公开(公告)号：US20100316221A1

公开(公告)日：2010-12-16

申请号：US12863304

申请日：2009-01-14

申请人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/08 ,  H04L9/00

CPC分类号： H04W12/04 ,  H04L9/0822 ,  H04L9/0844 ,  H04L9/0891 ,  H04L63/062 ,  H04L2209/80 ,  H04N7/1675 ,  H04N21/25816 ,  H04N21/64784

摘要： A secure transmission method for broadband wireless multimedia network broadcasting communication includes the following steps: a secure channel between big base station and small base station is established by utilizing security protocols; the big base station distributes a Broadcast Traffic Encryption Key to each small base station through the secure channel; the small base station transmits the Broadcast Traffic Encryption Key to the user passing the authentication and authorization. The above solution solves the problem of broadcast secure communication of the big base station working in the mixed covering mode of large and small cells, realizes the identification of not only the user but also the base station, and ensures that only the authorized user can receive broadcast service.

摘要翻译： 一种用于宽带无线多媒体网络广播通信的安全传输方法包括以下步骤：利用安全协议建立大基站与小型基站之间的安全通道; 大基站通过安全通道向每个小型基站分配广播业务加密密钥; 小基站向通过认证授权的用户发送广播业务加密密钥。 以上解决方案解决了以大小小区混合覆盖模式工作的大型基站的广播安全通信问题，不仅可以对用户进行识别，而且可以实现基站识别，确保只有授权用户可以接收 广播服务。

公开(公告)号：US20100257361A1

公开(公告)日：2010-10-07

申请号：US12743168

申请日：2008-11-14

申请人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L63/06 ,  H04L9/0844 ,  H04L9/3236 ,  H04L9/3273 ,  H04L63/1458 ,  H04W12/04 ,  H04W12/12

摘要： A key management method, is an enhanced RSNA four-way Handshake protocol. Its preceding two way Handshake processes comprise: 1), an authenticator sending a new message 1 which is added a Key Negotiation IDentifier (KNID) and a Message Integrity Code (MIC) based on the intrinsic definition content of the message 1 to an supplicant; (2), after the supplicant receives the new message 1, checking whether the MIC therein is correct; if no, the supplicant discarding the received new message 1; if yes, checking the new message 2, if the checking is successful, sending a message 2 to the authenticator, the process of checking the new message is the same as checking process for the message 1 defined in the IEEE 802.11i-2004 standard document. The method solves the DoS attack problem of the key management protocol in the existing RSNA security mechanism.

摘要翻译： 一种密钥管理方法，是增强型RSNA四路握手协议。 其前两种握手过程包括：1）认证者发送新消息1，该新消息1基于消息1的内在定义内容向请求方添加了密钥协商标识符（KNID）和消息完整性代码（MIC）; （2），在请求者收到新消息1后，检查其中的MIC是否正确; 如果不是，请求者丢弃接收到的新消息1; 如果是，检查新消息2，如果检查成功，则向认证者发送消息2，检查新消息的过程与IEEE 802.11i-2004标准文档中定义的消息1的检查过程相同 。 该方法解决了现有RSNA安全机制中密钥管理协议的DoS攻击问题。

公开(公告)号：US20100031031A1

公开(公告)日：2010-02-04

申请号：US12442462

申请日：2007-07-16

申请人： Haibo Tian ,  Jun Cao ,  Liaojun Pang ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang

发明人： Haibo Tian ,  Jun Cao ,  Liaojun Pang ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang

IPC分类号： H04L9/32

CPC分类号： H04L9/3268 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0823 ,  H04L2209/60 ,  H04L2209/80

摘要： Exemplary embodiments of systems, methods and computer-accessible medium can be provided for obtaining and verifying a public key certificate status. In particular, it is possible to construct and send a certificate query request, construct and send a combined certificate query request, construct and send a combined certificate status response, deliver a certificate status response, perform a verification by the general access point, and/or perform a verification by the user equipment. The exemplary embodiments address some of the deficiencies of conventional methods which have a complicated implementation as well as likely inability of such conventional methods to be applied to the network architecture of user equipment, a general access point and a server. The exemplary embodiments of the systems, methods and computer-accessible medium can obtain a user certificate status to provide certificate statuses of the user or the user equipment and the general access point when the user equipment accesses the network via the general access point. Message exchanges can be reduced, bandwidth and calculation resources can be saved, and higher efficiency can be achieved. According to another exemplary embodiment, by way of adding random numbers into the certificate query request and the combined certificate query request, as well as the message m, freshness of the certificate status response can be facilitated and even ensured, and security protection can be enhanced.

