-
公开(公告)号:US20110243330A1
公开(公告)日:2011-10-06
申请号:US13133890
申请日:2009-12-08
申请人: Yanan Hu , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Xiaolong Lai
发明人: Yanan Hu , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Xiaolong Lai
摘要: An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.
摘要翻译: 用于超宽带网络的认证相关套件发现和协商方法。 该方法包括以下步骤:1)在发起者和应答者的信息元素IE列表中添加成对的时间密钥PTK建立IE和组时间密钥GTK分布IE,并设置相应的信息元素标识符ID,2 )基于认证相关套件发现和协商方法的认证关联过程。 本发明提供的用于超宽带网络的认证相关套件发现和协商方法可以向网络提供安全解决方案的发现和协商功能,以便在多对成对临时密钥PTK建立计划时更好地满足各种应用需求 或多组时态密钥GTK分发计划并存。
-
公开(公告)号:US20110252239A1
公开(公告)日:2011-10-13
申请号:US13140632
申请日:2009-12-07
申请人: Xiaolong Lai , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Bianlin Zhang , Yanan Hu
发明人: Xiaolong Lai , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Bianlin Zhang , Yanan Hu
IPC分类号: H04L9/32
CPC分类号: H04W12/10 , H04L9/0838 , H04L9/3242 , H04L9/3273 , H04L63/123 , H04L2209/80
摘要: The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.
摘要翻译: 本发明提供一种保护安全协议的第一消息的方法,该方法包括以下步骤:1)初始化步骤; 2)发起方发送第一个消息; 3)响应端接收第一条消息。 用于保护本发明提供的安全协议的第一消息的方法可以实现:1)由发起端和响应侧共享的预共享主密钥(PSMK)和第一消息中的安全参数 通过使用消息完整性代码(MIC)或消息认证码(MAC)的计算功能来限制,从而有效地避免了安全协议中的第一消息的制造攻击; 2)在计算第一个消息的MIC或MAC期间,仅选择PSMK和第一个消息的安全参数进行计算,从而有效减少发起方和响应方的计算负载,计算资源为 保存
-
3.发明授权公开(公告)号:US08732464B2
公开(公告)日:2014-05-20
申请号:US13392899
申请日:2009-12-29
申请人: Xiaolong Lai , Jun Cao , Manxia Tie , Yuelei Xiao , Zhenhai Huang
发明人: Xiaolong Lai , Jun Cao , Manxia Tie , Yuelei Xiao , Zhenhai Huang
IPC分类号: H04L9/32
CPC分类号: H04L9/3213 , H04L9/3263
摘要: An entity bidirectional authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 1 to an entity A; 2) the entity A sends a message 2 to a trusted third party TP; 3) the trusted third party TP verifies the validities of the entity A and the entity B; 4) after verifying the validities of the entity A and the entity B, the trusted third party TP returns a message 3 to the entity A; 5) the entity A sends a message 4 to the entity B; 6) after receiving the message 4, the entity B performs the verification to complete the authentication for the entity A; 7) the entity B sends a message 5 to the entity A; 8) after receiving the message 5, the entity A performs the verification to complete the authentication for the entity B.
摘要翻译: 通过引入在线第三方的实体双向认证方法包括以下步骤:1)实体B向实体A发送消息1; 2)实体A向可信第三方TP发送消息2; 3)可信第三方TP验证实体A和实体B的有效性; 4)验证实体A和实体B的有效性后,可信第三方TP向实体A返回消息3; 5)实体A向实体B发送消息4; 6)接收到消息4后,实体B进行验证,完成实体A的认证; 7)实体B向实体A发送消息5; 8)接收到消息5后,实体A进行验证,完成实体B的认证。
-
公开(公告)号:US08625801B2
公开(公告)日:2014-01-07
申请号:US13133890
申请日:2009-12-08
申请人: Yanan Hu , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Xiaolong Lai
发明人: Yanan Hu , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Xiaolong Lai
摘要: An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.
