公开(公告)号：US20110004767A1

公开(公告)日：2011-01-06

申请号：US12920931

申请日：2009-03-04

申请人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L63/0807 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/0884

摘要： A bidirectional entity authentication method based on the credible third party includes the steps that: entity A receives message 1 sent from entity B including the authentication parameters of said entity B, and sends message 2 to the credible third party TP, said message 2 including the authentication parameters of entity B and the authentication parameters of entity A; entity A receives message 3 sent from said credible third party TP, said message 3 including the checking result after checking that whether said entity A and entity B are legal based on said message 2 by said credible third party TP; entity A gets the authentication result of entity B after authenticating said message 3, and sends message 4 to said entity B to make entity B authenticating based on said message 4 and getting the authentication result of entity A. The invention simplifies the operation condition of the protocol, reduces the computing capability requirement of the authentication entity, and satisfies the high security requirement of the network device lack of resource.

摘要翻译： 基于可信第三方的双向实体认证方法包括以下步骤：实体A接收从实体B发送的包括所述实体B的认证参数的消息1，并向可信第三方TP发送消息2，所述消息2包括 实体B的认证参数和实体A的认证参数; 实体A从所述可信第三方TP接收到从所述可信第三方TP发送的消息3，所述消息3在根据所述可信第三方TP的所述消息2检查所述实体A和实体B是否合法之后包括检查结果; 实体A在认证所述消息3之后获得实体B的认证结果，并向所述实体B发送消息4，以使实体B基于所述消息4进行认证，并获得实体A的认证结果。本发明简化了实体B的操作条件 协议，降低了认证实体的计算能力要求，满足了网络设备缺乏资源的高安全性要求。

公开(公告)号：US20100313012A1

公开(公告)日：2010-12-09

申请号：US12745288

申请日：2008-12-02

申请人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L9/321 ,  H04L2209/805

摘要： A light access authentication method and system, the method includes: the trustful third party writes the MSG cipher text formed by enciphering MSG into the first entity; the second entity attains the MSG cipher text from the first entity, and attains the key from the trustful third party after attaining the MSG cipher text; the MSG cipher text is deciphered according to the key, and the MSG plaintext is attained. The embodiment of the present invention can be widely applied at a condition limited by the equipment and environment, and the access authentication is simplified and lightened.

摘要翻译： 一种光接入认证方法和系统，所述方法包括：信任第三方将通过加密MSG形成的MSG密文写入第一实体; 第二实体从第一实体获得MSG密文，并在获得MSG密文后获得信任第三方的密钥; 根据密钥解密MSG密文，并获得MSG明文。 本发明的实施例可以在受设备和环境限制的条件下被广泛应用，并且访问认证被简化和减轻。

公开(公告)号：US08787574B2

公开(公告)日：2014-07-22

申请号：US13637375

申请日：2010-05-12

申请人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04K1/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： H04W12/04 ,  H04L12/189 ,  H04L63/065 ,  H04W12/10

摘要： The present invention discloses a multicast key negotiation method suitable for group calling system and a system thereof. The method includes that: a user terminal (UT) negotiates about a unicast key with a base station (BS), derives an information encryption key and an integrity verifying key according to the unicast key, and registers a service group identifier that the UT belongs to at the BS; the BS notifies the UT the multicast key of the service group that the UT needs to apply, constructs a multicast key notification packet, and sends it to the UT; after receiving the multicast key notification packet sent by the BS, the UT obtains the multicast key of the service group that the UT needs to apply by decrypting a service group key application list, constructs a multicast key confirmation packet, and sends it to the BS; the BS confirms that the multicast key of the UT service group is built successfully according to the multicast key confirmation packet sent by the UT.

摘要翻译： 本发明公开了适用于群呼系统的组播密钥协商方法及其系统。 该方法包括：用户终端（UT）与基站（BS）协商关于单播密钥，根据单播密钥导出信息加密密钥和完整性验证密钥，并注册UT所属的服务组标识符 到BS; BS向UT通知UT需要应用的业务组的组播密钥，构建组播密钥通知报文，并将其发送给UT; UT收到BS发送的组播密钥通知报文后，通过解密业务组密钥应用列表获取UT需要应用的业务组的组播密钥，构成组播密钥确认报文，并发送给BS ; 根据UT发送的组播密钥确认包，BS确认UT服务组的组播密钥成功建立。

公开(公告)号：US08572378B2

公开(公告)日：2013-10-29

申请号：US13140632

申请日：2009-12-07

申请人： Xiaolong Lai ,  Jun Cao ,  Yuelei Xiao ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang ,  Yanan Hu

发明人： Xiaolong Lai ,  Jun Cao ,  Yuelei Xiao ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang ,  Yanan Hu

IPC分类号： H04L29/06

CPC分类号： H04W12/10 ,  H04L9/0838 ,  H04L9/3242 ,  H04L9/3273 ,  H04L63/123 ,  H04L2209/80

摘要： The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.

