公开(公告)号：US20100293370A1

公开(公告)日：2010-11-18

申请号：US12810374

申请日：2008-12-26

申请人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04W12/06 ,  H04L9/0844 ,  H04L9/3226 ,  H04L9/3263 ,  H04L63/061 ,  H04L63/0807 ,  H04L2209/80 ,  H04W12/04 ,  H04W88/02

摘要： Authentication access method and authentication access system for wireless multi-hop network. Terminal equipment and coordinator have the capability of port control, the coordinator broadcasts a beacon frame, and the terminal equipment selects an authentication and key management suite and transmits a connecting request command to the coordinator. The coordinator performs authentication with the terminal equipment according to the authentication and key management suite which is selected by the terminal equipment, after authenticated, transmits a connecting response command to the terminal equipment. The terminal equipment and the coordinator control the port according to the authentication result, therefore the authenticated access for the wireless multi-hop network is realized. The invention solves the security problem of the wireless multi-hop network authentication method.

摘要翻译： 无线多跳网络的认证接入方式和认证接入系统。 终端设备和协调器具有端口控制能力，协调器广播信标帧，终端设备选择认证和密钥管理套件，并向协调器发送连接请求命令。 协调器根据由终端设备选择的认证和密钥管理套件与终端设备进行认证，经过认证，向终端设备发送连接响应命令。 终端设备和协调器根据认证结果对端口进行控制，实现了无线多跳网络的认证接入。 本发明解决了无线多跳网络认证方法的安全问题。

公开(公告)号：US20080288777A1

公开(公告)日：2008-11-20

申请号：US11816715

申请日：2006-02-21

申请人： Xiaolong Lai ,  Jun Cao ,  Bianling Zhang ,  Zhenhai Huang ,  Hong Guo

发明人： Xiaolong Lai ,  Jun Cao ,  Bianling Zhang ,  Zhenhai Huang ,  Hong Guo

IPC分类号： H04L9/32

CPC分类号： H04L63/0869 ,  H04L9/0894 ,  H04L9/321 ,  H04L2209/80

摘要： A port based peer access control method, comprises the steps of: 1) enabling the authentication control entity; 2) two authentication control entities authenticating each other; 3) setting the status of the controlled port. The method may further comprise the steps of enabling the authentication server entity, two authentication subsystems negotiating the key. By modifying the asymmetry of background technique, the invention has advantages of peer control, distinguishable authentication control entity, good scalability, good security, simple key negotiation process, relatively complete system, high flexibility, thus the invention can satisfy the requirements of central management as well as resolve the technical issues of the prior network access control method, including complex process, poor security, poor scalability, so it provides essential guarantee for secure network access.

摘要翻译： 一种基于端口的对等接入控制方法，包括步骤：1）启用认证控制实体; 2）两个认证控制实体相互认证; 3）设置受控端口的状态。 该方法还可以包括以下步骤：启用认证服务器实体，两个认证子系统协商该密钥。 通过修改背景技术的不对称性，本发明具有对等控制，可区分认证控制实体，良好的可扩展性，良好的安全性，简单的密钥协商过程，系统相对完整，灵活性高等优点，因此本发明可以满足中央管理的要求 解决现有网络访问控制方法的技术问题，包括复杂过程，安全性差，可扩展性差，为安全网络访问提供了必要的保证。

公开(公告)号：US08688974B2

公开(公告)日：2014-04-01

申请号：US12864317

申请日：2009-01-21

申请人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L29/06

CPC分类号： H04W12/04 ,  H04L9/083 ,  H04L9/0866 ,  H04L9/0891 ,  H04L63/061 ,  H04L2209/80 ,  H04L2463/061 ,  H04W84/18

摘要： A method for managing wireless multi-hop network key is applicable to a security application protocol when a WAPI frame method (TePA, an access control method based on the ternary peer-to-peer identification) is applied in a concrete network containing a Wireless Local Area Network, a Wireless Metropolitan Area Network AN and a Wireless Personal Area Network. The key management method of the present invention includes the steps of key generation, key distribution, key storage, key modification and key revocation. The present invention solves the technical problems that the prior pre-share-key based key management method is not suitable for larger networks and the PKI-based key management method is not suitable for wireless multi-hop networks; the public-key system and the ternary structure are adopted, thereby the security and the performance of the wireless multi-hop networks are improved.

