公开(公告)号：US20110145890A1

公开(公告)日：2011-06-16

申请号：US13058099

申请日：2009-07-28

申请人： Manxia Tie ,  Jun Cao ,  Yuelei Xiao ,  Zhenhai Huang ,  Xiaolong Lai

发明人： Manxia Tie ,  Jun Cao ,  Yuelei Xiao ,  Zhenhai Huang ,  Xiaolong Lai

IPC分类号： G06F7/04

CPC分类号： H04W12/06 ,  H04W48/10

摘要： The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods.

摘要翻译： 本发明的实施例公开了适用于无线个人区域网（WPAN）的接入方法。 在协调器广播信标帧之后，根据信标帧，设备识别协调器对设备所需的认证需求和认证方式。 如果协调人对设备没有认证需求，则设备和协调人直接进行关联过程; 否则，根据所选择的认证方式和相应的认证机制协商信息，设备向协调器发送认证访问请求; 然后根据设备选择的认证方式，协调器与设备进行认证和会话密钥协商过程; 最后，协调器向设备发送认证接入响应，当认证接入响应的认证状态成功时，设备与协调器进行关联过程。 认证和会话密钥协商的过程可以基于原语控制，也可以基于端口控制。 如果设备与协调器成功关联，则协调器将网络地址分配给设备，因此设备可以正常与协调器进行通信。 本发明解决了现有WPAN接入方式安全性较低，效率较低的技术问题。

公开(公告)号：US20110078438A1

公开(公告)日：2011-03-31

申请号：US12994712

申请日：2009-05-27

申请人： Manxia Tie ,  Jun Cao ,  Zhenhai Huang ,  Xiaolong Lai

发明人： Manxia Tie ,  Jun Cao ,  Zhenhai Huang ,  Xiaolong Lai

IPC分类号： H04L9/32

CPC分类号： H04L9/0844 ,  H04L9/3213 ,  H04L9/3263 ,  H04L9/3273 ,  H04L63/0823 ,  H04L63/0869 ,  H04W12/06

摘要： An entity bidirectional-identification method for supporting fast handoff involves three security elements, which includes two identification elements A and B and a trusted third party (TP). All identification entities of a same element share a public key certification or own a same public key. When any identification entity in identification element A and any identification entity in identification element B need to identify each other, if identification protocol has never been operated between the two identification elements that they belong to respectively, the whole identification protocol process will be operated; otherwise, interaction of identification protocol will be acted only between the two identification entities. Application of the present invention not only centralizes management of public key and simplifies protocol operation condition, but also utilizes the concept of security domain so as to reduce management complexity of public key, shorten identification time and satisfy fast handoff requirements on the premises of guaranteeing security characteristics such as one key for every pair of identification entities, one secret key for every identification and forward secrecy.

摘要翻译： 用于支持快速切换的实体双向识别方法涉及三个安全元件，其包括两个识别元件A和B以及可信第三方（TP）。 同一元素的所有识别实体共享公钥证书或拥有相同的公钥。 当识别元素A中的任何识别实体和识别元素B中的任何识别实体需要彼此识别时，如果识别协议在它们所属的两个识别元素之间从未被操作，则整个标识协议过程将被操作; 否则，识别协议的交互将仅在两个识别实体之间起作用。 本发明的应用不仅集中了公钥的管理，简化了协议的运行状况，而且利用了安全域的概念，降低了公钥的管理复杂度，缩短了识别时间，满足了保证安全性的前提下的快速切换要求 特征如每对识别实体的一个密钥，每个识别和转发保密的一个秘密密钥。

公开(公告)号：US20100316221A1

公开(公告)日：2010-12-16

申请号：US12863304

申请日：2009-01-14

申请人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/08 ,  H04L9/00

CPC分类号： H04W12/04 ,  H04L9/0822 ,  H04L9/0844 ,  H04L9/0891 ,  H04L63/062 ,  H04L2209/80 ,  H04N7/1675 ,  H04N21/25816 ,  H04N21/64784

摘要： A secure transmission method for broadband wireless multimedia network broadcasting communication includes the following steps: a secure channel between big base station and small base station is established by utilizing security protocols; the big base station distributes a Broadcast Traffic Encryption Key to each small base station through the secure channel; the small base station transmits the Broadcast Traffic Encryption Key to the user passing the authentication and authorization. The above solution solves the problem of broadcast secure communication of the big base station working in the mixed covering mode of large and small cells, realizes the identification of not only the user but also the base station, and ensures that only the authorized user can receive broadcast service.