摘要翻译： 本发明提供一种保护安全协议的第一消息的方法，该方法包括以下步骤：1）初始化步骤; 2）发起方发送第一个消息; 3）响应端接收第一条消息。 用于保护本发明提供的安全协议的第一消息的方法可以实现：1）由起始侧和响应侧共享的预共享主密钥（PSMK）和第一消息中的安全参数 通过使用消息完整性代码（MIC）或消息认证码（MAC）的计算功能来限制，从而有效地避免了安全协议中的第一消息的制造攻击; 2）在计算第一个消息的MIC或MAC期间，仅选择PSMK和第一个消息的安全参数进行计算，从而有效减少发起方和响应方的计算负载，计算资源为 保存

公开(公告)号：US08560847B2

公开(公告)日：2013-10-15

申请号：US12745288

申请日：2008-12-02

申请人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L9/28 ,  H04K1/00

CPC分类号： H04L9/321 ,  H04L2209/805

摘要： A light access authentication method and system, the method includes: the trustful third party writes the MSG cipher text formed by enciphering MSG into the first entity; the second entity attains the MSG cipher text from the first entity, and attains the key from the trustful third party after attaining the MSG cipher text; the MSG cipher text is deciphered according to the key, and the MSG plaintext is attained. The embodiment of the present invention can be widely applied at a condition limited by the equipment and environment, and the access authentication is simplified and lightened.

摘要翻译： 一种光接入认证方法和系统，所述方法包括：信任第三方将通过加密MSG形成的MSG密文写入第一实体; 第二实体从第一实体获得MSG密文，并在获得MSG密文后获得信任第三方的密钥; 根据密钥解密MSG密文，并获得MSG明文。 本发明的实施例可以在受设备和环境限制的条件下被广泛应用，并且访问认证被简化和减轻。

公开(公告)号：US08533781B2

公开(公告)日：2013-09-10

申请号：US13058099

申请日：2009-07-28

申请人： Manxia Tie ,  Jun Cao ,  Yuelei Xiao ,  Zhenhai Huang ,  Xiaolong Lai

发明人： Manxia Tie ,  Jun Cao ,  Yuelei Xiao ,  Zhenhai Huang ,  Xiaolong Lai

IPC分类号： G06F7/04

CPC分类号： H04W12/06 ,  H04W48/10

摘要： The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods.

摘要翻译： 本发明的实施例公开了适用于无线个人区域网（WPAN）的接入方法。 在协调器广播信标帧之后，根据信标帧，设备识别协调器对设备所需的认证需求和认证方式。 如果协调人对设备没有认证需求，则设备和协调人直接进行关联过程; 否则，根据所选择的认证方式和相应的认证机制协商信息，设备向协调器发送认证访问请求; 然后根据设备选择的认证方式，协调器与设备进行认证和会话密钥协商过程; 最后，协调器向设备发送认证接入响应，当认证接入响应的认证状态成功时，设备与协调器进行关联过程。 认证和会话密钥协商的过程可以基于原语控制，也可以基于端口控制。 如果设备与协调器成功关联，则协调器将网络地址分配给设备，因此设备可以正常与协调器进行通信。 本发明解决了现有WPAN接入方式安全性较低，效率较低的技术问题。

公开(公告)号：US08510565B2

公开(公告)日：2013-08-13

申请号：US12920931

申请日：2009-03-04

申请人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L63/0807 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/0884

摘要： A bidirectional entity authentication method based on the credible third party includes the steps that: entity A receives message 1 sent from entity B including the authentication parameters of said entity B, and sends message 2 to the credible third party TP, said message 2 including the authentication parameters of entity B and the authentication parameters of entity A; entity A receives message 3 sent from said credible third party TP, said message 3 including the checking result after checking that whether said entity A and entity B are legal based on said message 2 by said credible third party TP; entity A gets the authentication result of entity B after authenticating said message 3, and sends message 4 to said entity B to make entity B authenticating based on said message 4 and getting the authentication result of entity A. The invention simplifies the operation condition of the protocol, reduces the computing capability requirement of the authentication entity, and satisfies the high security requirement of the network device lack of resource.

摘要翻译： 基于可信第三方的双向实体认证方法包括以下步骤：实体A接收从实体B发送的包括所述实体B的认证参数的消息1，并向可信第三方TP发送消息2，所述消息2包括 实体B的认证参数和实体A的认证参数; 实体A从所述可信第三方TP接收到从所述可信第三方TP发送的消息3，所述消息3在根据所述可信第三方TP的所述消息2检查所述实体A和实体B是否合法之后包括检查结果; 实体A在认证所述消息3之后获得实体B的认证结果，并向所述实体B发送消息4，以使实体B基于所述消息4进行认证，并获得实体A的认证结果。本发明简化了实体B的操作条件 协议，降低了认证实体的计算能力要求，满足了网络设备缺乏资源的高安全性要求。

