The object of personal communication is to enable one to carry on any communication at any time, at any place, and with any other person, and to freely enjoy the multiple services provided on networks. Incorporating the two popular technologies, such as the IP technology and wireless communication technology, the WLAN technology follows the trend of broadband development and provides mobile mainframe or mobile terminal with convenient and high-speed internet access services to meet the increasing demands for the high-speed network and multimedia communication services. The WLAN not only supports mobile computation, but also has the flexibility, expeditiousness and expandability of a framework. FIG. 1 is a diagram showing the structure of the WLAN-based broadband wireless access network mainly comprising devices, such as the mobile terminal (MT), access point (AP), and wireless access server (WAS), wherein MT remains freely mobile, AP performs the functions of cell managements, including hand off between the cells, MT management and bridging, and WAS performs the MT inter-network roaming management. From fixed access to mobile wireless access to the internet, the WLAN-based broadband wireless IP technology has brought brand-new concept to, and had tremendous impact on, the worldwide network environment. The system, which is of extraordinarily wide application, is very useful in commercial networks (mainly corporate intranet), institutional users' networks (e.g. public security, finance, and government departments), area networks (e.g. schools, hospitals, repartntial quarters, remote monitor or concentrated monitor), temporary networks (e.g. temporary meetings), outdoor mobile subscribers and places where it is difficult to lay wires and where constant change is involved.
As for WLAN, the issue of its security is a matter by far more serious than the wired networks. For that matter, several levels of means are incorporated in WLAN to address the issue. First providing a different Service Set ID (SSID) for each AP and forcing MT to present corresponding SSID at the time of access to allow users of different groups to access and distinctively restrict the right to access the resources. However, making use of the SSID is one of the most ocular ways of authentication and the relatively low level of security authentication since anyone who knows the SSID can access a network. Second is the address restriction, that is, preventing unauthorized access by placing at AP the Medium Access Control (MAC) address table of the authorized MT wireless card. However, the MAC address of the wireless card is not difficult to obtain and possible to be forged. Therefore, it is also a relatively low-level authentication for authorization. Anyway, neither of the two ways can effectively control the access of MT, and it is all the more impossible to ensure the confidentiality of communication.
Besides the above two methods, a measure more widely used now is introduction, on the basis of the International Standard (IEEE802.11) of WLAN, into WLAN of the RC-4-based Wired Equivalent Privacy (WEP) confidentiality mechanism for data encryption and transmission. The WEP algorithm uses the single key system, i.e. using the same secret key for encryption/decryption, and the secret key is 64 or 128 bits in length, in which 40 or 104 bit is the fixed part known as initiation secret key, namely the one arranged at AP and MT, and the remaining 24 bit is a variable part known as the initiation vector, which is to be changed by the driver software of the network card in the process of communication. That is to say, the key for encryption is variable, which ensures, to a certain extent, the confidentiality of the wireless communication. However, due to the regularity of the variation of the initiation vector, the WEP algorithm is not quite secure. This was first discovered by a research team of the University of California, the U.S. in March 2001. They pointed out that the WLAN of WEP algorithm can be broken through within 5 hours for this reason: assume that the initiation vector value changes at the rate of addition of 1 per frame, each frame is 1500 bytes long, and the rate of data transmission is 11 megabit, then the initiation vector repeats at the period of1500 byte/frame×8 bit/byte×1 second/(11×106 bit)×224 frame≈18300 seconds≈5 hours,
i.e. two-frame text encrypted by the same secret key is obtained at the interval of 5 hours, and it is thus possible to guess or calculate the value of the initiation secret key. It must be pointed out here that the length of the secret key does not affect its decryption time, but complicates the guess and calculation. In August 2001, three world top decryption experts, two experts with the Weizmann Research Institute, Israel and a researcher with the Cisco () Incorporation, performed a WEP security test. They decrypted within an hour the secret key used for WLAN according to a small part of data taken from the network. Also, the AT&T Laboratory has accomplished the decryption in the same way. This sufficiently shows that the WEP cannot ensure the security of WLAN. The matter of security has become one of the obstacles blocking the wide application of WLAN, and secure access and confidential communication have been the most important part in the research of the WLAN technology.