-
1.发明授权Trusted network connection implementing method based on tri-element peer authentication 有权基于三元素对等认证的可信网络连接实现方法公开(公告)号:US08931049B2
公开(公告)日:2015-01-06
申请号:US13133333
申请日:2009-12-01
申请人: Yuelei Xiao , Jun Cao , Li Ge , Zhenhai Huang
发明人: Yuelei Xiao , Jun Cao , Li Ge , Zhenhai Huang
CPC分类号: H04L63/0869 , G06F21/31 , G06F21/6209 , G06F2221/2141 , H04L63/0876 , H04L63/10
摘要: A trusted network connection implementing method based on Tri-element Peer Authentication is provided in present invention, the method includes: step 1, configuring and initializing; step 2, requesting for network connection, wherein an access requester sends a network connection request to and access controller, and the access controller receives the network connection request; step 3, authenticating user ID; and step 4, authenticating a platform. The invention enhances the safety of the trusted network connection implementing method, widens the application range of the trusted network connection implementing method based on the Tri-element Peer Authentication, satisfies requirements of different network apparatuses and improves the efficiency of the trusted network connection implementing method based on the Tri-element Peer Authentication.
摘要翻译: 本发明提供了一种基于三元素对等认证的可信网络连接实现方法,该方法包括:步骤1,配置和初始化; 步骤2,请求网络连接,其中访问请求者向网络连接请求发送和访问控制器,并且访问控制器接收网络连接请求; 步骤3,验证用户ID; 步骤4,验证平台。 本发明增强了可信网络连接实现方法的安全性,拓宽了基于三元对等认证的可信网络连接实现方法的应用范围,满足不同网络设备的要求,提高了可信网络连接实现方法的效率 基于三元素对等体认证。
-
2.发明授权Trusted network management method of trusted network connections based on tri-element peer authentication 有权基于三元对等认证的可信网络连接的可信网络管理方法公开(公告)号:US08756654B2
公开(公告)日:2014-06-17
申请号:US13059798
申请日:2009-08-20
申请人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang
发明人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang
CPC分类号: H04L41/28 , H04L9/3234 , H04L9/3263 , H04L63/0823 , H04L63/0876 , H04L63/105 , H04L63/20 , H04L2209/127 , H04L2209/76
摘要: A trusted network management method of trusted network connections based on tri-element peer authentication. A trusted management proxy and a trusted management system are respectively installed and configured on a host to be managed and a management host, and are verified as local trusted. When the host to be managed and the management host are not connected to the trusted network, they use the trusted network connection method based on the tri-element peer authentication to connect to the trusted network respectively, and subsequently perform the authentications and the cipher key negotiations of the trusted management proxy and the trusted management system; when the host to be managed and the management host have not completed the user authentication and the cipher key negotiation process, they use the tri-element peer authentication protocol to complete the user authentication and the cipher key negotiation process, then use the tri-element peer authentication protocol to implement the remote trust of the trusted management proxy and the trusted management system, and finally perform network management. The present invention can actively defend attacks, reinforce the safety of the trusted network management architecture, and realize the trusted network management of distributed control and centralized management.
摘要翻译: 基于三元对等认证的可信网络连接的可信网络管理方法。 分别在要管理的主机和管理主机上安装和配置可信管理代理和可信管理系统,并将其验证为本地可信。 当要管理的主机和管理主机没有连接到可信网络时,他们使用基于三元对等认证的可信网络连接方法分别连接到可信网络,然后执行认证和密码密钥 可信管理代理和可信管理系统的协商; 当要管理的主机和管理主机尚未完成用户认证和密钥协商过程时,他们使用三元素对等体认证协议完成用户认证和密钥协商过程,然后使用三元素 对等体认证协议,实现可信管理代理和可信管理系统的远程信任,最终执行网络管理。 本发明可以积极防御攻击,加强可信网管理架构的安全性,实现分布式控制和集中管理的可信网络管理。
-
3.发明授权Authentication access method and authentication access system for wireless multi-hop network 有权无线多跳网络的认证接入方式和认证接入系统公开(公告)号:US08656153B2
公开(公告)日:2014-02-18
申请号:US12810374
申请日:2008-12-26
申请人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang
发明人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang
IPC分类号: H04L29/06
CPC分类号: H04W12/06 , H04L9/0844 , H04L9/3226 , H04L9/3263 , H04L63/061 , H04L63/0807 , H04L2209/80 , H04W12/04 , H04W88/02
摘要: Authentication access method and authentication access system for wireless multi-hop network. Terminal equipment and coordinator have the capability of port control, the coordinator broadcasts a beacon frame, and the terminal equipment selects an authentication and key management suite and transmits a connecting request command to the coordinator. The coordinator performs authentication with the terminal equipment according to the authentication and key management suite which is selected by the terminal equipment, after authenticated, transmits a connecting response command to the terminal equipment. The terminal equipment and the coordinator control the port according to the authentication result, therefore the authenticated access for the wireless multi-hop network is realized. The invention solves the security problem of the wireless multi-hop network authentication method.
