公开(公告)号：US20120047555A1

公开(公告)日：2012-02-23

申请号：US13266856

申请日：2009-12-24

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

IPC分类号： G06F21/00 ,  G06F15/16

CPC分类号： H04L63/0823 ,  G06F21/445 ,  G06F21/57 ,  G06F2221/2103 ,  G06F2221/2115 ,  H04L9/321 ,  H04L9/3247 ,  H04L9/3263 ,  H04L9/3271 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/20

摘要： The invention discloses a platform authentication method suitable for trusted network connect (TNC) architecture based on tri-element peer authentication (TePA). The method relates to a platform authentication protocol of tri-element peer authentication, and the protocol improves network security as compared with prior platform authentication protocols; in the platform authentication protocol of the TNC architecture based on TePA, a policy manager plays a role as a trusted third party, which is convenient for concentrated management, thus enhancing manageability; the invention relates to the platform authentication protocol of the TNC architecture based on TePA, has different implementation methods and is beneficial for different dispositions and realizations.

摘要翻译： 本发明公开了一种适用于基于三元对等认证（TePA）的可信网络连接（TNC）架构的平台认证方法。 该方法涉及三元对等认证的平台认证协议，与以前的平台认证协议相比，该协议提高了网络安全性; 在基于TePA的TNC架构的平台认证协议中，一个策略管理员担任可信第三方的角色，方便集中管理，从而提高可管理性; 本发明涉及基于TePA的TNC架构的平台认证协议，具有不同的实现方法，有利于不同的配置和实现。

公开(公告)号：US08752126B2

公开(公告)日：2014-06-10

申请号：US13059547

申请日：2009-08-20

申请人： Liaojun Pang ,  Jun Cao ,  Manxia Tie

发明人： Liaojun Pang ,  Jun Cao ,  Manxia Tie

IPC分类号： G06F7/04 ,  G06F17/30 ,  G06F15/16 ,  H04L29/06

CPC分类号： H04W12/04 ,  H04L9/085 ,  H04L9/3073 ,  H04L63/062 ,  H04L2209/601

摘要： A method for enhancing the security of the multicast or broadcast system comprises the following steps: after having established the system parameter, the base station receives the register request message transmitted by the terminal, and the register request message carries the device identity information of the terminal; the base station registers the terminal according to the register request message and transmits the authorization key to the terminal after successful registration. By the base station establishing the specific system parameter, generating and awarding the corresponding terminal's key based on the parameter, the embodiment of the present invention can construct a secure network system of multicast or broadcast effectively and solve the security problem of the multicast or broadcast from the base station to the terminal in the network system.

摘要翻译： 一种用于增强多播或广播系统的安全性的方法包括以下步骤：在建立了系统参数之后，基站接收终端发送的注册请求消息，并且注册请求消息携带终端的设备身份信息 ; 基站根据注册请求消息注册终端，并在成功注册后向终端发送授权密钥。 由基站建立具体的系统参数，根据参数生成和授予相应的终端密钥，本发明的实施例可以有效构建安全的组播或广播网络系统，解决组播或广播的安全问题 基站到终端在网络系统中。

公开(公告)号：US20110289562A1

公开(公告)日：2011-11-24

申请号：US13059547

申请日：2009-08-20

申请人： Liaojun Pang ,  Jun Cao ,  Manxia Tie

发明人： Liaojun Pang ,  Jun Cao ,  Manxia Tie

IPC分类号： G06F17/30

CPC分类号： H04W12/04 ,  H04L9/085 ,  H04L9/3073 ,  H04L63/062 ,  H04L2209/601

摘要： A method for enhancing the security of the multicast or broadcast system comprises the following steps: after having established the system parameter, the base station receives the register request message transmitted by the terminal, and the register request message carries the device identity information of the terminal; the base station registers the terminal according to the register request message and transmits the authorization key to the terminal after successful registration. By the base station establishing the specific system parameter, generating and awarding the corresponding terminal's key based on the parameter, the embodiment of the present invention can construct a secure network system of multicast or broadcast effectively and solve the security problem of the multicast or broadcast from the base station to the terminal in the network system.

