-
公开(公告)号:US08176325B2
公开(公告)日:2012-05-08
申请号:US11816715
申请日:2006-02-21
申请人: Xiaolong Lai , Jun Cao , Bianling Zhang , Zhenhai Huang , Hong Guo
发明人: Xiaolong Lai , Jun Cao , Bianling Zhang , Zhenhai Huang , Hong Guo
IPC分类号: H04L29/06
CPC分类号: H04L63/0869 , H04L9/0894 , H04L9/321 , H04L2209/80
摘要: A port based peer access control method, comprises the steps of: 1) enabling the authentication control entity; 2) two authentication control entities authenticating each other; 3) setting the status of the controlled port. The method may further comprise the steps of enabling the authentication server entity, two authentication subsystems negotiating the key. By modifying the asymmetry of background technique, the invention has advantages of peer control, distinguishable authentication control entity, good scalability, good security, simple key negotiation process, relatively complete system, high flexibility, thus the invention can satisfy the requirements of central management as well as resolve the technical issues of the prior network access control method, including complex process, poor security, poor scalability, so it provides essential guarantee for secure network access.
摘要翻译: 一种基于端口的对等接入控制方法,包括步骤:1)启用认证控制实体; 2)两个认证控制实体相互认证; 3)设置受控端口的状态。 该方法还可以包括以下步骤:启用认证服务器实体,两个认证子系统协商该密钥。 通过修改背景技术的不对称性,本发明具有对等控制,可区分认证控制实体,良好的可扩展性,良好的安全性,简单的密钥协商过程,系统相对完整,灵活性高等优点,因此本发明可以满足中央管理的要求 解决现有网络访问控制方法的技术问题,包括复杂过程,安全性差,可扩展性差,为安全网络访问提供了必要的保证。
-
2.发明申请公开(公告)号:US20110055561A1
公开(公告)日:2011-03-03
申请号:US11816743
申请日:2006-02-21
申请人: Xiaolong Lai , Jun Cao , Hong Guo , Zhenhai Huang , Bianling Zhang
发明人: Xiaolong Lai , Jun Cao , Hong Guo , Zhenhai Huang , Bianling Zhang
CPC分类号: H04L63/0823 , H04L9/083 , H04L9/0891 , H04L9/3263 , H04L9/3273 , H04L2209/80
摘要: An access authentication method includes pre-establishing a security channel between the authentication server of the access point and the authentication server of the user terminal and performing the authentication process at user terminal and access point. The authentication process includes 1) the access point sending the authentication_activating message; 2) the user terminal sending the authentication server of user terminal request message; 3) the authentication server of the user terminal sending to the user terminal response message; and 4) completing the authentication.
摘要翻译: 访问认证方法包括在接入点的认证服务器和用户终端的认证服务器之间预先建立安全信道,并在用户终端和接入点执行认证过程。 认证过程包括:1)接入点发送认证激活消息; 2)用户终端发送用户终端请求消息的认证服务器; 3)用户终端的认证服务器发送给用户终端应答消息; 和4)完成认证。
-
公开(公告)号:US20080288777A1
公开(公告)日:2008-11-20
申请号:US11816715
申请日:2006-02-21
申请人: Xiaolong Lai , Jun Cao , Bianling Zhang , Zhenhai Huang , Hong Guo
发明人: Xiaolong Lai , Jun Cao , Bianling Zhang , Zhenhai Huang , Hong Guo
IPC分类号: H04L9/32
CPC分类号: H04L63/0869 , H04L9/0894 , H04L9/321 , H04L2209/80
摘要: A port based peer access control method, comprises the steps of: 1) enabling the authentication control entity; 2) two authentication control entities authenticating each other; 3) setting the status of the controlled port. The method may further comprise the steps of enabling the authentication server entity, two authentication subsystems negotiating the key. By modifying the asymmetry of background technique, the invention has advantages of peer control, distinguishable authentication control entity, good scalability, good security, simple key negotiation process, relatively complete system, high flexibility, thus the invention can satisfy the requirements of central management as well as resolve the technical issues of the prior network access control method, including complex process, poor security, poor scalability, so it provides essential guarantee for secure network access.
