公开(公告)号：US20100268954A1

公开(公告)日：2010-10-21

申请号：US12741567

申请日：2008-11-07

申请人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L9/3242 ,  H04L9/0847 ,  H04L9/321 ,  H04L9/3271 ,  H04L2209/80

摘要： A method of one-way access authentication is disclosed. The method includes the following steps. According to system parameters set up by a third entity, a second entity sends an authentication request and key distribution grouping message to a first entity. The first entity verifies the validity of the message sent from the second entity, and if it is valid, the first entity generates authentication and key response grouping message and sends it to the second entity, which verifies the validity of the message sent from the first entity, and if it is valid, the second entity generates the authentication and key confirmation grouping message and sends the message to the first entity. The first entity verifies the validity of the authentication and key conformation grouping message, and if it is valid, the authentication succeeds and the key is regarded as the master key of agreement.

摘要翻译： 公开了一种单向接入认证方法。 该方法包括以下步骤。 根据由第三实体建立的系统参数，第二实体向第一实体发送认证请求和密钥分发分组消息。 第一实体验证从第二实体发送的消息的有效性，并且如果其有效，则第一实体生成认证和密钥响应分组消息并将其发送到第二实体，其验证从第一实体发送的消息的有效性 实体，如果有效，则第二实体生成认证和密钥确认分组消息，并将消息发送到第一实体。 第一个实体验证认证和密钥组合分组消息的有效性，如果认证成功，则认证成功，密钥被视为协商的主密钥。

公开(公告)号：US20100262832A1

公开(公告)日：2010-10-14

申请号：US12808049

申请日：2008-12-09

申请人： Manxia Tie ,  Jun Cao ,  Zhenhai Huang ,  Xiaolong Lai

发明人： Manxia Tie ,  Jun Cao ,  Zhenhai Huang ,  Xiaolong Lai

IPC分类号： H04L9/32

CPC分类号： H04L9/321 ,  H04L9/3247

摘要： An entity bidirectional authentication method and system, the method involves: the first entity sends the first message; the second entity sends the second message to the credible third party after receiving the said first message; the said credible third party returns the third message after receiving the second message; the said second entity sends the fourth message after receiving the third message and verifying it; the said first entity receives the said fourth message and verifies it, completes the authentication. Compared with the conventional authentication mechanism, the invention defines an on-line retrieval and authentication mechanism of a public key, realizes the centralized management for it, simplifies the operating condition of the protocol, and facilitates the application and implement.

摘要翻译： 一种实体双向认证方法和系统，该方法涉及：第一实体发送第一消息; 第二实体在接收到所述第一消息之后将第二消息发送到可信第三方; 所述可信第三方在接收到第二消息后返回第三消息; 所述第二实体在接收到第三消息并验证之后发送第四消息; 所述第一实体接收所述第四消息并对其进行验证，从而完成认证。 与常规认证机制相比，本发明定义了公钥的在线检索和认证机制，实现了集中管理，简化了协议的工作状态，便于应用和实现。

公开(公告)号：US08732464B2

公开(公告)日：2014-05-20

申请号：US13392899

申请日：2009-12-29

申请人： Xiaolong Lai ,  Jun Cao ,  Manxia Tie ,  Yuelei Xiao ,  Zhenhai Huang

发明人： Xiaolong Lai ,  Jun Cao ,  Manxia Tie ,  Yuelei Xiao ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L9/3213 ,  H04L9/3263

摘要： An entity bidirectional authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 1 to an entity A; 2) the entity A sends a message 2 to a trusted third party TP; 3) the trusted third party TP verifies the validities of the entity A and the entity B; 4) after verifying the validities of the entity A and the entity B, the trusted third party TP returns a message 3 to the entity A; 5) the entity A sends a message 4 to the entity B; 6) after receiving the message 4, the entity B performs the verification to complete the authentication for the entity A; 7) the entity B sends a message 5 to the entity A; 8) after receiving the message 5, the entity A performs the verification to complete the authentication for the entity B.

摘要翻译： 通过引入在线第三方的实体双向认证方法包括以下步骤：1）实体B向实体A发送消息1; 2）实体A向可信第三方TP发送消息2; 3）可信第三方TP验证实体A和实体B的有效性; 4）验证实体A和实体B的有效性后，可信第三方TP向实体A返回消息3; 5）实体A向实体B发送消息4; 6）接收到消息4后，实体B进行验证，完成实体A的认证; 7）实体B向实体A发送消息5; 8）接收到消息5后，实体A进行验证，完成实体B的认证。

公开(公告)号：US08713303B2

公开(公告)日：2014-04-29

申请号：US13515394

申请日：2010-05-26

申请人： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

发明人： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L29/06 ,  H04K1/00 ,  H04L9/08 ,  H04W12/04 ,  H04L9/32

CPC分类号： H04L9/0838 ,  H04L12/6418 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/162

摘要： A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved.