摘要翻译： 一种用于增强多播或广播系统的安全性的方法包括以下步骤：在建立了系统参数之后，基站接收终端发送的注册请求消息，并且注册请求消息携带终端的设备身份信息 ; 基站根据注册请求消息注册终端，并在成功注册后向终端发送授权密钥。 由基站建立具体的系统参数，根据参数生成和授予相应的终端密钥，本发明的实施例可以有效构建安全的组播或广播网络系统，解决组播或广播的安全问题 基站到终端在网络系统中。

公开(公告)号：US08588423B2

公开(公告)日：2013-11-19

申请号：US13060126

申请日：2009-08-20

申请人： Liaojun Pang ,  Jun Cao ,  Manxia Tie

发明人： Liaojun Pang ,  Jun Cao ,  Manxia Tie

IPC分类号： H04L9/08

CPC分类号： H04W12/04 ,  H04L9/0833 ,  H04L9/0844 ,  H04L9/0891 ,  H04L63/065 ,  H04W12/10 ,  H04W88/08

摘要： A multicast key distribution method, an update method, and a base station based on unicast conversation key, the distribution method includes the following steps: 1) the base station composes groups of multicast key distribution; 2) the base station broadcasts the groups of multicast key distribution to all terminals; 3) the terminals acquire the multicast conversation key through calculation. The present invention solves the problem that the efficiency of the multicast key distribution based on unicast conversation key is low in the prior art, and provides a multicast key distribution method based on unicast conversation key.

摘要翻译： 基于单播对话密钥的组播密钥分发方法，更新方法和基站，分发方法包括以下步骤：1）基站组成组播密钥分发组; 2）基站向所有终端广播组播密钥分发组播; 3）终端通过计算获取组播对话密钥。 本发明解决了现有技术中基于单播对话密钥的组播密钥分发的效率低的问题，并且提供了基于单播会话密钥的组播密钥分发方法。

公开(公告)号：US08495712B2

公开(公告)日：2013-07-23

申请号：US12519955

申请日：2007-06-25

申请人： Xiaolong Lai ,  Jun Cao ,  Manxia Tie ,  Bianling Zhang

发明人： Xiaolong Lai ,  Jun Cao ,  Manxia Tie ,  Bianling Zhang

IPC分类号： H04L29/00

CPC分类号： H04L63/0869

摘要： This invention relates to a peer-to-peer access control method of a triple-unit structure for safely implementing bidirectional authentication between the terminal and the network. According to the method, on the basis of the access control method of the existing double-unit triple-entity structure, the authenticator function is implemented in the access controller, and the authentication protocol function is implemented in the terminal and the access controller, so that the terminal, the access controller and the server all participate in the authentication, and the trust relationship is established between the terminal and the access controller directly, which renders security very reliable. The invention not only solves the technical problems of the access control method of the existing double-unit double-entity structure that the access flexibility is limited and the extension of the number of the access controllers is inconvenient, but also solves the technical problems of the existing access control method of the double-unit triple-entity structure that the process for establishing the trust relationship is complicated and the security of the network may be influenced, thus achieving advantages of high security performance, no requirement of changing existing network structures and relative independency of the authentication protocol.

摘要翻译： 本发明涉及用于在终端和网络之间安全地实现双向认证的三单元结构的对等接入控制方法。 根据该方法，在现有的双单元三实体结构的访问控制方法的基础上，在接入控制器中实现认证方的功能，在终端和接入控制器中实现认证协议功能， 终端，接入控制器和服务器都参与认证，直接在终端和接入控制器之间建立信任关系，使安全性非常可靠。 本发明不仅解决了现有的双单元双实体结构的访问控制方法的技术问题，即访问灵活性有限，访问控制器数量的扩展不方便，而且解决了 建立信任关系的过程复杂，网络安全性可能受影响的双单元三实体结构的现有访问控制方法，从而实现高安全性能的优势，无需改变现有网络结构和相对性 认证协议的独立性。

公开(公告)号：US20110194697A1

公开(公告)日：2011-08-11

申请号：US13060126

申请日：2009-08-20

申请人： Liaojun Pang ,  Jun Cao ,  Manxia Tie

发明人： Liaojun Pang ,  Jun Cao ,  Manxia Tie

IPC分类号： H04L9/08

CPC分类号： H04W12/04 ,  H04L9/0833 ,  H04L9/0844 ,  H04L9/0891 ,  H04L63/065 ,  H04W12/10 ,  H04W88/08

摘要： A multicast key distribution method, an update method, and a base station based on unicast conversation key, the distribution method includes the following steps: 1) the base station composes groups of multicast key distribution; 2) the base station broadcasts the groups of multicast key distribution to all terminals; 3) the terminals acquire the multicast conversation key by calculating. The present invention solves the problem that the efficiency of the multicast key distribution based on unicast conversation key is low in the prior art, and provides a multicast key distribution method based on unicast conversation key.

