公开(公告)号：US20120151554A1

公开(公告)日：2012-06-14

申请号：US13391051

申请日：2009-12-23

申请人： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

发明人： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/205

摘要： The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

摘要翻译： 本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

公开(公告)号：US08689283B2

公开(公告)日：2014-04-01

申请号：US13391051

申请日：2009-12-23

申请人： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

发明人： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/205

摘要： The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

摘要翻译： 本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

公开(公告)号：US08646055B2

公开(公告)日：2014-02-04

申请号：US13391526

申请日：2009-12-24

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

IPC分类号： G06F21/00

CPC分类号： H04L63/061 ,  H04L63/0869 ,  H04L63/20

摘要： A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester (REQ) and Authentication Access Controller (AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.

摘要翻译： 公开了一种基于预共享密钥的网络访问控制的方法和系统。 该方法包括以下步骤：1）在REQuester（REQ）和认证接入控制器（AAC）之间实现安全策略协商; 2）在REQ和AAC之间实现身份认证和单播密钥协商; 3）REQ和AAC之间通知组播密钥。 应用该方法和系统，可以在用户和网络之间实现快速双向认证。

公开(公告)号：US08713303B2

公开(公告)日：2014-04-29

申请号：US13515394

申请日：2010-05-26

申请人： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

发明人： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L29/06 ,  H04K1/00 ,  H04L9/08 ,  H04W12/04 ,  H04L9/32

CPC分类号： H04L9/0838 ,  H04L12/6418 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/162

摘要： A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved.

摘要翻译： 在本发明中公开了一种用于在交换机设备之间建立安全连接的方法和系统。 该系统包括第一开关设备和第二开关设备; 第一交换机设备向第二交换机设备发送交换机密钥协商激活分组和交换机密钥协商响应分组; 第二交换机设备向第一交换机设备发送交换机密钥协商请求报文。 本发明的实施例通过在两个交换机设备之间建立共享切换密钥来提供交换机设备之间数据安全传输的安全策略，从而保证了数据链路层交换机设备之间数据传输过程的机密性。 可以减少交换机的计算负担和从发送端到接收端的数据包的延迟，提高网络传输的效率。

公开(公告)号：US20120254617A1

公开(公告)日：2012-10-04

申请号：US13515394

申请日：2010-05-26

申请人： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

发明人： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L9/0838 ,  H04L12/6418 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/162

摘要： A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved.

摘要翻译： 在本发明中公开了一种用于在交换机设备之间建立安全连接的方法和系统。 该系统包括第一开关设备和第二开关设备; 第一交换机设备向第二交换机设备发送交换机密钥协商激活分组和交换机密钥协商响应分组; 第二交换机设备向第一交换机设备发送交换机密钥协商请求报文。 本发明的实施例通过在两个交换机设备之间建立共享切换密钥来提供交换机设备之间数据安全传输的安全策略，从而保证了数据链路层交换机设备之间数据传输过程的机密性。 可以减少交换机的计算负担和从发送端到接收端的数据包的延迟，提高网络传输的效率。

公开(公告)号：US20120159587A1

公开(公告)日：2012-06-21

申请号：US13391526

申请日：2009-12-24

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

IPC分类号： G06F21/20

CPC分类号： H04L63/061 ,  H04L63/0869 ,  H04L63/20

摘要： A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester(REQ) and Authentication Access Controller(AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.

摘要翻译： 公开了一种基于预共享密钥的网络访问控制的方法和系统。 该方法包括以下步骤：1）在REQuester（REQ）和认证接入控制器（AAC）之间实现安全策略协商; 2）在REQ和AAC之间实现身份认证和单播密钥协商; 3）REQ和AAC之间通知组播密钥。 应用该方法和系统，可以在用户和网络之间实现快速双向认证。

公开(公告)号：US09015331B2

公开(公告)日：2015-04-21

申请号：US13203646

申请日：2009-12-14

申请人： Xiaolong Lai ,  Jun Cao ,  Zhiqiang Du ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

发明人： Xiaolong Lai ,  Jun Cao ,  Zhiqiang Du ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

IPC分类号： G06F15/16 ,  H04W12/06 ,  H04L29/06 ,  H04W84/12 ,  H04W12/04

CPC分类号： H04W12/06 ,  H04L63/062 ,  H04L63/065 ,  H04L63/08 ,  H04L63/10 ,  H04W12/04 ,  H04W84/12 ,  H04W88/08 ,  H04W88/12 ,  H04W92/12

摘要： A method for implementing a convergent Wireless Local Area Network (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture in a local Medium Access Control (MAC) mode is provided and includes the following steps: the MAC function and WAPI function of Access Point (AP) are divided between Wireless Terminal Point (WTP) and Access Controller (AC) to construct a local MAC mode; the convergence of WAPI protocol and the convergent WLAN network architecture is implemented in the local MAC mode; the process of association and connection between Station (STA), WTP and AC is performed; the process of notification of the beginning of the execution of the WLAN Authentication Infrastructure (WAI) protocol between AC and WTP is performed; the process of the execution of the WAI protocol between STA and AC is performed; the process of notification of the end of the execution of the WAI protocol between AC and WTP is performed; the process of encrypted communication between WTP and STA is performed by use of WPI.

