公开(公告)号：US20100306839A1

公开(公告)日：2010-12-02

申请号：US12739678

申请日：2008-10-23

申请人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Liaojun Pang ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Liaojun Pang ,  Zhenhai Huang

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： H04L63/0869 ,  H04L9/3213 ,  H04L9/3273 ,  H04L63/0823 ,  H04L63/126

摘要： An entity bi-directional identification method and system based on a trustable third party thereof are provided. The system comprises a first entity, which is for sending a first message to a second entity, sending a third message to a third entity after receiving a second message sent by the second entity, verifying the fourth message after receiving a fourth message sent by the third entity, sending a fifth message to the second entity after the verification is finished; the second entity, which is for receiving the first message sent by the first entity, sending the second message to the first entity, verifying the fifth message after receiving the fifth message sent by the first entity; the third entity, which is for receiving the third message sent by the first entity, checking if the first entity and the second entity are legal, implementing the pretreatment according to the checking result, sending the first entity the fourth message after the treatment is finished.

摘要翻译： 提供了一种基于可信任第三方的实体双向识别方法和系统。 该系统包括用于向第二实体发送第一消息的第一实体，在接收到由第二实体发送的第二消息之后向第三实体发送第三消息，在接收到由第二实体发送的第四消息之后验证第四消息 第三实体，在验证完成之后向第二实体发送第五消息; 所述第二实体用于接收由所述第一实体发送的所述第一消息，向所述第一实体发送所述第二消息，在接收到由所述第一实体发送的所述第五消息之后验证所述第五消息; 用于接收第一实体发送的第三消息的第三实体，检查第一实体和第二实体是否合法，根据检查结果实现预处理，在处理完成之后发送第一实体第四消息 。

公开(公告)号：US08787574B2

公开(公告)日：2014-07-22

申请号：US13637375

申请日：2010-05-12

申请人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04K1/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： H04W12/04 ,  H04L12/189 ,  H04L63/065 ,  H04W12/10

摘要： The present invention discloses a multicast key negotiation method suitable for group calling system and a system thereof. The method includes that: a user terminal (UT) negotiates about a unicast key with a base station (BS), derives an information encryption key and an integrity verifying key according to the unicast key, and registers a service group identifier that the UT belongs to at the BS; the BS notifies the UT the multicast key of the service group that the UT needs to apply, constructs a multicast key notification packet, and sends it to the UT; after receiving the multicast key notification packet sent by the BS, the UT obtains the multicast key of the service group that the UT needs to apply by decrypting a service group key application list, constructs a multicast key confirmation packet, and sends it to the BS; the BS confirms that the multicast key of the UT service group is built successfully according to the multicast key confirmation packet sent by the UT.

摘要翻译： 本发明公开了适用于群呼系统的组播密钥协商方法及其系统。 该方法包括：用户终端（UT）与基站（BS）协商关于单播密钥，根据单播密钥导出信息加密密钥和完整性验证密钥，并注册UT所属的服务组标识符 到BS; BS向UT通知UT需要应用的业务组的组播密钥，构建组播密钥通知报文，并将其发送给UT; UT收到BS发送的组播密钥通知报文后，通过解密业务组密钥应用列表获取UT需要应用的业务组的组播密钥，构成组播密钥确认报文，并发送给BS ; 根据UT发送的组播密钥确认包，BS确认UT服务组的组播密钥成功建立。

公开(公告)号：US08819778B2

公开(公告)日：2014-08-26

申请号：US13320469

申请日：2009-12-07

申请人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L29/06 ,  H04W12/06

CPC分类号： H04W36/0038 ,  H04L41/0803 ,  H04L63/205 ,  H04W12/06 ,  H04W92/12

摘要： The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.

摘要翻译： 本发明的实施例涉及一种当WLAN隐私基础设施（WPI）由接入控制器（AC）执行时，在集中式无线局域网（WLAN）中切换台站的方法和系统。 该方法包括：步骤1：站通过目的无线终端（WTP）与AC重新关联; 步骤2：AC通知相关的WTP删除站; 步骤3：AC通知目的地WTP加入车站。 本发明基于在交换台处理过程中的无线接入点协议（CAPWAP）控制消息的控制和提供，实现了加入站和删除站之间的AC和WTP的操作。 因此，本发明可以在同一AC下的WTP之间快速，安全地实现站切换。

公开(公告)号：US08417955B2

公开(公告)日：2013-04-09

申请号：US12808049

申请日：2008-12-09

申请人： Manxia Tie ,  Jun Cao ,  Zhenhai Huang ,  Xiaolong Lai

发明人： Manxia Tie ,  Jun Cao ,  Zhenhai Huang ,  Xiaolong Lai

IPC分类号： H04L29/06

CPC分类号： H04L9/321 ,  H04L9/3247

摘要： An entity bidirectional authentication method and system, the method involves: the first entity sends the first message; the second entity sends the second message to the credible third party after receiving the said first message; the said credible third party returns the third message after receiving the second message; the said second entity sends the fourth message after receiving the third message and verifying it; the said first entity receives the said fourth message and verifies it, completes the authentication. Compared with the conventional authentication mechanism, the invention defines an on-line retrieval and authentication mechanism of a public key, realizes the centralized management for it, simplifies the operating condition of the protocol, and facilitates the application and implement.

