公开(公告)号：US08571223B2

公开(公告)日：2013-10-29

申请号：US13382651

申请日：2009-12-29

申请人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

发明人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L9/08

CPC分类号： H04W12/04 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/0833 ,  H04L9/3228 ,  H04L9/3242 ,  H04L63/062 ,  H04L63/065 ,  H04L63/126 ,  H04L2209/38 ,  H04L2209/601 ,  H04L2209/805 ,  H04W12/06 ,  H04W84/18

摘要： A method for combining authentication and secret keys management mechanism in a sensor network includes the following steps: 1) pre-distribution of the secret key, which includes 1.1) the pre-distribution of the communication secret key and 1.2) the pre-distribution of the initial broadcast message authentication secret key; 2) authentication, which includes 2.1) the authentication of the node identity and 2.2) the authentication of the broadcast message; and 3) negotiation of the session secret key by the nodes.

摘要翻译： 一种将认证和秘密密钥管理机制组合在传感器网络中的方法，包括以下步骤：1）秘密密钥的预分配，其中包括1.1）通信秘密密钥的预分配，以及1.2）预分发 初始广播消息认证密钥; 2）认证，其中包括2.1）节点身份认证和2.2）广播消息的认证; 3）节点会话密钥协商。

公开(公告)号：US09015331B2

公开(公告)日：2015-04-21

申请号：US13203646

申请日：2009-12-14

申请人： Xiaolong Lai ,  Jun Cao ,  Zhiqiang Du ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

发明人： Xiaolong Lai ,  Jun Cao ,  Zhiqiang Du ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

IPC分类号： G06F15/16 ,  H04W12/06 ,  H04L29/06 ,  H04W84/12 ,  H04W12/04

CPC分类号： H04W12/06 ,  H04L63/062 ,  H04L63/065 ,  H04L63/08 ,  H04L63/10 ,  H04W12/04 ,  H04W84/12 ,  H04W88/08 ,  H04W88/12 ,  H04W92/12

摘要： A method for implementing a convergent Wireless Local Area Network (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture in a local Medium Access Control (MAC) mode is provided and includes the following steps: the MAC function and WAPI function of Access Point (AP) are divided between Wireless Terminal Point (WTP) and Access Controller (AC) to construct a local MAC mode; the convergence of WAPI protocol and the convergent WLAN network architecture is implemented in the local MAC mode; the process of association and connection between Station (STA), WTP and AC is performed; the process of notification of the beginning of the execution of the WLAN Authentication Infrastructure (WAI) protocol between AC and WTP is performed; the process of the execution of the WAI protocol between STA and AC is performed; the process of notification of the end of the execution of the WAI protocol between AC and WTP is performed; the process of encrypted communication between WTP and STA is performed by use of WPI.

摘要翻译： 提供了一种在本地媒体访问控制（MAC）模式下实现融合无线局域网（WLAN）认证和隐私基础设施（WLAN）网络架构的方法，包括以下步骤：接入点的MAC功能和WAPI功能 AP）分为无线终端点（WTP）和接入控制器（AC）之间，构成本地MAC模式; WAPI协议和融合WLAN网络架构的融合在本地MAC模式下实现; 执行站（STA），WTP和AC之间的关联和连接的过程; 执行在AC和WTP之间通知WLAN认证基础设施（WAI）协议的开始的过程; 执行STA和AC之间的WAI协议的执行过程; 执行在AC和WTP之间通知WAI协议的执行结束的过程; WTP和STA之间的加密通信过程通过使用WPI进行。

公开(公告)号：US08966257B2

公开(公告)日：2015-02-24

申请号：US13516967

申请日：2010-06-02

申请人： Manxia Tie ,  Jun Cao ,  Oin Li ,  Li Ge ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Oin Li ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L29/06 ,  H04L9/32 ,  H04L12/721

CPC分类号： H04L63/0464 ,  H04L9/0827 ,  H04L45/26 ,  H04L63/0435 ,  H04L63/0471 ,  H04L63/062 ,  H04L63/162

摘要： The present invention discloses a method and system for secret communication between nodes in a wired Local Area Network (LAN). The method of secret communication between nodes in the wired LAN includes the following steps: 1) a sharing key is established; 2) the route probe is exchanged; 3) the data communication is classified; 4) the secret communication is processed among the nodes. According to the different communication situations among the nodes, the method of secret communication between nodes provided in the present invention can process the classification and select an appropriate secret communication strategy; compared with per-hop encryption, the calculation load of the exchange equipment is reduced, and the transmission delay of data packets is shortened; compared with the method that inter-station keys are established in pairs of nodes in order to protect the communication secret, the key number is reduced, and the key management is simplified.

