公开(公告)号：US08578164B2

公开(公告)日：2013-11-05

申请号：US12741567

申请日：2008-11-07

申请人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： G06F21/00

CPC分类号： H04L9/3242 ,  H04L9/0847 ,  H04L9/321 ,  H04L9/3271 ,  H04L2209/80

摘要： A method of one-way access authentication is disclosed. The method includes the following steps. According to system parameters set up by a third entity, a second entity sends an authentication request and key distribution grouping message to a first entity. The first entity verifies the validity of the message sent from the second entity, and if it is valid, the first entity generates authentication and key response grouping message and sends it to the second entity, which verifies the validity of the message sent from the first entity, and if it is valid, the second entity generates the authentication and key confirmation grouping message and sends the message to the first entity. The first entity verifies the validity of the authentication and key conformation grouping message, and if it is valid, the authentication succeeds and the key is regarded as the master key of agreement.

摘要翻译： 公开了一种单向接入认证方法。 该方法包括以下步骤。 根据由第三实体建立的系统参数，第二实体向第一实体发送认证请求和密钥分发分组消息。 第一实体验证从第二实体发送的消息的有效性，并且如果其有效，则第一实体生成认证和密钥响应分组消息并将其发送到第二实体，其验证从第一实体发送的消息的有效性 实体，如果有效，则第二实体生成认证和密钥确认分组消息，并将消息发送到第一实体。 第一个实体验证认证和密钥组合分组消息的有效性，如果认证成功，则认证成功，密钥被视为协商的主密钥。

公开(公告)号：US20130159706A1

公开(公告)日：2013-06-20

申请号：US13814899

申请日：2011-04-27

申请人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

发明人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

IPC分类号： H04L9/08

CPC分类号： H04L9/0816 ,  H04L9/083 ,  H04L9/321 ,  H04L63/06 ,  H04L2463/062

摘要： The present invention provides a secret communication method, apparatus and system. The method comprises: 1) determining a neighboring encryption switching equipment shared by a first user terminal and a second user terminal, wherein the first user terminal and the second user terminal are neighboring user terminals (1); 2) establishing, by the neighboring encryption switching equipment, an inter-station key for communication between the first user terminal and the second terminal (2); 3) performing data secret communication between the first user terminal and the second terminal by using the inter-station key (3). With the present invention, the neighboring user terminals needing to perform the secret communication can establish the inter-station key without performing identity authentication with each other, and can perform the secret communication with the inter-station key, and thereby the network load is reduced.

摘要翻译： 本发明提供一种秘密通信方法，装置和系统。 该方法包括：1）确定由第一用户终端和第二用户终端共享的相邻加密交换设备，其中第一用户终端和第二用户终端是相邻的用户终端（1）; 2）由相邻加密交换设备建立用于第一用户终端和第二终端（2）之间的通信的站间密钥; 3）使用站间密钥（3）执行第一用户终端与第二终端之间的数据秘密通信。 通过本发明，需要执行秘密通信的相邻用户终端可以建立站间密钥，而不进行彼此的身份认证，并且可以执行与站间密钥的秘密通信，从而减少网络负载 。

公开(公告)号：US20130016838A1

公开(公告)日：2013-01-17

申请号：US13637375

申请日：2010-05-12

申请人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L9/28

CPC分类号： H04W12/04 ,  H04L12/189 ,  H04L63/065 ,  H04W12/10

摘要： The present invention discloses a multicast key negotiation method suitable for group calling system and a system thereof. The method includes that: a user terminal (UT) negotiates about a unicast key with a base station (BS), derives an information encryption key and an integrity verifying key according to the unicast key, and registers a service group identifier that the UT belongs to at the BS; the BS notifies the UT the multicast key of the service group that the UT needs to apply, constructs a multicast key notification packet, and sends it to the UT; after receiving the multicast key notification packet sent by the BS, the UT obtains the multicast key of the service group that the UT needs to apply by decrypting a service group key application list, constructs a multicast key confirmation packet, and sends it to the BS; the BS confirms that the multicast key of the UT service group is built successfully according to the multicast key confirmation packet sent by the UT.

