公开(公告)号：US20110252239A1

公开(公告)日：2011-10-13

申请号：US13140632

申请日：2009-12-07

申请人： Xiaolong Lai ,  Jun Cao ,  Yuelei Xiao ,  Manxia Tie ,  Zhenhai Huang ,  Bianlin Zhang ,  Yanan Hu

发明人： Xiaolong Lai ,  Jun Cao ,  Yuelei Xiao ,  Manxia Tie ,  Zhenhai Huang ,  Bianlin Zhang ,  Yanan Hu

IPC分类号： H04L9/32

CPC分类号： H04W12/10 ,  H04L9/0838 ,  H04L9/3242 ,  H04L9/3273 ,  H04L63/123 ,  H04L2209/80

摘要： The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.

摘要翻译： 本发明提供一种保护安全协议的第一消息的方法，该方法包括以下步骤：1）初始化步骤; 2）发起方发送第一个消息; 3）响应端接收第一条消息。 用于保护本发明提供的安全协议的第一消息的方法可以实现：1）由发起端和响应侧共享的预共享主密钥（PSMK）和第一消息中的安全参数 通过使用消息完整性代码（MIC）或消息认证码（MAC）的计算功能来限制，从而有效地避免了安全协议中的第一消息的制造攻击; 2）在计算第一个消息的MIC或MAC期间，仅选择PSMK和第一个消息的安全参数进行计算，从而有效减少发起方和响应方的计算负载，计算资源为 保存

公开(公告)号：US20110243330A1

公开(公告)日：2011-10-06

申请号：US13133890

申请日：2009-12-08

申请人： Yanan Hu ,  Jun Cao ,  Yuelei Xiao ,  Manxia Tie ,  Zhenhai Huang ,  Xiaolong Lai

发明人： Yanan Hu ,  Jun Cao ,  Yuelei Xiao ,  Manxia Tie ,  Zhenhai Huang ,  Xiaolong Lai

IPC分类号： H04W12/06 ,  H04W12/04

CPC分类号： H04W12/04 ,  H04W12/06

摘要： An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.

摘要翻译： 用于超宽带网络的认证相关套件发现和协商方法。 该方法包括以下步骤：1）在发起者和应答者的信息元素IE列表中添加成对的时间密钥PTK建立IE和组时间密钥GTK分布IE，并设置相应的信息元素标识符ID，2 ）基于认证相关套件发现和协商方法的认证关联过程。 本发明提供的用于超宽带网络的认证相关套件发现和协商方法可以向网络提供安全解决方案的发现和协商功能，以便在多对成对临时密钥PTK建立计划时更好地满足各种应用需求 或多组时态密钥GTK分发计划并存。

公开(公告)号：US08625801B2

公开(公告)日：2014-01-07

申请号：US13133890

申请日：2009-12-08

申请人： Yanan Hu ,  Jun Cao ,  Yuelei Xiao ,  Manxia Tie ,  Zhenhai Huang ,  Xiaolong Lai

发明人： Yanan Hu ,  Jun Cao ,  Yuelei Xiao ,  Manxia Tie ,  Zhenhai Huang ,  Xiaolong Lai

IPC分类号： H04W12/06 ,  H04W12/04 ,  H04L9/32

CPC分类号： H04W12/04 ,  H04W12/06

摘要： An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.

摘要翻译： 用于超宽带网络的认证相关套件发现和协商方法。 该方法包括以下步骤：1）在发起者和应答者的信息元素IE列表中添加成对的时间密钥PTK建立IE和组时间密钥GTK分布IE，并设置相应的信息元素标识符ID，2 ）基于认证相关套件发现和协商方法的认证关联过程。 本发明提供的用于超宽带网络的认证相关套件发现和协商方法可以向网络提供安全解决方案的发现和协商功能，以便在多对成对临时密钥PTK建立计划时更好地满足各种应用需求 或多组时态密钥GTK分发计划并存。

公开(公告)号：US20130016838A1

公开(公告)日：2013-01-17

申请号：US13637375

申请日：2010-05-12

申请人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L9/28

CPC分类号： H04W12/04 ,  H04L12/189 ,  H04L63/065 ,  H04W12/10

摘要： The present invention discloses a multicast key negotiation method suitable for group calling system and a system thereof. The method includes that: a user terminal (UT) negotiates about a unicast key with a base station (BS), derives an information encryption key and an integrity verifying key according to the unicast key, and registers a service group identifier that the UT belongs to at the BS; the BS notifies the UT the multicast key of the service group that the UT needs to apply, constructs a multicast key notification packet, and sends it to the UT; after receiving the multicast key notification packet sent by the BS, the UT obtains the multicast key of the service group that the UT needs to apply by decrypting a service group key application list, constructs a multicast key confirmation packet, and sends it to the BS; the BS confirms that the multicast key of the UT service group is built successfully according to the multicast key confirmation packet sent by the UT.

