-
公开(公告)号:US20110145890A1
公开(公告)日:2011-06-16
申请号:US13058099
申请日:2009-07-28
申请人: Manxia Tie , Jun Cao , Yuelei Xiao , Zhenhai Huang , Xiaolong Lai
发明人: Manxia Tie , Jun Cao , Yuelei Xiao , Zhenhai Huang , Xiaolong Lai
IPC分类号: G06F7/04
摘要: The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods.
摘要翻译: 本发明的实施例公开了适用于无线个人区域网(WPAN)的接入方法。 在协调器广播信标帧之后,根据信标帧,设备识别协调器对设备所需的认证需求和认证方式。 如果协调人对设备没有认证需求,则设备和协调人直接进行关联过程; 否则,根据所选择的认证方式和相应的认证机制协商信息,设备向协调器发送认证访问请求; 然后根据设备选择的认证方式,协调器与设备进行认证和会话密钥协商过程; 最后,协调器向设备发送认证接入响应,当认证接入响应的认证状态成功时,设备与协调器进行关联过程。 认证和会话密钥协商的过程可以基于原语控制,也可以基于端口控制。 如果设备与协调器成功关联,则协调器将网络地址分配给设备,因此设备可以正常与协调器进行通信。 本发明解决了现有WPAN接入方式安全性较低,效率较低的技术问题。
-
72.发明申请公开(公告)号:US20110078438A1
公开(公告)日:2011-03-31
申请号:US12994712
申请日:2009-05-27
申请人: Manxia Tie , Jun Cao , Zhenhai Huang , Xiaolong Lai
发明人: Manxia Tie , Jun Cao , Zhenhai Huang , Xiaolong Lai
IPC分类号: H04L9/32
CPC分类号: H04L9/0844 , H04L9/3213 , H04L9/3263 , H04L9/3273 , H04L63/0823 , H04L63/0869 , H04W12/06
摘要: An entity bidirectional-identification method for supporting fast handoff involves three security elements, which includes two identification elements A and B and a trusted third party (TP). All identification entities of a same element share a public key certification or own a same public key. When any identification entity in identification element A and any identification entity in identification element B need to identify each other, if identification protocol has never been operated between the two identification elements that they belong to respectively, the whole identification protocol process will be operated; otherwise, interaction of identification protocol will be acted only between the two identification entities. Application of the present invention not only centralizes management of public key and simplifies protocol operation condition, but also utilizes the concept of security domain so as to reduce management complexity of public key, shorten identification time and satisfy fast handoff requirements on the premises of guaranteeing security characteristics such as one key for every pair of identification entities, one secret key for every identification and forward secrecy.
摘要翻译: 用于支持快速切换的实体双向识别方法涉及三个安全元件,其包括两个识别元件A和B以及可信第三方(TP)。 同一元素的所有识别实体共享公钥证书或拥有相同的公钥。 当识别元素A中的任何识别实体和识别元素B中的任何识别实体需要彼此识别时,如果识别协议在它们所属的两个识别元素之间从未被操作,则整个标识协议过程将被操作; 否则,识别协议的交互将仅在两个识别实体之间起作用。 本发明的应用不仅集中了公钥的管理,简化了协议的运行状况,而且利用了安全域的概念,降低了公钥的管理复杂度,缩短了识别时间,满足了保证安全性的前提下的快速切换要求 特征如每对识别实体的一个密钥,每个识别和转发保密的一个秘密密钥。
-
公开(公告)号:US08306229B2
公开(公告)日:2012-11-06
申请号:US12442513
申请日:2007-07-17
申请人: Liaojun Pang , Jun Cao , Haibo Tian , Zhenhai Huang , Bianling Zhang
发明人: Liaojun Pang , Jun Cao , Haibo Tian , Zhenhai Huang , Bianling Zhang
IPC分类号: H04L29/06
CPC分类号: H04L9/0891 , H04L2209/80 , H04W12/04 , H04W12/10
摘要: A method for managing network key and updating session key is provided. The step of the key management includes: constructing key request group, constructing key negotiation response group, and constructing key negotiation acknowledgement group. The step of multicasting key management method includes multicasting main key negotiation protocol and multicasting session key distribution protocol. The multicasting main key negotiation protocol comprises key updating informs group, constructing encryption key negotiation request group, constructing key negotiation response group and constructing key negotiation acknowledgement group. The multicasting session key distribution protocol comprises multicasting session key request and multicasting session key distribution.
摘要翻译: 提供了一种管理网络密钥和更新会话密钥的方法。 密钥管理的步骤包括:构建密钥请求组,建立密钥协商响应组,建立密钥协商确认组。 组播密钥管理方法的步骤包括组播主密钥协商协议和组播会话密钥分发协议。 组播主密钥协商协议包括密钥更新通知组,构建加密密钥协商请求组,建立密钥协商响应组,构建密钥协商确认组。 组播会话密钥分发协议包括组播会话密钥请求和组播会话密钥分发。
-
公开(公告)号:US08755528B2
公开(公告)日:2014-06-17
申请号:US13516257
申请日:2010-05-21
申请人: Li Ge , Jun Cao , Manxia Tie , Qin Li , Xiaolong Lai
发明人: Li Ge , Jun Cao , Manxia Tie , Qin Li , Xiaolong Lai
IPC分类号: G06F21/00
摘要: A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.