摘要翻译： 本发明公开了适用于群呼系统的组播密钥协商方法及其系统。 该方法包括：用户终端（UT）与基站（BS）协商关于单播密钥，根据单播密钥导出信息加密密钥和完整性验证密钥，并注册UT所属的服务组标识符 到BS; BS向UT通知UT需要应用的业务组的组播密钥，构建组播密钥通知报文，并将其发送给UT; UT收到BS发送的组播密钥通知报文后，通过解密业务组密钥应用列表获取UT需要应用的业务组的组播密钥，构建组播密钥确认报文，并发送给BS ; 根据UT发送的组播密钥确认包，BS确认UT服务组的组播密钥成功建立。

公开(公告)号：US08185091B2

公开(公告)日：2012-05-22

申请号：US12441915

申请日：2007-07-16

申请人： Liaojun Pang ,  Jun Cao ,  Haibo Tian ,  Zhenhai Huang ,  Bianling Zhang

发明人： Liaojun Pang ,  Jun Cao ,  Haibo Tian ,  Zhenhai Huang ,  Bianling Zhang

IPC分类号： H04W12/08

CPC分类号： H04L9/3263 ,  H04L9/3268 ,  H04L9/3271 ,  H04L9/3273 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/0869 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06

摘要： A network access authentication and authorization method includes the steps of: constructing an access and authorization request packet; constructing a certificate authentication request packet, constructing a certificate authentication response packet; constructing an access and authorization response packet; constructing an access and authorization acknowledgement packet. And an authorization key updating method includes the steps of: constructing an access and authorization request packet; constructing an access and authorization response packet; constructing an access and authorization acknowledgement packet. The invention resolves the security problem that a mobile terminal accesses a base station in the wideband wireless multimedia network, and realizes both bi-directional identity authentication of a mobile terminal and a base station and unidirectional identity authentication from a base station to a mobile terminal. The authorization key negotiation calculation is simple, and the key management is simply realized by using message acknowledgement manner. The invention is applied to the wired network and the wireless network, such as the wireless local area network, the wireless metropolitan area network, and the broadband wireless multimedia network etc.

摘要翻译： 一种网络接入认证授权方法，包括：构建接入和授权请求报文; 构建证书认证请求报文，构建证书认证响应报文; 构建访问和授权响应包; 构建访问和授权确认包。 并且授权密钥更新方法包括以下步骤：构建接入和授权请求分组; 构建访问和授权响应包; 构建访问和授权确认包。 本发明解决了移动终端访问宽带无线多媒体网络中的基站的安全问题，实现了移动终端和基站的双向身份认证以及从基站到移动终端的单向身份认证。 授权密钥协商计算简单，密钥管理简单地通过使用消息确认方式实现。 本发明适用于无线局域网，无线城域网，宽带无线多媒体网络等有线网络和无线网络。

公开(公告)号：US20100313012A1

公开(公告)日：2010-12-09

申请号：US12745288

申请日：2008-12-02

申请人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L9/321 ,  H04L2209/805

摘要： A light access authentication method and system, the method includes: the trustful third party writes the MSG cipher text formed by enciphering MSG into the first entity; the second entity attains the MSG cipher text from the first entity, and attains the key from the trustful third party after attaining the MSG cipher text; the MSG cipher text is deciphered according to the key, and the MSG plaintext is attained. The embodiment of the present invention can be widely applied at a condition limited by the equipment and environment, and the access authentication is simplified and lightened.

