公开(公告)号：US20100316221A1

公开(公告)日：2010-12-16

申请号：US12863304

申请日：2009-01-14

申请人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/08 ,  H04L9/00

CPC分类号： H04W12/04 ,  H04L9/0822 ,  H04L9/0844 ,  H04L9/0891 ,  H04L63/062 ,  H04L2209/80 ,  H04N7/1675 ,  H04N21/25816 ,  H04N21/64784

摘要： A secure transmission method for broadband wireless multimedia network broadcasting communication includes the following steps: a secure channel between big base station and small base station is established by utilizing security protocols; the big base station distributes a Broadcast Traffic Encryption Key to each small base station through the secure channel; the small base station transmits the Broadcast Traffic Encryption Key to the user passing the authentication and authorization. The above solution solves the problem of broadcast secure communication of the big base station working in the mixed covering mode of large and small cells, realizes the identification of not only the user but also the base station, and ensures that only the authorized user can receive broadcast service.

摘要翻译： 一种用于宽带无线多媒体网络广播通信的安全传输方法包括以下步骤：利用安全协议建立大基站与小型基站之间的安全通道; 大基站通过安全通道向每个小型基站分配广播业务加密密钥; 小基站向通过认证授权的用户发送广播业务加密密钥。 以上解决方案解决了以大小小区混合覆盖模式工作的大型基站的广播安全通信问题，不仅可以对用户进行识别，而且可以实现基站识别，确保只有授权用户可以接收 广播服务。

公开(公告)号：US20100257361A1

公开(公告)日：2010-10-07

申请号：US12743168

申请日：2008-11-14

申请人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L63/06 ,  H04L9/0844 ,  H04L9/3236 ,  H04L9/3273 ,  H04L63/1458 ,  H04W12/04 ,  H04W12/12

摘要： A key management method, is an enhanced RSNA four-way Handshake protocol. Its preceding two way Handshake processes comprise: 1), an authenticator sending a new message 1 which is added a Key Negotiation IDentifier (KNID) and a Message Integrity Code (MIC) based on the intrinsic definition content of the message 1 to an supplicant; (2), after the supplicant receives the new message 1, checking whether the MIC therein is correct; if no, the supplicant discarding the received new message 1; if yes, checking the new message 2, if the checking is successful, sending a message 2 to the authenticator, the process of checking the new message is the same as checking process for the message 1 defined in the IEEE 802.11i-2004 standard document. The method solves the DoS attack problem of the key management protocol in the existing RSNA security mechanism.

摘要翻译： 一种密钥管理方法，是增强型RSNA四路握手协议。 其前两种握手过程包括：1）认证者发送新消息1，该新消息1基于消息1的内在定义内容向请求方添加了密钥协商标识符（KNID）和消息完整性代码（MIC）; （2），在请求者收到新消息1后，检查其中的MIC是否正确; 如果不是，请求者丢弃接收到的新消息1; 如果是，检查新消息2，如果检查成功，则向认证者发送消息2，检查新消息的过程与IEEE 802.11i-2004标准文档中定义的消息1的检查过程相同 。 该方法解决了现有RSNA安全机制中密钥管理协议的DoS攻击问题。

公开(公告)号：US20100031031A1

公开(公告)日：2010-02-04

申请号：US12442462

申请日：2007-07-16

申请人： Haibo Tian ,  Jun Cao ,  Liaojun Pang ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang

发明人： Haibo Tian ,  Jun Cao ,  Liaojun Pang ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang

IPC分类号： H04L9/32

CPC分类号： H04L9/3268 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0823 ,  H04L2209/60 ,  H04L2209/80

摘要： Exemplary embodiments of systems, methods and computer-accessible medium can be provided for obtaining and verifying a public key certificate status. In particular, it is possible to construct and send a certificate query request, construct and send a combined certificate query request, construct and send a combined certificate status response, deliver a certificate status response, perform a verification by the general access point, and/or perform a verification by the user equipment. The exemplary embodiments address some of the deficiencies of conventional methods which have a complicated implementation as well as likely inability of such conventional methods to be applied to the network architecture of user equipment, a general access point and a server. The exemplary embodiments of the systems, methods and computer-accessible medium can obtain a user certificate status to provide certificate statuses of the user or the user equipment and the general access point when the user equipment accesses the network via the general access point. Message exchanges can be reduced, bandwidth and calculation resources can be saved, and higher efficiency can be achieved. According to another exemplary embodiment, by way of adding random numbers into the certificate query request and the combined certificate query request, as well as the message m, freshness of the certificate status response can be facilitated and even ensured, and security protection can be enhanced.