摘要翻译： 本发明公开了适用于群呼系统的组播密钥协商方法及其系统。 该方法包括：用户终端（UT）与基站（BS）协商关于单播密钥，根据单播密钥导出信息加密密钥和完整性验证密钥，并注册UT所属的服务组标识符 到BS; BS向UT通知UT需要应用的业务组的组播密钥，构建组播密钥通知报文，并将其发送给UT; UT收到BS发送的组播密钥通知报文后，通过解密业务组密钥应用列表获取UT需要应用的业务组的组播密钥，构建组播密钥确认报文，并发送给BS ; 根据UT发送的组播密钥确认包，BS确认UT服务组的组播密钥成功建立。

公开(公告)号：US08787574B2

公开(公告)日：2014-07-22

申请号：US13637375

申请日：2010-05-12

申请人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Yanan Hu ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04K1/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： H04W12/04 ,  H04L12/189 ,  H04L63/065 ,  H04W12/10

摘要： The present invention discloses a multicast key negotiation method suitable for group calling system and a system thereof. The method includes that: a user terminal (UT) negotiates about a unicast key with a base station (BS), derives an information encryption key and an integrity verifying key according to the unicast key, and registers a service group identifier that the UT belongs to at the BS; the BS notifies the UT the multicast key of the service group that the UT needs to apply, constructs a multicast key notification packet, and sends it to the UT; after receiving the multicast key notification packet sent by the BS, the UT obtains the multicast key of the service group that the UT needs to apply by decrypting a service group key application list, constructs a multicast key confirmation packet, and sends it to the BS; the BS confirms that the multicast key of the UT service group is built successfully according to the multicast key confirmation packet sent by the UT.

摘要翻译： 本发明公开了适用于群呼系统的组播密钥协商方法及其系统。 该方法包括：用户终端（UT）与基站（BS）协商关于单播密钥，根据单播密钥导出信息加密密钥和完整性验证密钥，并注册UT所属的服务组标识符 到BS; BS向UT通知UT需要应用的业务组的组播密钥，构建组播密钥通知报文，并将其发送给UT; UT收到BS发送的组播密钥通知报文后，通过解密业务组密钥应用列表获取UT需要应用的业务组的组播密钥，构成组播密钥确认报文，并发送给BS ; 根据UT发送的组播密钥确认包，BS确认UT服务组的组播密钥成功建立。

公开(公告)号：US08572378B2

公开(公告)日：2013-10-29

申请号：US13140632

申请日：2009-12-07

申请人： Xiaolong Lai ,  Jun Cao ,  Yuelei Xiao ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang ,  Yanan Hu

发明人： Xiaolong Lai ,  Jun Cao ,  Yuelei Xiao ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang ,  Yanan Hu

IPC分类号： H04L29/06

CPC分类号： H04W12/10 ,  H04L9/0838 ,  H04L9/3242 ,  H04L9/3273 ,  H04L63/123 ,  H04L2209/80

摘要： The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.

摘要翻译： 本发明提供一种保护安全协议的第一消息的方法，该方法包括以下步骤：1）初始化步骤; 2）发起方发送第一个消息; 3）响应端接收第一条消息。 用于保护本发明提供的安全协议的第一消息的方法可以实现：1）由起始侧和响应侧共享的预共享主密钥（PSMK）和第一消息中的安全参数 通过使用消息完整性代码（MIC）或消息认证码（MAC）的计算功能来限制，从而有效地避免了安全协议中的第一消息的制造攻击; 2）在计算第一个消息的MIC或MAC期间，仅选择PSMK和第一个消息的安全参数进行计算，从而有效减少发起方和响应方的计算负载，计算资源为 保存