摘要翻译： 一种光接入认证方法和系统，所述方法包括：信任第三方将通过加密MSG形成的MSG密文写入第一实体; 第二实体从第一实体获得MSG密文，并在获得MSG密文后获得信任第三方的密钥; 根据密钥解密MSG密文，并获得MSG明文。 本发明的实施例可以在受设备和环境限制的条件下被广泛应用，并且访问认证被简化和减轻。

公开(公告)号：US20100009656A1

公开(公告)日：2010-01-14

申请号：US12441915

申请日：2007-07-16

申请人： Liaojun Pang ,  Jun Cao ,  Haibo Tian ,  Zhenhai Huang ,  Bianling Zhang

发明人： Liaojun Pang ,  Jun Cao ,  Haibo Tian ,  Zhenhai Huang ,  Bianling Zhang

IPC分类号： H04M3/16

CPC分类号： H04L9/3263 ,  H04L9/3268 ,  H04L9/3271 ,  H04L9/3273 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/0869 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06

摘要： A network access authentication and authorization method includes the steps of: constructing an access and authorization request packet; constructing a certificate authentication request packet, constructing a certificate authentication response packet; constructing an access and authorization response packet; constructing an access and authorization acknowledgement packet. And an authorization key updating method includes the steps of: constructing an access and authorization request packet; constructing an access and authorization response packet; constructing an access and authorization acknowledgement packet. The invention resolves the security problem that a mobile terminal accesses a base station in the wideband wireless multimedia network, and realizes both bi-directional identity authentication of a mobile terminal and a base station and unidirectional identity authentication from a base station to a mobile terminal. The authorization key negotiation calculation is simple, and the key management is simply realized by using message acknowledgement manner. The invention is applied to the wired network and the wireless network, such as the wireless local area network, the wireless metropolitan area network, and the broadband wireless multimedia network etc.

摘要翻译： 一种网络接入认证授权方法，包括：构建接入和授权请求报文; 构建证书认证请求报文，构建证书认证响应报文; 构建访问和授权响应包; 构建访问和授权确认包。 并且授权密钥更新方法包括以下步骤：构建接入和授权请求分组; 构建访问和授权响应包; 构建访问和授权确认包。 本发明解决了移动终端访问宽带无线多媒体网络中的基站的安全问题，实现了移动终端和基站的双向身份认证以及从基站到移动终端的单向身份认证。 授权密钥协商计算简单，密钥管理简单地通过使用消息确认方式实现。 本发明适用于无线局域网，无线城域网，宽带无线多媒体网络等有线网络和无线网络。

公开(公告)号：US09137259B2

公开(公告)日：2015-09-15

申请号：US13702785

申请日：2011-01-14

申请人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L29/06 ,  H04L12/721

CPC分类号： H04L63/1475 ,  H04L45/26

摘要： A switch route exploring method, system and device are provided in the present invention. The method comprises that: a transmitting source node NSource constructs a switch route exploring request packet and transmits it to a destination node NDestination; the switch route exploring request packet comprises information of switch route from the transmitting source node NSource to the destination node NDestination, wherein the information is known by the transmitting source node NSource; and the destination node NDestination constructs a switch route exploring response packet and transmits it to the transmitting source node NSource.

摘要翻译： 在本发明中提供了一种开关路径探索方法，系统和装置。 该方法包括：发送源节点NSource构建探索请求分组的交换路由，并将其发送到目的节点NDestination; 所述交换路由探索请求分组包括从所述发送源节点NSource到所述目的节点NDestination的切换路由的信息，其中，所述信息由所述发送源节点NSource知道; 并且目的地节点NDestination构建探索响应分组的交换机路由，并将其发送到发送源节点NSource。

公开(公告)号：US09038143B2

公开(公告)日：2015-05-19

申请号：US13879136

申请日：2011-03-15

申请人： Zhiqiang Du ,  Manxia Tie ,  Zhenhai Huang ,  Jun Cao

发明人： Zhiqiang Du ,  Manxia Tie ,  Zhenhai Huang ,  Jun Cao

IPC分类号： G06F7/04 ,  H04L29/06

CPC分类号： H04L63/08

摘要： A method and a system for network access control are provided, which are based on cipher code mechanism. After a visitor has raised an access request, an access controller in the destination network processes the access request and initiates an authentication request on the visitor identity to an authentication server through the visitor. The access controller in the destination network accomplishes the authentication on the visitor identity according to the public authentication result of the authentication server transferred by the visitor, and performs according to the authorization policy the authorization management on the successfully authenticated visitor. The present invention solves the problem of incapableness of performing the access control when the access controller can not directly use the authentication service provided by the authentication server. The present invention can sufficiently satisfy the real application requirements of access control on visitor.