摘要翻译: 一种基于端口的对等接入控制方法,包括步骤:1)启用认证控制实体; 2)两个认证控制实体相互认证; 3)设置受控端口的状态。 该方法还可以包括以下步骤:启用认证服务器实体,两个认证子系统协商该密钥。 通过修改背景技术的不对称性,本发明具有对等控制,可区分认证控制实体,良好的可扩展性,良好的安全性,简单的密钥协商过程,系统相对完整,灵活性高等优点,因此本发明可以满足中央管理的要求 解决现有网络访问控制方法的技术问题,包括复杂过程,安全性差,可扩展性差,为安全网络访问提供了必要的保证。
-
公开(公告)号:US08631232B2
公开(公告)日:2014-01-14
申请号:US12863272
申请日:2009-01-14
申请人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang , Bianling Zhang , Zhiqiang Qin , Qizhu Song
发明人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang , Bianling Zhang , Zhiqiang Qin , Qizhu Song
IPC分类号: H04L29/00
CPC分类号: H04W12/04 , H04L63/205 , H04W12/06
摘要: A wireless personal area network accessing method is provided, the method includes that: a coordinator broadcasts a beacon frame, the beacon frame includes the information about whether the coordinator sends an authentication requirement, the beacon frame also includes the authentication supported by the coordinator and key management package when a device receipts the authentication requirement, the device receives the beacon frame, the authentication between the coordinator and the device is made by using a authentication method corresponding to the authentication supported by the coordinator and key management package, when the device determines that the coordinator and the device is directly made according to the authentication result, or the association between the coordinator and the device is made after making session key negotiation.
摘要翻译: 提供了无线个人区域网络访问方法,该方法包括:协调器广播信标帧,信标帧包括关于协调器是否发送认证要求的信息,信标帧还包括由协调器和密钥支持的认证 管理包,当设备收到认证要求时,设备收到信标帧,协调器和设备之间的认证是通过使用与协调器和密钥管理包所支持的认证相对应的认证方法进行的,当设备确定 协调器和设备根据认证结果直接进行,或者在进行会话密钥协商之后进行协调器与设备之间的关联。
-
公开(公告)号:US08572378B2
公开(公告)日:2013-10-29
申请号:US13140632
申请日:2009-12-07
申请人: Xiaolong Lai , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Bianling Zhang , Yanan Hu
发明人: Xiaolong Lai , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Bianling Zhang , Yanan Hu
IPC分类号: H04L29/06
CPC分类号: H04W12/10 , H04L9/0838 , H04L9/3242 , H04L9/3273 , H04L63/123 , H04L2209/80
摘要: The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.
摘要翻译: 本发明提供一种保护安全协议的第一消息的方法,该方法包括以下步骤:1)初始化步骤; 2)发起方发送第一个消息; 3)响应端接收第一条消息。 用于保护本发明提供的安全协议的第一消息的方法可以实现:1)由起始侧和响应侧共享的预共享主密钥(PSMK)和第一消息中的安全参数 通过使用消息完整性代码(MIC)或消息认证码(MAC)的计算功能来限制,从而有效地避免了安全协议中的第一消息的制造攻击; 2)在计算第一个消息的MIC或MAC期间,仅选择PSMK和第一个消息的安全参数进行计算,从而有效减少发起方和响应方的计算负载,计算资源为 保存
-
公开(公告)号:US20110029776A1
公开(公告)日:2011-02-03
申请号:US12863285
申请日:2009-01-14
申请人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang , Bianling Zhang , Zhiqiang Qin , Qizhu Song
发明人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang , Bianling Zhang , Zhiqiang Qin , Qizhu Song
IPC分类号: H04L9/32
CPC分类号: H04W12/04 , H04L29/08576 , H04L63/0428 , H04L63/08 , H04W12/06
摘要: A wireless personal area network access method based on the primitive, includes: a coordinator broadcasts a beacon frame to the device which requests connecting to the wireless personal area network (WPAN), the beacon frame includes the authentication request information for the device and the authentication and a key management tool supported by the coordinator; the device authenticates the authentication request information, when the coordinator has an authentication request to the device, the coordinator and the device execute the authentication based on the primitive and obtains the conversation key.
摘要翻译: 基于原语的无线个人区域网络访问方法包括:协调器向请求连接到无线个域网(WPAN)的设备广播信标帧,信标帧包括用于设备的认证请求信息和认证 和协调员支持的关键管理工具; 设备对认证请求信息进行认证,当协调器向设备发送认证请求时,协调器和设备根据原语执行认证,获取会话密钥。
-
公开(公告)号:US08984287B2
公开(公告)日:2015-03-17
申请号:US12863285
申请日:2009-01-14
申请人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang , Bianling Zhang , Zhiqiang Qin , Qizhu Song
发明人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang , Bianling Zhang , Zhiqiang Qin , Qizhu Song
CPC分类号: H04W12/04 , H04L29/08576 , H04L63/0428 , H04L63/08 , H04W12/06
摘要: A wireless personal area network access method based on the primitive, includes: a coordinator broadcasts a beacon frame to the device which requests connecting to the wireless personal area network (WPAN), the beacon frame includes the authentication request information for the device and the authentication and a key management tool supported by the coordinator; the device authenticates the authentication request information, when the coordinator has an authentication request to the device, the coordinator and the device execute the authentication based on the primitive and obtains the conversation key.