摘要翻译： 一种用于宽带无线多媒体网络广播通信的安全传输方法包括以下步骤：利用安全协议建立大基站与小型基站之间的安全通道; 大基站通过安全通道向每个小型基站分配广播业务加密密钥; 小基站向通过认证授权的用户发送广播业务加密密钥。 以上解决方案解决了以大小小区混合覆盖模式工作的大型基站的广播安全通信问题，不仅可以对用户进行识别，而且可以实现基站识别，确保只有授权用户可以接收 广播服务。

公开(公告)号：US20100257361A1

公开(公告)日：2010-10-07

申请号：US12743168

申请日：2008-11-14

申请人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Liaojun Pang ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L63/06 ,  H04L9/0844 ,  H04L9/3236 ,  H04L9/3273 ,  H04L63/1458 ,  H04W12/04 ,  H04W12/12

摘要： A key management method, is an enhanced RSNA four-way Handshake protocol. Its preceding two way Handshake processes comprise: 1), an authenticator sending a new message 1 which is added a Key Negotiation IDentifier (KNID) and a Message Integrity Code (MIC) based on the intrinsic definition content of the message 1 to an supplicant; (2), after the supplicant receives the new message 1, checking whether the MIC therein is correct; if no, the supplicant discarding the received new message 1; if yes, checking the new message 2, if the checking is successful, sending a message 2 to the authenticator, the process of checking the new message is the same as checking process for the message 1 defined in the IEEE 802.11i-2004 standard document. The method solves the DoS attack problem of the key management protocol in the existing RSNA security mechanism.

摘要翻译： 一种密钥管理方法，是增强型RSNA四路握手协议。 其前两种握手过程包括：1）认证者发送新消息1，该新消息1基于消息1的内在定义内容向请求方添加了密钥协商标识符（KNID）和消息完整性代码（MIC）; （2），在请求者收到新消息1后，检查其中的MIC是否正确; 如果不是，请求者丢弃接收到的新消息1; 如果是，检查新消息2，如果检查成功，则向认证者发送消息2，检查新消息的过程与IEEE 802.11i-2004标准文档中定义的消息1的检查过程相同 。 该方法解决了现有RSNA安全机制中密钥管理协议的DoS攻击问题。

公开(公告)号：US20100031031A1

公开(公告)日：2010-02-04

申请号：US12442462

申请日：2007-07-16

申请人： Haibo Tian ,  Jun Cao ,  Liaojun Pang ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang

发明人： Haibo Tian ,  Jun Cao ,  Liaojun Pang ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang

IPC分类号： H04L9/32

CPC分类号： H04L9/3268 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0823 ,  H04L2209/60 ,  H04L2209/80

摘要： Exemplary embodiments of systems, methods and computer-accessible medium can be provided for obtaining and verifying a public key certificate status. In particular, it is possible to construct and send a certificate query request, construct and send a combined certificate query request, construct and send a combined certificate status response, deliver a certificate status response, perform a verification by the general access point, and/or perform a verification by the user equipment. The exemplary embodiments address some of the deficiencies of conventional methods which have a complicated implementation as well as likely inability of such conventional methods to be applied to the network architecture of user equipment, a general access point and a server. The exemplary embodiments of the systems, methods and computer-accessible medium can obtain a user certificate status to provide certificate statuses of the user or the user equipment and the general access point when the user equipment accesses the network via the general access point. Message exchanges can be reduced, bandwidth and calculation resources can be saved, and higher efficiency can be achieved. According to another exemplary embodiment, by way of adding random numbers into the certificate query request and the combined certificate query request, as well as the message m, freshness of the certificate status response can be facilitated and even ensured, and security protection can be enhanced.