摘要翻译： 一种用于管理无线多跳网络密钥的方法适用于安全应用协议，当WAPI帧方法（TePA，基于三进制对等体标识的访问控制方法）被应用于包含无线本地 区域网络，无线城域网AN和无线个域网。 本发明的密钥管理方法包括密钥生成，密钥分配，密钥存储，密钥修改，密钥撤销等步骤。 本发明解决了以前的基于共享密钥的密钥管理方法不适用于较大网络的技术问题，而基于PKI的密钥管理方法不适用于无线多跳网络; 采用公钥系统和三元结构，提高无线多跳网络的安全性和性能。

公开(公告)号：US08631462B2

公开(公告)日：2014-01-14

申请号：US13059798

申请日：2009-08-20

申请人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： G06F17/00 ,  G06F7/04 ,  G06F17/30 ,  G06F15/16 ,  H04L29/06

摘要： A trusted network management method of trusted network connections based on tri-element peer authentication. A trusted management proxy and a trusted management system are respectively installed and configured on a host to be managed and a management host, and are verified as local trusted. When the host to be managed and the management host are not connected to the trusted network, they use the trusted network connection method based on the tri-element peer authentication to connect to the trusted network respectively, and subsequently perform the authentications and the cipher key negotiations of the trusted management proxy and the trusted management system; when the host to be managed and the management host have not completed the user authentication and the cipher key negotiation process, they use the tri-element peer authentication protocol to complete the user authentication and the cipher key negotiation process, then use the tri-element peer authentication protocol to implement the remote trust of the trusted management proxy and the trusted management system, and finally perform network management. The present invention can actively defend attacks, reinforce the safety of the trusted network management architecture, and realize the trusted network management of distributed control and centralized management.

公开(公告)号：US08424060B2

公开(公告)日：2013-04-16

申请号：US12742618

申请日：2008-11-14

申请人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L29/06

CPC分类号： H04L41/0893 ,  H04L63/0823 ,  H04L63/0876 ,  H04L63/102 ,  H04L63/20

摘要： A trusted network access controlling method based upon tri-element peer authentication comprises: Firstly initializing creditability collectors and a creditability verifier; then carrying out a tri-element peer authentication protocol among a network access requester, a network access controller and an authentication strategy server in a network access control layer to realize bi-directional user authentication between the access requester and the access controller; When authentication is successful or the locale strategy requires to carry out a when a platform creditability evaluation process, the TNC terminal, TNC server and evaluation strategy server in a trusted platform evaluation layer performing the tri-element peer authentication protocol to realize bi-directional platform creditability authentication between the access requester and the access controller; Finally the access requester and the access controller controlling ports according to the recommendation generated by the TNAC client terminal and the TNAC service terminal. The invention solves the technical problem about poor expandability in background, and further solves the problem about complex key negotiation and relatively low safety.

摘要翻译： 基于三元素对等认证的可信网络访问控制方法包括：首先初始化信用收集者和信用验证者; 然后在网络访问控制层中的网络访问请求者，网络访问控制器和认证策略服务器之间执行三元素对等认证协议，以实现访问请求者和访问控制器之间的双向用户认证; 当认证成功或者区域设置策略需要在平台可信度评估过程中执行时，TNC终端，TNC服务器和可信平台评估层的评估策略服务器执行三元对等认证协议，实现双向平台 访问请求者和访问控制器之间的可信度认证; 最后根据由TNAC客户终端和TNAC服务终端生成的建议，访问请求者和访问控制器控制端口。 本发明解决了背景下可扩展性差的技术问题，进一步解决了复杂密钥协商和安全性相对较低的问题。

公开(公告)号：US08336081B2

公开(公告)日：2012-12-18

申请号：US12672860

申请日：2008-07-21

申请人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/00 ,  H04L9/32

CPC分类号： H04L63/0876 ,  H04L9/0844 ,  H04L9/3263 ,  H04L41/0893 ,  H04L63/0823 ,  H04L63/102 ,  H04L63/126 ,  H04L63/20

摘要： Disclosed is a trusted network connect system for enhancing the security, the system including an access requester of the system network that connects to a policy enforcement point in the manner of authentication protocol, and network-connects to the access authorizer via a network authorization transport protocol interface, an integrity evaluation interface and an integrity measurement interface, a policy enforcement point network-connects to the access authorizer via a policy enforcement interface, an access authorizer network-connects to the policy manager via a user authentication authorization interface, a platform evaluation authorization interface and the integrity measurement interface, and an access requester network-connects to a policy manager via the integrity measurement interface.