摘要翻译： 一种实体双向认证方法和系统，该方法涉及：第一实体发送第一消息; 第二实体在接收到所述第一消息之后将第二消息发送到可信第三方; 所述可信第三方在接收到第二消息后返回第三消息; 所述第二实体在接收到第三消息并验证之后发送第四消息; 所述第一实体接收所述第四消息并对其进行验证，从而完成认证。 与常规认证机制相比，本发明定义了公钥的在线检索和认证机制，实现了集中管理，简化了协议的工作状态，便于应用和实现。

公开(公告)号：US20120151554A1

公开(公告)日：2012-06-14

申请号：US13391051

申请日：2009-12-23

申请人： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

发明人： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/205

摘要： The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

摘要翻译： 本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

公开(公告)号：US20120054831A1

公开(公告)日：2012-03-01

申请号：US13320469

申请日：2009-12-07

申请人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04W12/06 ,  H04W48/00 ,  H04W72/04

CPC分类号： H04W36/0038 ,  H04L41/0803 ,  H04L63/205 ,  H04W12/06 ,  H04W92/12

摘要： The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.

摘要翻译： 本发明的实施例涉及一种当WLAN隐私基础设施（WPI）由接入控制器（AC）执行时，在集中式无线局域网（WLAN）中切换台站的方法和系统。 该方法包括：步骤1：站通过目的无线终端（WTP）与AC重新关联; 步骤2：AC通知相关的WTP删除站; 步骤3：AC通知目的地WTP加入车站。 本发明基于在交换台处理过程中的无线接入点协议（CAPWAP）控制消息的控制和提供，实现了加入站和删除站之间的AC和WTP的操作。 因此，本发明可以在同一AC下的WTP之间快速，安全地实现站切换。

公开(公告)号：US20110314286A1

公开(公告)日：2011-12-22

申请号：US12740082

申请日：2008-10-30

申请人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Jiandong Li ,  Liaojun Pang ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Jiandong Li ,  Liaojun Pang ,  Zhenhai Huang

IPC分类号： H04L9/08 ,  G06F15/16

CPC分类号： H04W12/06 ,  H04L63/1466 ,  H04L63/162 ,  H04W12/04 ,  H04W84/12

摘要： An access authentication method applying to IBSS network involves the following steps of: 1) performing authentication role configuration for network entities; 2) authenticating an authentication entity and a request entity that have been performed the authentication role configuration via an authentication protocol; and 3) after finishing the authentication, the authentication entity and the request entity perform the key negotiation, wherein, the message integrity check field and protocol synchronization lock-in field are added in a key negotiation message. The access authentication method applying to IBSS network provided by the invention has the advantages of the better safeness and the higher execution efficiency.

摘要翻译： 适用于IBSS网络的接入认证方法包括以下步骤：1）对网络实体进行认证角色配置; 2）通过认证协议认证已经执行认证角色配置的认证实体和请求实体; 和3）认证完成后，认证实体和请求实体进行密钥协商，其中消息完整性检查字段和协议同步锁定字段被添加到密钥协商消息中。 适用于本发明提供的IBSS网络的接入认证方法具有安全性更高，执行效率更高的优点。

公开(公告)号：US09015331B2

公开(公告)日：2015-04-21

申请号：US13203646

申请日：2009-12-14

申请人： Xiaolong Lai ,  Jun Cao ,  Zhiqiang Du ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

发明人： Xiaolong Lai ,  Jun Cao ,  Zhiqiang Du ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

IPC分类号： G06F15/16 ,  H04W12/06 ,  H04L29/06 ,  H04W84/12 ,  H04W12/04

CPC分类号： H04W12/06 ,  H04L63/062 ,  H04L63/065 ,  H04L63/08 ,  H04L63/10 ,  H04W12/04 ,  H04W84/12 ,  H04W88/08 ,  H04W88/12 ,  H04W92/12

摘要： A method for implementing a convergent Wireless Local Area Network (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture in a local Medium Access Control (MAC) mode is provided and includes the following steps: the MAC function and WAPI function of Access Point (AP) are divided between Wireless Terminal Point (WTP) and Access Controller (AC) to construct a local MAC mode; the convergence of WAPI protocol and the convergent WLAN network architecture is implemented in the local MAC mode; the process of association and connection between Station (STA), WTP and AC is performed; the process of notification of the beginning of the execution of the WLAN Authentication Infrastructure (WAI) protocol between AC and WTP is performed; the process of the execution of the WAI protocol between STA and AC is performed; the process of notification of the end of the execution of the WAI protocol between AC and WTP is performed; the process of encrypted communication between WTP and STA is performed by use of WPI.

