公开(公告)号：US08646055B2

公开(公告)日：2014-02-04

申请号：US13391526

申请日：2009-12-24

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

IPC分类号： G06F21/00

CPC分类号： H04L63/061 ,  H04L63/0869 ,  H04L63/20

摘要： A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester (REQ) and Authentication Access Controller (AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.

摘要翻译： 公开了一种基于预共享密钥的网络访问控制的方法和系统。 该方法包括以下步骤：1）在REQuester（REQ）和认证接入控制器（AAC）之间实现安全策略协商; 2）在REQ和AAC之间实现身份认证和单播密钥协商; 3）REQ和AAC之间通知组播密钥。 应用该方法和系统，可以在用户和网络之间实现快速双向认证。

公开(公告)号：US20120151554A1

公开(公告)日：2012-06-14

申请号：US13391051

申请日：2009-12-23

申请人： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

发明人： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/205

摘要： The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

摘要翻译： 本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

公开(公告)号：US08689283B2

公开(公告)日：2014-04-01

申请号：US13391051

申请日：2009-12-23

申请人： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

发明人： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/205

摘要： The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

摘要翻译： 本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

公开(公告)号：US08713303B2

公开(公告)日：2014-04-29

申请号：US13515394

申请日：2010-05-26

申请人： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

发明人： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L29/06 ,  H04K1/00 ,  H04L9/08 ,  H04W12/04 ,  H04L9/32

CPC分类号： H04L9/0838 ,  H04L12/6418 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/162

摘要： A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved.

摘要翻译： 在本发明中公开了一种用于在交换机设备之间建立安全连接的方法和系统。 该系统包括第一开关设备和第二开关设备; 第一交换机设备向第二交换机设备发送交换机密钥协商激活分组和交换机密钥协商响应分组; 第二交换机设备向第一交换机设备发送交换机密钥协商请求报文。 本发明的实施例通过在两个交换机设备之间建立共享切换密钥来提供交换机设备之间数据安全传输的安全策略，从而保证了数据链路层交换机设备之间数据传输过程的机密性。 可以减少交换机的计算负担和从发送端到接收端的数据包的延迟，提高网络传输的效率。

公开(公告)号：US20120254617A1

公开(公告)日：2012-10-04

申请号：US13515394

申请日：2010-05-26

申请人： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

发明人： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L9/0838 ,  H04L12/6418 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/162

摘要： A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved.

摘要翻译： 在本发明中公开了一种用于在交换机设备之间建立安全连接的方法和系统。 该系统包括第一开关设备和第二开关设备; 第一交换机设备向第二交换机设备发送交换机密钥协商激活分组和交换机密钥协商响应分组; 第二交换机设备向第一交换机设备发送交换机密钥协商请求报文。 本发明的实施例通过在两个交换机设备之间建立共享切换密钥来提供交换机设备之间数据安全传输的安全策略，从而保证了数据链路层交换机设备之间数据传输过程的机密性。 可以减少交换机的计算负担和从发送端到接收端的数据包的延迟，提高网络传输的效率。

公开(公告)号：US20120159587A1

公开(公告)日：2012-06-21

申请号：US13391526

申请日：2009-12-24

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

IPC分类号： G06F21/20

CPC分类号： H04L63/061 ,  H04L63/0869 ,  H04L63/20

摘要： A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester(REQ) and Authentication Access Controller(AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.

摘要翻译： 公开了一种基于预共享密钥的网络访问控制的方法和系统。 该方法包括以下步骤：1）在REQuester（REQ）和认证接入控制器（AAC）之间实现安全策略协商; 2）在REQ和AAC之间实现身份认证和单播密钥协商; 3）REQ和AAC之间通知组播密钥。 应用该方法和系统，可以在用户和网络之间实现快速双向认证。

公开(公告)号：US20140007231A1

公开(公告)日：2014-01-02

申请号：US13702785

申请日：2011-01-14

申请人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L29/06

CPC分类号： H04L63/1475 ,  H04L45/26

摘要： A switch route exploring method, system and device are provided in the present invention. The method comprises that: a transmitting source node NSource constructs a switch route exploring request packet and transmits it to a destination node NDestination; the switch route exploring request packet comprises information of switch route from the transmitting source node NSource to the destination node NDestination, wherein the information is known by the transmitting source node NSource; and the destination node NDestination constructs a switch route exploring response packet and transmits it to the transmitting source node NSource.