摘要翻译: 无线多跳网络的认证接入方式和认证接入系统。 终端设备和协调器具有端口控制能力,协调器广播信标帧,终端设备选择认证和密钥管理套件,并向协调器发送连接请求命令。 协调器根据由终端设备选择的认证和密钥管理套件与终端设备进行认证,经过认证,向终端设备发送连接响应命令。 终端设备和协调器根据认证结果对端口进行控制,实现了无线多跳网络的认证接入。 本发明解决了无线多跳网络认证方法的安全问题。
-
公开(公告)号:US08230220B2
公开(公告)日:2012-07-24
申请号:US12631491
申请日:2009-12-04
申请人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang
发明人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang
IPC分类号: H04L29/06
CPC分类号: H04L63/20
摘要: A method for realizing trusted network management is provided. A trusted management agent resides on a managed host, and a trusted management system resides on a management host. The trusted management agent and the trusted management system are software modules, which are both based on a trusted computing platform and signed after being authenticated by a trusted third party of the trusted management agent and the trusted management system. Trusted platform modules of the managed host and the management host can perform integrity measurement, storage, and report for the trusted management agent and the trusted management system. Therefore, the managed host and the management host can ensure that the trusted management agent and the trusted management system are trustworthy. Then, the trusted management agent and the trusted management system execute a network management function, thus realizing the trusted network management. Therefore, the technical problem in the prior art that the network management security cannot be ensured due to the mutual attack between an agent, a host where the agent resides, and a manager system is solved, and trusted network management is realized.
摘要翻译: 提供了一种实现可信网络管理的方法。 可信管理代理驻留在受管主机上,可管理系统驻留在管理主机上。 信任管理代理和信任管理系统是软件模块,它们都是基于可信计算平台,经信任管理代理和可信管理系统的信任第三方认证后进行签名。 托管主机和管理主机的可信平台模块可以对可信管理代理和可信管理系统执行完整性测量,存储和报告。 因此,托管主机和管理主机可以确保可信管理代理和可信管理系统是值得信赖的。 然后,信任管理代理和信任管理系统执行网络管理功能,从而实现可信网络管理。 因此,现有技术的技术问题是解决了代理,代理所在的主机与管理者系统之间的相互攻击而不能确保网络管理安全性,并实现了可信网络管理。
-
5.发明申请公开(公告)号:US20120036553A1
公开(公告)日:2012-02-09
申请号:US13264683
申请日:2009-12-09
申请人: Yuelei Xiao , Jun Cao , Li Ge , Zhenhai Huang
发明人: Yuelei Xiao , Jun Cao , Li Ge , Zhenhai Huang
CPC分类号: H04L67/104 , G06F21/57 , H04L63/08 , H04L63/0876 , H04L63/105 , H04L63/20
摘要: The present invention provides a method for establishing the trusted network connect framework of tri-element peer authentication. The method includes: the implement of trusted network transport interface (IF-TNT); the implement of authentication policy service interface (IF-APS); the implement of trusted network connect (TNC) client-TNC access point interface (IF-TNCCAP); the implement of evaluation policy service interface (IF-EPS); the implement of integrity measurement collector interface (IF-IMC); the implement of integrity measurement verifier interface (IF-IMV); and the implement of integrity measurement (IF-IM). The embodiments of the present invention can establish the trust of the terminals, implement the trusted network connect of the terminals, implement the trusted authentication among the terminals, implement the trusted management of the terminals, and establish the TNC framework based on tri-element peer authentication (TePA) by defining the interfaces.
