-
公开(公告)号:US20240056296A1
公开(公告)日:2024-02-15
申请号:US18259305
申请日:2021-12-21
发明人: Manxia TIE , Jun CAO , Xiaorong ZHAO , Xiaolong LAI , Qin LI , Bianling ZHANG , Xiang YAN , Dandan MA
摘要: Disclosed in embodiments of the present application are an identity authentication method. Bidirectional or unidirectional identity authentication between an authentication access controller and a requesting device is implemented by using a pre-shared key, thereby laying a foundation for ensuring that a user accessing a network is legitimate and/or a network accessed by a user is legitimate, so as to implement secret communication between the requesting device and the authentication access controller. In addition, in an identity authentication process, a verified party performs calculation on information comprising the pre-shared key of two parties and random numbers respectively generated by the two parties to obtain an identity authentication key, and performs calculation on specified content by using the identity authentication key to obtain an identity authentication code of the verified party. According to the method for calculating an identity authentication code provided by the present application, key exchange calculation is combined, and the capability of resistance to dictionary brute-force attack or to quantum computing attack in the authentication process is enhanced by means of an ingenious detail design. Also disclosed in the embodiments of the present application are an authentication access controller, a requesting device, a storage medium, a program, and a program product.
-
公开(公告)号:US20210314170A1
公开(公告)日:2021-10-07
申请号:US16482463
申请日:2018-02-13
发明人: Yuehui WANG , Bianling ZHANG , Manxia TIE , Xiaolong LAI , Qin LI , Weigang TONG , Guoqiang ZHANG , Zhiqiang DU , Xiang YAN
摘要: A method and device for managing a digital certificate are provided. A digital certificate requesting device negotiates with a digital certificate issuing device by using an acquired authorization code, to establish a security data channel and generate a security key, and messages can be encrypted with the generated data communication key during a process of message interaction between the digital certificate requesting device and the digital certificate issuing device, thereby effectively increasing the security in data transmission. The method and device are applicable for automatically requesting for, querying, updating, revoking a digital certificate and acquiring a digital certificate revocation list in various scenarios
-
公开(公告)号:US10243829B2
公开(公告)日:2019-03-26
申请号:US15309861
申请日:2015-04-17
发明人: Jun Cao , Qin Li , Yuehui Wang , Yanan Hu , Qi Pan , Bianling Zhang
IPC分类号: G06F15/173 , H04L12/26 , H04L29/06
摘要: A communication protocol testing method, a tested device and a testing platform. The method includes: the tested device and the reference device execute a communication protocol, a message sent and/or received during execution of the communication protocol serving as a first message, and the first message being encapsulated in a data encapsulation format of the communication protocol; the tested device encapsulates a part of data or all the data in the first message and/or known data of the tested device according to a unified data encapsulation format to generate a second message; and the testing platform acquires the second message, parses the acquired second message according to the unified data encapsulation format to obtain a part of data or all the data in the second message, executes testing items, and outputs testing results, thereby completing the test.
-
公开(公告)号:US20160191252A1
公开(公告)日:2016-06-30
申请号:US14911143
申请日:2014-08-14
发明人: Zhiyong Li , Hongtao Wan , Xiang Yan
CPC分类号: H04L9/3252 , H04L9/0861 , H04L9/3066
摘要: Disclosed are a method and device for generating a digital signature. The method comprises: a device generating a digital signature parameter r that meets an effective determining condition; generating a digital signature parameter s according to the following formula s=((1+dA)−1·(r+k)−r)mod n, by using a private key dA, a random number k, r, and an elliptic curve parameter n, a value range of k being [1, n−1]; determining if the generated s is 0; if s is 0, regenerating r that meets the effective determining condition, and regenerating s by using dA, the regenerated k with the value range of [1, n−1] and the regenerated r and n, until s is not 0; converting data types of r and s that is not 0 into byte strings, to obtain a digital signature (r, s). According to the technical solutions provided by embodiments of this application, a digital signature parameter s is obtained by using a simplified calculation formula, and the number of times that big integers are calculated can be reduced, so that the calculation efficiency of generating a digital signature based on an SM2 digital signature generation algorithm is improved.