摘要翻译： 在本发明中公开了一种用于在交换机设备之间建立安全连接的方法和系统。 该系统包括第一开关设备和第二开关设备; 第一交换机设备向第二交换机设备发送交换机密钥协商激活分组和交换机密钥协商响应分组; 第二交换机设备向第一交换机设备发送交换机密钥协商请求报文。 本发明的实施例通过在两个交换机设备之间建立共享切换密钥来提供交换机设备之间数据安全传输的安全策略，从而保证了数据链路层交换机设备之间数据传输过程的机密性。 可以减少交换机的计算负担和从发送端到接收端的数据包的延迟，提高网络传输的效率。

公开(公告)号：US08625801B2

公开(公告)日：2014-01-07

申请号：US13133890

申请日：2009-12-08

申请人： Yanan Hu ,  Jun Cao ,  Yuelei Xiao ,  Manxia Tie ,  Zhenhai Huang ,  Xiaolong Lai

发明人： Yanan Hu ,  Jun Cao ,  Yuelei Xiao ,  Manxia Tie ,  Zhenhai Huang ,  Xiaolong Lai

IPC分类号： H04W12/06 ,  H04W12/04 ,  H04L9/32

CPC分类号： H04W12/04 ,  H04W12/06

摘要： An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.

摘要翻译： 用于超宽带网络的认证相关套件发现和协商方法。 该方法包括以下步骤：1）在发起者和应答者的信息元素IE列表中添加成对的时间密钥PTK建立IE和组时间密钥GTK分布IE，并设置相应的信息元素标识符ID，2 ）基于认证相关套件发现和协商方法的认证关联过程。 本发明提供的用于超宽带网络的认证相关套件发现和协商方法可以向网络提供安全解决方案的发现和协商功能，以便在多对成对临时密钥PTK建立计划时更好地满足各种应用需求 或多组时态密钥GTK分发计划并存。

公开(公告)号：US08578164B2

公开(公告)日：2013-11-05

申请号：US12741567

申请日：2008-11-07

申请人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： G06F21/00

CPC分类号： H04L9/3242 ,  H04L9/0847 ,  H04L9/321 ,  H04L9/3271 ,  H04L2209/80

摘要： A method of one-way access authentication is disclosed. The method includes the following steps. According to system parameters set up by a third entity, a second entity sends an authentication request and key distribution grouping message to a first entity. The first entity verifies the validity of the message sent from the second entity, and if it is valid, the first entity generates authentication and key response grouping message and sends it to the second entity, which verifies the validity of the message sent from the first entity, and if it is valid, the second entity generates the authentication and key confirmation grouping message and sends the message to the first entity. The first entity verifies the validity of the authentication and key conformation grouping message, and if it is valid, the authentication succeeds and the key is regarded as the master key of agreement.

摘要翻译： 公开了一种单向接入认证方法。 该方法包括以下步骤。 根据由第三实体建立的系统参数，第二实体向第一实体发送认证请求和密钥分发分组消息。 第一实体验证从第二实体发送的消息的有效性，并且如果其有效，则第一实体生成认证和密钥响应分组消息并将其发送到第二实体，其验证从第一实体发送的消息的有效性 实体，如果有效，则第二实体生成认证和密钥确认分组消息，并将消息发送到第一实体。 第一个实体验证认证和密钥组合分组消息的有效性，如果认证成功，则认证成功，密钥被视为协商的主密钥。

公开(公告)号：US20130016838A1

公开(公告)日：2013-01-17

申请号：US13637375

申请日：2010-05-12

申请人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L9/28

CPC分类号： H04W12/04 ,  H04L12/189 ,  H04L63/065 ,  H04W12/10

摘要： The present invention discloses a multicast key negotiation method suitable for group calling system and a system thereof. The method includes that: a user terminal (UT) negotiates about a unicast key with a base station (BS), derives an information encryption key and an integrity verifying key according to the unicast key, and registers a service group identifier that the UT belongs to at the BS; the BS notifies the UT the multicast key of the service group that the UT needs to apply, constructs a multicast key notification packet, and sends it to the UT; after receiving the multicast key notification packet sent by the BS, the UT obtains the multicast key of the service group that the UT needs to apply by decrypting a service group key application list, constructs a multicast key confirmation packet, and sends it to the BS; the BS confirms that the multicast key of the UT service group is built successfully according to the multicast key confirmation packet sent by the UT.

