With the maturity of 3G networks and the improvement of mobile terminals in performance, it is possible to perform a real-time data service by a mobile terminal. For example, users can watch mobile TV through a mobile TV client, and demand an audio/video program or watch an audio/video live program through a mobile-terminal streaming media client. The development of the real-time data service will effectively improve the user experience on 3G mobile terminals, and the operation based on the real-time data service will become a hotspot and focus of the 3G operators.
The real-time data service includes: mobile TV, video on demand, live video and so on. After deploying a real-time data service server in a Wireless Local Area Network (WLAN), a user can access the real-time data service server through a real-time data service client on a mobile terminal, obtain a real-time service data stream, and experience the real-time data service, such as mobile TV program browsing, video on demand and live video.
Due to the low security of the WLAN, it is necessary to resort to some WLAN authentication and protection protocols to improve the security of the real-time data service, so as to protect legal mobile terminals to use the real-time data service in security and with high quality and to prevent the access of illegal mobile terminals to the real-time data service server. A WLAN Authentication and Privacy Infrastructure (WAPI) protocol is indeed an optimum choice.
The WAPI is a WLAN security solution provided by the Chinese Wireless Local Area Network National Standard GB15629.11 after being demonstrated time and again by multiple parties in consideration of various application modes, aiming at the security issue of the Wired Equivalent Privacy (WEP) and other protocols in the IEEE802.11.
The WAPI protocol performs access authentication on a mobile terminal and key negotiation mainly through the certificate authentication and key negotiation prescribed in a WLAN Authentication Infrastructure (WAI) protocol, and completes encrypted transmission of data in a Media Access Control (MAC) layer through the encryption and decryption prescribed in a WLAN Privacy Infrastructure (WPI) protocol, to guarantee that a legal mobile terminal can securely access the real-time data service server.
FIG. 1 shows a flowchart of a method for implementing a real-time data service based on a wireless local area network in the prior art, the method comprises the following steps:
Step 101: an interaction is performed among a mobile terminal, an Access Point (AP) and an authentication server of a real-time data service system according to the WAI protocol, to complete bidirectional certificate authentication between the mobile terminal and the AP.
In the certificate authentication, the mobile terminal and the AP can negotiate to obtain a Base Key (BK).
Step 102: the mobile terminal and the AP complete the negotiation of a session key by using the base key and obtain a session key, such as a unicast session key and a multicast key therebetween.
Wherein the base key used in this step can be the one obtained by the negotiation in the step 101, or a base key educed by the mobile terminal and the AP based on a Pre-Shared Key (PSK).
After completing the certificate authentication and the session key negotiation in the WAI protocol, the AP opens a control port to allow the mobile terminal to interact with a real-time data service server of the real-time data service system.
Step 103: the mobile terminal interacts with the real-time data service server to complete transmission of real-time data service control signalling.
In this process, the mobile terminal and the AP perform encrypted transmission of a control signalling message by using the unicast session key obtained through the negotiation in the step 102, and the control signalling message can be transmitted between the AP and the real-time data service server in plaintext or in other secure ways because of the quite secure communication link therebetween.
Wherein the main functions of the control signalling include: negotiating real-time data service parameters, setting up an audio/video transmission channel, starting/controlling transmission of audio/video data of the real-time data service, etc., for example:
103a: the mobile terminal sends Describe Request (e.g. a paging request) signalling to the real-time data service server through the AP to send a media parameter supported by the mobile terminal to the real-time data service server; the real-time data service server sends Describe Response (e.g. a paging response) signalling to the mobile terminal through the AP to send a media parameter selected by the real-time data service server to the mobile terminal; and the mobile terminal and the real-time data service server complete negotiation on the media parameter of the real-time data service through the signalling interaction;
103b: the mobile terminal sends audio/video transmission channel Setup Request signalling to the real-time data service server through the AP; the real-time data service server sends audio/video transmission channel Setup Response signalling to the mobile terminal through the AP; and the audio/video transmission channel is set up between the mobile terminal and the real-time data service server through the signalling interaction;
103c: the mobile terminal sends audio/video data playing control signalling (such as Play, Pause and Stop, etc.) to the real-time data service server through the AP, so as to start, pause and stop the transmission of audio/video data.
Step 104: the real-time data service server sends the audio/video data to the mobile terminal through the AP.
Also, in this process, audio/video data messages can be transmitted in plaintext or in other secure ways between the AP and real-time data service server, but the transmission of audio/video data messages between the AP and mobile terminal is encrypted through the unicast session key or multicast key obtained by the negotiation in the step 102.
It should be noted that, in the process of transmitting the audio/video data messages from the real-time data service server to the mobile terminal, control signalling messages could be transmitted at any time between them, but audio/video data and control signalling would not be transmitted via the same message, i.e., the audio/video data and the control signalling would be transmitted in different logic channels.
It can be seen from the description above that it is able to greatly enhance safety of a real-time data service system which is based on the wireless local area network, after introducing the WAIP protocol into the real-time data service system. However, the method above has the following defects:
1) due to a quite large quantity of audio/video data to be transmitted by the real-time data service, the AP needs to encrypt the audio/video data and transmit the encrypted data to the mobile terminal after receiving it from the real-time data service server, which largely increases the processing load of the AP; and the service quality of the AP would be greatly influenced especially when the AP needs to provide the real-time data service data for multiple mobile terminals at the same time;
2) also, the mobile terminal can play the received audio/video data well only after decrypting them, and the decryption of the large quantity of audio/video data through a decryption algorithm which is prescribed in the WPI protocol also requires a higher processing capacity of hardware and software of the mobile terminal; and
3) the audio/video data of some real-time data services is scrambled data already, so a waste is caused when the audio/video data is encrypted by an encryption algorithm prescribed in the WPI.