摘要翻译: 用于超宽带网络的认证相关套件发现和协商方法。 该方法包括以下步骤:1)在发起者和应答者的信息元素IE列表中添加成对的时间密钥PTK建立IE和组时间密钥GTK分布IE,并设置相应的信息元素标识符ID,2 )基于认证相关套件发现和协商方法的认证关联过程。 本发明提供的用于超宽带网络的认证相关套件发现和协商方法可以向网络提供安全解决方案的发现和协商功能,以便在多对成对临时密钥PTK建立计划时更好地满足各种应用需求 或多组时态密钥GTK分发计划并存。
-
5.发明申请公开(公告)号:US20120159169A1
公开(公告)日:2012-06-21
申请号:US13392899
申请日:2009-12-29
申请人: Xiaolong Lai , Jun Cao , Manxia Tie , Yuelei Xiao , Zhenhai Huang
发明人: Xiaolong Lai , Jun Cao , Manxia Tie , Yuelei Xiao , Zhenhai Huang
CPC分类号: H04L9/3213 , H04L9/3263
摘要: An entity bidirectional authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 1 to an entity A; 2) after receiving the message 1, the entity A sends a message 2 to a trusted third party TP; 3) after receiving the message 2, the trusted third party TP verifies the validities of the entity A and the entity B; 4) after verifying the validities of the entity A and the entity B, the trusted third party TP returns a message 3 to the entity A; 5) after receiving message 3, the entity A sends a message 4 to the entity B; 6) after receiving the message 4, the entity B performs the verification to complete the authentication for the entity A; 7) the entity B sends a message 5 to the entity A; 8) after receiving the message 5, the entity A performs the verification to complete the authentication for the entity B. The scheme mentioned above provides an online searching and authentication mechanism for the disclosed keys, and thus simplifies the running condition of the protocol. In the practical application, the bidirectional authentication method of the present invention enables the bidirectional validity authentication between the user and the network.
摘要翻译: 通过引入在线第三方的实体双向认证方法包括以下步骤:1)实体B向实体A发送消息1; 2)收到消息1后,实体A向可信第三方TP发送消息2; 3)收到消息2后,信任第三方TP验证实体A和实体B的有效性; 4)验证实体A和实体B的有效性后,可信第三方TP向实体A返回消息3; 5)接收到消息3后,实体A向实体B发送消息4; 6)接收到消息4后,实体B进行验证,完成实体A的认证; 7)实体B向实体A发送消息5; 8)接收到消息5后,实体A进行验证,完成实体B的认证。上述方案提供了所公开密钥的在线搜索和认证机制,从而简化了协议的运行状态。 在实际应用中,本发明的双向认证方法能够实现用户和网络之间的双向有效认证。
-
公开(公告)号:US08572378B2
公开(公告)日:2013-10-29
申请号:US13140632
申请日:2009-12-07
申请人: Xiaolong Lai , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Bianling Zhang , Yanan Hu
发明人: Xiaolong Lai , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Bianling Zhang , Yanan Hu
IPC分类号: H04L29/06
CPC分类号: H04W12/10 , H04L9/0838 , H04L9/3242 , H04L9/3273 , H04L63/123 , H04L2209/80
摘要: The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.
摘要翻译: 本发明提供一种保护安全协议的第一消息的方法,该方法包括以下步骤:1)初始化步骤; 2)发起方发送第一个消息; 3)响应端接收第一条消息。 用于保护本发明提供的安全协议的第一消息的方法可以实现:1)由起始侧和响应侧共享的预共享主密钥(PSMK)和第一消息中的安全参数 通过使用消息完整性代码(MIC)或消息认证码(MAC)的计算功能来限制,从而有效地避免了安全协议中的第一消息的制造攻击; 2)在计算第一个消息的MIC或MAC期间,仅选择PSMK和第一个消息的安全参数进行计算,从而有效减少发起方和响应方的计算负载,计算资源为 保存
-
公开(公告)号:US08533781B2
公开(公告)日:2013-09-10
申请号:US13058099
申请日:2009-07-28
申请人: Manxia Tie , Jun Cao , Yuelei Xiao , Zhenhai Huang , Xiaolong Lai
发明人: Manxia Tie , Jun Cao , Yuelei Xiao , Zhenhai Huang , Xiaolong Lai
IPC分类号: G06F7/04
摘要: The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods.
摘要翻译: 本发明的实施例公开了适用于无线个人区域网(WPAN)的接入方法。 在协调器广播信标帧之后,根据信标帧,设备识别协调器对设备所需的认证需求和认证方式。 如果协调人对设备没有认证需求,则设备和协调人直接进行关联过程; 否则,根据所选择的认证方式和相应的认证机制协商信息,设备向协调器发送认证访问请求; 然后根据设备选择的认证方式,协调器与设备进行认证和会话密钥协商过程; 最后,协调器向设备发送认证接入响应,当认证接入响应的认证状态成功时,设备与协调器进行关联过程。 认证和会话密钥协商的过程可以基于原语控制,也可以基于端口控制。 如果设备与协调器成功关联,则协调器将网络地址分配给设备,因此设备可以正常与协调器进行通信。 本发明解决了现有WPAN接入方式安全性较低,效率较低的技术问题。
-
公开(公告)号:US20110145890A1
公开(公告)日:2011-06-16
申请号:US13058099
申请日:2009-07-28
申请人: Manxia Tie , Jun Cao , Yuelei Xiao , Zhenhai Huang , Xiaolong Lai
发明人: Manxia Tie , Jun Cao , Yuelei Xiao , Zhenhai Huang , Xiaolong Lai
IPC分类号: G06F7/04
摘要: The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods.
