Method and system for secret communication between nodes
    1.
    发明授权
    Method and system for secret communication between nodes 有权
    节点之间的秘密通信的方法和系统

    公开(公告)号:US08966257B2

    公开(公告)日:2015-02-24

    申请号:US13516967

    申请日:2010-06-02

    IPC分类号: H04L29/06 H04L9/32 H04L12/721

    摘要: The present invention discloses a method and system for secret communication between nodes in a wired Local Area Network (LAN). The method of secret communication between nodes in the wired LAN includes the following steps: 1) a sharing key is established; 2) the route probe is exchanged; 3) the data communication is classified; 4) the secret communication is processed among the nodes. According to the different communication situations among the nodes, the method of secret communication between nodes provided in the present invention can process the classification and select an appropriate secret communication strategy; compared with per-hop encryption, the calculation load of the exchange equipment is reduced, and the transmission delay of data packets is shortened; compared with the method that inter-station keys are established in pairs of nodes in order to protect the communication secret, the key number is reduced, and the key management is simplified.

    摘要翻译: 本发明公开了一种用于有线局域网(LAN)中的节点之间的秘密通信的方法和系统。 有线局域网节点之间的秘密通信方法包括以下步骤:1)建立共享密钥; 2)交换路由探测器; 3)数据通信分类; 4)节点之间处理秘密通信。 根据节点之间不同的通信情况,本发明提供的节点之间的秘密通信方法可以处理分类并选择适当的秘密通信策略; 与每跳加密相比,交换设备的计算负载减少,数据包的传输延迟缩短; 与站间密钥建立成对节点的方法相比,为了保护通信秘密,密钥号码减少,密钥管理简化。

    METHOD AND SYSTEM FOR SECRET COMMUNICATION BETWEEN NODES
    2.
    发明申请
    METHOD AND SYSTEM FOR SECRET COMMUNICATION BETWEEN NODES 有权
    NODES之间的秘密通信的方法和系统

    公开(公告)号:US20120278623A1

    公开(公告)日:2012-11-01

    申请号:US13516967

    申请日:2010-06-02

    IPC分类号: H04L9/32 H04L12/56

    摘要: The present invention discloses a method and system for secret communication between nodes in a wired Local Area Network (LAN). The method of secret communication between nodes in the wired LAN includes the following steps: 1) a sharing key is established; 2) the route probe is exchanged; 3) the data communication is classified; 4) the secret communication is processed among the nodes. According to the different communication situations among the nodes, the method of secret communication between nodes provided in the present invention can process the classification and select an appropriate secret communication strategy; compared with per-hop encryption, the calculation load of the exchange equipment is reduced, and the transmission delay of data packets is shortened; compared with the method that inter-station keys are established in pairs of nodes in order to protect the communication secret, the key number is reduced, and the key management is simplified.

    摘要翻译: 本发明公开了一种用于有线局域网(LAN)中的节点之间的秘密通信的方法和系统。 有线局域网节点之间的秘密通信方法包括以下步骤:1)建立共享密钥; 2)交换路由探测器; 3)数据通信分类; 4)节点之间处理秘密通信。 根据节点之间不同的通信情况,本发明提供的节点之间的秘密通信方法可以处理分类并选择适当的秘密通信策略; 与每跳加密相比,交换设备的计算负载减少,数据包的传输延迟缩短; 与站间密钥建立成对节点的方法相比,为了保护通信秘密,密钥号码减少,密钥管理简化。

    SECURITY ACCESS CONTROL METHOD AND SYSTEM FOR WIRED LOCAL AREA NETWORK
    3.
    发明申请
    SECURITY ACCESS CONTROL METHOD AND SYSTEM FOR WIRED LOCAL AREA NETWORK 有权
    用于有线局域网的安全访问控制方法和系统