摘要翻译: 本发明提供了一种建立三元对等认证的可信网络连接框架的方法。 该方法包括:实现可信网络传输接口(IF-TNT); 认证策略服务接口(IF-APS)的实现; 可信网络连接(TNC)客户端 - TNC接入点接口(IF-TNCCAP)的实现; 评估政策服务界面(IF-EPS)的实施; 完整性测量收集器接口(IF-IMC)的实现; 完整性测量验证器接口(IF-IMV)的实现; 和完整性测量(IF-IM)的实施。 本发明的实施例可以建立终端的信任,实现终端的可信网络连接,在终端之间实现可信认证,实现终端的可信管理,并建立基于三元对等体的TNC框架 认证(TePA)通过定义接口。
-
公开(公告)号:US20110243330A1
公开(公告)日:2011-10-06
申请号:US13133890
申请日:2009-12-08
申请人: Yanan Hu , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Xiaolong Lai
发明人: Yanan Hu , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Xiaolong Lai
摘要: An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.
摘要翻译: 用于超宽带网络的认证相关套件发现和协商方法。 该方法包括以下步骤:1)在发起者和应答者的信息元素IE列表中添加成对的时间密钥PTK建立IE和组时间密钥GTK分布IE,并设置相应的信息元素标识符ID,2 )基于认证相关套件发现和协商方法的认证关联过程。 本发明提供的用于超宽带网络的认证相关套件发现和协商方法可以向网络提供安全解决方案的发现和协商功能,以便在多对成对临时密钥PTK建立计划时更好地满足各种应用需求 或多组时态密钥GTK分发计划并存。
-
公开(公告)号:US20100299519A1
公开(公告)日:2010-11-25
申请号:US12864317
申请日:2009-01-21
申请人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang
发明人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang
IPC分类号: H04L9/00
CPC分类号: H04W12/04 , H04L9/083 , H04L9/0866 , H04L9/0891 , H04L63/061 , H04L2209/80 , H04L2463/061 , H04W84/18
摘要: A method for managing wireless multi-hop network key is applicable to a security application protocol when a WAPI frame method (TePA, an access control method based on the ternary peer-to-peer identification) is applied in a concrete network containing a Wireless Local Area Network, a Wireless Metropolitan Area Network AN and a Wireless Personal Area Network. The key management method of the present invention includes the steps of key generation, key distribution, key storage, key modification and key revocation. The present invention solves the technical problems that the prior pre-share-key based key management method is not suitable for larger networks and the PKI-based key management method is not suitable for wireless multi-hop networks; the public-key system and the ternary structure are adopted, thereby the security and the performance of the wireless multi-hop networks are improved.
摘要翻译: 一种用于管理无线多跳网络密钥的方法适用于安全应用协议,当WAPI帧方法(TePA,基于三进制对等体标识的访问控制方法)被应用于包含无线本地 区域网络,无线城域网AN和无线个域网。 本发明的密钥管理方法包括密钥生成,密钥分配,密钥存储,密钥修改,密钥撤销等步骤。 本发明解决了以前的基于共享密钥的密钥管理方法不适用于较大网络的技术问题,而基于PKI的密钥管理方法不适用于无线多跳网络; 采用公钥系统和三元结构,提高无线多跳网络的安全性和性能。
-
8.发明授权Platform authentication strategy management method and device for trusted connection architecture 有权平台认证策略管理方法和可信连接体系结构的设备公开(公告)号:US09246942B2
公开(公告)日:2016-01-26
申请号:US13813291
申请日:2011-05-26
申请人: Yonggang Xue , Runtian Kan , Yuelei Xiao , Jun Cao , Zhenhai Huang , Ke Wang , Guoqiang Zhang , Kelong Yuan , Lin Zhu , Xiaoyong Liu
发明人: Yonggang Xue , Runtian Kan , Yuelei Xiao , Jun Cao , Zhenhai Huang , Ke Wang , Guoqiang Zhang , Kelong Yuan , Lin Zhu , Xiaoyong Liu
CPC分类号: H04L63/20 , G06F21/57 , H04L63/0876 , H04L63/10 , H04L63/1433
摘要: Provided are a platform authentication strategy management method for trusted connection architecture (TCA), and the trusted network connection (TNC) client, TNC access point and evaluation strategy service provider for implementing the method in the TCA. In the embodiments of the present invention, the platform authentication strategy for the access requester can be configured in the TNC access point or the evaluation strategy service provider, and the platform authentication strategy for the access requester configured in the evaluation strategy service provider can be delivered to the TNC access point. Moreover, a component-type-level convergence platform evaluation strategy can be executed in the TNC access point or the evaluation strategy service provider, to ensure that the realization of the TCA platform authentication has good application extensibility.