摘要翻译： 本发明公开了一种用于有线局域网（LAN）中的节点之间的秘密通信的方法和系统。 有线局域网节点之间的秘密通信方法包括以下步骤：1）建立共享密钥; 2）交换路由探测器; 3）数据通信分类; 4）节点之间处理秘密通信。 根据节点之间不同的通信情况，本发明提供的节点之间的秘密通信方法可以处理分类并选择适当的秘密通信策略; 与每跳加密相比，交换设备的计算负载减少，数据包的传输延迟缩短; 与站间密钥建立成对节点的方法相比，为了保护通信秘密，密钥号码减少，密钥管理简化。

公开(公告)号：US20120278623A1

公开(公告)日：2012-11-01

申请号：US13516967

申请日：2010-06-02

申请人： Manxia Tie ,  Jun Cao ,  Oin Li ,  Li Ge ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Oin Li ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L9/32 ,  H04L12/56

CPC分类号： H04L63/0464 ,  H04L9/0827 ,  H04L45/26 ,  H04L63/0435 ,  H04L63/0471 ,  H04L63/062 ,  H04L63/162

摘要： The present invention discloses a method and system for secret communication between nodes in a wired Local Area Network (LAN). The method of secret communication between nodes in the wired LAN includes the following steps: 1) a sharing key is established; 2) the route probe is exchanged; 3) the data communication is classified; 4) the secret communication is processed among the nodes. According to the different communication situations among the nodes, the method of secret communication between nodes provided in the present invention can process the classification and select an appropriate secret communication strategy; compared with per-hop encryption, the calculation load of the exchange equipment is reduced, and the transmission delay of data packets is shortened; compared with the method that inter-station keys are established in pairs of nodes in order to protect the communication secret, the key number is reduced, and the key management is simplified.

摘要翻译： 本发明公开了一种用于有线局域网（LAN）中的节点之间的秘密通信的方法和系统。 有线局域网节点之间的秘密通信方法包括以下步骤：1）建立共享密钥; 2）交换路由探测器; 3）数据通信分类; 4）节点之间处理秘密通信。 根据节点之间不同的通信情况，本发明提供的节点之间的秘密通信方法可以处理分类并选择适当的秘密通信策略; 与每跳加密相比，交换设备的计算负载减少，数据包的传输延迟缩短; 与站间密钥建立成对节点的方法相比，为了保护通信秘密，密钥号码减少，密钥管理简化。

公开(公告)号：US08855018B2

公开(公告)日：2014-10-07

申请号：US13203643

申请日：2009-12-14

申请人： Manxia Tie ,  Jun Cao ,  Zhiqiang Du ,  Xiaolong Lai ,  Li Ge ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Zhiqiang Du ,  Xiaolong Lai ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L12/28 ,  H04W12/06 ,  H04W12/04 ,  H04W84/12

CPC分类号： H04W12/06 ,  H04W12/04 ,  H04W84/12

摘要： A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by a wireless terminal point is constructed through separating the MAC function and the WAPI function of the wireless access point apart to the wireless terminal point and an access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the wireless terminal point realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station by using WPI.

摘要翻译： 用于实现具有分离式媒体接入控制（MAC）模式的融合无线局域网（WLAN）认证和隐私基础设施（WAPI）网络架构的方法包括以下步骤：用于通过以下方式实现WLAN隐私基础设施（WPI）的分割MAC模式 无线终端通过将无线接入点的MAC功能和WAPI功能分离到无线终端点和接入控制器来构建; 在无线终端实现WPI的分割MAC模式下实现WAPI和融合WLAN网络系统架构的集成; 在站点，无线终端点和访问控制器之间执行关联连接处理; 执行在接入控制器和无线终端点之间通知执行WLAN认证基础设施（WAI）协议的开始的过程; 执行在站点和访问控制器之间执行WAI协议的过程; 执行用于在接入控制器和无线终端点之间通知执行WAI协议的结束的过程; 通过使用WPI在无线终端点和站之间执行秘密通信处理。

公开(公告)号：US20110310771A1

公开(公告)日：2011-12-22

申请号：US13203643

申请日：2009-12-14

申请人： Manxia Tie ,  Jun Cao ,  Zhiqiang Du ,  Xiaolong Lai ,  Li Ge ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Zhiqiang Du ,  Xiaolong Lai ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L12/28

CPC分类号： H04W12/06 ,  H04W12/04 ,  H04W84/12

摘要： A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by a wireless terminal point is constructed through separating the MAC function and the WAPI function of the wireless access point apart to the wireless terminal point and an access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the wireless terminal point realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station by using WPI.