    公开(公告)号:US20120151554A1

    公开(公告)日:2012-06-14

    申请号:US13391051

    申请日:2009-12-23

    IPC分类号: H04L29/06

    摘要: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

    摘要翻译: 本发明涉及有线局域网的安全访问控制方法和系统,该方法包括以下步骤:1)请求者(REQ)与认证接入控制器(AAC)协商安全策略; 2)请求者(REQ)和认证访问控制器(AAC)认证身份; 3)请求者(REQ)与认证接入控制器(AAC)协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络,电信网络等各种网络架构; 可扩展性好,支持多种认证方式; 支持不同安全级别的认证协议,满足各种用户的要求; 协议的子模块是独立的,灵活的,易于被接受或拒绝。

    Method and system for pre-shared-key-based network security access control
    4.
    发明授权
    Method and system for pre-shared-key-based network security access control 有权
    用于基于预共享密钥的网络安全访问控制的方法和系统

    公开(公告)号:US08646055B2

    公开(公告)日:2014-02-04

    申请号:US13391526

    申请日:2009-12-24

    IPC分类号: G06F21/00

    摘要: A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester (REQ) and Authentication Access Controller (AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.

    摘要翻译: 公开了一种基于预共享密钥的网络访问控制的方法和系统。 该方法包括以下步骤:1)在REQuester(REQ)和认证接入控制器(AAC)之间实现安全策略协商; 2)在REQ和AAC之间实现身份认证和单播密钥协商; 3)REQ和AAC之间通知组播密钥。 应用该方法和系统,可以在用户和网络之间实现快速双向认证。

    Method for implementing a convergent wireless local area network (WLAN) authentication and privacy infrastructure (WAPI) network architecture in a local MAC mode
    6.
    发明授权
    Method for implementing a convergent wireless local area network (WLAN) authentication and privacy infrastructure (WAPI) network architecture in a local MAC mode 有权
    在本地MAC模式下实现融合无线局域网(WLAN)认证和隐私基础设施(WAPI)网络架构的方法

    公开(公告)号:US09015331B2

    公开(公告)日:2015-04-21

    申请号:US13203646

    申请日:2009-12-14

    摘要: A method for implementing a convergent Wireless Local Area Network (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture in a local Medium Access Control (MAC) mode is provided and includes the following steps: the MAC function and WAPI function of Access Point (AP) are divided between Wireless Terminal Point (WTP) and Access Controller (AC) to construct a local MAC mode; the convergence of WAPI protocol and the convergent WLAN network architecture is implemented in the local MAC mode; the process of association and connection between Station (STA), WTP and AC is performed; the process of notification of the beginning of the execution of the WLAN Authentication Infrastructure (WAI) protocol between AC and WTP is performed; the process of the execution of the WAI protocol between STA and AC is performed; the process of notification of the end of the execution of the WAI protocol between AC and WTP is performed; the process of encrypted communication between WTP and STA is performed by use of WPI.

    摘要翻译: 提供了一种在本地媒体访问控制(MAC)模式下实现融合无线局域网(WLAN)认证和隐私基础设施(WLAN)网络架构的方法,包括以下步骤:接入点的MAC功能和WAPI功能 AP)分为无线终端点(WTP)和接入控制器(AC)之间,构成本地MAC模式; WAPI协议和融合WLAN网络架构的融合在本地MAC模式下实现; 执行站(STA),WTP和AC之间的关联和连接的过程; 执行在AC和WTP之间通知WLAN认证基础设施(WAI)协议的开始的过程; 执行STA和AC之间的WAI协议的执行过程; 执行在AC和WTP之间通知WAI协议的执行结束的过程; WTP和STA之间的加密通信过程通过使用WPI进行。

    Security access control method and system for wired local area network
    7.
    发明授权
    Security access control method and system for wired local area network 有权
    有线局域网的安全访问控制方法和系统

    公开(公告)号:US08689283B2

    公开(公告)日:2014-04-01

    申请号:US13391051

    申请日:2009-12-23

    IPC分类号: H04L29/06

    摘要: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

    摘要翻译: 本发明涉及有线局域网的安全访问控制方法和系统,该方法包括以下步骤:1)请求者(REQ)与认证接入控制器(AAC)协商安全策略; 2)请求者(REQ)和认证访问控制器(AAC)认证身份; 3)请求者(REQ)与认证接入控制器(AAC)协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络,电信网络等各种网络架构; 可扩展性好,支持多种认证方式; 支持不同安全级别的认证协议,满足各种用户的要求; 协议的子模块是独立的,灵活的,易于被接受或拒绝。