摘要翻译： 基于单播对话密钥的组播密钥分发方法，更新方法和基站，分发方法包括以下步骤：1）基站组成组播密钥分发组; 2）基站向所有终端广播组播密钥分发组播; 3）终端通过计算获取组播对话密钥。 本发明解决了现有技术中基于单播对话密钥的组播密钥分发的效率低的问题，并且提供了基于单播会话密钥的组播密钥分发方法。

公开(公告)号：US20110126000A1

公开(公告)日：2011-05-26

申请号：US13055296

申请日：2009-07-20

申请人： Liaojun Pang ,  Jun Cao ,  Manxia Tie

发明人： Liaojun Pang ,  Jun Cao ,  Manxia Tie

IPC分类号： H04W12/06 ,  H04W12/04

CPC分类号： H04L9/0869 ,  H04L9/083 ,  H04L9/3073 ,  H04L9/321 ,  H04L9/3271 ,  H04L2209/805

摘要： A method for accessing data safely, which is suitable for the electronic tag with low performance, is provided. The method comprises the following steps: when performing a data writing process, the first read-write device encrypts the message MSG and then writes the message in the electronic tag; when performing a data reading process, the second read-write device sends a data request packet to the electronic tag; the electronic tag sends a data response packet to the second read-write device according to the data request packet; the second read-write device sends a key request packet to a trusted third party; the trusted third party verifies the validity of the identity of the second read-write device according to the key request packet, and sends a key response packet to the second read-write device upon the verification is passed; the second read-write device obtains the plain text of the electronic tag message MSG according to the key response packet. This invention can realize the safe access of the data of the electronic tag with low performance.

摘要翻译： 提供了一种安全访问数据的方法，适用于低性能的电子标签。 该方法包括以下步骤：当执行数据写入处理时，第一读写装置加密消息MSG，然后将消息写入电子标签; 当执行数据读取处理时，第二读写装置向电子标签发送数据请求包; 电子标签根据数据请求包向第二读写装置发送数据响应包; 第二读写装置向可信第三方发送密钥请求包; 受信任的第三方根据密钥请求分组验证第二读写装置的身份的有效性，并且在验证通过时向第二读写装置发送密钥响应分组; 第二读写装置根据密钥响应包获得电子标签消息MSG的明文。 本发明可以实现低性能电子标签数据的安全访问。

公开(公告)号：US08332628B2

公开(公告)日：2012-12-11

申请号：US13055296

申请日：2009-07-20

申请人： Liaojun Pang ,  Jun Cao ,  Manxia Tie

发明人： Liaojun Pang ,  Jun Cao ,  Manxia Tie

IPC分类号： H04L29/06

CPC分类号： H04L9/0869 ,  H04L9/083 ,  H04L9/3073 ,  H04L9/321 ,  H04L9/3271 ,  H04L2209/805

摘要： A method for accessing data safely, which is suitable for the electronic tag with low performance, is provided. The method comprises the following steps: when performing a data writing process, the first read-write device encrypts the message MSG and then writes the message in the electronic tag; when performing a data reading process, the second read-write device sends a data request packet to the electronic tag; the electronic tag sends a data response packet to the second read-write device according to the data request packet; the second read-write device sends a key request packet to a trusted third party; the trusted third party verifies the validity of the identity of the second read-write device according to the key request packet, and sends a key response packet to the second read-write device upon the verification is passed; the second read-write device obtains the plain text of the electronic tag message MSG according to the key response packet. This invention can realize the safe access of the data of the electronic tag with low performance.