摘要翻译: 基于原语的无线个人区域网络接入方法包括:协调器向请求连接到无线个域网(WPAN)的设备广播信标帧,信标帧包括用于设备的认证请求信息和认证 和协调员支持的关键管理工具; 设备对认证请求信息进行认证,当协调器向设备发送认证请求时,协调器和设备根据原语执行认证,获取会话密钥。
-
公开(公告)号:US20110055554A1
公开(公告)日:2011-03-03
申请号:US12863272
申请日:2009-01-14
申请人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang , Bianling Zhang , Zhiqiang Qin , Qizhu Song
发明人: Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang , Bianling Zhang , Zhiqiang Qin , Qizhu Song
CPC分类号: H04W12/04 , H04L63/205 , H04W12/06
摘要: A wireless personal area network accessing method is provided, the method includes that: a coordinator broadcasts a beacon frame, the beacon frame includes the information about whether the coordinator sends an authentication requirement, the beacon frame also includes the authentication supported by the coordinator and key management package when a device receipts the authentication requirement, the device receives the beacon frame, the authentication between the coordinator and the device is made by using a authentication method corresponding to the authentication supported by the coordinator and key management package, when the device determines that the coordinator and the device is directly made according to the authentication result, or the association between the coordinator and the device is made after making session key negotiation.
摘要翻译: 提供了无线个人区域网络访问方法,该方法包括:协调器广播信标帧,信标帧包括关于协调器是否发送认证要求的信息,信标帧还包括由协调器和密钥支持的认证 管理包,当设备收到认证要求时,设备收到信标帧,协调器和设备之间的认证是通过使用与协调器和密钥管理包所支持的认证相对应的认证方法进行的,当设备确定 协调器和设备根据认证结果直接进行,或者在进行会话密钥协商之后进行协调器与设备之间的关联。
-
9.发明授权公开(公告)号:US08225092B2
公开(公告)日:2012-07-17
申请号:US11816743
申请日:2006-02-21
申请人: Xiaolong Lal , Jun Cao , Hong Guo , Zhenhai Huang , Bianling Zhang
发明人: Xiaolong Lal , Jun Cao , Hong Guo , Zhenhai Huang , Bianling Zhang
IPC分类号: H04L29/06
CPC分类号: H04L63/0823 , H04L9/083 , H04L9/0891 , H04L9/3263 , H04L9/3273 , H04L2209/80
摘要: An access authentication method includes pre-establishing a security channel between the authentication server of the access point and the authentication server of the user terminal and performing the authentication process at user terminal and access point. The authentication process includes 1) the access point sending the authentication_activating message; 2) the user terminal sending the authentication server of user terminal request message; 3) the authentication server of the user terminal sending to the user terminal response message; and 4) completing the authentication.
摘要翻译: 访问认证方法包括在接入点的认证服务器和用户终端的认证服务器之间预先建立安全信道,并在用户终端和接入点执行认证过程。 认证过程包括:1)接入点发送认证激活消息; 2)用户终端发送用户终端请求消息的认证服务器; 3)用户终端的认证服务器发送给用户终端应答消息; 和4)完成认证。
-
公开(公告)号:US20100037302A1
公开(公告)日:2010-02-11
申请号:US12519955
申请日:2007-06-25
申请人: Xiaolong Lai , Jun Cao , Manxia Tie , Bianling Zhang
发明人: Xiaolong Lai , Jun Cao , Manxia Tie , Bianling Zhang
IPC分类号: H04L29/06
CPC分类号: H04L63/0869
摘要: This invention relates to a peer-to-peer access control method of a triple-unit structure for safely implementing bidirectional authentication between the terminal and the network. According to the method, on the basis of the access control method of the existing double-unit triple-entity structure, the authenticator function is implemented in the access controller, and the authentication protocol function is implemented in the terminal and the access controller, so that the terminal, the access controller and the server all participate in the authentication, and the trust relationship is established between the terminal and the access controller directly, which renders security very reliable. The invention not only solves the technical problems of the access control method of the existing double-unit double-entity structure that the access flexibility is limited and the extension of the number of the access controllers is inconvenient, but also solves the technical problems of the existing access control method of the double-unit triple-entity structure that the process for establishing the trust relationship is complicated and the security of the network may be influenced, thus achieving advantages of high security performance, no requirement of changing existing network structures and relative independency of the authentication protocol.
摘要翻译: 本发明涉及用于在终端和网络之间安全地实现双向认证的三单元结构的对等接入控制方法。 根据该方法,在现有的双单元三实体结构的访问控制方法的基础上,在接入控制器中实现认证方的功能,在终端和接入控制器中实现认证协议功能, 终端,接入控制器和服务器都参与认证,直接在终端和接入控制器之间建立信任关系,使安全性非常可靠。 本发明不仅解决了现有的双单元双实体结构的访问控制方法的技术问题,即访问灵活性有限,访问控制器数量的扩展不方便,而且解决了 建立信任关系的过程复杂,网络安全性可能受影响的双单元三实体结构的现有访问控制方法,从而实现高安全性能的优势,无需改变现有网络结构和相对性 认证协议的独立性。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.028 秒)
