In order to cope with the potential security hazard existing in security mechanisms, such as Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) of the Institute of Electrical and Electronics Engineers (IEEE) 802.11 of the wireless local network, the WLAN Authentication Privacy Infrastructure (WAPI) security protocol is proposed. The protocol implements the peer authentication of the Authentication Supplicant Entity (ASUE, which is set in a terminal) and the Authenticator Entity (AE, which is set in an access point), which ensures the link layer security of the Wireless Local Area Network (WLAN).
The WAPI security protocol supports two formats of certificates: the GBW (national standard material) certificate and the X.509 v3 certificate. The X.509 v3 certificate supports various extended attributes/fields, including: the key identification, the key usage, the extended key usage, the Certificate Revocation List (CRL) distribution point, the certificate policy, the certificate institution policy mapping, the alias of the certificate subject, the alias of the issuer and the certificate subject catalog attribute.
As shown in FIG. 1, after the wireless local area network terminal (terminal for short) finishes the access authentication, if the wireless local area network connects with the Internet, then the terminal can access the Internet through the wireless local area network; however, for the 3rd Generation (3G) network, the terminal also need pass through the access authentication of the Authentication Authorization Accounting (AAA) server of the 3G network, then it can access the 3G network resources such as the circuit service and the packet service and so on after.
The AAA server is in charge of performing the access authentication to the terminal which has the Internet Protocol (IP) capability, searching the user information stored in the Home Subscriber Server (HSS), judging whether the current user is legal, maintaining the continuity of the WLAN access, providing the roaming function of the WLAN, generating the bill of accessing the 3G network by the user, and reporting to the user. If the 3G network applies the Quality of Service (QoS) mechanism, then the AAA server is also required to implement the authorizing and storing the QoS configuration of the wireless local area network, and to map it into the wireless local area network acting as the access network.
In the prior art, the AAA server of the 3G network adopts the Extensible Authentication Protocol-Subscriber Identification Module (EAP-SIM) and the Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA) to perform the access authentication to the wireless local area terminal which adopts the IEEE 802.11 i as the security mechanism. These two authentication mechanisms need that the terminal has the capability of reading the Universal Integrated Circuit Card (UICC), which restricts that the wireless local area network terminal user must use multiple-mode terminal to enjoy the 3G network services. However, for the WLAN terminal which adopts the WAPI security mechanism but does not have the capability of reading the UICC, the 3rd Generation Partnership Project (3GPP) organization has not proposed a technical scheme on how to access the 3G network yet.