摘要翻译： 可以提供系统，方法和计算机可访问介质的示例性实施例，以获得和验证公钥证书状态。 特别地，可以构建和发送证书查询请求，构造和发送组合的证书查询请求，构造并发送组合证书状态响应，递送证书状态响应，由一般接入点执行验证和/ 或执行用户设备的验证。 示例性实施例解决了具有复杂实现的常规方法的一些缺陷以及这种常规方法可能不适用于用户设备，通用接入点和服务器的网络架构的一些缺陷。 当用户设备经由通用接入点访问网络时，系统，方法和计算机可访问介质的示例性实施例可以获得用户证书状态以提供用户或用户设备以及通用接入点的证书状态。 可以减少消息交换，节省带宽和计算资源，实现更高的效率。 根据另一示例性实施例，通过在证书查询请求和组合证书查询请求中添加随机数以及消息m，可以促进并甚至确保证书状态响应的新鲜度，并且可以增强安全性保护 。

公开(公告)号：US09009466B2

公开(公告)日：2015-04-14

申请号：US13995641

申请日：2011-06-17

申请人： Qin Li ,  Jun Cao ,  Manxia Tie

发明人： Qin Li ,  Jun Cao ,  Manxia Tie

IPC分类号： H04L29/06 ,  H04L9/08

CPC分类号： H04L63/0428 ,  H04L9/08 ,  H04L63/162

摘要： There are a terminal device capable of link layer encryption and decryption and a data process method thereof, and the terminal device includes a link layer processing module including a control module, a data frame encryption module, a data frame decryption module, a key management module, an algorithm module, a transmission port and a reception port; and the control module is connected with the transmission port through the data frame encryption module, the reception port is connected with the control module through the data frame decryption module, the control module is connected with the key management module, the data frame encryption module is connected with the data frame decryption module through the key management module, and the data frame encryption module is connected with the data frame decryption module through the algorithm module.

摘要翻译： 存在能够进行链路层加密和解密的终端设备及其数据处理方法，并且终端设备包括链路层处理模块，该链路层处理模块包括控制模块，数据帧加密模块，数据帧解密模块，密钥管理模块 算法模块，传输端口和接收端口; 控制模块通过数据帧加密模块与传输端口连接，接收端口通过数据帧解密模块与控制模块连接，控制模块与密钥管理模块连接，数据帧加密模块为 通过密钥管理模块与数据帧解密模块相连，数据帧加密模块通过算法模块与数据帧解密模块连接。

公开(公告)号：US20130283045A1

公开(公告)日：2013-10-24

申请号：US13995641

申请日：2011-06-17

申请人： Qin Li ,  Jun Cao ,  Manxia Tie

发明人： Qin Li ,  Jun Cao ,  Manxia Tie

IPC分类号： H04L29/06 ,  H04L9/08

CPC分类号： H04L63/0428 ,  H04L9/08 ,  H04L63/162

摘要： There are a terminal device capable of link layer encryption and decryption and a data process method thereof, and the terminal device includes a link layer processing module including a control module, a data frame encryption module, a data frame decryption module, a key management module, an algorithm module, a transmission port and a reception port; and the control module is connected with the transmission port through the data frame encryption module, the reception port is connected with the control module through the data frame decryption module, the control module is connected with the key management module, the data frame encryption module is connected with the data frame decryption module through the key management module, and the data frame encryption module is connected with the data frame decryption module through the algorithm module.

