公开(公告)号：US20100316221A1

公开(公告)日：2010-12-16

申请号：US12863304

申请日：2009-01-14

申请人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/08 ,  H04L9/00

CPC分类号： H04W12/04 ,  H04L9/0822 ,  H04L9/0844 ,  H04L9/0891 ,  H04L63/062 ,  H04L2209/80 ,  H04N7/1675 ,  H04N21/25816 ,  H04N21/64784

摘要： A secure transmission method for broadband wireless multimedia network broadcasting communication includes the following steps: a secure channel between big base station and small base station is established by utilizing security protocols; the big base station distributes a Broadcast Traffic Encryption Key to each small base station through the secure channel; the small base station transmits the Broadcast Traffic Encryption Key to the user passing the authentication and authorization. The above solution solves the problem of broadcast secure communication of the big base station working in the mixed covering mode of large and small cells, realizes the identification of not only the user but also the base station, and ensures that only the authorized user can receive broadcast service.

摘要翻译： 一种用于宽带无线多媒体网络广播通信的安全传输方法包括以下步骤：利用安全协议建立大基站与小型基站之间的安全通道; 大基站通过安全通道向每个小型基站分配广播业务加密密钥; 小基站向通过认证授权的用户发送广播业务加密密钥。 以上解决方案解决了以大小小区混合覆盖模式工作的大型基站的广播安全通信问题，不仅可以对用户进行识别，而且可以实现基站识别，确保只有授权用户可以接收 广播服务。

公开(公告)号：US20100257361A1

公开(公告)日：2010-10-07

申请号：US12743168

申请日：2008-11-14

申请人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L63/06 ,  H04L9/0844 ,  H04L9/3236 ,  H04L9/3273 ,  H04L63/1458 ,  H04W12/04 ,  H04W12/12

摘要： A key management method, is an enhanced RSNA four-way Handshake protocol. Its preceding two way Handshake processes comprise: 1), an authenticator sending a new message 1 which is added a Key Negotiation IDentifier (KNID) and a Message Integrity Code (MIC) based on the intrinsic definition content of the message 1 to an supplicant; (2), after the supplicant receives the new message 1, checking whether the MIC therein is correct; if no, the supplicant discarding the received new message 1; if yes, checking the new message 2, if the checking is successful, sending a message 2 to the authenticator, the process of checking the new message is the same as checking process for the message 1 defined in the IEEE 802.11i-2004 standard document. The method solves the DoS attack problem of the key management protocol in the existing RSNA security mechanism.

摘要翻译： 一种密钥管理方法，是增强型RSNA四路握手协议。 其前两种握手过程包括：1）认证者发送新消息1，该新消息1基于消息1的内在定义内容向请求方添加了密钥协商标识符（KNID）和消息完整性代码（MIC）; （2），在请求者收到新消息1后，检查其中的MIC是否正确; 如果不是，请求者丢弃接收到的新消息1; 如果是，检查新消息2，如果检查成功，则向认证者发送消息2，检查新消息的过程与IEEE 802.11i-2004标准文档中定义的消息1的检查过程相同 。 该方法解决了现有RSNA安全机制中密钥管理协议的DoS攻击问题。

公开(公告)号：US20100031031A1

公开(公告)日：2010-02-04

申请号：US12442462

申请日：2007-07-16

申请人： Haibo Tian ,  Jun Cao ,  Liaojun Pang ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang

发明人： Haibo Tian ,  Jun Cao ,  Liaojun Pang ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang

IPC分类号： H04L9/32

CPC分类号： H04L9/3268 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0823 ,  H04L2209/60 ,  H04L2209/80

摘要： Exemplary embodiments of systems, methods and computer-accessible medium can be provided for obtaining and verifying a public key certificate status. In particular, it is possible to construct and send a certificate query request, construct and send a combined certificate query request, construct and send a combined certificate status response, deliver a certificate status response, perform a verification by the general access point, and/or perform a verification by the user equipment. The exemplary embodiments address some of the deficiencies of conventional methods which have a complicated implementation as well as likely inability of such conventional methods to be applied to the network architecture of user equipment, a general access point and a server. The exemplary embodiments of the systems, methods and computer-accessible medium can obtain a user certificate status to provide certificate statuses of the user or the user equipment and the general access point when the user equipment accesses the network via the general access point. Message exchanges can be reduced, bandwidth and calculation resources can be saved, and higher efficiency can be achieved. According to another exemplary embodiment, by way of adding random numbers into the certificate query request and the combined certificate query request, as well as the message m, freshness of the certificate status response can be facilitated and even ensured, and security protection can be enhanced.

