In recent years, wireless mobile communications have developed rapidly and new technologies thereof have emerged constantly from the 3G for cellular communications to the LMDS and the MMDS for a broadband wireless access and further to the WAPI and the IEEE 802.11b, 802.11a and 802.11g for a wireless local area network so that the world has become smaller and smaller throughout such a wireless network. Ubiquitous network terminals, human oriented, personalized and intelligent mobile computing, and emerging concepts and products including a convenient and rapid wireless access, wireless interconnection, etc., have been gradually integrated into daily work and life of people. Various potable consumer electronic products, e.g., a mobile phone, a Personal Digital Assistant (PDA), a notebook computer, a digital camera, etc., have increasingly become a part of people's life. Along with an increasing number of such peripheral devices, it is really bothersome of how to share multiple kinds of devices and information thereof with ease and at a low cost in limited, varying and small office and residence environments. In view of this, the Wireless Personal Area Network (WPAN) is an emerging wireless communication network technology to address such a wireless and seamless connection with a small radius of activity, for diversified types of services and for a specific group of people.
The WPAN is a wireless network running in parallel to but with a smaller coverage range than that of the wireless wide area network and the wireless local area network, currently has become an important part of communication networks and also a predominant technology for 4G wireless communication and control, and also can be connected seamlessly with various air interfaces of 2G and 3G mobile communication. If an access network is considered as “the last mile” toward a digitized era, then the WPAN is “the last 50 meters”. The WPAN provides a seamless connection for diversified types of services and for a specific group of people in a Personal Operating Space (POS). The POS is just a small coverage space around a person in a typical range of 10 m where communications takes place in an “Ad Hoc” way. The POS is only defined for a person, particularly for a device held by the person, and moves with a moving user. The POS not only provides devices therein with a communication capability but also allows them to communicate with another device entering the POS. The WPAN may naturally come into being as required for a user without too may intervention from the user and may interoperate with an already deployed network or an independent network. The WPAN may further provide a verified and secured operation mode to allow a rapid connection of an authorized personal device while rejecting a connection of any other unauthorized device. The WPAN primarily targets the personal user market and serves convenient and rapid data transmission between consumer electronic devices so that WPAN devices are advantageous in their low cost, small volume, easy operation, low power consumption, etc.
For an access to the WPAN, a device has to be connected with a coordinator in the WPAN, which refers to an installation enabling an access of the device to the WPAN and providing the device with a routing function while performing some functions of a terminal. There are three general WPAN access methods at present.
In the first access method, the device accesses the WPAN in an unsecured mode and obtains a network address and then communicates with another device in the WPAN or performs secured communication with the other device in the WPAN after obtaining a security service key from the WPAN.
In the second access method, the devices uses a pre-shared session key to perform a security operation on an association process, and if the coordinator can perform a de-security operation successfully, then the coordinator enables an access of the device to the WPAN so that the device accesses the WPAN in a secured mode and obtains a network address.
In the third access method, the device accesses the WPAN in an unsecured mode and obtains a network address and then is authenticated with an administrator of the WPAN, and if authentication is passed, then an access of the device to the WPAN is enabled; otherwise, the device is removed from the WPAN.
The first access method is suitable for those WPANs for which no security or only secured communication is required and typically is an optional access form during deployment of the WPAN. In the second access method, the pre-shared session key is required between the device and the coordinator but is not fresh so that the pre-shared session key is easy to be cracked, thereby resulting in degraded security. In the third access method, each device going to access to the WPAN has to be authenticated with the administrator of the WPAN, thereby resulting in a significant traffic of communication and a consequential low efficiency, and moreover any device may initiate a DoS attack, that is, it accesses the WPAN in an unsecured mode and obtains a network address and then is authenticated with the administrator of the WPAN but ends with a failure of authentication.
In the first and third access methods, the device may obtain a network address and access the WPAN without any mutual authentication with the coordinator. In the second method, a separate authentication process is absent and the security is low although the device and the coordinator can confirm the identities of each other. Consequently, an authentication process has to be performed between the device and the coordinator prior to the association process to thereby ensure a secured access of the device to the WPAN through the coordinator. Typically two authentication modes are available, i.e., direct authentication and authentication based upon an authentication suite. In the former mode, the device transmits specific authentication information, e.g., a hash value of a password, an identifier, etc., to the coordinator, then the coordinator judges for authentication of received authentication information, and finally the coordinator transmits an authenticated status to the device. In the latter mode, the device and the coordinator firstly negotiate about a specific authentication suite and then perform the authentication process based upon the selected authentication suite, and the coordinator transmits an authenticated status to the device at the end of the authentication process.
A port is an abstract software structure. Input and output data can be controlled by means of port based control. In a layered architecture of a network, respective layers are of strictly unidirectional dependence, and their assigned roles and corporations are embodied centrally over interfaces between the adjacent layers.
A “service” is an abstract concept descriptive of a relationship between the adjacent layers, i.e., a set of operations provided from the respective layers of the network to their immediately upper layers, where the lower layers act as a service provider and the upper layers act as a user requesting for the service. The service is embodied as a primitive, e.g., a system invocation or a library function. The system invocation is a service primitive provided from an operating system kernel to a network application or a high level protocol. A service provided by the nth layer to the (n+1)th layer has to be fuller than that provided by the (n−1)th layer, otherwise presence of the nth layer would be useless.