摘要翻译： 用于实现具有分离式媒体接入控制（MAC）模式的融合无线局域网（WLAN）认证和隐私基础设施（WAPI）网络架构的方法包括以下步骤：用于通过以下方式实现WLAN隐私基础设施（WPI）的分割MAC模式 通过将无线接入点的MAC功能和WAPI功能分离到无线终端点和接入控制器来构建无线终端点; 在无线终端实现WPI的分割MAC模式下实现WAPI和融合WLAN网络系统架构的集成; 在站点，无线终端点和访问控制器之间执行关联连接处理; 执行在接入控制器和无线终端点之间通知执行WLAN认证基础设施（WAI）协议的开始的过程; 执行在站点和访问控制器之间执行WAI协议的过程; 执行用于在接入控制器和无线终端点之间通知执行WAI协议的结束的过程; 通过使用WPI在无线终端点和站之间执行秘密通信处理。

公开(公告)号：US20110307621A1

公开(公告)日：2011-12-15

申请号：US13203646

申请日：2009-12-14

申请人： Xiaolong Lai ,  Jun Cao ,  Zhiqiang Du ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

发明人： Xiaolong Lai ,  Jun Cao ,  Zhiqiang Du ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

IPC分类号： G06F15/16

CPC分类号： H04W12/06 ,  H04L63/062 ,  H04L63/065 ,  H04L63/08 ,  H04L63/10 ,  H04W12/04 ,  H04W84/12 ,  H04W88/08 ,  H04W88/12 ,  H04W92/12

摘要： A method for implementing a convergent Wireless Local Area Network (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture in a local Medium Access Control (MAC) mode is provided and includes the following steps: the MAC function and WAPI function of Access Point (AP) are divided between Wireless Terminal Point (WTP) and Access Controller (AC) to construct a local MAC mode; the convergence of WAPI protocol and the convergent WLAN network architecture is implemented in the local MAC mode; the process of association and connection between STAtion (STA), WTP and AC is performed; the process of notification of the beginning of the execution of the WLAN Authentication Infrastructure (WAI) protocol between AC and WTP is performed; the process of the execution of the WAI protocol between STA and AC is performed; the process of notification of the end of the execution of the WAI protocol between AC and WTP is performed; the process of encrypted communication between WTP and STA is performed by use of WPI.

摘要翻译： 提供了一种在本地媒体访问控制（MAC）模式下实现融合无线局域网（WLAN）认证和隐私基础设施（WLAN）网络架构的方法，包括以下步骤：接入点的MAC功能和WAPI功能 AP）分为无线终端点（WTP）和接入控制器（AC）之间，构成本地MAC模式; WAPI协议和融合WLAN网络架构的融合在本地MAC模式下实现; 执行STAtion（STA），WTP和AC之间的关联和连接过程; 执行在AC和WTP之间通知WLAN认证基础设施（WAI）协议的开始的过程; 执行STA和AC之间的WAI协议的执行过程; 执行在AC和WTP之间通知WAI协议的执行结束的过程; WTP和STA之间的加密通信过程通过使用WPI进行。

公开(公告)号：US20120114124A1

公开(公告)日：2012-05-10

申请号：US13382651

申请日：2009-12-29

申请人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

发明人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L9/08 ,  H04L9/14

CPC分类号： H04W12/04 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/0833 ,  H04L9/3228 ,  H04L9/3242 ,  H04L63/062 ,  H04L63/065 ,  H04L63/126 ,  H04L2209/38 ,  H04L2209/601 ,  H04L2209/805 ,  H04W12/06 ,  H04W84/18

摘要： A method for combining authentication and secret keys management mechanism in a sensor network includes the following steps: 1) pre-distribution of the secret key, which includes 1.1) the pre-distribution of the communication secret key and 1.2) the pre-distribution of the initial broadcast message authentication secret key; 2) authentication, which includes 2.1) the authentication of the node identity and 2.2) the authentication of the broadcast message; and 3) negotiation of the session secret key by the nodes.

摘要翻译： 一种将认证和秘密密钥管理机制组合在传感器网络中的方法，包括以下步骤：1）秘密密钥的预分配，其中包括1.1）通信秘密密钥的预分配，以及1.2）预分发 初始广播消息认证密钥; 2）认证，其中包括2.1）节点身份认证和2.2）广播消息的认证; 3）节点会话密钥协商。

公开(公告)号：US08755528B2

公开(公告)日：2014-06-17

申请号：US13516257

申请日：2010-05-21

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC分类号： G06F21/00

摘要： A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

公开(公告)号：US20120257755A1

公开(公告)日：2012-10-11

申请号：US13516257

申请日：2010-05-21

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC分类号： H04L9/08

CPC分类号： H04L9/083 ,  H04L63/061

摘要： A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

摘要翻译： 公开了一种在站间建立安全连接的方法和系统。 该方法包括：1）交换设备接收由第一用户终端发送的站间密钥请求分组; 2）交换设备生成站间密钥，构建站间密钥通告报文，并发送给第二用户终端; 3）交换设备接收由第二用户终端发送的站间密钥通告响应报文; 4）交换机构建一个站间密钥通知应答报文，并发送给第一用户终端; 5）交换机接收第一用户终端发送的站间密钥通告响应报文。 交换设备为直接连接到交换机设备的两个站建立站间密钥，本发明的实施例通过该站点密钥确保站点之间的用户数据的机密性和完整性。