摘要翻译： 可以提供系统，方法和计算机可访问介质的示例性实施例，以获得和验证公钥证书状态。 特别地，可以构建和发送证书查询请求，构造和发送组合的证书查询请求，构造并发送组合证书状态响应，递送证书状态响应，由一般接入点执行验证和/ 或执行用户设备的验证。 示例性实施例解决了具有复杂实现的常规方法的一些缺陷以及这种常规方法可能不适用于用户设备，通用接入点和服务器的网络架构的一些缺陷。 当用户设备经由通用接入点访问网络时，系统，方法和计算机可访问介质的示例性实施例可以获得用户证书状态以提供用户或用户设备以及通用接入点的证书状态。 可以减少消息交换，节省带宽和计算资源，实现更高的效率。 根据另一示例性实施例，通过在证书查询请求和组合证书查询请求中添加随机数以及消息m，可以促进并甚至确保证书状态响应的新鲜度，并且可以增强安全性保护 。

公开(公告)号：US09047449B2

公开(公告)日：2015-06-02

申请号：US13819698

申请日：2010-12-21

申请人： Zhiqiang Du ,  Manxia Tie ,  Yanan Hu ,  Zhenhai Huang

发明人： Zhiqiang Du ,  Manxia Tie ,  Yanan Hu ,  Zhenhai Huang

IPC分类号： G06F15/16 ,  G06F7/04 ,  G11C7/00 ,  H04L9/32 ,  G06F21/30 ,  H04L29/06

CPC分类号： G06F21/30 ,  H04L9/3273 ,  H04L63/08 ,  H04L63/0884 ,  H04L2209/805

摘要： A method and a system for entity authentication in a resource-limited network are provided by the present invention. Said method comprises the following steps: 1) entity A sends an authentication request message to entity B; 2) after receiving the authentication request message, entity B sends an authentication response message to entity A; and 3) entity A determines the validity of entity B according to the received authentication response message. The authentication between entities in a resource-limited network can be implemented by the application of the present invention.

摘要翻译： 本发明提供了一种资源有限的网络中用于实体认证的方法和系统。 所述方法包括以下步骤：1）实体A向实体B发送认证请求消息; 2）接收认证请求消息后，实体B向实体A发送认证响应消息; 3）实体A根据收到的认证响应消息确定实体B的有效性。 可以通过本发明的应用来实现资源有限的网络中的实体之间的认证。

公开(公告)号：US20100250941A1

公开(公告)日：2010-09-30

申请号：US12743032

申请日：2008-11-14

申请人： Manxia Tie ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L63/06 ,  H04L9/0844 ,  H04L9/3236 ,  H04L9/3273 ,  H04L63/1458 ,  H04W12/04 ,  H04W12/06 ,  H04W12/12

摘要： A WAPI unicast secret key negotiation method includes the following steps: 1 a authenticator entity adds a message integrity code onto a unicast secret key negotiation request packet, and transmits it to a authentication supplicant entity; 2 after the authentication supplicant entity receives the unicast secret key negotiation request packet, it performs validation, and it discards the packet directly if it is not correct; the authentication supplicant entity performs other validation if it is correct; when the validation is successful, it responds a unicast secret key negotiation response packet to the authenticator entity; 3 after the authenticator entity receives the unicast secret key negotiation response packet, it performs validation, if the validation is successful, it responds the unicast secret key negotiation acknowledge packet to the authentication supplicant entity; 4 after the authentication supplicant entity receives the unicast secret key negotiation acknowledge packet, it performs validation, if the validation is successful it negotiates and obtains a consistent unicast session secret key. The present invention resolves the DoS attacking problem which exists in the unicast secret key management protocol in the present WAPI security mechanism.