摘要翻译： 可以提供系统，方法和计算机可访问介质的示例性实施例，以获得和验证公钥证书状态。 特别地，可以构建和发送证书查询请求，构造和发送组合的证书查询请求，构造并发送组合证书状态响应，递送证书状态响应，由一般接入点执行验证和/ 或执行用户设备的验证。 示例性实施例解决了具有复杂实现的常规方法的一些缺陷以及这种常规方法可能不适用于用户设备，通用接入点和服务器的网络架构的一些缺陷。 当用户设备经由通用接入点访问网络时，系统，方法和计算机可访问介质的示例性实施例可以获得用户证书状态以提供用户或用户设备以及通用接入点的证书状态。 可以减少消息交换，节省带宽和计算资源，实现更高的效率。 根据另一示例性实施例，通过在证书查询请求和组合证书查询请求中添加随机数以及消息m，可以促进并甚至确保证书状态响应的新鲜度，并且可以增强安全性保护 。

公开(公告)号：US20120079561A1

公开(公告)日：2012-03-29

申请号：US13377098

申请日：2009-12-09

申请人： Yuelei Xiao ,  Jun Cao ,  Zhenhai Huang ,  Li Ge

发明人： Yuelei Xiao ,  Jun Cao ,  Zhenhai Huang ,  Li Ge

IPC分类号： G06F21/20

CPC分类号： H04L63/0869 ,  H04L63/0876

摘要： An access control method for a TePA-based TNC architecture is provided, including: 1) performing encapsulation of user authentication protocol data and platform authentication protocol data in the TePA-based TNC architecture: 1.1) encapsulating the user authentication protocol data in a Data field of TAEP packets, and interacting with the TAEP packets between an access requestor and an access controller, and between the access controller and a policy manager, to perform mutual user authentication between the access requestor and the access controller, and establish a secure channel between the access requestor and the access controller; and 1.2) encapsulating the platform authentication protocol data in a Data field of TAEP packets, and, for platform authentication protocol data between the access requestor and the access controller, encapsulating a TAEP packet of the platform authentication protocol data in a Data field of another TAEP packet to form a nested encapsulation.

摘要翻译： 提供了一种基于TePA的TNC架构的访问控制方法，包括：1）在基于TePA的TNC架构中执行用户认证协议数据和平台认证协议数据的封装：1.1）将用户认证协议数据封装在数据字段 的TAEP分组，并且与访问请求者和访问控制器之间的TAEP分组以及访问控制器和策略管理器之间的TAEP分组进行交互，以在接入请求者和接入控制器之间执行相互用户认证，并在接入控制器和接入控制器之间建立安全信道 访问请求者和访问控制器; 和1.2）将平台认证协议数据封装在TAEP数据包的数据字段中，并且对于接入请求者和接入控制器之间的平台认证协议数据，将平台认证协议数据的TAEP分组封装在另一个TAEP的数据字段中 数据包形成嵌套封装。

公开(公告)号：US20110239271A1

公开(公告)日：2011-09-29

申请号：US13133333

申请日：2009-12-01

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L63/0869 ,  G06F21/31 ,  G06F21/6209 ,  G06F2221/2141 ,  H04L63/0876 ,  H04L63/10

摘要： A trusted network connection implementing method based on Tri-element Peer Authentication is provided in present invention, the method includes: step 1, configuring and initializing; step 2, requesting for network connection, wherein an access requester sends a network connection request to and access controller, and the access controller receives the network connection request; step 3, authenticating user ID; and step 4, authenticating a platform. The invention enhances the safety of the trusted network connection implementing method, widens the application range of the trusted network connection implementing method based on the Tri-element Peer Authentication, satisfies requirements of different network apparatuses and improves the efficiency of the trusted network connection implementing method based on the Tri-element Peer Authentication. The invention is not only applied to the trusted network connection of entities, but also applied to the trusted communication among the peer entities, and is further applied to the trusted management of the entities, thus the applicability of the trusted network connection implementing method based on the Tri-element Peer Authentication is improved.

摘要翻译： 本发明提供了一种基于三元素对等认证的可信网络连接实现方法，该方法包括：步骤1，配置和初始化; 步骤2，请求网络连接，其中访问请求者向网络连接请求发送和访问控制器，并且访问控制器接收网络连接请求; 步骤3，验证用户ID; 步骤4，验证平台。 本发明增强了可信网络连接实现方法的安全性，拓宽了基于三元对等认证的可信网络连接实现方法的应用范围，满足不同网络设备的要求，提高了可信网络连接实现方法的效率 基于三元素对等体认证。 本发明不仅应用于实体的可信网络连接，而且还应用于对等实体之间的可信任通信，并进一步应用于实体的可信管理，从而基于可信网络连接实现方法的适用性 三元素对等体验证得到改进。

公开(公告)号：US20110202992A1

公开(公告)日：2011-08-18

申请号：US13119909

申请日：2009-11-03

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： H04L63/083 ,  G06F21/33 ,  H04L9/321 ,  H04L9/3234 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/20 ,  H04L2209/80

