-
公开(公告)号:US08466775B2
公开(公告)日:2013-06-18
申请号:US13055092
申请日:2009-07-24
申请人: Liaojun Pang , Manxia Tie , Xiaolong Lai , Zhenhai Huang
发明人: Liaojun Pang , Manxia Tie , Xiaolong Lai , Zhenhai Huang
CPC分类号: H04L9/3273 , H04L2209/42 , H04L2209/805
摘要: An electronic label authenticating method is provided, the method includes: the electronic label receives an accessing authenticating request group sent by a reader-writer, the group carries a first parameter selected by the reader-writer; the electronic label sends a response group of the accessing authenticating to the reader-writer, the response group of the accessing authenticating includes the first parameter and a second parameter selected by the electronic label; the electronic label receives an acknowledgement group of the accessing authenticating feed back by the reader-writer; the electronic label validates the acknowledgement group of the accessing authenticating. An electronic label authenticating system is also provided, the system includes a reader-writer and an electronic label.
摘要翻译: 提供电子标签认证方法,该方法包括:电子标签接收读写器发送的访问认证请求组,该组携带由读写器选择的第一参数; 电子标签将访问认证的响应组发送给读写器,访问认证的响应组包括由电子标签选择的第一参数和第二参数; 电子标签接收由读写器访问认证反馈的确认组; 电子标签验证访问认证的确认组。 还提供电子标签认证系统,该系统包括读写器和电子标签。
-
公开(公告)号:US20110133902A1
公开(公告)日:2011-06-09
申请号:US13055092
申请日:2009-07-24
申请人: Liaojun Pang , Manxia Tie , Xiaolong Lai , Zhenhai Huang
发明人: Liaojun Pang , Manxia Tie , Xiaolong Lai , Zhenhai Huang
IPC分类号: G06K7/01
CPC分类号: H04L9/3273 , H04L2209/42 , H04L2209/805
摘要: An electronic label authenticating method is provided, the method includes: the electronic label receives an accessing authenticating request group sent by a reader-writer, the group carries a first parameter selected by the reader-writer; the electronic label sends a response group of the accessing authenticating to the reader-writer, the response group of the accessing authenticating includes the first parameter and a second parameter selected by the electronic label; the electronic label receives an acknowledgement group of the accessing authenticating feed back by the reader-writer; the electronic label validates the acknowledgement group of the accessing authenticating. An electronic label authenticating system is also provided, the system includes a reader-writer and an electronic label.
摘要翻译: 提供电子标签认证方法,该方法包括:电子标签接收读写器发送的访问认证请求组,该组携带由读写器选择的第一参数; 电子标签将访问认证的响应组发送给读写器,访问认证的响应组包括由电子标签选择的第一参数和第二参数; 电子标签接收由读写器访问认证反馈的确认组; 电子标签验证访问认证的确认组。 还提供电子标签认证系统,该系统包括读写器和电子标签。
-
公开(公告)号:US08495712B2
公开(公告)日:2013-07-23
申请号:US12519955
申请日:2007-06-25
申请人: Xiaolong Lai , Jun Cao , Manxia Tie , Bianling Zhang
发明人: Xiaolong Lai , Jun Cao , Manxia Tie , Bianling Zhang
IPC分类号: H04L29/00
CPC分类号: H04L63/0869
摘要: This invention relates to a peer-to-peer access control method of a triple-unit structure for safely implementing bidirectional authentication between the terminal and the network. According to the method, on the basis of the access control method of the existing double-unit triple-entity structure, the authenticator function is implemented in the access controller, and the authentication protocol function is implemented in the terminal and the access controller, so that the terminal, the access controller and the server all participate in the authentication, and the trust relationship is established between the terminal and the access controller directly, which renders security very reliable. The invention not only solves the technical problems of the access control method of the existing double-unit double-entity structure that the access flexibility is limited and the extension of the number of the access controllers is inconvenient, but also solves the technical problems of the existing access control method of the double-unit triple-entity structure that the process for establishing the trust relationship is complicated and the security of the network may be influenced, thus achieving advantages of high security performance, no requirement of changing existing network structures and relative independency of the authentication protocol.
摘要翻译: 本发明涉及用于在终端和网络之间安全地实现双向认证的三单元结构的对等接入控制方法。 根据该方法,在现有的双单元三实体结构的访问控制方法的基础上,在接入控制器中实现认证方的功能,在终端和接入控制器中实现认证协议功能, 终端,接入控制器和服务器都参与认证,直接在终端和接入控制器之间建立信任关系,使安全性非常可靠。 本发明不仅解决了现有的双单元双实体结构的访问控制方法的技术问题,即访问灵活性有限,访问控制器数量的扩展不方便,而且解决了 建立信任关系的过程复杂,网络安全性可能受影响的双单元三实体结构的现有访问控制方法,从而实现高安全性能的优势,无需改变现有网络结构和相对性 认证协议的独立性。
-
公开(公告)号:US08755528B2
公开(公告)日:2014-06-17
申请号:US13516257
申请日:2010-05-21
申请人: Li Ge , Jun Cao , Manxia Tie , Qin Li , Xiaolong Lai
发明人: Li Ge , Jun Cao , Manxia Tie , Qin Li , Xiaolong Lai
IPC分类号: G06F21/00
摘要: A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.