摘要翻译: 公开了一种用于生成数字签名的方法和装置。 该方法包括:产生满足有效判定条件的数字签名参数r的装置; 通过使用私钥dA,随机数k,r和椭圆形,根据以下公式s =((1 + dA)-1·(r + k)-r)mod n生成数字签名参数s 曲线参数n,k的值范围为[1,n-1]; 确定生成的s是否为0; 如果s为0,则再生满足有效判定条件的r,并使用dA再生s,再生k的值范围为[1,n-1],再生r和n,直到s不为0; 将不为0的r和s的数据类型转换为字节串,以获得数字签名(r,s)。 根据本申请实施例提供的技术方案,通过使用简化的计算公式获得数字签名参数s,并且可以减少计算大整数的次数,从而生成数字签名的计算效率 基于SM2数字签名生成算法得到改进。
-
5.发明授权Method for conducting data encryption and decryption using symmetric cryptography algorithm and table look-up device 有权使用对称加密算法和表查找设备进行数据加密和解密的方法公开(公告)号:US09374218B2
公开(公告)日:2016-06-21
申请号:US14408276
申请日:2013-06-09
发明人: Zhiyong Li , Jun Cao , Xiang Yan
CPC分类号: H04L9/0631 , G09C1/00 , H04L9/065 , H04L9/16 , H04L9/3263 , H04L2209/122
摘要: Disclosed are a method for conducting data encryption and decryption using a symmetric cryptography algorithm and a table look-up device. The method comprises: when it is determined that it is required to use S-boxes to look up a table in a symmetric cryptography algorithm, determining all types of S-boxes to be used; for each type of S-box, determining the total number Ni of the type of S-box, and when Ni is larger than 1, determining that the type of S-box meets a multiplexing condition; and when data encryption and decryption are conducted using the symmetric cryptography algorithm, multiplexing at least one type of S-box which meets the multiplexing condition. The present application can reduce the occupation by the symmetric cryptography algorithm of hardware resources under the condition of comparative shortage of hardware resources.
摘要翻译: 公开了使用对称加密算法和表查找装置进行数据加密和解密的方法。 该方法包括:当确定需要使用S盒来查找对称加密算法中的表时,确定要使用的所有类型的S盒; 对于每种类型的S盒,确定S盒类型的总数Ni,并且当Ni大于1时,确定S盒的类型满足多路复用条件; 并且当使用对称加密算法进行数据加密和解密时,复用满足复用条件的至少一种类型的S盒。 在硬件资源比较短缺的情况下,本应用可以减少硬件资源对称密码算法的占用。
-
6.发明授权公开(公告)号:US09047449B2
公开(公告)日:2015-06-02
申请号:US13819698
申请日:2010-12-21
申请人: Zhiqiang Du , Manxia Tie , Yanan Hu , Zhenhai Huang
发明人: Zhiqiang Du , Manxia Tie , Yanan Hu , Zhenhai Huang
CPC分类号: G06F21/30 , H04L9/3273 , H04L63/08 , H04L63/0884 , H04L2209/805
摘要: A method and a system for entity authentication in a resource-limited network are provided by the present invention. Said method comprises the following steps: 1) entity A sends an authentication request message to entity B; 2) after receiving the authentication request message, entity B sends an authentication response message to entity A; and 3) entity A determines the validity of entity B according to the received authentication response message. The authentication between entities in a resource-limited network can be implemented by the application of the present invention.
摘要翻译: 本发明提供了一种资源有限的网络中用于实体认证的方法和系统。 所述方法包括以下步骤:1)实体A向实体B发送认证请求消息; 2)接收认证请求消息后,实体B向实体A发送认证响应消息; 3)实体A根据收到的认证响应消息确定实体B的有效性。 可以通过本发明的应用来实现资源有限的网络中的实体之间的认证。
-
7.发明授权Method and system for switching station in centralized WLAN when WPI is performed by access controller 有权WPI由接入控制器执行时,集中式WLAN切换站的方法和系统公开(公告)号:US08819778B2
公开(公告)日:2014-08-26
申请号:US13320469
申请日:2009-12-07
申请人: Zhiqiang Du , Jun Cao , Manxia Tie , Xiaolong Lai , Zhenhai Huang
发明人: Zhiqiang Du , Jun Cao , Manxia Tie , Xiaolong Lai , Zhenhai Huang
CPC分类号: H04W36/0038 , H04L41/0803 , H04L63/205 , H04W12/06 , H04W92/12
摘要: The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.
