect AP by the user, if user's judged result for to carry out the transmission of described business datum by described wireless local area network communications module, then indicates described business data processing module to carry out the transmission of described business datum by described wireless local area network communications module.
In addition, carry out the transmission of described business datum if judge the described business data processing module of indication by described wireless local area network communications module, described network selection module also satisfies the level of security of current business according to described WAPI security mechanism Information Selection or satisfies the target AP of the AP of predefined level of security as switching; And indicate described wireless local area network communications module to set up WLAN (wireless local area network) to be connected with described target AP.
In addition, search can connect AP after, obtain the WAPI security mechanism information that can connect AP in the following way:
Described wireless local area network communications module receives and can connect the beacon frame that AP sends, and extracts the WAPI security mechanism information of this AP in the WAPI information element structure from beacon frame; Or
Described wireless local area network communications module sends and to inquire after claim frame to connecting AP, and receives the response frame of inquiring after that this AP returns, and extracts the WAPI security mechanism information of this AP from the described WAPI information element structure of inquiring after the response frame.
In addition, described WAPI security mechanism information comprises: the multicast cryptographic algorithm that unicast encryption algorithm that discriminating that AP adopts and key management method and/or AP support and/or AP support.
In addition, described mobile communications network is: Time Division-Synchronous Code Division Multiple Access network or global system for mobile communications network or CDMA network or WCDMA network.
In sum, adopt method of the present invention and dual-mode terminal, can be implemented in when carrying out network selecting WAPI security mechanism information, improved the fail safe of network selecting as the reference foundation.
Description of drawings
Fig. 1 is the schematic diagram of WAPI information element structure;
Fig. 2 is the network selecting method flow chart of embodiment of the invention dual-mode terminal;
Fig. 3 is the structural representation that the embodiment of the invention can realize the dual-mode terminal of method shown in Figure 2.
Embodiment
Core concept of the present invention is, when on the TD-WLAN dual-mode terminal of supporting the WAPI agreement, carrying out the transmission of business datum by the TD-SCDMA network, the WLAN signal that TD-WLAN dual-mode terminal search AP sends, after searching WLAN signal (promptly search and connect AP), obtain the WAPI security mechanism information that each AP supports, and judge whether current data service is switched to WLAN, and the target AP of switching according to the WAPI security mechanism information of each AP.
Describe the present invention below in conjunction with drawings and Examples.
Fig. 2 is the network selecting method switching method of discrimination of network (or the be called) flow chart of embodiment of the invention dual-mode terminal, and as shown in Figure 2, this method comprises the steps:
201: when the TD-WLAN dual-mode terminal (abbreviation dual-mode terminal) of supporting the WAPI agreement upward carried out the transmission of business datum by the TD-SCDMA network, dual-mode terminal adopted the search strategy that sets in advance to carry out the search of WLAN signal;
Above-mentioned search strategy can be: preceding once search the WLAN signal after, every T1 minute (T1 can equal 10) search once, once search for until certain and to fail to search the WLAN signal; Fail to search under the situation of WLAN signal in preceding once search, every WLAN signal of T2 minute (T2 can equal 1) search, search for altogether N2 time (N2 can equal 3), if fail to search the WLAN signal, then, search for altogether N3 time (N3 can equal 5), if still fail to search the WLAN signal thereafter every WLAN signal of T3 minute (T3 can equal 5) search, then follow-up every WLAN signal of T4 minute (T4 can equal 10) search, until searching the WLAN signal.
202: after searching the WLAN signal, dual-mode terminal obtains the WAPI information element structure of the AP that sends the WLAN signal, and knows the security mechanism that AP supports according to WAPI information element structure;
The TD-WLAN dual-mode terminal can adopt following dual mode to obtain the WAPI information element structure of AP:
Mode one: receive the beacon frame that AP sends, and from beacon frame, extract the WAPI information element structure of this AP;
Mode two: send to AP and to inquire after claim frame, and inquire after the WAPI information element structure that extracts this AP the response frame from what AP returned.
203: dual-mode terminal is shown to the user with the WAPI security mechanism information of the AP that gets access to;
Above-mentioned WAPI security mechanism information comprises: the multicast cryptographic algorithm that the unicast encryption algorithm that discriminating that each AP adopts and key management method and/or each AP support and/or each AP support etc.
