公开(公告)号：US20080222702A1

公开(公告)日：2008-09-11

申请号：US12042657

申请日：2008-03-05

Applicant: Lifeng Liu ,  Zhibin Zheng

Inventor： Lifeng Liu ,  Zhibin Zheng

IPC: G06F11/00

CPC classification number: H04L63/02 ,  H04L63/145

Abstract: Some embodiments of the present invention provide a system and method for preventing viruses from intruding into a network. The system for preventing viruses from intruding into a network includes: a detection unit for performing virus detection to traffic passing through the network, and a control unit arranged between terminals and the network. The control unit is adapted to control access of the terminals to the network, and decide whether to allow the terminals to access the network according to detection result from the detection unit. According to the invention, all the traffic of a terminal infected by a virus is limited, and the connection between the terminal and the network is interrupted, thereby preventing the virus from diffusing and propagating widely over the network, and improving operation security of the network.

Abstract translation: 本发明的一些实施例提供了一种用于防止病毒侵入网络的系统和方法。 用于防止病毒侵入网络的系统包括：用于对通过网络的业务进行病毒检测的检测单元，以及布置在终端和网络之间的控制单元。 控制单元适于控制终端到网络的接入，并且根据来自检测单元的检测结果来决定是否允许终端接入网络。 根据本发明，受病毒感染的终端的所有流量受到限制，终端与网络之间的连接中断，防止病毒在网络上广泛传播，提高网络的运营安全性 。

公开(公告)号：US20080016333A1

公开(公告)日：2008-01-17

申请号：US11649488

申请日：2007-01-04

Applicant: Zhenfu Cao ,  Xiaolei Dong ,  Zhenchuan Chai ,  Zhibin Zheng ,  Jiwei Wei

Inventor： Zhenfu Cao ,  Xiaolei Dong ,  Zhenchuan Chai ,  Zhibin Zheng ,  Jiwei Wei

IPC: H04L9/00

CPC classification number: H04L9/3226 ,  G06F21/34 ,  G06F21/445 ,  G07C9/00039 ,  H04L9/3234 ,  H04L9/3236 ,  H04L2209/38

Abstract: The present invention discloses a method and system for remote password based authentication using smart cards for accessing a communications network. The disclosed method does not require a remote authentication sever to maintain a table of passwords for all users. The disclosed method and system also support mutual authentication. It not only prevents the illegal use of system resources by an impersonator, the user can also authenticate the identity of the remote authentication server.

Abstract translation: 本发明公开了一种使用智能卡进行远程口令验证的方法和系统，用于访问通信网络。 所公开的方法不需要远程认证服务器来维护所有用户的密码表。 所公开的方法和系统还支持相互认证。 它不仅可以防止模拟人员非法使用系统资源，还可以验证远程认证服务器的身份。

公开(公告)号：US20070094509A1

公开(公告)日：2007-04-26

申请号：US11584364

申请日：2006-10-20

Applicant: Jiwei Wei ,  Zhibin Zheng ,  Chao Li

Inventor： Jiwei Wei ,  Zhibin Zheng ,  Chao Li

IPC: H04L9/00

CPC classification number: G06F21/42 ,  G06F21/6218 ,  G06F2221/2113 ,  G06F2221/2115 ,  G06F2221/2137 ,  H04L9/3231 ,  H04L9/3263

Abstract: A system and a method for security authentication, in which a biometric authentication subsystem in the security authentication system receives a biometric certificate held by the user and the user's biometric information from a user terminal; the biometric certificate contains the user's biometric template or the storage address of the biometric template; next, the biometric authentication subsystem authenticates the biometric certificate, performs matching between the biometric information and the biometric template, and generates the identity authentication result. The invention can also combine biometric authentication with PMI privilege authentication, so as to enhance security of identity authentication in PMI and widen applicability of biometric authentication.