摘要翻译: 提供了一种用于可信连接架构(TCA)和可信网络连接(TNC)客户端,TNC接入点和评估策略服务提供商的平台认证策略管理方法,用于在TCA中实现该方法。 在本发明的实施例中,可以在TNC接入点或评估策略服务提供者中配置用于接入请求者的平台认证策略,并且可以在评估策略服务提供商中配置的接入请求者的平台认证策略 到TNC接入点。 此外,TNC接入点或评估策略服务提供商可以执行组件级融合平台评估策略,确保TCA平台认证的实现具有良好的应用可扩展性。
-
9.发明授权Method for establishing trusted network connect framework of tri-element peer authentication 有权建立三元对等认证可信网络连接框架的方法公开(公告)号:US08789134B2
公开(公告)日:2014-07-22
申请号:US13264683
申请日:2009-12-09
申请人: Yuelei Xiao , Jun Cao , Li Ge , Zhenhai Huang
发明人: Yuelei Xiao , Jun Cao , Li Ge , Zhenhai Huang
IPC分类号: H04L29/06
CPC分类号: H04L67/104 , G06F21/57 , H04L63/08 , H04L63/0876 , H04L63/105 , H04L63/20
摘要: The present invention provides a method for establishing the trusted network connect framework of tri-element peer authentication. The method includes: the implement of trusted network transport interface (IF-TNT); the implement of authentication policy service interface (IF-APS); the implement of trusted network connect (TNC) client-TNC access point interface (IF-TNCCAP); the implement of evaluation policy service interface (IF-EPS); the implement of integrity measurement collector interface (IF-IMC); the implement of integrity measurement verifier interface (IF-IMV); and the implement of integrity measurement (IF-IM). The embodiments of the present invention can establish the trust of the terminals, implement the trusted network connect of the terminals, implement the trusted authentication among the terminals, implement the trusted management of the terminals, and establish the TNC framework based on tri-element peer authentication (TePA) by defining the interfaces.
摘要翻译: 本发明提供了一种建立三元对等认证的可信网络连接框架的方法。 该方法包括:实现可信网络传输接口(IF-TNT); 认证策略服务接口(IF-APS)的实现; 可信网络连接(TNC)客户端 - TNC接入点接口(IF-TNCCAP)的实现; 评估政策服务界面(IF-EPS)的实施; 完整性测量采集器接口(IF-IMC)的实现; 完整性测量验证器接口(IF-IMV)的实现; 和完整性测量(IF-IM)的实施。 本发明的实施例可以建立终端的信任,实现终端的可信网络连接,在终端之间实现可信认证,实现终端的可信管理,并建立基于三元对等体的TNC框架 认证(TePA)通过定义接口。
-
10.发明授权公开(公告)号:US08732464B2
公开(公告)日:2014-05-20
申请号:US13392899
申请日:2009-12-29
申请人: Xiaolong Lai , Jun Cao , Manxia Tie , Yuelei Xiao , Zhenhai Huang
发明人: Xiaolong Lai , Jun Cao , Manxia Tie , Yuelei Xiao , Zhenhai Huang
IPC分类号: H04L9/32
CPC分类号: H04L9/3213 , H04L9/3263
摘要: An entity bidirectional authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 1 to an entity A; 2) the entity A sends a message 2 to a trusted third party TP; 3) the trusted third party TP verifies the validities of the entity A and the entity B; 4) after verifying the validities of the entity A and the entity B, the trusted third party TP returns a message 3 to the entity A; 5) the entity A sends a message 4 to the entity B; 6) after receiving the message 4, the entity B performs the verification to complete the authentication for the entity A; 7) the entity B sends a message 5 to the entity A; 8) after receiving the message 5, the entity A performs the verification to complete the authentication for the entity B.
摘要翻译: 通过引入在线第三方的实体双向认证方法包括以下步骤:1)实体B向实体A发送消息1; 2)实体A向可信第三方TP发送消息2; 3)可信第三方TP验证实体A和实体B的有效性; 4)验证实体A和实体B的有效性后,可信第三方TP向实体A返回消息3; 5)实体A向实体B发送消息4; 6)接收到消息4后,实体B进行验证,完成实体A的认证; 7)实体B向实体A发送消息5; 8)接收到消息5后,实体A进行验证,完成实体B的认证。
-
-
-
-
-
-
-
-
-
搜索结果
48 条记录 (耗时 0.019 秒)