-
公开(公告)号:US20120257755A1
公开(公告)日:2012-10-11
申请号:US13516257
申请日:2010-05-21
申请人: Li Ge , Jun Cao , Manxia Tie , Qin Li , Xiaolong Lai
发明人: Li Ge , Jun Cao , Manxia Tie , Qin Li , Xiaolong Lai
IPC分类号: H04L9/08
CPC分类号: H04L9/083 , H04L63/061
摘要: A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.
摘要翻译: 公开了一种在站间建立安全连接的方法和系统。 该方法包括:1)交换设备接收由第一用户终端发送的站间密钥请求分组; 2)交换设备生成站间密钥,构建站间密钥通告报文,并发送给第二用户终端; 3)交换设备接收由第二用户终端发送的站间密钥通告响应报文; 4)交换机构建一个站间密钥通知应答报文,并发送给第一用户终端; 5)交换机接收第一用户终端发送的站间密钥通告响应报文。 交换设备为直接连接到交换机设备的两个站建立站间密钥,本发明的实施例通过该站点密钥确保站点之间的用户数据的机密性和完整性。
-
公开(公告)号:US20100037302A1
公开(公告)日:2010-02-11
申请号:US12519955
申请日:2007-06-25
申请人: Xiaolong Lai , Jun Cao , Manxia Tie , Bianling Zhang
发明人: Xiaolong Lai , Jun Cao , Manxia Tie , Bianling Zhang
IPC分类号: H04L29/06
CPC分类号: H04L63/0869
摘要: This invention relates to a peer-to-peer access control method of a triple-unit structure for safely implementing bidirectional authentication between the terminal and the network. According to the method, on the basis of the access control method of the existing double-unit triple-entity structure, the authenticator function is implemented in the access controller, and the authentication protocol function is implemented in the terminal and the access controller, so that the terminal, the access controller and the server all participate in the authentication, and the trust relationship is established between the terminal and the access controller directly, which renders security very reliable. The invention not only solves the technical problems of the access control method of the existing double-unit double-entity structure that the access flexibility is limited and the extension of the number of the access controllers is inconvenient, but also solves the technical problems of the existing access control method of the double-unit triple-entity structure that the process for establishing the trust relationship is complicated and the security of the network may be influenced, thus achieving advantages of high security performance, no requirement of changing existing network structures and relative independency of the authentication protocol.
摘要翻译: 本发明涉及用于在终端和网络之间安全地实现双向认证的三单元结构的对等接入控制方法。 根据该方法,在现有的双单元三实体结构的访问控制方法的基础上,在接入控制器中实现认证方的功能,在终端和接入控制器中实现认证协议功能, 终端,接入控制器和服务器都参与认证,直接在终端和接入控制器之间建立信任关系,使安全性非常可靠。 本发明不仅解决了现有的双单元双实体结构的访问控制方法的技术问题,即访问灵活性有限,访问控制器数量的扩展不方便,而且解决了 建立信任关系的过程复杂,网络安全性可能受影响的双单元三实体结构的现有访问控制方法,从而实现高安全性能的优势,无需改变现有网络结构和相对性 认证协议的独立性。
-
公开(公告)号:US08412943B2
公开(公告)日:2013-04-02
申请号:US12741982
申请日:2008-11-07
申请人: Liaojun Pang , Jun Cao , Manxia Tie , Zhenhai Huang
发明人: Liaojun Pang , Jun Cao , Manxia Tie , Zhenhai Huang
IPC分类号: H04L29/00
CPC分类号: H04L9/3247 , G06F21/445 , G06Q20/3823 , G06Q20/388 , G06Q20/4097 , H04L9/0847 , H04L9/321 , H04L9/3271 , H04L63/0869 , H04L2209/80 , H04W12/06
摘要: A two-way access authentication method comprises: According to the system parameters pre-established by the third entity, the first entity sends the access authentication request packet to the second entity, then the second entity validates whether the signature of first entity is correct, and if yes, the share master key of second entity is calculated; the second entity generates the access authentication response packet and sends it to the first entity, then the first entity validates whether the signature of access authentication response packet and the message integrity check code are correct; if yes, the share master key of first entity is calculated; the first entity sends the access authentication acknowledge packet to the second entity, then the second entity validates the integrity of the access authentication acknowledge packet, if passing the validation, the share master key of first entity is consistent with that of the second entity, and the access authentication is achieved. For improving the security, after received the access authentication request packet sent by the first entity, the second entity may perform the identity validity validation and generates the access authentication response packet after passing the validation.
