公开(公告)号：US08850190B2

公开(公告)日：2014-09-30

申请号：US13814899

申请日：2011-04-27

申请人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

发明人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

IPC分类号： H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC分类号： H04L9/0816 ,  H04L9/083 ,  H04L9/321 ,  H04L63/06 ,  H04L2463/062

摘要： The present invention provides a secret communication method, apparatus and system. The method comprises: 1) determining a neighboring encryption switching equipment shared by a first user terminal and a second user terminal, wherein the first user terminal and the second user terminal are neighboring user terminals (1); 2) establishing, by the neighboring encryption switching equipment, an inter-station key for communication between the first user terminal and the second terminal (2); 3) performing data secret communication between the first user terminal and the second terminal by using the inter-station key (3). With the present invention, the neighboring user terminals needing to perform the secret communication can establish the inter-station key without performing identity authentication with each other, and can perform the secret communication with the inter-station key, and thereby the network load is reduced.

摘要翻译： 本发明提供一种秘密通信方法，装置和系统。 该方法包括：1）确定由第一用户终端和第二用户终端共享的相邻加密交换设备，其中第一用户终端和第二用户终端是相邻的用户终端（1）; 2）由相邻加密交换设备建立用于第一用户终端和第二终端（2）之间的通信的站间密钥; 3）使用站间密钥（3）执行第一用户终端与第二终端之间的数据秘密通信。 通过本发明，需要执行秘密通信的相邻用户终端可以建立站间密钥，而不进行彼此的身份认证，并且可以执行与站间密钥的秘密通信，从而减少网络负载 。

公开(公告)号：US08813199B2

公开(公告)日：2014-08-19

申请号：US13203645

申请日：2009-12-14

申请人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： G06F15/16 ,  H04L29/06 ,  H04W12/06 ,  H04W84/12

CPC分类号： H04W12/06 ,  H04L63/08 ,  H04L63/10 ,  H04W84/12

摘要： A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by an access controller is constructed through splitting the MAC function and the WAPI function of the wireless access point apart to a wireless terminal point and the access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the access controller realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station point by using WPI.

摘要翻译： 用于实现具有分离式媒体接入控制（MAC）模式的融合无线局域网（WLAN）认证和隐私基础设施（WAPI）网络架构的方法包括以下步骤：用于通过以下方式实现WLAN隐私基础设施（WPI）的分割MAC模式 通过将无线接入点的MAC功能和WAPI功能分离到无线终端点和接入控制器来构建接入控制器; 在接入控制器实现WPI的分割MAC模式下实现WAPI和融合WLAN网络系统架构的集成; 在站点，无线终端点和访问控制器之间执行关联连接处理; 执行在接入控制器和无线终端点之间通知执行WLAN认证基础设施（WAI）协议的开始的过程; 执行在站点和访问控制器之间执行WAI协议的过程; 执行用于在接入控制器和无线终端点之间通知执行WAI协议的结束的过程; 通过使用WPI在无线终端点和站点之间执行秘密通信处理。

公开(公告)号：US08750521B2

公开(公告)日：2014-06-10

申请号：US13320496

申请日：2009-12-14

申请人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/00 ,  H04L9/08 ,  H04L29/06 ,  G06F21/10 ,  H04W12/02 ,  H04W12/04

CPC分类号： H04L9/08 ,  G06F21/10 ,  H04L9/0838 ,  H04L63/062 ,  H04L63/205 ,  H04W12/02 ,  H04W12/04 ,  H04W36/0038 ,  H04W84/12

摘要： The invention involves a method and a system for station (STA) switching when a wireless terminal point (WTP) completes wireless local area network (WLAN) privacy infrastructure (WPI) in a convergent WLAN. The method includes steps as follows. The STA implements re-association rebinding process with a target access controller (AC) over a target WTP. A base key is requested by the target AC from an associated AC. An associated WTP is informed to delete the STA by the associated AC, and the target WTP is informed to add the STA by the target AC. A session key is negotiated based on the requested base key by the STA and the target AC, and is synchronized between the target AC and the target WTP. The method enables fast and safe switching of the STA between WTPs under the control of different controllers in the convergent WLAN based on WAPI protocol.

摘要翻译： 本发明涉及无线终端（WTP）完成融合WLAN中的无线局域网（WLAN）隐私基础设施（WPI）时的站（STA）切换的方法和系统。 该方法包括以下步骤。 STA通过目标访问控制器（AC）在目标WTP上实现重新关联重新绑定过程。 来自相关AC的目标AC请求基本密钥。 通知关联的WTP通过关联的AC删除STA，通知目标WTP通过目标AC添加STA。 会话密钥基于STA和目标AC所请求的基本密钥进行协商，并在目标AC与目标WTP之间同步。 该方法能够在基于WAPI协议的融合WLAN中的不同控制器的控制下，在WTP之间快速，安全地切换STA。

公开(公告)号：US08560847B2

公开(公告)日：2013-10-15

申请号：US12745288

申请日：2008-12-02

申请人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L9/28 ,  H04K1/00

CPC分类号： H04L9/321 ,  H04L2209/805

摘要： A light access authentication method and system, the method includes: the trustful third party writes the MSG cipher text formed by enciphering MSG into the first entity; the second entity attains the MSG cipher text from the first entity, and attains the key from the trustful third party after attaining the MSG cipher text; the MSG cipher text is deciphered according to the key, and the MSG plaintext is attained. The embodiment of the present invention can be widely applied at a condition limited by the equipment and environment, and the access authentication is simplified and lightened.