204: the user judges whether this business is switched to WLAN according to the level of security of WAPI security mechanism information and current business, and the target AP of switching;
Because the safety and the reliability of TD-SCDMA network are higher, the user can carry out online transaction etc. to level of security higher data business by the TD-SCDMA network; For this class business, the user can not select the relatively poor WLAN of fail safe to finish usually, especially can not select to adopt the AP of insecure security mechanism (for example, adopting the WAI wildcard to differentiate and key management mode or the lower clean culture/multicast cryptographic algorithm of employing fail safe) to finish.On the contrary, if the user is using game on line etc. lower to level of security, but to rate requirement higher data business, the user then is more prone to select this connected mode cheap and that speed is higher of WLAN to finish.For other business, for example web page browsing, online chatting etc., the user can select in TD-SCDMA network and WLAN according to factors such as rate height.
In addition, because the TD-SCDMA network can't guarantee the continuity of business during to the switching of WLAN, so the continuity requirement that is current business of a factor when judging whether to switch, also need considering of user; For example, for the common less demanding business of business continuances such as web page browsing (but being called interrupting service), even cause professional interruption also not have too much influence because network switches; And for some business, the network service after switching must rebulid, business information before switching is also all lost or was lost efficacy, and for the demanding business of this business continuance (be called can not interrupting service), the user can not carry out the switching of network usually in process of service execution.
205: if the user selects to switch to WLAN, then dual-mode terminal carries out link verification and related with selected target AP, and the security mechanism that adopts target AP to support carries out access authentication, sets up WLAN with target AP after the access authentication success and is connected.
206: dual-mode terminal switches to current business in the WLAN connection of having set up.
207: connecting in the process of using business by the WLAN that has set up, dual-mode terminal still needs the operation of the WAPI security mechanism information (WAPI information element structure) of carrying out the search of WLAN signal and obtaining AP, and when the current WLAN connection disconnects owing to reasons such as terminal move, the WAPI security mechanism information of other AP of getting access to is shown to the user, carries out network selection for the user; Certainly, in this case, the TD-SCDMA network also should be selected for the user as an option.
208: the user switches to business on WLAN or the TD-SCDMA network according to the WAPI security mechanism Information Selection of AP.
Fig. 3 is the structural representation that the embodiment of the invention can realize the dual-mode terminal of method shown in Figure 2; As shown in Figure 3, this dual-mode terminal comprises: business data processing module, mobile communications network communication module, wireless local area network communications module, network selection module, user interactive module; Wherein:
The mobile communications network communication module is used for carrying out data interaction with mobile communications network;
Wireless local area network communications module is used for carrying out data interaction with WLAN (wireless local area network), and carries out the search of wireless lan signal and obtain the WAPI security mechanism information that can connect AP;
The business data processing module is used for carrying out the transmission of business datum by mobile communications network communication module or wireless local area network communications module;
Network selection module is used for when the business data processing module is carried out the transmission of business datum by the mobile communications network communication module, carry out the search of wireless lan signal by wireless local area network communications module, search can connect AP after, obtain the WAPI security mechanism information that can connect AP by wireless local area network communications module;
Network selection module judges whether that according to the WAPI security mechanism information that can connect AP the indicating services data processing module carries out the transmission of business datum by wireless local area network communications module; Or
Network selection module is shown to the user by the WAPI security mechanism information that user interactive module can connect AP, judge whether to be undertaken the transmission of business datum by wireless local area network communications module according to the WAPI security mechanism information that can connect AP by the user, if user's judged result is for to carry out the transmission of business datum by wireless local area network communications module, then the indicating services data processing module carries out the transmission of business datum by wireless local area network communications module.
According to basic principle of the present invention, the foregoing description can also have multiple mapping mode, for example:
(1) except the TD-SCDMA/WLAN dual-mode terminal, method of the present invention also can be applied to possess simultaneously the WLAN communication capacity, and employing GSM (Global System for Mobilecommunication, global system for mobile communications), CDMA (Code Division Multiple Access, code division multiple access), the dual-mode terminal of WCDMA mobile communications network standards such as (Wide Code Division Multiple Access, Wideband Code Division Multiple Access (WCDMA)).
(2) be shown to the user except WAPI security mechanism information with AP, undertaken outside the network selection by the user, dual-mode terminal also can be according to WAPI security mechanism information, and according to the pairing level of security of current business, perhaps the default security level of dual-mode terminal setting is selected to satisfy security requirement not automatically, and the highest AP of signal quality sets up the WLAN connection.
For example, current business is the online transaction business, the highest level of security of this business correspondence, therefore dual-mode terminal only selects to adopt the WAI certificate to differentiate and key management method according to WAPI security mechanism information, and uses SMS4 to finish this business as the AP or the selection TD-SCDMA network of clean culture/multicast cryptographic algorithm.