摘要翻译： 公开了一种用于增强安全性的可靠的网络连接系统，该系统包括以认证协议的方式连接到策略执行点的系统网络的访问请求者，并通过网络授权传输协议网络连接到接入授权器 接口，完整性评估接口和完整性测量接口，策略执行点网络 - 通过策略执行接口连接到接入授权器，接入授权器网络 - 经由用户认证授权接口连接到策略管理器，平台评估授权 接口和完整性测量接口，以及访问请求者网络 - 通过完整性测量界面连接到策略管理器。

公开(公告)号：US08255977B2

公开(公告)日：2012-08-28

申请号：US12626546

申请日：2009-11-25

申请人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： G06F21/00

CPC分类号： H04L9/3247 ,  H04L9/3234 ,  H04L9/3263 ,  H04L41/0893 ,  H04L63/0869 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/20

摘要： A trusted network connect (TNC) method based on tri-element peer authentication is provided, which includes the following steps. Platform integrity information is prepared in advance. An integrity verification requirement is predefined. A network access requestor initiates an access request to a network access controller. The network access controller starts a mutual user authentication process, and performs a tri-element peer authentication protocol with a user authentication serving unit. After the mutual user authentication is successful, a TNC client, a TNC server, and a platform evaluation serving unit implement platform integrity evaluation by using a tri-element peer authentication method. The network access requestor and the network access controller control ports according to recommendations received respectively, so as to implement mutual access control between the access requestor and the access controller. Thus, the technical problems in the prior art of poor extensibility, complex key agreement process, low security, and that platform integrity evaluation is not peer-to-peer are solved by the present invention. Through the method of the present invention, key management and integrity verification mechanisms of the TNC are simplified, and the range of applicability of the TNC is expanded.

摘要翻译： 提供了基于三元对等认证的可信网络连接（TNC）方法，包括以下步骤。 平台完整性信息是事先准备的。 完整性验证要求是预先定义的。 网络访问请求者发起对网络访问控制器的访问请求。 网络访问控制器开始相互用户认证处理，并与用户认证服务单元执行三元对等认证协议。 相互用户认证成功后，TNC客户端，TNC服务器和平台评估服务单元通过三元素对等体认证方式实现平台完整性评估。 根据分别接收的建议，网络接入请求者和网络接入控制器控制端口，实现接入请求者和接入控制器之间的相互访问控制。 因此，通过本发明解决了现有技术中的扩展性差，复杂密钥协商过程，低安全性和平台完整性评估不是点对点的技术问题。 通过本发明的方法，简化了TNC的密钥管理和完整性验证机制，拓展了跨国公司的适用范围。

公开(公告)号：US20110029776A1

公开(公告)日：2011-02-03

申请号：US12863285

申请日：2009-01-14

申请人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang ,  Bianling Zhang ,  Zhiqiang Qin ,  Qizhu Song

发明人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang ,  Bianling Zhang ,  Zhiqiang Qin ,  Qizhu Song

IPC分类号： H04L9/32

CPC分类号： H04W12/04 ,  H04L29/08576 ,  H04L63/0428 ,  H04L63/08 ,  H04W12/06

摘要： A wireless personal area network access method based on the primitive, includes: a coordinator broadcasts a beacon frame to the device which requests connecting to the wireless personal area network (WPAN), the beacon frame includes the authentication request information for the device and the authentication and a key management tool supported by the coordinator; the device authenticates the authentication request information, when the coordinator has an authentication request to the device, the coordinator and the device execute the authentication based on the primitive and obtains the conversation key.