Abstract translation: 一种用于安全认证的系统和方法，其中安全认证系统中的生物认证子系统从用户终端接收用户所持有的生物特征证书和用户的生物特征信息; 生物特征证书包含用户的生物特征模板或生物识别模板的存储地址; 接下来，生物认证子系统认证生物特征证书，执行生物特征信息与生物特征模板之间的匹配，并生成身份认证结果。 本发明还可以将生物识别认证与PMI特权认证结合起来，提升PMI身份认证的安全性，拓宽生物认证的适用性。

公开(公告)号：US08539249B2

公开(公告)日：2013-09-17

申请号：US11584364

申请日：2006-10-20

Applicant: Jiwei Wei ,  Zhibin Zheng ,  Chao Li

Inventor： Jiwei Wei ,  Zhibin Zheng ,  Chao Li

IPC: G06F21/00

CPC classification number: G06F21/42 ,  G06F21/6218 ,  G06F2221/2113 ,  G06F2221/2115 ,  G06F2221/2137 ,  H04L9/3231 ,  H04L9/3263

Abstract: A system and a method for security authentication, in which a biometric authentication subsystem in the security authentication system receives a biometric certificate held by the user and the user's biometric information from a user terminal; the biometric certificate contains the user's biometric template or the storage address of the biometric template; next, the biometric authentication subsystem authenticates the biometric certificate, performs matching between the biometric information and the biometric template, and generates the identity authentication result. The invention can also combine biometric authentication with PMI privilege authentication, so as to enhance security of identity authentication in PMI and widen applicability of biometric authentication.

Abstract translation: 一种用于安全认证的系统和方法，其中安全认证系统中的生物认证子系统从用户终端接收用户所持有的生物特征证书和用户的生物特征信息; 生物特征证书包含用户的生物特征模板或生物识别模板的存储地址; 接下来，生物认证子系统认证生物特征证书，执行生物特征信息与生物特征模板之间的匹配，并生成身份认证结果。 本发明还可以将生物识别认证与PMI特权认证结合起来，提升PMI身份认证的安全性，拓宽生物认证的适用性。

公开(公告)号：US08477774B2

公开(公告)日：2013-07-02

申请号：US12569459

申请日：2009-09-29

Applicant: Yang Xin ,  Lifeng Liu ,  Zhibin Zheng ,  Hongliang Zhu ,  Kai Zhao ,  Yixian Yang

Inventor： Yang Xin ,  Lifeng Liu ,  Zhibin Zheng ,  Hongliang Zhu ,  Kai Zhao ,  Yixian Yang

IPC: H04L12/28

CPC classification number: H04L41/142 ,  H04L29/12509 ,  H04L43/028 ,  H04L61/2567 ,  H04L69/22

Abstract: A detecting method is provided, which includes extracting an Internet Protocol Identifier value from an obtained data packet. The detecting method may further include searching in a record table containing a correspondence relationship between an Internet Protocol Identifier value and a terminal serial number to determine whether the record table contains an adjacent Internet Protocol Identifier value smaller than the extracted Internet Protocol Identifier value and modifying the adjacent Internet Protocol Identifier value that is smaller than the extracted Internet Protocol Identifier value to be the extracted Internet Protocol Identifier value if the record table contains the adjacent Internet Protocol Identifier value smaller than the extracted Internet Protocol Identifier value. Otherwise, the detecting method may also include, adding a new record of the extracted Internet Protocol Identifier value and the corresponding terminal serial number into the record table. When a notification is received, the detecting method may calculate the number of terminal serial numbers in the record table and output the number of terminal serial numbers as the number of hosts. The provided detecting method may further provide a corresponding statistic and analyzing server and a detecting system.

Abstract translation: 提供一种检测方法，其包括从获得的数据分组提取因特网协议标识符值。 检测方法还可以包括在包含因特网协议标识符值和终端序列号之间的对应关系的记录表中​​进行搜索，以确定记录表是否包含比所提取的因特网协议标识符值小的相邻互联网协议标识符值，并修改 相邻的因特网协议标识符值小于作为所提取的因特网协议标识符值的提取的因特网协议标识符值，如果记录表包含比所提取的因特网协议标识符值小的相邻互联网协议标识符值。 否则，检测方法还可以包括：将所提取的因特网协议标识符值和相应的终端序列号的新记录添加到记录表中。 当接收到通知时，检测方法可以计算记录表中的终端序列号，并输出终端序列号作为主机数。 所提供的检测方法还可以提供相应的统计和分析服务器和检测系统。

公开(公告)号：US07298802B2

公开(公告)日：2007-11-20

申请号：US10367838

申请日：2003-02-19

Applicant: Feng Ren ,  Zhibin Zheng ,  Yuehua Chen

Inventor： Feng Ren ,  Zhibin Zheng ,  Yuehua Chen

IPC: H03D1/04 ,  H03D1/06 ,  H03K5/01 ,  H03K6/04

CPC classification number: H04B1/7103 ,  H04B1/7115 ,  H04B17/336

Abstract: The invention discloses a signal-to-interference ratio (SIR) measurement method. The method measures interference power (I) of a single-path signal after the received signal is demodulated by the single-path demodulators of multipath receiving device at the receiving end. The total interference power is obtained by equipartition combining with the measured interference power of each single-path signal. The signal power (S) is obtained by measuring after maximum ratio combination of each single-path signal. The SIR of the received signal is the division of the signal power and the total interference power. An apparatus, implementing mentioned method, sets the interference power measurement-device in the RAKE combiner and the signal power measurement-device after the RAKE combiner. In this way, the interference measurement can effectively provide more information and can more really response to the channel variation.