    Method for realizing convergent WAPI network architecture with split MAC mode
    8.
    发明授权
    Method for realizing convergent WAPI network architecture with split MAC mode 有权
    用分割MAC模式实现融合WAPI网络架构的方法

    公开(公告)号:US08855018B2

    公开(公告)日:2014-10-07

    申请号:US13203643

    申请日:2009-12-14

    CPC分类号: H04W12/06 H04W12/04 H04W84/12

    摘要: A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by a wireless terminal point is constructed through separating the MAC function and the WAPI function of the wireless access point apart to the wireless terminal point and an access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the wireless terminal point realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station by using WPI.

    摘要翻译: 用于实现具有分离式媒体接入控制(MAC)模式的融合无线局域网(WLAN)认证和隐私基础设施(WAPI)网络架构的方法包括以下步骤:用于通过以下方式实现WLAN隐私基础设施(WPI)的分割MAC模式 无线终端通过将无线接入点的MAC功能和WAPI功能分离到无线终端点和接入控制器来构建; 在无线终端实现WPI的分割MAC模式下实现WAPI和融合WLAN网络系统架构的集成; 在站点,无线终端点和访问控制器之间执行关联连接处理; 执行在接入控制器和无线终端点之间通知执行WLAN认证基础设施(WAI)协议的开始的过程; 执行在站点和访问控制器之间执行WAI协议的过程; 执行用于在接入控制器和无线终端点之间通知执行WAI协议的结束的过程; 通过使用WPI在无线终端点和站之间执行秘密通信处理。

    Method and system for establishing security connection between switch equipments
    9.
    发明授权
    Method and system for establishing security connection between switch equipments 有权
    建立交换机设备之间安全连接的方法和系统

    公开(公告)号:US08713303B2

    公开(公告)日:2014-04-29

    申请号:US13515394

    申请日:2010-05-26

    摘要: A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved.

    摘要翻译: 在本发明中公开了一种用于在交换机设备之间建立安全连接的方法和系统。 该系统包括第一开关设备和第二开关设备; 第一交换机设备向第二交换机设备发送交换机密钥协商激活分组和交换机密钥协商响应分组; 第二交换机设备向第一交换机设备发送交换机密钥协商请求报文。 本发明的实施例通过在两个交换机设备之间建立共享切换密钥来提供交换机设备之间数据安全传输的安全策略,从而保证了数据链路层交换机设备之间数据传输过程的机密性。 可以减少交换机的计算负担和从发送端到接收端的数据包的延迟,提高网络传输的效率。

    METHOD AND SYSTEM FOR ESTABLISHING SECURITY CONNECTION BETWEEN SWITCH EQUIPMENTS
    10.
    发明申请
    METHOD AND SYSTEM FOR ESTABLISHING SECURITY CONNECTION BETWEEN SWITCH EQUIPMENTS 有权
    用于建立开关设备之间的安全连接的方法和系统

    公开(公告)号:US20120254617A1

    公开(公告)日:2012-10-04

    申请号:US13515394

    申请日:2010-05-26

    IPC分类号: H04L9/32

    摘要: A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved.

    摘要翻译: 在本发明中公开了一种用于在交换机设备之间建立安全连接的方法和系统。 该系统包括第一开关设备和第二开关设备; 第一交换机设备向第二交换机设备发送交换机密钥协商激活分组和交换机密钥协商响应分组; 第二交换机设备向第一交换机设备发送交换机密钥协商请求报文。 本发明的实施例通过在两个交换机设备之间建立共享切换密钥来提供交换机设备之间数据安全传输的安全策略,从而保证了数据链路层交换机设备之间数据传输过程的机密性。 可以减少交换机的计算负担和从发送端到接收端的数据包的延迟,提高网络传输的效率。