摘要翻译： 基于原语的无线个人区域网络访问方法包括：协调器向请求连接到无线个域网（WPAN）的设备广播信标帧，信标帧包括用于设备的认证请求信息和认证 和协调员支持的关键管理工具; 设备对认证请求信息进行认证，当协调器向设备发送认证请求时，协调器和设备根据原语执行认证，获取会话密钥。

公开(公告)号：US20100293378A1

公开(公告)日：2010-11-18

申请号：US12864401

申请日：2009-01-22

申请人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04W12/08 ,  H04L9/321 ,  H04L9/3268 ,  H04L63/062 ,  H04L63/205 ,  H04W12/04031 ,  H04W84/18

摘要： A method, device and system of ID based wireless multi-hop network authentication access are provided, which are used for security application protocol when the WAPI frame method (TePA, Triple-Element and Peer Authentication based access control method) is applied over the specific network including the wireless LAN, wireless WAN and wireless private network. The method includes the following steps: defining non-controlled port and controlled port; the coordinator broadcasts the beacon frame, the terminal device sends the connection request command; the coordinator and the terminal device perform the authentication procedure; the coordinator opens the controlled port and sends the connection response command at the same time if the authentication is successful; the terminal device receives the connection response command and opens the controlled port in order to access the network. The method of the present invention solves the technical problem of the presence of the security trouble in the present wireless multi-hop network authentication access method, improves the security and performance of accessing the wireless multi-hop network from the terminal device, and ensures the communication safety between the terminal device and the coordinator.

摘要翻译： 提供了一种基于ID的无线多跳网络认证访问的方法，设备和系统，用于安全应用协议，当WAPI帧方法（TePA，Triple-Element和Peer Authentication based access control method）应用于特定的 网络包括无线局域网，无线广域网和无线专网。 该方法包括以下步骤：定义非受控端口和受控端口; 协调器广播信标帧，终端设备发送连接请求命令; 协调器和终端设备执行认证过程; 如果认证成功，协调器将打开受控端口并同时发送连接响应命令; 终端设备接收连接响应命令并打开受控端口以访问网络。 本发明的方法解决了目前的无线多跳网络认证接入方法中存在安全问题的技术问题，提高了从终端设备接入无线多跳网络的安全性和性能， 终端设备和协调器之间的通信安全。

公开(公告)号：US20100077213A1

公开(公告)日：2010-03-25

申请号：US12628903

申请日：2009-12-01

申请人： YUELEI XIAO ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： YUELEI XIAO ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L63/20 ,  H04L9/321 ,  H04L9/3263 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0869 ,  H04L63/0876 ,  H04L63/10 ,  H04L2209/127

摘要： A trusted network connect (TNC) system based on tri-element peer authentication (TePA) is provided. An network access requestor (NAR) of an access requestor (AR) is connected to a TNC client (TNCC), and the TNCC is connected to and integrity measurement collector (IMC1) through a integrity measurement collector interface (IF-IMC). An network access controller (NAC) of an access controller (AC) is connected to a TNC server (TNCS) in a data bearer manner. The TNCS is connected to an IMC2 through the IF-IMC. A user authentication service unit (UASU) of a policy manager (PM) is connected to a platform evaluation service unit (PESU) through an integrity measurement verifier interface (IF-IMV). Thus, the technical problems in the prior art of poor extensibility, complex key agreement process, and low security are solved. TePA is adopted in both the network access layer and the integrity evaluation layer to implement mutual user authentication and platform integrity evaluation, so that the security of the entire TNC architecture is improved.

摘要翻译： 提供了基于三元素对等认证（TePA）的可信网络连接（TNC）系统。 访问请求者（AR）的网络接入请求者（NAR）连接到TNC客户端（TNCC），TNCC通过完整性测量收集器接口（IF-IMC）连接到完整性测量收集器（IMC1）。 接入控制器（AC）的网络接入控制器（NAC）以数据承载方式连接到TNC服务器（TNCS）。 TNCS通过IF-IMC连接到IMC2。 策略管理器（PM）的用户认证服务单元（UASU）通过完整性测量验证器接口（IF-IMV）连接到平台评估服务单元（PESU）。 因此，解决了现有技术中可扩展性差，复杂密钥协商过程和低安全性的技术问题。 TePA被采用于网络接入层和完整性评估层，实现了互用用户认证和平台完整性评估，从而提高了整个TNC架构的安全性。