摘要翻译： 可以提供系统，方法和计算机可访问介质的示例性实施例，以获得和验证公钥证书状态。 特别地，可以构建和发送证书查询请求，构造和发送组合的证书查询请求，构造并发送组合证书状态响应，递送证书状态响应，由一般接入点执行验证和/ 或执行用户设备的验证。 示例性实施例解决了具有复杂实现的常规方法的一些缺陷以及这种常规方法可能不适用于用户设备，通用接入点和服务器的网络架构的一些缺陷。 当用户设备经由通用接入点访问网络时，系统，方法和计算机可访问介质的示例性实施例可以获得用户证书状态以提供用户或用户设备以及通用接入点的证书状态。 可以减少消息交换，节省带宽和计算资源，实现更高的效率。 根据另一示例性实施例，通过在证书查询请求和组合证书查询请求中添加随机数以及消息m，可以促进并甚至确保证书状态响应的新鲜度，并且可以增强安全性保护 。

公开(公告)号：US08755528B2

公开(公告)日：2014-06-17

申请号：US13516257

申请日：2010-05-21

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC分类号： G06F21/00

摘要： A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

公开(公告)号：US20120257755A1

公开(公告)日：2012-10-11

申请号：US13516257

申请日：2010-05-21

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC分类号： H04L9/08

CPC分类号： H04L9/083 ,  H04L63/061

摘要： A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

摘要翻译： 公开了一种在站间建立安全连接的方法和系统。 该方法包括：1）交换设备接收由第一用户终端发送的站间密钥请求分组; 2）交换设备生成站间密钥，构建站间密钥通告报文，并发送给第二用户终端; 3）交换设备接收由第二用户终端发送的站间密钥通告响应报文; 4）交换机构建一个站间密钥通知应答报文，并发送给第一用户终端; 5）交换机接收第一用户终端发送的站间密钥通告响应报文。 交换设备为直接连接到交换机设备的两个站建立站间密钥，本发明的实施例通过该站点密钥确保站点之间的用户数据的机密性和完整性。

公开(公告)号：US08843748B2

公开(公告)日：2014-09-23

申请号：US13702217

申请日：2011-01-10

申请人： Manxia Tie ,  Jun Cao ,  Qin Li ,  Li Ge

发明人： Manxia Tie ,  Jun Cao ,  Qin Li ,  Li Ge

IPC分类号： H04L29/06 ,  H04L9/08 ,  H04L12/18

CPC分类号： H04L9/0844 ,  H04L12/18 ,  H04L63/061

摘要： A method for establishing a secure network architecture, a method and system for secure communication are provided. The method for establishing a secure network architecture includes: 1) constructing the network architecture where the identities of nodes are legal, including: neighboring node discovery; performing identities certification and shared key negotiation between a node and the neighbor node; 2) constructing a secure switching device architecture, including: establishing a shared key between every two of the switch devices.

摘要翻译： 提供了一种用于建立安全网络架构的方法，一种用于安全通信的方法和系统。 建立安全网络架构的方法包括：1）构建节点身份合法的网络架构，包括：邻居节点发现; 执行节点与邻居节点之间的身份认证和共享密钥协商; 2）构建安全交换设备架构，包括：在每两个交换设备之间建立共享密钥。

公开(公告)号：US08831227B2

公开(公告)日：2014-09-09

申请号：US13516257

申请日：2010-05-21

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC分类号： G06F21/00 ,  H04L9/08 ,  H04L29/06

CPC分类号： H04L9/083 ,  H04L63/061

摘要： A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

摘要翻译： 公开了一种在站间建立安全连接的方法和系统。 该方法包括：1）交换设备接收由第一用户终端发送的站间密钥请求分组; 2）交换设备生成站间密钥，构建站间密钥通告报文，并发送给第二用户终端; 3）交换设备接收由第二用户终端发送的站间密钥通告响应报文; 4）交换机构建一个站间密钥通知应答报文，并发送给第一用户终端; 5）交换机接收第一用户终端发送的站间密钥通告响应报文。 交换设备为直接连接到交换机设备的两个站建立站间密钥，本发明的实施例通过该站点密钥确保站点之间的用户数据的机密性和完整性。