摘要翻译： 提供了一种基于密码机制的网络访问控制方法和系统。 在访问者提出访问请求之后，目的地网络中的访问控制器处理访问请求，并通过访问者向认证服务器发起对访问者身份的认证请求。 目的地网络中的接入控制器根据访问者转发的认证服务器的公共认证结果对访客身份进行认证，并根据认证策略对成功认证的访问者进行授权管理。 本发明解决了当访问控制器不能直接使用认证服务器提供的认证服务时执行访问控制的不适用性的问题。 本发明可以充分满足访客访问控制的实际应用需求。

公开(公告)号：US08850190B2

公开(公告)日：2014-09-30

申请号：US13814899

申请日：2011-04-27

申请人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

发明人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

IPC分类号： H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC分类号： H04L9/0816 ,  H04L9/083 ,  H04L9/321 ,  H04L63/06 ,  H04L2463/062

摘要： The present invention provides a secret communication method, apparatus and system. The method comprises: 1) determining a neighboring encryption switching equipment shared by a first user terminal and a second user terminal, wherein the first user terminal and the second user terminal are neighboring user terminals (1); 2) establishing, by the neighboring encryption switching equipment, an inter-station key for communication between the first user terminal and the second terminal (2); 3) performing data secret communication between the first user terminal and the second terminal by using the inter-station key (3). With the present invention, the neighboring user terminals needing to perform the secret communication can establish the inter-station key without performing identity authentication with each other, and can perform the secret communication with the inter-station key, and thereby the network load is reduced.

摘要翻译： 本发明提供一种秘密通信方法，装置和系统。 该方法包括：1）确定由第一用户终端和第二用户终端共享的相邻加密交换设备，其中第一用户终端和第二用户终端是相邻的用户终端（1）; 2）由相邻加密交换设备建立用于第一用户终端和第二终端（2）之间的通信的站间密钥; 3）使用站间密钥（3）执行第一用户终端与第二终端之间的数据秘密通信。 通过本发明，需要执行秘密通信的相邻用户终端可以建立站间密钥，而不进行彼此的身份认证，并且可以执行与站间密钥的秘密通信，从而减少网络负载 。

公开(公告)号：US08787574B2

公开(公告)日：2014-07-22

申请号：US13637375

申请日：2010-05-12

申请人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04K1/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： H04W12/04 ,  H04L12/189 ,  H04L63/065 ,  H04W12/10

摘要： The present invention discloses a multicast key negotiation method suitable for group calling system and a system thereof. The method includes that: a user terminal (UT) negotiates about a unicast key with a base station (BS), derives an information encryption key and an integrity verifying key according to the unicast key, and registers a service group identifier that the UT belongs to at the BS; the BS notifies the UT the multicast key of the service group that the UT needs to apply, constructs a multicast key notification packet, and sends it to the UT; after receiving the multicast key notification packet sent by the BS, the UT obtains the multicast key of the service group that the UT needs to apply by decrypting a service group key application list, constructs a multicast key confirmation packet, and sends it to the BS; the BS confirms that the multicast key of the UT service group is built successfully according to the multicast key confirmation packet sent by the UT.

摘要翻译： 本发明公开了适用于群呼系统的组播密钥协商方法及其系统。 该方法包括：用户终端（UT）与基站（BS）协商关于单播密钥，根据单播密钥导出信息加密密钥和完整性验证密钥，并注册UT所属的服务组标识符 到BS; BS向UT通知UT需要应用的业务组的组播密钥，构建组播密钥通知报文，并将其发送给UT; UT收到BS发送的组播密钥通知报文后，通过解密业务组密钥应用列表获取UT需要应用的业务组的组播密钥，构成组播密钥确认报文，并发送给BS ; 根据UT发送的组播密钥确认包，BS确认UT服务组的组播密钥成功建立。