摘要翻译: 双向接入认证方法包括:根据第三实体预先建立的系统参数,第一实体向第二实体发送接入认证请求报文,第二实体验证第一实体的签名是否正确, 如果是,则计算第二实体的共享主密钥; 第二实体生成接入认证响应报文并将其发送给第一实体,则第一实体验证接入认证响应报文的签名和消息完整性检查码是否正确; 如果是,则计算第一实体的共享主密钥; 第一实体向第二实体发送接入认证确认分组,则第二实体验证接入认证确认分组的完整性,如果通过验证,则第一实体的共享主密钥与第二实体的共享主密钥一致, 实现了访问认证。 为了提高安全性,在接收到由第一实体发送的接入认证请求分组之后,第二实体可以在通过验证之后执行身份有效性验证并生成接入认证响应分组。
-
公开(公告)号:US20100250952A1
公开(公告)日:2010-09-30
申请号:US12741982
申请日:2008-11-07
申请人: Liaojun Pang , Jun Cao , Manxia Tie , Zhenhai Huang
发明人: Liaojun Pang , Jun Cao , Manxia Tie , Zhenhai Huang
CPC分类号: H04L9/3247 , G06F21/445 , G06Q20/3823 , G06Q20/388 , G06Q20/4097 , H04L9/0847 , H04L9/321 , H04L9/3271 , H04L63/0869 , H04L2209/80 , H04W12/06
摘要: A two-way access authentication method comprises: According to the system parameters pre-established by the third entity, the first entity sends the access authentication request packet to the second entity, then the second entity validates whether the signature of first entity is correct, and if yes, the share master key of second entity is calculated; the second entity generates the access authentication response packet and sends it to the first entity, then the first entity validates whether the signature of access authentication response packet and the message integrity check code are correct; if yes, the share master key of first entity is calculated; the first entity sends the access authentication acknowledge packet to the second entity, then the second entity validates the integrity of the access authentication acknowledge packet, if passing the validation, the share master key of first entity is consistent with that of the second entity, and the access authentication is achieved. For improving the security, after received the access authentication request packet sent by the first entity, the second entity may perform the identity validity validation and generates the access authentication response packet after passing the validation.
摘要翻译: 双向接入认证方法包括:根据第三实体预先建立的系统参数,第一实体向第二实体发送接入认证请求报文,第二实体验证第一实体的签名是否正确, 如果是,则计算第二实体的共享主密钥; 第二实体生成接入认证响应报文并将其发送给第一实体,则第一实体验证接入认证响应报文的签名和消息完整性检查码是否正确; 如果是,则计算第一实体的共享主密钥; 第一实体向第二实体发送接入认证确认分组,则第二实体验证接入认证确认分组的完整性,如果通过验证,则第一实体的共享主密钥与第二实体的共享主密钥一致, 实现了访问认证。 为了提高安全性,在接收到由第一实体发送的接入认证请求分组之后,第二实体可以在通过验证之后执行身份有效性验证并生成接入认证响应分组。
-
49.发明授权Method and system for pre-shared-key-based network security access control 有权用于基于预共享密钥的网络安全访问控制的方法和系统公开(公告)号:US08646055B2
公开(公告)日:2014-02-04
申请号:US13391526
申请日:2009-12-24
申请人: Li Ge , Jun Cao , Manxia Tie , Qin Li , Zhenhai Huang
发明人: Li Ge , Jun Cao , Manxia Tie , Qin Li , Zhenhai Huang
IPC分类号: G06F21/00
CPC分类号: H04L63/061 , H04L63/0869 , H04L63/20
摘要: A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester (REQ) and Authentication Access Controller (AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.
摘要翻译: 公开了一种基于预共享密钥的网络访问控制的方法和系统。 该方法包括以下步骤:1)在REQuester(REQ)和认证接入控制器(AAC)之间实现安全策略协商; 2)在REQ和AAC之间实现身份认证和单播密钥协商; 3)REQ和AAC之间通知组播密钥。 应用该方法和系统,可以在用户和网络之间实现快速双向认证。
-
公开(公告)号:US20140007231A1
公开(公告)日:2014-01-02
申请号:US13702785
申请日:2011-01-14
申请人: Qin Li , Jun Cao , Manxia Tie , Zhenhai Huang
发明人: Qin Li , Jun Cao , Manxia Tie , Zhenhai Huang
IPC分类号: H04L29/06
CPC分类号: H04L63/1475 , H04L45/26
摘要: A switch route exploring method, system and device are provided in the present invention. The method comprises that: a transmitting source node NSource constructs a switch route exploring request packet and transmits it to a destination node NDestination; the switch route exploring request packet comprises information of switch route from the transmitting source node NSource to the destination node NDestination, wherein the information is known by the transmitting source node NSource; and the destination node NDestination constructs a switch route exploring response packet and transmits it to the transmitting source node NSource.
摘要翻译: 在本发明中提供了一种开关路径探索方法,系统和装置。 该方法包括:发送源节点NSource构建探索请求分组的交换路由,并将其发送到目的节点NDestination; 所述交换路由探索请求分组包括从所述发送源节点NSource到所述目的节点NDestination的切换路由的信息,其中,所述信息由所述发送源节点NSource知道; 并且目的地节点NDestination构建探索响应分组的交换机路由,并将其发送到发送源节点NSource。
-
-
-
-
-
-
-
-
-
搜索结果
95 条记录 (耗时 0.033 秒)