摘要翻译： 一种光接入认证方法和系统，所述方法包括：信任第三方将通过加密MSG形成的MSG密文写入第一实体; 第二实体从第一实体获得MSG密文，并在获得MSG密文后获得信任第三方的密钥; 根据密钥解密MSG密文，并获得MSG明文。 本发明的实施例可以在受设备和环境限制的条件下被广泛应用，并且访问认证被简化和减轻。

公开(公告)号：US08533781B2

公开(公告)日：2013-09-10

申请号：US13058099

申请日：2009-07-28

申请人： Manxia Tie ,  Jun Cao ,  Yuelei Xiao ,  Zhenhai Huang ,  Xiaolong Lai

发明人： Manxia Tie ,  Jun Cao ,  Yuelei Xiao ,  Zhenhai Huang ,  Xiaolong Lai

IPC分类号： G06F7/04

CPC分类号： H04W12/06 ,  H04W48/10

摘要： The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods.

摘要翻译： 本发明的实施例公开了适用于无线个人区域网（WPAN）的接入方法。 在协调器广播信标帧之后，根据信标帧，设备识别协调器对设备所需的认证需求和认证方式。 如果协调人对设备没有认证需求，则设备和协调人直接进行关联过程; 否则，根据所选择的认证方式和相应的认证机制协商信息，设备向协调器发送认证访问请求; 然后根据设备选择的认证方式，协调器与设备进行认证和会话密钥协商过程; 最后，协调器向设备发送认证接入响应，当认证接入响应的认证状态成功时，设备与协调器进行关联过程。 认证和会话密钥协商的过程可以基于原语控制，也可以基于端口控制。 如果设备与协调器成功关联，则协调器将网络地址分配给设备，因此设备可以正常与协调器进行通信。 本发明解决了现有WPAN接入方式安全性较低，效率较低的技术问题。

公开(公告)号：US08510565B2

公开(公告)日：2013-08-13

申请号：US12920931

申请日：2009-03-04

申请人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L63/0807 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/0884

摘要： A bidirectional entity authentication method based on the credible third party includes the steps that: entity A receives message 1 sent from entity B including the authentication parameters of said entity B, and sends message 2 to the credible third party TP, said message 2 including the authentication parameters of entity B and the authentication parameters of entity A; entity A receives message 3 sent from said credible third party TP, said message 3 including the checking result after checking that whether said entity A and entity B are legal based on said message 2 by said credible third party TP; entity A gets the authentication result of entity B after authenticating said message 3, and sends message 4 to said entity B to make entity B authenticating based on said message 4 and getting the authentication result of entity A. The invention simplifies the operation condition of the protocol, reduces the computing capability requirement of the authentication entity, and satisfies the high security requirement of the network device lack of resource.

摘要翻译： 基于可信第三方的双向实体认证方法包括以下步骤：实体A接收从实体B发送的包括所述实体B的认证参数的消息1，并向可信第三方TP发送消息2，所述消息2包括 实体B的认证参数和实体A的认证参数; 实体A从所述可信第三方TP接收到从所述可信第三方TP发送的消息3，所述消息3在根据所述可信第三方TP的所述消息2检查所述实体A和实体B是否合法之后包括检查结果; 实体A在认证所述消息3之后获得实体B的认证结果，并向所述实体B发送消息4，以使实体B基于所述消息4进行认证，并获得实体A的认证结果。本发明简化了实体B的操作条件 协议，降低了认证实体的计算能力要求，满足了网络设备缺乏资源的高安全性要求。

公开(公告)号：US20120167190A1

公开(公告)日：2012-06-28

申请号：US13392915

申请日：2009-12-29

申请人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： G06F21/00

CPC分类号： H04L63/08 ,  H04L9/3213 ,  H04L9/3247 ,  H04L9/3263 ,  H04L9/3271 ,  H04L9/3297

摘要： An entity authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 1 to an entity A; 2) the entity A sends a message 2 to a trusted third party TP after receiving the message 1; 3) the trusted third party TP checks the validity of the entity A after receiving the message 2; 4) the trusted third party TP returns a message 3 to the entity A after checking the validity of the entity A; 5) the entity A sends a message 4 to the entity B after receiving the message 3; 6) and the entity B performs validation after receiving the message 4. The online retrieval and authentication mechanism of the public key simplifies the operating condition of a protocol, and realizes validity identification of the network for the user through the authentication of the entity B to the entity A.