-
公开(公告)号:US20120257755A1
公开(公告)日:2012-10-11
申请号:US13516257
申请日:2010-05-21
申请人: Li Ge , Jun Cao , Manxia Tie , Qin Li , Xiaolong Lai
发明人: Li Ge , Jun Cao , Manxia Tie , Qin Li , Xiaolong Lai
IPC分类号: H04L9/08
CPC分类号: H04L9/083 , H04L63/061
摘要: A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.
摘要翻译: 公开了一种在站间建立安全连接的方法和系统。 该方法包括:1)交换设备接收由第一用户终端发送的站间密钥请求分组; 2)交换设备生成站间密钥,构建站间密钥通告报文,并发送给第二用户终端; 3)交换设备接收由第二用户终端发送的站间密钥通告响应报文; 4)交换机构建一个站间密钥通知应答报文,并发送给第一用户终端; 5)交换机接收第一用户终端发送的站间密钥通告响应报文。 交换设备为直接连接到交换机设备的两个站建立站间密钥,本发明的实施例通过该站点密钥确保站点之间的用户数据的机密性和完整性。
-
76.发明授权Terminal device capable of link layer encryption and decryption and data processing method thereof 有权能够进行链路层加密和解密的终端设备及其数据处理方法公开(公告)号:US09009466B2
公开(公告)日:2015-04-14
申请号:US13995641
申请日:2011-06-17
申请人: Qin Li , Jun Cao , Manxia Tie
发明人: Qin Li , Jun Cao , Manxia Tie
CPC分类号: H04L63/0428 , H04L9/08 , H04L63/162
摘要: There are a terminal device capable of link layer encryption and decryption and a data process method thereof, and the terminal device includes a link layer processing module including a control module, a data frame encryption module, a data frame decryption module, a key management module, an algorithm module, a transmission port and a reception port; and the control module is connected with the transmission port through the data frame encryption module, the reception port is connected with the control module through the data frame decryption module, the control module is connected with the key management module, the data frame encryption module is connected with the data frame decryption module through the key management module, and the data frame encryption module is connected with the data frame decryption module through the algorithm module.
摘要翻译: 存在能够进行链路层加密和解密的终端设备及其数据处理方法,并且终端设备包括链路层处理模块,该链路层处理模块包括控制模块,数据帧加密模块,数据帧解密模块,密钥管理模块 算法模块,传输端口和接收端口; 控制模块通过数据帧加密模块与传输端口连接,接收端口通过数据帧解密模块与控制模块连接,控制模块与密钥管理模块连接,数据帧加密模块为 通过密钥管理模块与数据帧解密模块相连,数据帧加密模块通过算法模块与数据帧解密模块连接。
-
77.发明申请TERMINAL DEVICE CAPABLE OF LINK LAYER ENCRYPTION AND DECRYPTION AND DATA PROCESSING METHOD THEREOF 有权能够连接层加密和解码的终端设备及其数据处理方法公开(公告)号:US20130283045A1
公开(公告)日:2013-10-24
申请号:US13995641
申请日:2011-06-17
申请人: Qin Li , Jun Cao , Manxia Tie
发明人: Qin Li , Jun Cao , Manxia Tie
CPC分类号: H04L63/0428 , H04L9/08 , H04L63/162
摘要: There are a terminal device capable of link layer encryption and decryption and a data process method thereof, and the terminal device includes a link layer processing module including a control module, a data frame encryption module, a data frame decryption module, a key management module, an algorithm module, a transmission port and a reception port; and the control module is connected with the transmission port through the data frame encryption module, the reception port is connected with the control module through the data frame decryption module, the control module is connected with the key management module, the data frame encryption module is connected with the data frame decryption module through the key management module, and the data frame encryption module is connected with the data frame decryption module through the algorithm module.
摘要翻译: 存在能够进行链路层加密和解密的终端设备及其数据处理方法,并且终端设备包括链路层处理模块,该链路层处理模块包括控制模块,数据帧加密模块,数据帧解密模块,密钥管理模块 算法模块,传输端口和接收端口; 控制模块通过数据帧加密模块与传输端口连接,接收端口通过数据帧解密模块与控制模块连接,控制模块与密钥管理模块连接,数据帧加密模块为 通过密钥管理模块与数据帧解密模块相连,数据帧加密模块通过算法模块与数据帧解密模块连接。
-
公开(公告)号:US08495712B2
公开(公告)日:2013-07-23
申请号:US12519955
申请日:2007-06-25
申请人: Xiaolong Lai , Jun Cao , Manxia Tie , Bianling Zhang
发明人: Xiaolong Lai , Jun Cao , Manxia Tie , Bianling Zhang
IPC分类号: H04L29/00
CPC分类号: H04L63/0869
摘要: This invention relates to a peer-to-peer access control method of a triple-unit structure for safely implementing bidirectional authentication between the terminal and the network. According to the method, on the basis of the access control method of the existing double-unit triple-entity structure, the authenticator function is implemented in the access controller, and the authentication protocol function is implemented in the terminal and the access controller, so that the terminal, the access controller and the server all participate in the authentication, and the trust relationship is established between the terminal and the access controller directly, which renders security very reliable. The invention not only solves the technical problems of the access control method of the existing double-unit double-entity structure that the access flexibility is limited and the extension of the number of the access controllers is inconvenient, but also solves the technical problems of the existing access control method of the double-unit triple-entity structure that the process for establishing the trust relationship is complicated and the security of the network may be influenced, thus achieving advantages of high security performance, no requirement of changing existing network structures and relative independency of the authentication protocol.
