AUTHENTICATION ASSOCIATED SUITE DISCOVERY AND NEGOTIATION METHOD
    1.
    发明申请
    AUTHENTICATION ASSOCIATED SUITE DISCOVERY AND NEGOTIATION METHOD 有权
    认证相关的套装发现和谈判方法

    公开(公告)号:US20110243330A1

    公开(公告)日:2011-10-06

    申请号:US13133890

    申请日:2009-12-08

    IPC分类号: H04W12/06 H04W12/04

    CPC分类号: H04W12/04 H04W12/06

    摘要: An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.

    摘要翻译: 用于超宽带网络的认证相关套件发现和协商方法。 该方法包括以下步骤:1)在发起者和应答者的信息元素IE列表中添加成对的时间密钥PTK建立IE和组时间密钥GTK分布IE,并设置相应的信息元素标识符ID,2 )基于认证相关套件发现和协商方法的认证关联过程。 本发明提供的用于超宽带网络的认证相关套件发现和协商方法可以向网络提供安全解决方案的发现和协商功能,以便在多对成对临时密钥PTK建立计划时更好地满足各种应用需求 或多组时态密钥GTK分发计划并存。

    METHOD FOR PROTECTING THE FIRST MESSAGE OF SECURITY PROTOCOL
    2.
    发明申请
    METHOD FOR PROTECTING THE FIRST MESSAGE OF SECURITY PROTOCOL 有权
    保护安全协议第一信息的方法

    公开(公告)号:US20110252239A1

    公开(公告)日:2011-10-13

    申请号:US13140632

    申请日:2009-12-07

    IPC分类号: H04L9/32

    摘要: The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.

    摘要翻译: 本发明提供一种保护安全协议的第一消息的方法,该方法包括以下步骤:1)初始化步骤; 2)发起方发送第一个消息; 3)响应端接收第一条消息。 用于保护本发明提供的安全协议的第一消息的方法可以实现:1)由发起端和响应侧共享的预共享主密钥(PSMK)和第一消息中的安全参数 通过使用消息完整性代码(MIC)或消息认证码(MAC)的计算功能来限制,从而有效地避免了安全协议中的第一消息的制造攻击; 2)在计算第一个消息的MIC或MAC期间,仅选择PSMK和第一个消息的安全参数进行计算,从而有效减少发起方和响应方的计算负载,计算资源为 保存

    Authentication associated suite discovery and negotiation method
    3.
    发明授权
    Authentication associated suite discovery and negotiation method 有权
    认证相关套件发现和协商方法

    公开(公告)号:US08625801B2

    公开(公告)日:2014-01-07

    申请号:US13133890

    申请日:2009-12-08

    IPC分类号: H04W12/06 H04W12/04 H04L9/32

    CPC分类号: H04W12/04 H04W12/06

    摘要: An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.

    摘要翻译: 用于超宽带网络的认证相关套件发现和协商方法。 该方法包括以下步骤:1)在发起者和应答者的信息元素IE列表中添加成对的时间密钥PTK建立IE和组时间密钥GTK分布IE,并设置相应的信息元素标识符ID,2 )基于认证相关套件发现和协商方法的认证关联过程。 本发明提供的用于超宽带网络的认证相关套件发现和协商方法可以向网络提供安全解决方案的发现和协商功能,以便在多对成对临时密钥PTK建立计划时更好地满足各种应用需求 或多组时态密钥GTK分发计划并存。

    Method for protecting the first message of security protocol
    4.
    发明授权
    Method for protecting the first message of security protocol 有权
    保护安全协议第一条消息的方法

    公开(公告)号:US08572378B2

    公开(公告)日:2013-10-29

    申请号:US13140632

    申请日:2009-12-07

    IPC分类号: H04L29/06

    摘要: The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.