摘要翻译： 存在能够进行链路层加密和解密的终端设备及其数据处理方法，并且终端设备包括链路层处理模块，该链路层处理模块包括控制模块，数据帧加密模块，数据帧解密模块，密钥管理模块 算法模块，传输端口和接收端口; 控制模块通过数据帧加密模块与传输端口连接，接收端口通过数据帧解密模块与控制模块连接，控制模块与密钥管理模块连接，数据帧加密模块为 通过密钥管理模块与数据帧解密模块相连，数据帧加密模块通过算法模块与数据帧解密模块连接。

公开(公告)号：US08755528B2

公开(公告)日：2014-06-17

申请号：US13516257

申请日：2010-05-21

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC分类号： G06F21/00

摘要： A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

公开(公告)号：US20120257755A1

公开(公告)日：2012-10-11

申请号：US13516257

申请日：2010-05-21

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC分类号： H04L9/08

CPC分类号： H04L9/083 ,  H04L63/061

摘要： A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

摘要翻译： 公开了一种在站间建立安全连接的方法和系统。 该方法包括：1）交换设备接收由第一用户终端发送的站间密钥请求分组; 2）交换设备生成站间密钥，构建站间密钥通告报文，并发送给第二用户终端; 3）交换设备接收由第二用户终端发送的站间密钥通告响应报文; 4）交换机构建一个站间密钥通知应答报文，并发送给第一用户终端; 5）交换机接收第一用户终端发送的站间密钥通告响应报文。 交换设备为直接连接到交换机设备的两个站建立站间密钥，本发明的实施例通过该站点密钥确保站点之间的用户数据的机密性和完整性。

公开(公告)号：US08843748B2

公开(公告)日：2014-09-23

申请号：US13702217

申请日：2011-01-10

申请人： Manxia Tie ,  Jun Cao ,  Qin Li ,  Li Ge

发明人： Manxia Tie ,  Jun Cao ,  Qin Li ,  Li Ge

IPC分类号： H04L29/06 ,  H04L9/08 ,  H04L12/18

CPC分类号： H04L9/0844 ,  H04L12/18 ,  H04L63/061

摘要： A method for establishing a secure network architecture, a method and system for secure communication are provided. The method for establishing a secure network architecture includes: 1) constructing the network architecture where the identities of nodes are legal, including: neighboring node discovery; performing identities certification and shared key negotiation between a node and the neighbor node; 2) constructing a secure switching device architecture, including: establishing a shared key between every two of the switch devices.

摘要翻译： 提供了一种用于建立安全网络架构的方法，一种用于安全通信的方法和系统。 建立安全网络架构的方法包括：1）构建节点身份合法的网络架构，包括：邻居节点发现; 执行节点与邻居节点之间的身份认证和共享密钥协商; 2）构建安全交换设备架构，包括：在每两个交换设备之间建立共享密钥。

公开(公告)号：US08831227B2

公开(公告)日：2014-09-09

申请号：US13516257

申请日：2010-05-21

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC分类号： G06F21/00 ,  H04L9/08 ,  H04L29/06

CPC分类号： H04L9/083 ,  H04L63/061

摘要： A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

摘要翻译： 公开了一种在站间建立安全连接的方法和系统。 该方法包括：1）交换设备接收由第一用户终端发送的站间密钥请求分组; 2）交换设备生成站间密钥，构建站间密钥通告报文，并发送给第二用户终端; 3）交换设备接收由第二用户终端发送的站间密钥通告响应报文; 4）交换机构建一个站间密钥通知应答报文，并发送给第一用户终端; 5）交换机接收第一用户终端发送的站间密钥通告响应报文。 交换设备为直接连接到交换机设备的两个站建立站间密钥，本发明的实施例通过该站点密钥确保站点之间的用户数据的机密性和完整性。

公开(公告)号：US20130080783A1

公开(公告)日：2013-03-28

申请号：US13702217

申请日：2011-01-10

申请人： Manxia Tie ,  Jun Cao ,  Qin Li ,  Li Ge

发明人： Manxia Tie ,  Jun Cao ,  Qin Li ,  Li Ge

IPC分类号： H04L9/08

CPC分类号： H04L9/0844 ,  H04L12/18 ,  H04L63/061

摘要： A method for establishing a secure network architecture, a method and system for secure communication are provided. Said method for establishing a secure network architecture includes: 1) constructing the network architecture where the identities of nodes are legal, including: neighboring node discovery; performing identities certification and shared key negotiation between a node and the neighbor node; 2) constructing a secure switching device architecture, including: establishing a shared key between every two of the switch devices.

摘要翻译： 提供了一种用于建立安全网络架构的方法，一种用于安全通信的方法和系统。 所述建立安全网络架构的方法包括：1）构建节点身份合法的网络架构，包括：邻居节点发现; 执行节点与邻居节点之间的身份认证和共享密钥协商; 2）构建安全交换设备架构，包括：在每两个交换设备之间建立共享密钥。