摘要翻译: 本发明涉及用于在终端和网络之间安全地实现双向认证的三单元结构的对等接入控制方法。 根据该方法,在现有的双单元三实体结构的访问控制方法的基础上,在接入控制器中实现认证方的功能,在终端和接入控制器中实现认证协议功能, 终端,接入控制器和服务器都参与认证,直接在终端和接入控制器之间建立信任关系,使安全性非常可靠。 本发明不仅解决了现有的双单元双实体结构的访问控制方法的技术问题,即访问灵活性有限,访问控制器数量的扩展不方便,而且解决了 建立信任关系的过程复杂,网络安全性可能受影响的双单元三实体结构的现有访问控制方法,从而实现高安全性能的优势,无需改变现有网络结构和相对性 认证协议的独立性。
-
79.发明授权Method for establishing secure network architecture, method and system for secure communication 有权建立安全网络架构,安全通信方法和系统的方法公开(公告)号:US08843748B2
公开(公告)日:2014-09-23
申请号:US13702217
申请日:2011-01-10
申请人: Manxia Tie , Jun Cao , Qin Li , Li Ge
发明人: Manxia Tie , Jun Cao , Qin Li , Li Ge
CPC分类号: H04L9/0844 , H04L12/18 , H04L63/061
摘要: A method for establishing a secure network architecture, a method and system for secure communication are provided. The method for establishing a secure network architecture includes: 1) constructing the network architecture where the identities of nodes are legal, including: neighboring node discovery; performing identities certification and shared key negotiation between a node and the neighbor node; 2) constructing a secure switching device architecture, including: establishing a shared key between every two of the switch devices.
摘要翻译: 提供了一种用于建立安全网络架构的方法,一种用于安全通信的方法和系统。 建立安全网络架构的方法包括:1)构建节点身份合法的网络架构,包括:邻居节点发现; 执行节点与邻居节点之间的身份认证和共享密钥协商; 2)构建安全交换设备架构,包括:在每两个交换设备之间建立共享密钥。
-
公开(公告)号:US20100037302A1
公开(公告)日:2010-02-11
申请号:US12519955
申请日:2007-06-25
申请人: Xiaolong Lai , Jun Cao , Manxia Tie , Bianling Zhang
发明人: Xiaolong Lai , Jun Cao , Manxia Tie , Bianling Zhang
IPC分类号: H04L29/06
CPC分类号: H04L63/0869
摘要: This invention relates to a peer-to-peer access control method of a triple-unit structure for safely implementing bidirectional authentication between the terminal and the network. According to the method, on the basis of the access control method of the existing double-unit triple-entity structure, the authenticator function is implemented in the access controller, and the authentication protocol function is implemented in the terminal and the access controller, so that the terminal, the access controller and the server all participate in the authentication, and the trust relationship is established between the terminal and the access controller directly, which renders security very reliable. The invention not only solves the technical problems of the access control method of the existing double-unit double-entity structure that the access flexibility is limited and the extension of the number of the access controllers is inconvenient, but also solves the technical problems of the existing access control method of the double-unit triple-entity structure that the process for establishing the trust relationship is complicated and the security of the network may be influenced, thus achieving advantages of high security performance, no requirement of changing existing network structures and relative independency of the authentication protocol.
摘要翻译: 本发明涉及用于在终端和网络之间安全地实现双向认证的三单元结构的对等接入控制方法。 根据该方法,在现有的双单元三实体结构的访问控制方法的基础上,在接入控制器中实现认证方的功能,在终端和接入控制器中实现认证协议功能, 终端,接入控制器和服务器都参与认证,直接在终端和接入控制器之间建立信任关系,使安全性非常可靠。 本发明不仅解决了现有的双单元双实体结构的访问控制方法的技术问题,即访问灵活性有限,访问控制器数量的扩展不方便,而且解决了 建立信任关系的过程复杂,网络安全性可能受影响的双单元三实体结构的现有访问控制方法,从而实现高安全性能的优势,无需改变现有网络结构和相对性 认证协议的独立性。
-
-
-
-
-
-
-
-
-
搜索结果
273 条记录 (耗时 0.022 秒)