摘要翻译： 在本发明中提供了一种开关路径探索方法，系统和装置。 该方法包括：发送源节点NSource构建探索请求分组的交换路由，并将其发送到目的节点NDestination; 所述交换路由探索请求分组包括从所述发送源节点NSource到所述目的节点NDestination的切换路由的信息，其中，所述信息由所述发送源节点NSource知道; 并且目的地节点NDestination构建探索响应分组的交换机路由，并将其发送到发送源节点NSource。

公开(公告)号：US20130159706A1

公开(公告)日：2013-06-20

申请号：US13814899

申请日：2011-04-27

申请人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

发明人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

IPC分类号： H04L9/08

CPC分类号： H04L9/0816 ,  H04L9/083 ,  H04L9/321 ,  H04L63/06 ,  H04L2463/062

摘要： The present invention provides a secret communication method, apparatus and system. The method comprises: 1) determining a neighboring encryption switching equipment shared by a first user terminal and a second user terminal, wherein the first user terminal and the second user terminal are neighboring user terminals (1); 2) establishing, by the neighboring encryption switching equipment, an inter-station key for communication between the first user terminal and the second terminal (2); 3) performing data secret communication between the first user terminal and the second terminal by using the inter-station key (3). With the present invention, the neighboring user terminals needing to perform the secret communication can establish the inter-station key without performing identity authentication with each other, and can perform the secret communication with the inter-station key, and thereby the network load is reduced.

摘要翻译： 本发明提供一种秘密通信方法，装置和系统。 该方法包括：1）确定由第一用户终端和第二用户终端共享的相邻加密交换设备，其中第一用户终端和第二用户终端是相邻的用户终端（1）; 2）由相邻加密交换设备建立用于第一用户终端和第二终端（2）之间的通信的站间密钥; 3）使用站间密钥（3）执行第一用户终端与第二终端之间的数据秘密通信。 通过本发明，需要执行秘密通信的相邻用户终端可以建立站间密钥，而不进行彼此的身份认证，并且可以执行与站间密钥的秘密通信，从而减少网络负载 。

公开(公告)号：US09137259B2

公开(公告)日：2015-09-15

申请号：US13702785

申请日：2011-01-14

申请人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L29/06 ,  H04L12/721

CPC分类号： H04L63/1475 ,  H04L45/26

摘要： A switch route exploring method, system and device are provided in the present invention. The method comprises that: a transmitting source node NSource constructs a switch route exploring request packet and transmits it to a destination node NDestination; the switch route exploring request packet comprises information of switch route from the transmitting source node NSource to the destination node NDestination, wherein the information is known by the transmitting source node NSource; and the destination node NDestination constructs a switch route exploring response packet and transmits it to the transmitting source node NSource.

摘要翻译： 在本发明中提供了一种开关路径探索方法，系统和装置。 该方法包括：发送源节点NSource构建探索请求分组的交换路由，并将其发送到目的节点NDestination; 所述交换路由探索请求分组包括从所述发送源节点NSource到所述目的节点NDestination的切换路由的信息，其中，所述信息由所述发送源节点NSource知道; 并且目的地节点NDestination构建探索响应分组的交换机路由，并将其发送到发送源节点NSource。

公开(公告)号：US08850190B2

公开(公告)日：2014-09-30

申请号：US13814899

申请日：2011-04-27

申请人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

发明人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

IPC分类号： H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC分类号： H04L9/0816 ,  H04L9/083 ,  H04L9/321 ,  H04L63/06 ,  H04L2463/062

摘要： The present invention provides a secret communication method, apparatus and system. The method comprises: 1) determining a neighboring encryption switching equipment shared by a first user terminal and a second user terminal, wherein the first user terminal and the second user terminal are neighboring user terminals (1); 2) establishing, by the neighboring encryption switching equipment, an inter-station key for communication between the first user terminal and the second terminal (2); 3) performing data secret communication between the first user terminal and the second terminal by using the inter-station key (3). With the present invention, the neighboring user terminals needing to perform the secret communication can establish the inter-station key without performing identity authentication with each other, and can perform the secret communication with the inter-station key, and thereby the network load is reduced.

摘要翻译： 本发明提供一种秘密通信方法，装置和系统。 该方法包括：1）确定由第一用户终端和第二用户终端共享的相邻加密交换设备，其中第一用户终端和第二用户终端是相邻的用户终端（1）; 2）由相邻加密交换设备建立用于第一用户终端和第二终端（2）之间的通信的站间密钥; 3）使用站间密钥（3）执行第一用户终端与第二终端之间的数据秘密通信。 通过本发明，需要执行秘密通信的相邻用户终端可以建立站间密钥，而不进行彼此的身份认证，并且可以执行与站间密钥的秘密通信，从而减少网络负载 。