A mobile station (Mobile Station, MS) is connected to a WiMAX (Worldwide Interoperability for Microwave Access, Worldwide Interoperability for Microwave Access) network via a base station (Base Station, BS). During data transmission, the MS uses its TEK (Traffic Encryption Keys, packet key) to encrypt data in a packet and sends the packet to the BS, and then the BS decrypts the data in the packet and then transmits it to a network side. The TEK acts on an air interface part of a traffic flow. This key is used for encryption and decryption of packets in one traffic flow during transmission on an air interface, and multiple traffic flows may exist in one MS during communication. A traffic flow is a transmission flow of certain traffic from the MS to an anchor access gateway of the MS. When the traffic flow is transmitted between the MS and the BS, that is, through the air interface, a corresponding TEK is used for protection.
If a traffic interaction is performed between two users in the WiMAX network as shown in FIG. 1, a general implementation procedure is described as follows:
A mobile station MS-A uses its packet key TEK-A to encrypt data in a packet, and sends a protected packet to a base station BS-A. Afterwards, the BS-A uses the TEK-A to decrypt the protected packet, and sends the decrypted packet to a network side entity; after being routed, the packet arrives at a management base station BS-C of a mobile station MS-C, and the BS-C uses a packet key TEK-C corresponding to the MS-C to encrypt the data in the received packet, and sends the encrypted packet to the MS-C through an air interface. Finally, the MS-C uses the TEK-C to decrypt the encrypted text in the received packet, so as to obtain plain text of the data.
If the above mobile stations MS-A and MS-C are managed by a same base station, the foregoing base stations BS-A and BS-C are the same base station. In such a situation, the packet that the MS-A sends to the MS-C may be directly forwarded in downlink to the MS-C after the BS receives an uplink packet sent by the MS-A, without being forwarded by the BS to an upper network entity, then returned to the BS, and finally sent to the MS-C. In this case, the above transmission procedure is referred to as local routing of traffic under the same BS.
During the procedure of implementing the local routing under the same BS, although two mobile stations exchange data under the same BS and route the data packet locally through the BS, the two mobile stations use different TEKs, so the BS still needs to first decrypt and then encrypt the received packet, and forwards the packet to a packet destination terminal, which wastes processing time and power consumption of the BS.