摘要翻译： 提供了一种在本地媒体访问控制（MAC）模式下实现融合无线局域网（WLAN）认证和隐私基础设施（WLAN）网络架构的方法，包括以下步骤：接入点的MAC功能和WAPI功能 AP）分为无线终端点（WTP）和接入控制器（AC）之间，构成本地MAC模式; WAPI协议和融合WLAN网络架构的融合在本地MAC模式下实现; 执行站（STA），WTP和AC之间的关联和连接的过程; 执行在AC和WTP之间通知WLAN认证基础设施（WAI）协议的开始的过程; 执行STA和AC之间的WAI协议的执行过程; 执行在AC和WTP之间通知WAI协议的执行结束的过程; WTP和STA之间的加密通信过程通过使用WPI进行。

公开(公告)号：US08763100B2

公开(公告)日：2014-06-24

申请号：US13392915

申请日：2009-12-29

申请人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： G06F21/00

CPC分类号： H04L63/08 ,  H04L9/3213 ,  H04L9/3247 ,  H04L9/3263 ,  H04L9/3271 ,  H04L9/3297

摘要： An entity authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 1 to an entity A; 2) the entity A sends a message 2 to a trusted third party TP after receiving the message 1; 3) the trusted third party TP checks the validity of the entity A after receiving the message 2; 4) the trusted third party TP returns a message 3 to the entity A after checking the validity of the entity A; 5) the entity A sends a message 4 to the entity B after receiving the message 3; 6) and the entity B performs validation after receiving the message 4. The online retrieval and authentication mechanism of the public key simplifies the operating condition of a protocol, and realizes validity identification of the network for the user through the authentication of the entity B to the entity A.

摘要翻译： 通过引入在线第三方的实体认证方法包括以下步骤：1）实体B向实体A发送消息1; 2）实体A在接收到消息1之后向可信第三方TP发送消息2; 3）受信任的第三方TP在接收到消息2后检查实体A的有效性; 4）可信第三方TP在检查实体A的有效性之后向实体A返回消息3; 5）实体A在接收到消息3之后向实体B发送消息4; 6），实体B在接收到消息4后进行验证。公钥的在线检索和认证机制简化了协议的工作状态，通过对实体B认证实现了用户对网络的有效性识别 实体A.

公开(公告)号：US08751792B2

公开(公告)日：2014-06-10

申请号：US13499126

申请日：2009-12-14

申请人： Manxia Tie ,  Jun Cao ,  Zhenhai Huang ,  Xiaolong Lai

发明人： Manxia Tie ,  Jun Cao ,  Zhenhai Huang ,  Xiaolong Lai

IPC分类号： H04L29/06

CPC分类号： H04L9/3213 ,  H04L9/3268 ,  H04L63/0823

摘要： A method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party is disclosed. The method includes the following steps: 1) an entity B transmits a message 1 to an entity A; 2) the entity A transmits a message 2 to a credible third party TP after receiving the message 1; 3) the credible third party TP determines the response RepTA after receiving the message 2; 4) the credible third party TP returns a message 3 to the entity A; 5) the entity A returns a message 4 to the entity B after receiving the message 3; 6) the entity B receives the message 4; 7) the entity B transmits a message 5 to the entity A; 8) the entity A receives the message 5. The present invention can achieve public key acquisition, certificate validation and authentication of the entity by integrating them in one protocol, thereby facilitate the execution efficiency and the effect of the protocol and facilitate the combination with various public key acquisition and public key certificate state enquiry protocols. The present invention suits with a “user-access point-server” access network structure to meet the authentication requirement of the access network.

摘要翻译： 公开了通过引入在线可信第三方实体公钥获取，证书验证和认证的方法和系统。 该方法包括以下步骤：1）实体B向实体A发送消息1; 2）实体A在接收到消息1之后向可信第三方TP发送消息2; 3）可靠的第三方TP确定收到消息后的回复RepTA 2; 4）可信第三方TP向实体A返回消息3; 5）实体A在接收到消息3之后向实体B返回消息4; 6）实体B接收消息4; 7）实体B向实体A发送消息5; 8）实体A接收消息5.本发明可以通过在一个协议中集成实现公钥获取，证书验证和认证，从而促进协议的执行效率和效果，并促进与各种协议的组合 公开密钥获取和公钥证书状态查询协议。 本发明适用于“用户接入点 - 服务器”接入网络结构，以满足接入网络的认证要求。