The security mechanism of the wireless local area network standard (IEEE 802.11) constituted by the Institute of Electrical and Electronics Engineers (IEEE) adopts the Wired Equivalent Privacy (WEP). At present, this mechanism has been widely proved that it does not have the security equivalent to the security of the wired, which brings serious potential danger to the wireless local area network. Therefore, in the constitution of the wireless area network national standard, the WLAN Authentication and Privacy Infrastructure (WAPI) is adopted to implement the security of the wireless local network. Through the method of the Elliptic curve Diffie-Hellman (ECDH) key exchange in the public key systematic, the WAPI mechanism implements authentication for a terminal digital certificate and an Access Point (AP) digital certificate and negotiation on a session key. The WAPI can guarantee the data transmission in security between a terminal and an AP in the data link layer, which prevents the malicious personnel attacking the security of the wireless local area network, such as the Man-In-The-Middle attacking, Replay attacking, and Impersonation attacking and so on.
The WAPI supports two formats of digital certificates (written as certificate for short hereinafter): the X.509v3 and GBW (national standard material) certificates. The format of a GBW certificate is as shown in FIG. 1, which is composed of fields information such as a version number, a serial number, an issuer name, a period of validity, a subject name, a subject public key, an extension, a signature algorithm, an issuer signature and so on, wherein the issuer name, extension, signature algorithm and issuer signature are optional information.
The format of an X.509v3 certificate is as shown in FIG. 2, which is composed of three parts: the content of the certificate, the signature algorithm and the signature value. Wherein the content of the certificate includes a version number, a serial number, an identifier of the signature algorithm, an issuer name, a period of validity, a subject name, subject public key information, a uniqueness identifier of the issuer, a uniqueness identifier of the subject and the extension information. The X.509v3 certificate is encoded by the Abstract Syntax Notation. 1 (ASN.1) distinguished encoding rules (DER), and each field information includes a triple including tag, length and value.
Although there are some same fields in the two certificate formats supported by the WAPI, such as field information of the version number, the serial number, the issuer name, the period of validity, the subject name, the subject public key, the signature algorithm and the issuer signature, the denotation methods of these two are different. These fields in GBW certificate are stored directly in the network byte order, while in X.509v3 certificate these fields are stored in a binary system using the ASN.1. Although the information content of some fields is the same, the methods to explain them are different. For example, the period of validity is denoted by seconds in the GBW, but it is denoted by a beginning date and expiration date in the X.509v3.
Since there are two certificate formats, different certificate validating ways are required. In the Ad hoc network mode (which is also called an Independent Basic Service Set (IBSS) mode), if the WAPI certificate security way is adopted, a terminal has to validate the certificate, but the national standard does not compulsively require the terminal to use a certain format of certificate, nor compulsively require the terminal to support validation of a certain format of certificate. Therefore, in the Ad hoc network mode, the WAPI frame adopting the certificate way certainly will bring the interoperability problem.