摘要翻译: 本发明的实施例涉及一种当WLAN隐私基础设施(WPI)由接入控制器(AC)执行时,在集中式无线局域网(WLAN)中切换台站的方法和系统。 该方法包括:步骤1:站通过目的无线终端(WTP)与AC重新关联; 步骤2:AC通知相关的WTP删除站; 步骤3:AC通知目的地WTP加入车站。 本发明基于在交换台处理过程中的无线接入点协议(CAPWAP)控制消息的控制和提供,实现了加入站和删除站之间的AC和WTP的操作。 因此,本发明可以在同一AC下的WTP之间快速,安全地实现站切换。
-
公开(公告)号:US08755528B2
公开(公告)日:2014-06-17
申请号:US13516257
申请日:2010-05-21
申请人: Li Ge , Jun Cao , Manxia Tie , Qin Li , Xiaolong Lai
发明人: Li Ge , Jun Cao , Manxia Tie , Qin Li , Xiaolong Lai
IPC分类号: G06F21/00
摘要: A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.
-
公开(公告)号:US08752126B2
公开(公告)日:2014-06-10
申请号:US13059547
申请日:2009-08-20
申请人: Liaojun Pang , Jun Cao , Manxia Tie
发明人: Liaojun Pang , Jun Cao , Manxia Tie
CPC分类号: H04W12/04 , H04L9/085 , H04L9/3073 , H04L63/062 , H04L2209/601
摘要: A method for enhancing the security of the multicast or broadcast system comprises the following steps: after having established the system parameter, the base station receives the register request message transmitted by the terminal, and the register request message carries the device identity information of the terminal; the base station registers the terminal according to the register request message and transmits the authorization key to the terminal after successful registration. By the base station establishing the specific system parameter, generating and awarding the corresponding terminal's key based on the parameter, the embodiment of the present invention can construct a secure network system of multicast or broadcast effectively and solve the security problem of the multicast or broadcast from the base station to the terminal in the network system.
摘要翻译: 一种用于增强多播或广播系统的安全性的方法包括以下步骤:在建立了系统参数之后,基站接收终端发送的注册请求消息,并且注册请求消息携带终端的设备身份信息 ; 基站根据注册请求消息注册终端,并在成功注册后向终端发送授权密钥。 由基站建立具体的系统参数,根据参数生成和授予相应的终端密钥,本发明的实施例可以有效构建安全的组播或广播网络系统,解决组播或广播的安全问题 基站到终端在网络系统中。
-
公开(公告)号:US08631232B2
公开(公告)日:2014-01-14
申请号:US12863272
申请日:2009-01-14
申请人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang , Bianling Zhang , Zhiqiang Qin , Qizhu Song
发明人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang , Bianling Zhang , Zhiqiang Qin , Qizhu Song
IPC分类号: H04L29/00
CPC分类号: H04W12/04 , H04L63/205 , H04W12/06
摘要: A wireless personal area network accessing method is provided, the method includes that: a coordinator broadcasts a beacon frame, the beacon frame includes the information about whether the coordinator sends an authentication requirement, the beacon frame also includes the authentication supported by the coordinator and key management package when a device receipts the authentication requirement, the device receives the beacon frame, the authentication between the coordinator and the device is made by using a authentication method corresponding to the authentication supported by the coordinator and key management package, when the device determines that the coordinator and the device is directly made according to the authentication result, or the association between the coordinator and the device is made after making session key negotiation.
摘要翻译: 提供了无线个人区域网络访问方法,该方法包括:协调器广播信标帧,信标帧包括关于协调器是否发送认证要求的信息,信标帧还包括由协调器和密钥支持的认证 管理包,当设备收到认证要求时,设备收到信标帧,协调器和设备之间的认证是通过使用与协调器和密钥管理包所支持的认证相对应的认证方法进行的,当设备确定 协调器和设备根据认证结果直接进行,或者在进行会话密钥协商之后进行协调器与设备之间的关联。
-
-
-
-
-
-
-
-
-
搜索结果
193 条记录 (耗时 0.026 秒)