摘要翻译： WAPI单播密钥协商方法包括以下步骤：1，认证方实体将消息完整性代码添加到单播密钥协商请求报文中，并发送给认证请求方; 2，认证请求方实体收到单播密钥协商请求报文后，执行验证，如果不正确丢弃报文; 验证请求者实体执行其他验证，如果它是正确的; 当验证成功时，它向认证者实体响应单播密钥协商响应包; 3，认证实体收到单播密钥协商响应报文后，执行验证，验证成功后，向认证请求方实体回应单播密钥协商确认报文; 如图4所示，认证请求方实体接收到单播密钥协商确认报文后，执行验证，验证成功后，协商并获得一致的单播会话密钥。 本发明解决了目前的WAPI安全机制中的单播密钥管理协议中存在的DoS攻击问题。

公开(公告)号：US08547205B2

公开(公告)日：2013-10-01

申请号：US13056856

申请日：2009-07-28

申请人： Liaojun Pang ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Liaojun Pang ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： G05B19/00 ,  H04Q5/22

CPC分类号： H04L63/0869 ,  H04L9/3236 ,  H04L9/3273 ,  H04L63/0492 ,  H04L2209/42 ,  H04L2209/805 ,  H04M15/48 ,  H04M2215/0156

摘要： An anonymous authentication method based on a pre-shared key, a reader-writer, an electronic tag and an anonymous bidirectional authentication system are disclosed. The method comprises the following steps: 1) a reader-writer sends an accessing authentication requirement group to the electronic tag; 2) after the electronic tag receives the accessing authentication requirement group, an accessing authentication response group is constructed and sent to the reader-writer; 3) after the reader-writer receives the accessing authentication response group, an accessing authentication confirmation group is constructed and sent to the electronic tag; 4) the electronic tag carries out confirmation according to the accessing authentication confirmation group.

摘要翻译： 公开了一种基于预共享密钥，读写器，电子标签和匿名双向认证系统的匿名认证方法。 该方法包括以下步骤：1）读写器向电子标签发送访问认证要求组; 2）电子标签收到接入认证要求组后，构建接入认证响应组并发送给读写器; 3）在读写器接收到访问认证响应组之后，建立访问认证确认组并发送给电子标签; 4）电子标签根据访问认证确认组进行确认。

公开(公告)号：US20110133883A1

公开(公告)日：2011-06-09

申请号：US13056856

申请日：2009-07-28

申请人： Liaojun Pang ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Liaojun Pang ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： G05B19/00 ,  H04L9/00

CPC分类号： H04L63/0869 ,  H04L9/3236 ,  H04L9/3273 ,  H04L63/0492 ,  H04L2209/42 ,  H04L2209/805 ,  H04M15/48 ,  H04M2215/0156

摘要： An anonymous authentication method based on a pre-shared key, a reader-writer, an electronic tag and an anonymous bidirectional authentication system are disclosed. The method comprises the following steps: 1) a reader-writer sends an accessing authentication requirement group to the electronic tag; 2) after the electronic tag receives the accessing authentication requirement group, an accessing authentication response group is constructed and sent to the reader-writer; 3) after the reader-writer receives the accessing authentication response group, an accessing authentication confirmation group is constructed and sent to the electronic tag; 4) the electronic tag carries out confirmation according to the accessing authentication confirmation group.

