摘要:
A method and device for managing a digital certificate are provided. A digital certificate requesting device negotiates with a digital certificate issuing device by using an acquired authorization code, to establish a security data channel and generate a security key, and messages can be encrypted with the generated data communication key during a process of message interaction between the digital certificate requesting device and the digital certificate issuing device, thereby effectively increasing the security in data transmission. The method and device are applicable for automatically requesting for, querying, updating, revoking a digital certificate and acquiring a digital certificate revocation list in various scenarios
摘要:
A communication protocol testing method, a tested device and a testing platform. The method includes: the tested device and the reference device execute a communication protocol, a message sent and/or received during execution of the communication protocol serving as a first message, and the first message being encapsulated in a data encapsulation format of the communication protocol; the tested device encapsulates a part of data or all the data in the first message and/or known data of the tested device according to a unified data encapsulation format to generate a second message; and the testing platform acquires the second message, parses the acquired second message according to the unified data encapsulation format to obtain a part of data or all the data in the second message, executes testing items, and outputs testing results, thereby completing the test.
摘要:
Disclosed are a method and device for generating a digital signature. The method comprises: a device generating a digital signature parameter r that meets an effective determining condition; generating a digital signature parameter s according to the following formula s=((1+dA)−1·(r+k)−r)mod n, by using a private key dA, a random number k, r, and an elliptic curve parameter n, a value range of k being [1, n−1]; determining if the generated s is 0; if s is 0, regenerating r that meets the effective determining condition, and regenerating s by using dA, the regenerated k with the value range of [1, n−1] and the regenerated r and n, until s is not 0; converting data types of r and s that is not 0 into byte strings, to obtain a digital signature (r, s). According to the technical solutions provided by embodiments of this application, a digital signature parameter s is obtained by using a simplified calculation formula, and the number of times that big integers are calculated can be reduced, so that the calculation efficiency of generating a digital signature based on an SM2 digital signature generation algorithm is improved.
摘要:
Disclosed are a method for conducting data encryption and decryption using a symmetric cryptography algorithm and a table look-up device. The method comprises: when it is determined that it is required to use S-boxes to look up a table in a symmetric cryptography algorithm, determining all types of S-boxes to be used; for each type of S-box, determining the total number Ni of the type of S-box, and when Ni is larger than 1, determining that the type of S-box meets a multiplexing condition; and when data encryption and decryption are conducted using the symmetric cryptography algorithm, multiplexing at least one type of S-box which meets the multiplexing condition. The present application can reduce the occupation by the symmetric cryptography algorithm of hardware resources under the condition of comparative shortage of hardware resources.
摘要:
A method and a system for entity authentication in a resource-limited network are provided by the present invention. Said method comprises the following steps: 1) entity A sends an authentication request message to entity B; 2) after receiving the authentication request message, entity B sends an authentication response message to entity A; and 3) entity A determines the validity of entity B according to the received authentication response message. The authentication between entities in a resource-limited network can be implemented by the application of the present invention.
摘要:
The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.
摘要:
A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.
摘要:
A method for enhancing the security of the multicast or broadcast system comprises the following steps: after having established the system parameter, the base station receives the register request message transmitted by the terminal, and the register request message carries the device identity information of the terminal; the base station registers the terminal according to the register request message and transmits the authorization key to the terminal after successful registration. By the base station establishing the specific system parameter, generating and awarding the corresponding terminal's key based on the parameter, the embodiment of the present invention can construct a secure network system of multicast or broadcast effectively and solve the security problem of the multicast or broadcast from the base station to the terminal in the network system.
摘要:
A wireless personal area network accessing method is provided, the method includes that: a coordinator broadcasts a beacon frame, the beacon frame includes the information about whether the coordinator sends an authentication requirement, the beacon frame also includes the authentication supported by the coordinator and key management package when a device receipts the authentication requirement, the device receives the beacon frame, the authentication between the coordinator and the device is made by using a authentication method corresponding to the authentication supported by the coordinator and key management package, when the device determines that the coordinator and the device is directly made according to the authentication result, or the association between the coordinator and the device is made after making session key negotiation.
摘要:
A switch equipment and data processing method for supporting link layer security transmission are provided. The switch equipment for supporting link layer security transmission comprises a switch module and multiple port modules, each port module is electrically connected with the switch module respectively; the port module supports a link layer key management capability, and is used for establishing a share key for encrypting and decrypting data frames between the switch equipment and other network nodes.