公开(公告)号：US09047449B2

公开(公告)日：2015-06-02

申请号：US13819698

申请日：2010-12-21

申请人： Zhiqiang Du ,  Manxia Tie ,  Yanan Hu ,  Zhenhai Huang

发明人： Zhiqiang Du ,  Manxia Tie ,  Yanan Hu ,  Zhenhai Huang

IPC分类号： G06F15/16 ,  G06F7/04 ,  G11C7/00 ,  H04L9/32 ,  G06F21/30 ,  H04L29/06

CPC分类号： G06F21/30 ,  H04L9/3273 ,  H04L63/08 ,  H04L63/0884 ,  H04L2209/805

摘要： A method and a system for entity authentication in a resource-limited network are provided by the present invention. Said method comprises the following steps: 1) entity A sends an authentication request message to entity B; 2) after receiving the authentication request message, entity B sends an authentication response message to entity A; and 3) entity A determines the validity of entity B according to the received authentication response message. The authentication between entities in a resource-limited network can be implemented by the application of the present invention.

摘要翻译： 本发明提供了一种资源有限的网络中用于实体认证的方法和系统。 所述方法包括以下步骤：1）实体A向实体B发送认证请求消息; 2）接收认证请求消息后，实体B向实体A发送认证响应消息; 3）实体A根据收到的认证响应消息确定实体B的有效性。 可以通过本发明的应用来实现资源有限的网络中的实体之间的认证。

公开(公告)号：US20130326584A1

公开(公告)日：2013-12-05

申请号：US13819698

申请日：2010-12-21

申请人： Zhiqiang Du ,  Manxia Tie ,  Yanan Hu ,  Zhenhai Huang

发明人： Zhiqiang Du ,  Manxia Tie ,  Yanan Hu ,  Zhenhai Huang

IPC分类号： G06F21/30

CPC分类号： G06F21/30 ,  H04L9/3273 ,  H04L63/08 ,  H04L63/0884 ,  H04L2209/805

摘要： A method and a system for entity authentication in a resource-limited network are provided by the present invention. Said method comprises the following steps: 1) entity A sends an authentication request message to entity B; 2) after receiving the authentication request message, entity B sends an authentication response message to entity A; and 3) entity A determines the validity of entity B according to the received authentication response message. The authentication between entities in a resource-limited network can be implemented by the application of the present invention.

摘要翻译： 本发明提供了一种资源有限的网络中用于实体认证的方法和系统。 所述方法包括以下步骤：1）实体A向实体B发送认证请求消息; 2）接收认证请求消息后，实体B向实体A发送认证响应消息; 3）实体A根据收到的认证响应消息确定实体B的有效性。 可以通过本发明的应用来实现资源有限的网络中的实体之间的认证。

公开(公告)号：US08646055B2

公开(公告)日：2014-02-04

申请号：US13391526

申请日：2009-12-24

申请人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

发明人： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

IPC分类号： G06F21/00

CPC分类号： H04L63/061 ,  H04L63/0869 ,  H04L63/20

摘要： A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester (REQ) and Authentication Access Controller (AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.

摘要翻译： 公开了一种基于预共享密钥的网络访问控制的方法和系统。 该方法包括以下步骤：1）在REQuester（REQ）和认证接入控制器（AAC）之间实现安全策略协商; 2）在REQ和AAC之间实现身份认证和单播密钥协商; 3）REQ和AAC之间通知组播密钥。 应用该方法和系统，可以在用户和网络之间实现快速双向认证。

公开(公告)号：US20140007231A1

公开(公告)日：2014-01-02

申请号：US13702785

申请日：2011-01-14

申请人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

发明人： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC分类号： H04L29/06

CPC分类号： H04L63/1475 ,  H04L45/26

摘要： A switch route exploring method, system and device are provided in the present invention. The method comprises that: a transmitting source node NSource constructs a switch route exploring request packet and transmits it to a destination node NDestination; the switch route exploring request packet comprises information of switch route from the transmitting source node NSource to the destination node NDestination, wherein the information is known by the transmitting source node NSource; and the destination node NDestination constructs a switch route exploring response packet and transmits it to the transmitting source node NSource.

摘要翻译： 在本发明中提供了一种开关路径探索方法，系统和装置。 该方法包括：发送源节点NSource构建探索请求分组的交换路由，并将其发送到目的节点NDestination; 所述交换路由探索请求分组包括从所述发送源节点NSource到所述目的节点NDestination的切换路由的信息，其中，所述信息由所述发送源节点NSource知道; 并且目的地节点NDestination构建探索响应分组的交换机路由，并将其发送到发送源节点NSource。