The invention relates to the network, especially the safety technological area of wireless mesh network, it is characterized in that: firstly suppose the adjacent physical access point AP into a virtual access point AP, and form a virtual certificate in each physical access point AP, then authenticate the virtual AP certificate and terminal certificate for virtual access point AP through the authentication server according to the available WAPI standard, after passed, the authentication server AS may send the certificate authentication results to the physical access point AP connected with this terminal; then send the key block after encrypted with the common key to the other physical access point AP in the virtual access point AP from the physical access point AP connected with the terminal, meanwhile send the authentication results to the terminal, after received the authentication results, this terminal may create the basic key BK. The invention solves how to reduce the roam switching re-authentication delay problems when the available WAPI used for the wireless mesh network, meanwhile it has the high expansibility for large-capacity network.