摘要翻译： 提供了一种在本地媒体访问控制（MAC）模式下实现融合无线局域网（WLAN）认证和隐私基础设施（WLAN）网络架构的方法，包括以下步骤：接入点的MAC功能和WAPI功能 AP）分为无线终端点（WTP）和接入控制器（AC）之间，构成本地MAC模式; WAPI协议和融合WLAN网络架构的融合在本地MAC模式下实现; 执行站（STA），WTP和AC之间的关联和连接的过程; 执行在AC和WTP之间通知WLAN认证基础设施（WAI）协议的开始的过程; 执行STA和AC之间的WAI协议的执行过程; 执行在AC和WTP之间通知WAI协议的执行结束的过程; WTP和STA之间的加密通信过程通过使用WPI进行。

公开(公告)号：US08966257B2

公开(公告)日：2015-02-24

申请号：US13516967

申请日：2010-06-02

申请人： Manxia Tie ,  Jun Cao ,  Oin Li ,  Li Ge ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Oin Li ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L29/06 ,  H04L9/32 ,  H04L12/721

CPC分类号： H04L63/0464 ,  H04L9/0827 ,  H04L45/26 ,  H04L63/0435 ,  H04L63/0471 ,  H04L63/062 ,  H04L63/162

摘要： The present invention discloses a method and system for secret communication between nodes in a wired Local Area Network (LAN). The method of secret communication between nodes in the wired LAN includes the following steps: 1) a sharing key is established; 2) the route probe is exchanged; 3) the data communication is classified; 4) the secret communication is processed among the nodes. According to the different communication situations among the nodes, the method of secret communication between nodes provided in the present invention can process the classification and select an appropriate secret communication strategy; compared with per-hop encryption, the calculation load of the exchange equipment is reduced, and the transmission delay of data packets is shortened; compared with the method that inter-station keys are established in pairs of nodes in order to protect the communication secret, the key number is reduced, and the key management is simplified.

摘要翻译： 本发明公开了一种用于有线局域网（LAN）中的节点之间的秘密通信的方法和系统。 有线局域网节点之间的秘密通信方法包括以下步骤：1）建立共享密钥; 2）交换路由探测器; 3）数据通信分类; 4）节点之间处理秘密通信。 根据节点之间不同的通信情况，本发明提供的节点之间的秘密通信方法可以处理分类并选择适当的秘密通信策略; 与每跳加密相比，交换设备的计算负载减少，数据包的传输延迟缩短; 与站间密钥建立成对节点的方法相比，为了保护通信秘密，密钥号码减少，密钥管理简化。

公开(公告)号：US20120278623A1

公开(公告)日：2012-11-01

申请号：US13516967

申请日：2010-06-02

申请人： Manxia Tie ,  Jun Cao ,  Oin Li ,  Li Ge ,  Zhenhai Huang

发明人： Manxia Tie ,  Jun Cao ,  Oin Li ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L9/32 ,  H04L12/56

CPC分类号： H04L63/0464 ,  H04L9/0827 ,  H04L45/26 ,  H04L63/0435 ,  H04L63/0471 ,  H04L63/062 ,  H04L63/162

摘要： The present invention discloses a method and system for secret communication between nodes in a wired Local Area Network (LAN). The method of secret communication between nodes in the wired LAN includes the following steps: 1) a sharing key is established; 2) the route probe is exchanged; 3) the data communication is classified; 4) the secret communication is processed among the nodes. According to the different communication situations among the nodes, the method of secret communication between nodes provided in the present invention can process the classification and select an appropriate secret communication strategy; compared with per-hop encryption, the calculation load of the exchange equipment is reduced, and the transmission delay of data packets is shortened; compared with the method that inter-station keys are established in pairs of nodes in order to protect the communication secret, the key number is reduced, and the key management is simplified.

摘要翻译： 本发明公开了一种用于有线局域网（LAN）中的节点之间的秘密通信的方法和系统。 有线局域网节点之间的秘密通信方法包括以下步骤：1）建立共享密钥; 2）交换路由探测器; 3）数据通信分类; 4）节点之间处理秘密通信。 根据节点之间不同的通信情况，本发明提供的节点之间的秘密通信方法可以处理分类并选择适当的秘密通信策略; 与每跳加密相比，交换设备的计算负载减少，数据包的传输延迟缩短; 与站间密钥建立成对节点的方法相比，为了保护通信秘密，密钥号码减少，密钥管理简化。

公开(公告)号：US08571223B2

公开(公告)日：2013-10-29

申请号：US13382651

申请日：2009-12-29

申请人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

发明人： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L9/08

CPC分类号： H04W12/04 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/0833 ,  H04L9/3228 ,  H04L9/3242 ,  H04L63/062 ,  H04L63/065 ,  H04L63/126 ,  H04L2209/38 ,  H04L2209/601 ,  H04L2209/805 ,  H04W12/06 ,  H04W84/18

摘要： A method for combining authentication and secret keys management mechanism in a sensor network includes the following steps: 1) pre-distribution of the secret key, which includes 1.1) the pre-distribution of the communication secret key and 1.2) the pre-distribution of the initial broadcast message authentication secret key; 2) authentication, which includes 2.1) the authentication of the node identity and 2.2) the authentication of the broadcast message; and 3) negotiation of the session secret key by the nodes.

摘要翻译： 一种将认证和秘密密钥管理机制组合在传感器网络中的方法，包括以下步骤：1）秘密密钥的预分配，其中包括1.1）通信秘密密钥的预分配，以及1.2）预分发 初始广播消息认证密钥; 2）认证，其中包括2.1）节点身份认证和2.2）广播消息的认证; 3）节点会话密钥协商。