公开(公告)号：US20120167190A1

公开(公告)日：2012-06-28

申请号：US13392915

申请日：2009-12-29

申请人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： G06F21/00

CPC分类号： H04L63/08 ,  H04L9/3213 ,  H04L9/3247 ,  H04L9/3263 ,  H04L9/3271 ,  H04L9/3297

摘要： An entity authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 1 to an entity A; 2) the entity A sends a message 2 to a trusted third party TP after receiving the message 1; 3) the trusted third party TP checks the validity of the entity A after receiving the message 2; 4) the trusted third party TP returns a message 3 to the entity A after checking the validity of the entity A; 5) the entity A sends a message 4 to the entity B after receiving the message 3; 6) and the entity B performs validation after receiving the message 4. The online retrieval and authentication mechanism of the public key simplifies the operating condition of a protocol, and realizes validity identification of the network for the user through the authentication of the entity B to the entity A.

摘要翻译： 通过引入在线第三方的实体认证方法包括以下步骤：1）实体B向实体A发送消息1; 2）实体A在接收到消息1之后向可信第三方TP发送消息2; 3）受信任的第三方TP在接收到消息2后检查实体A的有效性; 4）可信第三方TP在检查实体A的有效性之后向实体A返回消息3; 5）实体A在接收到消息3之后向实体B发送消息4; 6），实体B在接收到消息4后进行验证。公钥的在线检索和认证机制简化了协议的工作状态，通过对实体B的认证实现了用户对网络的有效性识别 实体A.

公开(公告)号：US20110145890A1

公开(公告)日：2011-06-16

申请号：US13058099

申请日：2009-07-28

申请人： Manxia Tie ,  Jun Cao ,  Yuelei Xiao ,  Zhenhai Huang ,  Xiaolong Lai

发明人： Manxia Tie ,  Jun Cao ,  Yuelei Xiao ,  Zhenhai Huang ,  Xiaolong Lai

IPC分类号： G06F7/04

CPC分类号： H04W12/06 ,  H04W48/10

摘要： The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods.

摘要翻译： 本发明的实施例公开了适用于无线个人区域网（WPAN）的接入方法。 在协调器广播信标帧之后，根据信标帧，设备识别协调器对设备所需的认证需求和认证方式。 如果协调人对设备没有认证需求，则设备和协调人直接进行关联过程; 否则，根据所选择的认证方式和相应的认证机制协商信息，设备向协调器发送认证访问请求; 然后根据设备选择的认证方式，协调器与设备进行认证和会话密钥协商过程; 最后，协调器向设备发送认证接入响应，当认证接入响应的认证状态成功时，设备与协调器进行关联过程。 认证和会话密钥协商的过程可以基于原语控制，也可以基于端口控制。 如果设备与协调器成功关联，则协调器将网络地址分配给设备，因此设备可以正常与协调器进行通信。 本发明解决了现有WPAN接入方式安全性较低，效率较低的技术问题。

公开(公告)号：US20110078438A1

公开(公告)日：2011-03-31

申请号：US12994712

申请日：2009-05-27

申请人： Manxia Tie ,  Jun Cao ,  Zhenhai Huang ,  Xiaolong Lai

发明人： Manxia Tie ,  Jun Cao ,  Zhenhai Huang ,  Xiaolong Lai

IPC分类号： H04L9/32

CPC分类号： H04L9/0844 ,  H04L9/3213 ,  H04L9/3263 ,  H04L9/3273 ,  H04L63/0823 ,  H04L63/0869 ,  H04W12/06

摘要： An entity bidirectional-identification method for supporting fast handoff involves three security elements, which includes two identification elements A and B and a trusted third party (TP). All identification entities of a same element share a public key certification or own a same public key. When any identification entity in identification element A and any identification entity in identification element B need to identify each other, if identification protocol has never been operated between the two identification elements that they belong to respectively, the whole identification protocol process will be operated; otherwise, interaction of identification protocol will be acted only between the two identification entities. Application of the present invention not only centralizes management of public key and simplifies protocol operation condition, but also utilizes the concept of security domain so as to reduce management complexity of public key, shorten identification time and satisfy fast handoff requirements on the premises of guaranteeing security characteristics such as one key for every pair of identification entities, one secret key for every identification and forward secrecy.

摘要翻译： 用于支持快速切换的实体双向识别方法涉及三个安全元件，其包括两个识别元件A和B以及可信第三方（TP）。 同一元素的所有识别实体共享公钥证书或拥有相同的公钥。 当识别元素A中的任何识别实体和识别元素B中的任何识别实体需要彼此识别时，如果识别协议在它们所属的两个识别元素之间从未被操作，则整个标识协议过程将被操作; 否则，识别协议的交互将仅在两个识别实体之间起作用。 本发明的应用不仅集中了公钥的管理，简化了协议的运行状况，而且利用了安全域的概念，降低了公钥的管理复杂度，缩短了识别时间，满足了保证安全性的前提下的快速切换要求 特征如每对识别实体的一个密钥，每个识别和转发保密的一个秘密密钥。