公开(公告)号：US20130080783A1

公开(公告)日：2013-03-28

申请号：US13702217

申请日：2011-01-10

申请人： Manxia Tie ,  Jun Cao ,  Qin Li ,  Li Ge

发明人： Manxia Tie ,  Jun Cao ,  Qin Li ,  Li Ge

IPC分类号： H04L9/08

CPC分类号： H04L9/0844 ,  H04L12/18 ,  H04L63/061

摘要： A method for establishing a secure network architecture, a method and system for secure communication are provided. Said method for establishing a secure network architecture includes: 1) constructing the network architecture where the identities of nodes are legal, including: neighboring node discovery; performing identities certification and shared key negotiation between a node and the neighbor node; 2) constructing a secure switching device architecture, including: establishing a shared key between every two of the switch devices.

摘要翻译： 提供了一种用于建立安全网络架构的方法，一种用于安全通信的方法和系统。 所述建立安全网络架构的方法包括：1）构建节点身份合法的网络架构，包括：邻居节点发现; 执行节点与邻居节点之间的身份认证和共享密钥协商; 2）构建安全交换设备架构，包括：在每两个交换设备之间建立共享密钥。

公开(公告)号：US20110238996A1

公开(公告)日：2011-09-29

申请号：US13132842

申请日：2009-12-08

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L63/0823 ,  G06F21/445 ,  H04L63/061 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/123

摘要： A trusted network connect handshake method based on tri-element peer authentication is provided, which comprises the following steps. An access controller (AC) sends message 1 for handshake activation to an Access Requestor (AR). The AR sends message 2 for access handshake request to the AC after receiving message 1. The AC sends message 3 for certificate authentication and integrity evaluation request to a Policy Manager (PM) after receiving message 2. The PM sends message 4 for certificate authentication and integrity evaluation response to the AC after receiving message 3. The AC sends message 5 for access handshake response to the AR after receiving message 4. The trusted network connect handshake is completed after the AR receives message 5.

摘要翻译： 提供了一种基于三元对等体认证的可信网络连接握手方法，包括以下步骤。 访问控制器（AC）向接入请求者（AR）发送用于握手激活的消息1。 AR在接收到消息1后向AC发送接入握手请求消息2.AC在接收到消息2后向策略管理器（PM）发送证书认证和完整性评估请求消息3.PM发送消息4进行证书认证， 在接收到消息3之后，AC对AC进行完整性评估响应.AC在接收到消息4后向AC发送接入握手响应消息5.可信网络连接握手在AR收到消息5后完成。

公开(公告)号：US20120079561A1

公开(公告)日：2012-03-29

申请号：US13377098

申请日：2009-12-09

申请人： Yuelei Xiao ,  Jun Cao ,  Zhenhai Huang ,  Li Ge

发明人： Yuelei Xiao ,  Jun Cao ,  Zhenhai Huang ,  Li Ge

IPC分类号： G06F21/20

CPC分类号： H04L63/0869 ,  H04L63/0876

摘要： An access control method for a TePA-based TNC architecture is provided, including: 1) performing encapsulation of user authentication protocol data and platform authentication protocol data in the TePA-based TNC architecture: 1.1) encapsulating the user authentication protocol data in a Data field of TAEP packets, and interacting with the TAEP packets between an access requestor and an access controller, and between the access controller and a policy manager, to perform mutual user authentication between the access requestor and the access controller, and establish a secure channel between the access requestor and the access controller; and 1.2) encapsulating the platform authentication protocol data in a Data field of TAEP packets, and, for platform authentication protocol data between the access requestor and the access controller, encapsulating a TAEP packet of the platform authentication protocol data in a Data field of another TAEP packet to form a nested encapsulation.

摘要翻译： 提供了一种基于TePA的TNC架构的访问控制方法，包括：1）在基于TePA的TNC架构中执行用户认证协议数据和平台认证协议数据的封装：1.1）将用户认证协议数据封装在数据字段 的TAEP分组，并且与访问请求者和访问控制器之间的TAEP分组以及访问控制器和策略管理器之间的TAEP分组进行交互，以在接入请求者和接入控制器之间执行相互用户认证，并在接入控制器和接入控制器之间建立安全信道 访问请求者和访问控制器; 和1.2）将平台认证协议数据封装在TAEP数据包的数据字段中，并且对于接入请求者和接入控制器之间的平台认证协议数据，将平台认证协议数据的TAEP分组封装在另一个TAEP的数据字段中 数据包形成嵌套封装。