摘要翻译: 本发明的实施例公开了适用于无线个人区域网(WPAN)的接入方法。 在协调器广播信标帧之后,根据信标帧,设备识别协调器对设备所需的认证需求和认证方式。 如果协调人对设备没有认证需求,则设备和协调人直接进行关联过程; 否则,根据所选择的认证方式和相应的认证机制协商信息,设备向协调器发送认证访问请求; 然后根据设备选择的认证方式,协调器与设备进行认证和会话密钥协商过程; 最后,协调器向设备发送认证接入响应,当认证接入响应的认证状态成功时,设备与协调器进行关联过程。 认证和会话密钥协商的过程可以基于原语控制,也可以基于端口控制。 如果设备与协调器成功关联,则协调器将网络地址分配给设备,因此设备可以正常与协调器进行通信。 本发明解决了现有WPAN接入方式安全性较低,效率较低的技术问题。
-
9.发明授权Entity bi-directional identificator method and system based on trustable third party 有权基于可信第三方的实体双向识别方法和系统公开(公告)号:US08356179B2
公开(公告)日:2013-01-15
申请号:US12739678
申请日:2008-10-23
申请人: Manxia Tie , Jun Cao , Xiaolong Lai , Liaojun Pang , Zhenhai Huang
发明人: Manxia Tie , Jun Cao , Xiaolong Lai , Liaojun Pang , Zhenhai Huang
CPC分类号: H04L63/0869 , H04L9/3213 , H04L9/3273 , H04L63/0823 , H04L63/126
摘要: An entity bi-directional identification method and system based on a trustable third party thereof are provided. The system comprises a first entity, which is for sending a first message to a second entity, sending a third message to a third entity after receiving a second message sent by the second entity, verifying the fourth message after receiving a fourth message sent by the third entity, sending a fifth message to the second entity after the verification is finished; the second entity, which is for receiving the first message sent by the first entity, sending the second message to the first entity, verifying the fifth message after receiving the fifth message sent by the first entity; the third entity, which is for receiving the third message sent by the first entity, checking if the first entity and the second entity are legal, implementing the pretreatment according to the checking result, sending the first entity the fourth message after the treatment is finished.
摘要翻译: 提供了一种基于可信任第三方的实体双向识别方法和系统。 该系统包括用于向第二实体发送第一消息的第一实体,在接收到由第二实体发送的第二消息之后向第三实体发送第三消息,在接收到由第二实体发送的第四消息之后验证第四消息 第三实体,在验证完成之后向第二实体发送第五消息; 所述第二实体用于接收由所述第一实体发送的所述第一消息,向所述第一实体发送所述第二消息,在接收到由所述第一实体发送的所述第五消息之后验证所述第五消息; 用于接收第一实体发送的第三消息的第三实体,检查第一实体和第二实体是否合法,根据检查结果实现预处理,在处理完成之后发送第一实体第四消息 。
-
10.发明申请ENTITY BI-DIRECTIONAL IDENTIFICATOR METHOD AND SYSTEM BASED ON TRUSTABLE THIRD PARTY 有权基于可信赖第三方的实体双向识别方法和系统公开(公告)号:US20100306839A1
公开(公告)日:2010-12-02
申请号:US12739678
申请日:2008-10-23
申请人: Manxia Tie , Jun Cao , Xiaolong Lai , Liaojun Pang , Zhenhai Huang
发明人: Manxia Tie , Jun Cao , Xiaolong Lai , Liaojun Pang , Zhenhai Huang
CPC分类号: H04L63/0869 , H04L9/3213 , H04L9/3273 , H04L63/0823 , H04L63/126
摘要: An entity bi-directional identification method and system based on a trustable third party thereof are provided. The system comprises a first entity, which is for sending a first message to a second entity, sending a third message to a third entity after receiving a second message sent by the second entity, verifying the fourth message after receiving a fourth message sent by the third entity, sending a fifth message to the second entity after the verification is finished; the second entity, which is for receiving the first message sent by the first entity, sending the second message to the first entity, verifying the fifth message after receiving the fifth message sent by the first entity; the third entity, which is for receiving the third message sent by the first entity, checking if the first entity and the second entity are legal, implementing the pretreatment according to the checking result, sending the first entity the fourth message after the treatment is finished.
摘要翻译: 提供了一种基于可信任第三方的实体双向识别方法和系统。 该系统包括用于向第二实体发送第一消息的第一实体,在接收到由第二实体发送的第二消息之后向第三实体发送第三消息,在接收到由第二实体发送的第四消息之后验证第四消息 第三实体,在验证完成之后向第二实体发送第五消息; 所述第二实体用于接收由所述第一实体发送的所述第一消息,向所述第一实体发送所述第二消息,在接收到由所述第一实体发送的所述第五消息之后验证所述第五消息; 用于接收第一实体发送的第三消息的第三实体,检查第一实体和第二实体是否合法,根据检查结果实现预处理,在处理完成之后发送第一实体第四消息 。
-
-
-
-
-
-
-
-
-
搜索结果
95 条记录 (耗时 0.031 秒)