Abstract translation: 本发明公开了一种信号干扰比（SIR）测量方法。 该方法在接收端通过多路径接收装置的单路解调器对接收到的信号进行解调后，测量单路信号的干扰功率（I）。 总干扰功率是通过与每个单路信号的测量干扰功率组合来获得的。 信号功率（S）通过在每个单路信号的最大比组合之后进行测量来获得。 接收信号的SIR是信号功率和总干扰功率的分割。 实现上述方法的装置在RAKE组合器之后将RAKE组合器中的干扰功率测量装置和信号功率测量装置设置。 以这种方式，干扰测量可以有效地提供更多的信息，并且可以更真实地响应信道变化。

公开(公告)号：US20050047597A1

公开(公告)日：2005-03-03

申请号：US10498334

申请日：2002-03-29

Applicant: Zhibin Zheng

Inventor： Zhibin Zheng

IPC: H04L9/00 ,  H04W12/00

CPC classification number: H04L9/0819 ,  H04L9/14 ,  H04L2209/80 ,  H04W12/02

Abstract: The present invention discloses a method for implementing security communication by independently selecting an encryption algorithm. In this method, a bit for representing CI is added, and a judge process for the CI and encryption algorithm supported by both the current subscriber and network is added. Under the condition that CN supports more than one encryption algorithm, if the CI is 1 and a standard encryption algorithm is supported by both UE and CN, the standard encryption algorithm is determined as the encryption algorithm for security communication; otherwise, the communication is disconnected; if the CI is 0 and a self-developed non-standard encryption algorithm is supported by both UE and CN, the encryption algorithm is determined as the encryption algorithm for security communication; otherwise, the communication is disconnected. Under the condition that CN only supports the standard encryption algorithm, if this algorithm is also supported by UE, this standard encryption algorithm is determined as the encryption algorithm for security communication directly; otherwise, the communication is disconnected. This method enables the subscriber to perform security communication utilizing effective encryption algorithm anywhere and satisfies the requirement for independently selecting encryption algorithm in local area. Accordingly, the subscriber interest and service quality is guaranteed.

Abstract translation: 本发明公开了一种通过独立选择加密算法实现安全通信的方法。 在该方法中，添加用于表示CI的位，并且添加由当前用户和网络支持的CI和加密算法的判断处理。 在CN支持多个加密算法的情况下，如果CI为1，并且UE和CN都支持标准加密算法，则将标准加密算法确定为安全通信的加密算法; 否则，通信断开; 如果CI为0，并且UE和CN都支持自主开发的非标准加密算法，则将加密算法确定为用于安全通信的加密算法; 否则，通信断开。 在CN只支持标准加密算法的情况下，如果UE支持该算法，则该标准加密算法直接作为安全通信的加密算法确定; 否则，通信断开。 该方法使用户能够在任何地方使用有效的加密算法进行安全通信，满足局部区域独立选择加密算法的要求。 因此，保证了用户的兴趣和服务质量。

公开(公告)号：US07933584B2

公开(公告)日：2011-04-26

申请号：US11580591

申请日：2006-10-13

Applicant: Changfeng Ji ,  Jiwei Wei ,  Shuling Liu ,  Zhibin Zheng

Inventor： Changfeng Ji ,  Jiwei Wei ,  Shuling Liu ,  Zhibin Zheng

IPC: H04M1/65 ,  H04M1/68 ,  H04M3/16

CPC classification number: H04L63/102 ,  H04L63/145 ,  H04L67/34 ,  H04W8/22 ,  H04W8/245 ,  H04W12/08 ,  H04W12/12

Abstract: A correlative reacting system and a method for implementing security update of mobile station. The correlative reacting system includes a security correlative agent at a terminal side and a security correlative server at a network side communicated with the security correlative agent via an air interface. In the present invention, the correlative reacting system performs an information interaction with the mobile station, controls the mobile station to carry out an automatic security update. The automatic security update includes automatic downloading and installation, update of the security correlative agent, and automatic recovery of the insecurity factors of the mobile station and the like.