摘要： A method for authenticating a trusted platform based on the Tri-element Peer Authentication (TePA). The method includes the following steps: A) a second attesting system sends the first message to a first attesting system; B) the first attesting system sends a second message to the second attesting system after receiving the first message; C) the second attesting system sends a third message to a Trusted Third Party (TTP) after receiving the second message; D) the TTP sends a fourth message to the second attesting system after receiving the third message; E) the second attesting system sends a fifth message to the first attesting system after receiving the fourth message; and F) the first attesting system performs an access control after receiving the fifth message. The method for authenticating a trusted platform based on TePA of the present invention adopts the security architecture of TePA, and improves the safety of an evaluation agreement of the trusted platform, realizes the mutual evaluation of the trusted platform between the attesting systems, and extends the application ranges.

摘要翻译： 一种基于三元素对等认证（TePA）认证可信平台的方法。 该方法包括以下步骤：A）第二证明系统将第一消息发送到第一认证系统; B）第一证明系统在接收到第一消息之后向第二认证系统发送第二消息; C）第二证明系统在接收到第二消息之后向受信任的第三方（TTP）发送第三消息; D）TTP在接收到第三消息之后向第二认证系统发送第四消息; E）第二证明系统在接收到第四消息之后向第一认证系统发送第五消息; 和F）第一认证系统在接收到第五消息之后执行访问控制。 本发明基于TePA认证信任平台的方法采用了TePA的安全架构，提高了可信平台评估协议的安全性，实现了认证系统之间信任平台的相互评估，并扩展了 应用范围。

公开(公告)号：US20110238996A1

公开(公告)日：2011-09-29

申请号：US13132842

申请日：2009-12-08

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L63/0823 ,  G06F21/445 ,  H04L63/061 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/123

摘要： A trusted network connect handshake method based on tri-element peer authentication is provided, which comprises the following steps. An access controller (AC) sends message 1 for handshake activation to an Access Requestor (AR). The AR sends message 2 for access handshake request to the AC after receiving message 1. The AC sends message 3 for certificate authentication and integrity evaluation request to a Policy Manager (PM) after receiving message 2. The PM sends message 4 for certificate authentication and integrity evaluation response to the AC after receiving message 3. The AC sends message 5 for access handshake response to the AR after receiving message 4. The trusted network connect handshake is completed after the AR receives message 5.

摘要翻译： 提供了一种基于三元对等体认证的可信网络连接握手方法，包括以下步骤。 访问控制器（AC）向接入请求者（AR）发送用于握手激活的消息1。 AR在接收到消息1后向AC发送接入握手请求消息2.AC在接收到消息2后向策略管理器（PM）发送证书认证和完整性评估请求消息3.PM发送消息4进行证书认证， 在接收到消息3之后，AC对AC进行完整性评估响应.AC在接收到消息4后向AC发送接入握手响应消息5.可信网络连接握手在AR收到消息5后完成。

公开(公告)号：US08931049B2

公开(公告)日：2015-01-06

申请号：US13133333

申请日：2009-12-01

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

IPC分类号： G06F7/04 ,  H04L29/06 ,  G06F21/31 ,  G06F21/62

CPC分类号： H04L63/0869 ,  G06F21/31 ,  G06F21/6209 ,  G06F2221/2141 ,  H04L63/0876 ,  H04L63/10

摘要： A trusted network connection implementing method based on Tri-element Peer Authentication is provided in present invention, the method includes: step 1, configuring and initializing; step 2, requesting for network connection, wherein an access requester sends a network connection request to and access controller, and the access controller receives the network connection request; step 3, authenticating user ID; and step 4, authenticating a platform. The invention enhances the safety of the trusted network connection implementing method, widens the application range of the trusted network connection implementing method based on the Tri-element Peer Authentication, satisfies requirements of different network apparatuses and improves the efficiency of the trusted network connection implementing method based on the Tri-element Peer Authentication.

摘要翻译： 本发明提供了一种基于三元素对等认证的可信网络连接实现方法，该方法包括：步骤1，配置和初始化; 步骤2，请求网络连接，其中访问请求者向网络连接请求发送和访问控制器，并且访问控制器接收网络连接请求; 步骤3，验证用户ID; 步骤4，验证平台。 本发明增强了可信网络连接实现方法的安全性，拓宽了基于三元对等认证的可信网络连接实现方法的应用范围，满足不同网络设备的要求，提高了可信网络连接实现方法的效率 基于三元素对等体认证。