摘要翻译： 本发明公开了适用于群呼系统的组播密钥协商方法及其系统。 该方法包括：用户终端（UT）与基站（BS）协商关于单播密钥，根据单播密钥导出信息加密密钥和完整性验证密钥，并注册UT所属的服务组标识符 到BS; BS向UT通知UT需要应用的业务组的组播密钥，构建组播密钥通知报文，并将其发送给UT; UT收到BS发送的组播密钥通知报文后，通过解密业务组密钥应用列表获取UT需要应用的业务组的组播密钥，构建组播密钥确认报文，并发送给BS ; 根据UT发送的组播密钥确认包，BS确认UT服务组的组播密钥成功建立。

公开(公告)号：US20120254617A1

公开(公告)日：2012-10-04

申请号：US13515394

申请日：2010-05-26

申请人： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

发明人： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L9/0838 ,  H04L12/6418 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/162

摘要： A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved.

摘要翻译： 在本发明中公开了一种用于在交换机设备之间建立安全连接的方法和系统。 该系统包括第一开关设备和第二开关设备; 第一交换机设备向第二交换机设备发送交换机密钥协商激活分组和交换机密钥协商响应分组; 第二交换机设备向第一交换机设备发送交换机密钥协商请求报文。 本发明的实施例通过在两个交换机设备之间建立共享切换密钥来提供交换机设备之间数据安全传输的安全策略，从而保证了数据链路层交换机设备之间数据传输过程的机密性。 可以减少交换机的计算负担和从发送端到接收端的数据包的延迟，提高网络传输的效率。

公开(公告)号：US20120159587A1

公开(公告)日：2012-06-21

申请号：US13391526

申请日：2009-12-24

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

IPC分类号： G06F21/20

CPC分类号： H04L63/061 ,  H04L63/0869 ,  H04L63/20

摘要： A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester(REQ) and Authentication Access Controller(AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.

摘要翻译： 公开了一种基于预共享密钥的网络访问控制的方法和系统。 该方法包括以下步骤：1）在REQuester（REQ）和认证接入控制器（AAC）之间实现安全策略协商; 2）在REQ和AAC之间实现身份认证和单播密钥协商; 3）REQ和AAC之间通知组播密钥。 应用该方法和系统，可以在用户和网络之间实现快速双向认证。

公开(公告)号：US20120159169A1

公开(公告)日：2012-06-21

申请号：US13392899

申请日：2009-12-29

申请人： Xiaolong Lai ,  Jun Cao ,  Manxia Tie ,  Yuelei Xiao ,  Zhenhai Huang

发明人： Xiaolong Lai ,  Jun Cao ,  Manxia Tie ,  Yuelei Xiao ,  Zhenhai Huang

IPC分类号： H04L9/28 ,  H04L9/30

CPC分类号： H04L9/3213 ,  H04L9/3263

摘要： An entity bidirectional authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 1 to an entity A; 2) after receiving the message 1, the entity A sends a message 2 to a trusted third party TP; 3) after receiving the message 2, the trusted third party TP verifies the validities of the entity A and the entity B; 4) after verifying the validities of the entity A and the entity B, the trusted third party TP returns a message 3 to the entity A; 5) after receiving message 3, the entity A sends a message 4 to the entity B; 6) after receiving the message 4, the entity B performs the verification to complete the authentication for the entity A; 7) the entity B sends a message 5 to the entity A; 8) after receiving the message 5, the entity A performs the verification to complete the authentication for the entity B. The scheme mentioned above provides an online searching and authentication mechanism for the disclosed keys, and thus simplifies the running condition of the protocol. In the practical application, the bidirectional authentication method of the present invention enables the bidirectional validity authentication between the user and the network.

摘要翻译： 通过引入在线第三方的实体双向认证方法包括以下步骤：1）实体B向实体A发送消息1; 2）收到消息1后，实体A向可信第三方TP发送消息2; 3）收到消息2后，信任第三方TP验证实体A和实体B的有效性; 4）验证实体A和实体B的有效性后，可信第三方TP向实体A返回消息3; 5）接收到消息3后，实体A向实体B发送消息4; 6）接收到消息4后，实体B进行验证，完成实体A的认证; 7）实体B向实体A发送消息5; 8）接收到消息5后，实体A进行验证，完成实体B的认证。上述方案提供了所公开密钥的在线搜索和认证机制，从而简化了协议的运行状态。 在实际应用中，本发明的双向认证方法能够实现用户和网络之间的双向有效认证。