摘要翻译： 公开了一种基于预共享密钥，读写器，电子标签和匿名双向认证系统的匿名认证方法。 该方法包括以下步骤：1）读写器向电子标签发送访问认证要求组; 2）电子标签收到接入认证要求组后，构建接入认证响应组并发送给读写器; 3）在读写器接收到访问认证响应组之后，建立访问认证确认组并发送给电子标签; 4）电子标签根据访问认证确认组进行确认。

公开(公告)号：US08466775B2

公开(公告)日：2013-06-18

申请号：US13055092

申请日：2009-07-24

申请人： Liaojun Pang ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Liaojun Pang ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04Q5/22 ,  G05B19/00 ,  G05B23/00 ,  G01R31/08 ,  H04J1/16 ,  H04L29/06 ,  H04L9/32

CPC分类号： H04L9/3273 ,  H04L2209/42 ,  H04L2209/805

摘要： An electronic label authenticating method is provided, the method includes: the electronic label receives an accessing authenticating request group sent by a reader-writer, the group carries a first parameter selected by the reader-writer; the electronic label sends a response group of the accessing authenticating to the reader-writer, the response group of the accessing authenticating includes the first parameter and a second parameter selected by the electronic label; the electronic label receives an acknowledgement group of the accessing authenticating feed back by the reader-writer; the electronic label validates the acknowledgement group of the accessing authenticating. An electronic label authenticating system is also provided, the system includes a reader-writer and an electronic label.

摘要翻译： 提供电子标签认证方法，该方法包括：电子标签接收读写器发送的访问认证请求组，该组携带由读写器选择的第一参数; 电子标签将访问认证的响应组发送给读写器，访问认证的响应组包括由电子标签选择的第一参数和第二参数; 电子标签接收由读写器访问认证反馈的确认组; 电子标签验证访问认证的确认组。 还提供电子标签认证系统，该系统包括读写器和电子标签。

公开(公告)号：US20110133902A1

公开(公告)日：2011-06-09

申请号：US13055092

申请日：2009-07-24

申请人： Liaojun Pang ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Liaojun Pang ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： G06K7/01

CPC分类号： H04L9/3273 ,  H04L2209/42 ,  H04L2209/805

摘要： An electronic label authenticating method is provided, the method includes: the electronic label receives an accessing authenticating request group sent by a reader-writer, the group carries a first parameter selected by the reader-writer; the electronic label sends a response group of the accessing authenticating to the reader-writer, the response group of the accessing authenticating includes the first parameter and a second parameter selected by the electronic label; the electronic label receives an acknowledgement group of the accessing authenticating feed back by the reader-writer; the electronic label validates the acknowledgement group of the accessing authenticating. An electronic label authenticating system is also provided, the system includes a reader-writer and an electronic label.

摘要翻译： 提供电子标签认证方法，该方法包括：电子标签接收读写器发送的访问认证请求组，该组携带由读写器选择的第一参数; 电子标签将访问认证的响应组发送给读写器，访问认证的响应组包括由电子标签选择的第一参数和第二参数; 电子标签接收由读写器访问认证反馈的确认组; 电子标签验证访问认证的确认组。 还提供电子标签认证系统，该系统包括读写器和电子标签。

公开(公告)号：US20130326584A1

公开(公告)日：2013-12-05

申请号：US13819698

申请日：2010-12-21

申请人： Zhiqiang Du ,  Manxia Tie ,  Yanan Hu ,  Zhenhai Huang

发明人： Zhiqiang Du ,  Manxia Tie ,  Yanan Hu ,  Zhenhai Huang

IPC分类号： G06F21/30

CPC分类号： G06F21/30 ,  H04L9/3273 ,  H04L63/08 ,  H04L63/0884 ,  H04L2209/805

摘要： A method and a system for entity authentication in a resource-limited network are provided by the present invention. Said method comprises the following steps: 1) entity A sends an authentication request message to entity B; 2) after receiving the authentication request message, entity B sends an authentication response message to entity A; and 3) entity A determines the validity of entity B according to the received authentication response message. The authentication between entities in a resource-limited network can be implemented by the application of the present invention.

摘要翻译： 本发明提供了一种资源有限的网络中用于实体认证的方法和系统。 所述方法包括以下步骤：1）实体A向实体B发送认证请求消息; 2）接收认证请求消息后，实体B向实体A发送认证响应消息; 3）实体A根据收到的认证响应消息确定实体B的有效性。 可以通过本发明的应用来实现资源有限的网络中的实体之间的认证。