IEEE802.16-2004无线城域网（wireless-MAN）标准支持的多跳（Mesh）网络是一种树状网络和adhoc网络结合的新型网络。针对Mesh中使用的单跳单向认证SA（安全关联）管理机制安全和效率上的缺陷，提出了一种和次优修正路由结合的多跳双向认证SA管理机制。与单跳单向机制相比，该机制是前向安全的，对中间节点的攻击具有强安全性，同时减少了系统开销和传输时延。在按需路由建立前使用修正路由传递管理信息可减少服务流建立时延。安全性分析证明了多跳双向机制的安全性，性能比较说明了在效率上的优势。

Mesh network supported by IEEE802.16-2004 wireless-MAN standard is a fresh network combining tree network and ad hoc network. Aimed at the weakness both in security and efficiency of one-hop one-way authentication SA (security association) mechanism employed by Mesh network, an multi-hops mutual authentication SA mechanism associated with hypo- optimal self-modified routing is proposed. Compared with the one-hop one-way mechanism, this one is of forward security and immune to middle attacks, which also lessens system cost and time delay in transmission. The employment of self-modified routing before touting establishment in management information transaction can also reduce the delay of service-flow creation. Subsequently, the security of multi-hops mutual mechanism is proved by security analysis, followed by the efficiency comparison which introduces the efficiency advantage of this mechanism.