摘要翻译： 提供了一种安全访问数据的方法，适用于低性能的电子标签。 该方法包括以下步骤：当执行数据写入处理时，第一读写装置加密消息MSG，然后将消息写入电子标签; 当执行数据读取处理时，第二读写装置向电子标签发送数据请求包; 电子标签根据数据请求包向第二读写装置发送数据响应包; 第二读写装置向可信第三方发送密钥请求包; 受信任的第三方根据密钥请求分组验证第二读写装置的身份的有效性，并且在验证通过时向第二读写装置发送密钥响应分组; 第二读写装置根据密钥响应包获得电子标签消息MSG的明文。 本发明可以实现低性能电子标签数据的安全访问。

公开(公告)号：US20100037302A1

公开(公告)日：2010-02-11

申请号：US12519955

申请日：2007-06-25

申请人： Xiaolong Lai ,  Jun Cao ,  Manxia Tie ,  Bianling Zhang

发明人： Xiaolong Lai ,  Jun Cao ,  Manxia Tie ,  Bianling Zhang

IPC分类号： H04L29/06

CPC分类号： H04L63/0869

摘要： This invention relates to a peer-to-peer access control method of a triple-unit structure for safely implementing bidirectional authentication between the terminal and the network. According to the method, on the basis of the access control method of the existing double-unit triple-entity structure, the authenticator function is implemented in the access controller, and the authentication protocol function is implemented in the terminal and the access controller, so that the terminal, the access controller and the server all participate in the authentication, and the trust relationship is established between the terminal and the access controller directly, which renders security very reliable. The invention not only solves the technical problems of the access control method of the existing double-unit double-entity structure that the access flexibility is limited and the extension of the number of the access controllers is inconvenient, but also solves the technical problems of the existing access control method of the double-unit triple-entity structure that the process for establishing the trust relationship is complicated and the security of the network may be influenced, thus achieving advantages of high security performance, no requirement of changing existing network structures and relative independency of the authentication protocol.

摘要翻译： 本发明涉及用于在终端和网络之间安全地实现双向认证的三单元结构的对等接入控制方法。 根据该方法，在现有的双单元三实体结构的访问控制方法的基础上，在接入控制器中实现认证方的功能，在终端和接入控制器中实现认证协议功能， 终端，接入控制器和服务器都参与认证，直接在终端和接入控制器之间建立信任关系，使安全性非常可靠。 本发明不仅解决了现有的双单元双实体结构的访问控制方法的技术问题，即访问灵活性有限，访问控制器数量的扩展不方便，而且解决了 建立信任关系的过程复杂，网络安全性可能受影响的双单元三实体结构的现有访问控制方法，从而实现高安全性能的优势，无需改变现有网络结构和相对性 认证协议的独立性。

公开(公告)号：US08631232B2

公开(公告)日：2014-01-14

申请号：US12863272

申请日：2009-01-14

申请人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang ,  Bianling Zhang ,  Zhiqiang Qin ,  Qizhu Song

发明人： Yuelei Xiao ,  Jun Cao ,  Xiaolong Lai ,  Zhenhai Huang ,  Bianling Zhang ,  Zhiqiang Qin ,  Qizhu Song

IPC分类号： H04L29/00

CPC分类号： H04W12/04 ,  H04L63/205 ,  H04W12/06

摘要： A wireless personal area network accessing method is provided, the method includes that: a coordinator broadcasts a beacon frame, the beacon frame includes the information about whether the coordinator sends an authentication requirement, the beacon frame also includes the authentication supported by the coordinator and key management package when a device receipts the authentication requirement, the device receives the beacon frame, the authentication between the coordinator and the device is made by using a authentication method corresponding to the authentication supported by the coordinator and key management package, when the device determines that the coordinator and the device is directly made according to the authentication result, or the association between the coordinator and the device is made after making session key negotiation.

摘要翻译： 提供了无线个人区域网络访问方法，该方法包括：协调器广播信标帧，信标帧包括关于协调器是否发送认证要求的信息，信标帧还包括由协调器和密钥支持的认证 管理包，当设备收到认证要求时，设备收到信标帧，协调器和设备之间的认证是通过使用与协调器和密钥管理包所支持的认证相对应的认证方法进行的，当设备确定 协调器和设备根据认证结果直接进行，或者在进行会话密钥协商之后进行协调器与设备之间的关联。