Abstract translation: 一种相关的反应系统和一种实现移动台安全更新的方法。 相关反应系统包括终端侧的安全相关代理和网络侧的安全相关服务器，其通过空中接口与安全性相关代理进行通信。 在本发明中，相关反应系统与移动台进行信息交互，控制移动台进行自动安全更新。 自动安全更新包括自动下载和安装，安全相关代理的更新以及移动台的不安全因素的自动恢复等。

公开(公告)号：US07769999B2

公开(公告)日：2010-08-03

申请号：US11649488

申请日：2007-01-04

Applicant: Zhenfu Cao ,  Xiaolei Dong ,  Zhenchuan Chai ,  Zhibin Zheng ,  Jiwei Wei

Inventor： Zhenfu Cao ,  Xiaolei Dong ,  Zhenchuan Chai ,  Zhibin Zheng ,  Jiwei Wei

IPC: H04L29/06

CPC classification number: H04L9/3226 ,  G06F21/34 ,  G06F21/445 ,  G07C9/00039 ,  H04L9/3234 ,  H04L9/3236 ,  H04L2209/38

Abstract: The present invention discloses a method and system for remote password based authentication using smart cards for accessing a communications network. The disclosed method does not require a remote authentication sever to maintain a table of passwords for all users. The disclosed method and system also support mutual authentication. It not only prevents the illegal use of system resources by an impersonator, the user can also authenticate the identity of the remote authentication server.

Abstract translation: 本发明公开了一种使用智能卡进行远程口令验证的方法和系统，用于访问通信网络。 所公开的方法不需要远程认证服务器来维护所有用户的密码表。 所公开的方法和系统还支持相互认证。 它不仅可以防止模拟人员非法使用系统资源，还可以验证远程认证服务器的身份。

公开(公告)号：US20100017376A1

公开(公告)日：2010-01-21

申请号：US12569459

申请日：2009-09-29

Applicant: Yang XIN ,  Lifeng Liu ,  Zhibin Zheng ,  Hongliang Zhu ,  Kai Zhao ,  Yixian Yang

Inventor： Yang XIN ,  Lifeng Liu ,  Zhibin Zheng ,  Hongliang Zhu ,  Kai Zhao ,  Yixian Yang

IPC: G06F15/177 ,  G06F17/30

CPC classification number: H04L41/142 ,  H04L29/12509 ,  H04L43/028 ,  H04L61/2567 ,  H04L69/22

Abstract: A detecting method is provided, which includes extracting an Internet Protocol Identifier value from an obtained data packet. The detecting method may further include searching in a record table containing a correspondence relationship between an Internet Protocol Identifier value and a terminal serial number to determine whether the record table contains an adjacent Internet Protocol Identifier value smaller than the extracted Internet Protocol Identifier value and modifying the adjacent Internet Protocol Identifier value that is smaller than the extracted Internet Protocol Identifier value to be the extracted Internet Protocol Identifier value if the record table contains the adjacent Internet Protocol Identifier value smaller than the extracted Internet Protocol Identifier value. Otherwise, the detecting method may also include, adding a new record of the extracted Internet Protocol Identifier value and the corresponding terminal serial number into the record table. When a notification is received, the detecting method may calculate the number of terminal serial numbers in the record table and output the number of terminal serial numbers as the number of hosts. The provided detecting method may further provide a corresponding statistic and analyzing server and a detecting system.

Abstract translation: 提供一种检测方法，其包括从获得的数据分组提取因特网协议标识符值。 检测方法还可以包括在包含因特网协议标识符值和终端序列号之间的对应关系的记录表中​​进行搜索，以确定记录表是否包含比所提取的因特网协议标识符值小的相邻互联网协议标识符值，并修改 相邻的因特网协议标识符值小于作为所提取的因特网协议标识符值的提取的因特网协议标识符值，如果记录表包含比所提取的因特网协议标识符值小的相邻互联网协议标识符值。 否则，检测方法还可以包括：将所提取的因特网协议标识符值和相应的终端序列号的新记录添加到记录表中。 当接收到通知时，检测方法可以计算记录表中的终端序列号，并输出终端序列号作为主机数。 所提供的检测方法还可以提供相应的统计和分析服务器和检测系统。