摘要翻译： 通过引入在线第三方的实体认证方法包括以下步骤：1）实体B向实体A发送消息1; 2）实体A在接收到消息1之后向可信第三方TP发送消息2; 3）受信任的第三方TP在接收到消息2后检查实体A的有效性; 4）可信第三方TP在检查实体A的有效性之后向实体A返回消息3; 5）实体A在接收到消息3之后向实体B发送消息4; 6），实体B在接收到消息4后进行验证。公钥的在线检索和认证机制简化了协议的工作状态，通过对实体B的认证实现了用户对网络的有效性识别 实体A.

公开(公告)号：US20120114124A1

公开(公告)日：2012-05-10

申请号：US13382651

申请日：2009-12-29

申请人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

发明人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L9/08 ,  H04L9/14

CPC分类号： H04W12/04 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/0833 ,  H04L9/3228 ,  H04L9/3242 ,  H04L63/062 ,  H04L63/065 ,  H04L63/126 ,  H04L2209/38 ,  H04L2209/601 ,  H04L2209/805 ,  H04W12/06 ,  H04W84/18

摘要： A method for combining authentication and secret keys management mechanism in a sensor network includes the following steps: 1) pre-distribution of the secret key, which includes 1.1) the pre-distribution of the communication secret key and 1.2) the pre-distribution of the initial broadcast message authentication secret key; 2) authentication, which includes 2.1) the authentication of the node identity and 2.2) the authentication of the broadcast message; and 3) negotiation of the session secret key by the nodes.

摘要翻译： 一种将认证和秘密密钥管理机制组合在传感器网络中的方法，包括以下步骤：1）秘密密钥的预分配，其中包括1.1）通信秘密密钥的预分配，以及1.2）预分发 初始广播消息认证密钥; 2）认证，其中包括2.1）节点身份认证和2.2）广播消息的认证; 3）节点会话密钥协商。

公开(公告)号：US20120060205A1

公开(公告)日：2012-03-08

申请号：US13320496

申请日：2009-12-14

申请人： Manxia Tie ,  Jun Cao ,  Zhiqiang Du ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Zhiqiang Du ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04W12/04

CPC分类号： H04L9/08 ,  G06F21/10 ,  H04L9/0838 ,  H04L63/062 ,  H04L63/205 ,  H04W12/02 ,  H04W12/04 ,  H04W36/0038 ,  H04W84/12

摘要： The invention involves a method and a system for station (STA) switching when a wireless terminal point (WTP) completes wireless local area network (WLAN) privacy infrastructure (WPI) in a convergent WLAN. The method includes steps as follows. The STA implements re-association rebinding process with a target access controller (AC) over a target WTP. A base key is requested by the target AC from an associated AC. An associated WTP is informed to delete the STA by the associated AC, and the target WTP is informed to add the STA by the target AC. A session key is negotiated based on the requested base key by the STA and the target AC, and is synchronized between the target AC and the target WTP. The method enables fast and safe switching of the STA between WTPs under the control of different controllers in the convergent WLAN based on WAPI protocol.

摘要翻译： 本发明涉及无线终端（WTP）完成融合WLAN中的无线局域网（WLAN）隐私基础设施（WPI）时的站（STA）切换的方法和系统。 该方法包括以下步骤。 STA通过目标访问控制器（AC）在目标WTP上实现重新关联重新绑定过程。 来自相关AC的目标AC请求基本密钥。 通知关联的WTP通过关联的AC删除STA，通知目标WTP通过目标AC添加STA。 会话密钥基于STA和目标AC所请求的基本密钥进行协商，并在目标AC与目标WTP之间同步。 该方法能够在基于WAPI协议的融合WLAN中的不同控制器的控制下，在WTP之间快速，安全地切换STA。

公开(公告)号：US20110307943A1

公开(公告)日：2011-12-15

申请号：US13203645

申请日：2009-12-14

申请人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04W12/06 ,  H04W12/04 ,  H04L29/06

CPC分类号： H04W12/06 ,  H04L63/08 ,  H04L63/10 ,  H04W84/12

摘要： A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by an access controller is constructed through splitting the MAC function and the WAPI function of the wireless access point apart to a wireless terminal point and the access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the access controller realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station point by using WPI.

摘要翻译： 用于实现具有分离式媒体接入控制（MAC）模式的融合无线局域网（WLAN）认证和隐私基础设施（WAPI）网络架构的方法包括以下步骤：用于通过以下方式实现WLAN隐私基础设施（WPI）的分割MAC模式 通过将无线接入点的MAC功能和WAPI功能分离到无线终端点和接入控制器来构建接入控制器; 在接入控制器实现WPI的分割MAC模式下实现WAPI和融合WLAN网络系统架构的集成; 在站点，无线终端点和访问控制器之间执行关联连接处理; 执行在接入控制器和无线终端点之间通知执行WLAN认证基础设施（WAI）协议的开始的过程; 执行在站点和访问控制器之间执行WAI协议的过程; 执行用于在接入控制器和无线终端点之间通知执行WAI协议的结束的过程; 通过使用WPI在无线终端点和站点之间执行秘密通信处理。