    摘要翻译: 本发明提供一种保护安全协议的第一消息的方法,该方法包括以下步骤:1)初始化步骤; 2)发起方发送第一个消息; 3)响应端接收第一条消息。 用于保护本发明提供的安全协议的第一消息的方法可以实现:1)由起始侧和响应侧共享的预共享主密钥(PSMK)和第一消息中的安全参数 通过使用消息完整性代码(MIC)或消息认证码(MAC)的计算功能来限制,从而有效地避免了安全协议中的第一消息的制造攻击; 2)在计算第一个消息的MIC或MAC期间,仅选择PSMK和第一个消息的安全参数进行计算,从而有效减少发起方和响应方的计算负载,计算资源为 保存

    Bidirectional entity authentication method with introduction of online third party
    5.
    发明授权
    Bidirectional entity authentication method with introduction of online third party 有权
    双向实体认证方法,引入在线第三方

    公开(公告)号:US08732464B2

    公开(公告)日:2014-05-20

    申请号:US13392899

    申请日:2009-12-29

    IPC分类号: H04L9/32

    CPC分类号: H04L9/3213 H04L9/3263

    摘要: An entity bidirectional authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 1 to an entity A; 2) the entity A sends a message 2 to a trusted third party TP; 3) the trusted third party TP verifies the validities of the entity A and the entity B; 4) after verifying the validities of the entity A and the entity B, the trusted third party TP returns a message 3 to the entity A; 5) the entity A sends a message 4 to the entity B; 6) after receiving the message 4, the entity B performs the verification to complete the authentication for the entity A; 7) the entity B sends a message 5 to the entity A; 8) after receiving the message 5, the entity A performs the verification to complete the authentication for the entity B.

    摘要翻译: 通过引入在线第三方的实体双向认证方法包括以下步骤:1)实体B向实体A发送消息1; 2)实体A向可信第三方TP发送消息2; 3)可信第三方TP验证实体A和实体B的有效性; 4)验证实体A和实体B的有效性后,可信第三方TP向实体A返回消息3; 5)实体A向实体B发送消息4; 6)接收到消息4后,实体B进行验证,完成实体A的认证; 7)实体B向实体A发送消息5; 8)接收到消息5后,实体A进行验证,完成实体B的认证。

    BIDIRECTIONAL ENTITY AUTHENTICATION METHOD WITH INTRODUCTION OF ONLINE THIRD PARTY
    6.
    发明申请
    BIDIRECTIONAL ENTITY AUTHENTICATION METHOD WITH INTRODUCTION OF ONLINE THIRD PARTY 有权
    双向实体验证方法与引言第三方

    公开(公告)号:US20120159169A1

    公开(公告)日:2012-06-21

    申请号:US13392899

    申请日:2009-12-29

    IPC分类号: H04L9/28 H04L9/30

    CPC分类号: H04L9/3213 H04L9/3263

    摘要: An entity bidirectional authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 1 to an entity A; 2) after receiving the message 1, the entity A sends a message 2 to a trusted third party TP; 3) after receiving the message 2, the trusted third party TP verifies the validities of the entity A and the entity B; 4) after verifying the validities of the entity A and the entity B, the trusted third party TP returns a message 3 to the entity A; 5) after receiving message 3, the entity A sends a message 4 to the entity B; 6) after receiving the message 4, the entity B performs the verification to complete the authentication for the entity A; 7) the entity B sends a message 5 to the entity A; 8) after receiving the message 5, the entity A performs the verification to complete the authentication for the entity B. The scheme mentioned above provides an online searching and authentication mechanism for the disclosed keys, and thus simplifies the running condition of the protocol. In the practical application, the bidirectional authentication method of the present invention enables the bidirectional validity authentication between the user and the network.

    摘要翻译: 通过引入在线第三方的实体双向认证方法包括以下步骤:1)实体B向实体A发送消息1; 2)收到消息1后,实体A向可信第三方TP发送消息2; 3)收到消息2后,信任第三方TP验证实体A和实体B的有效性; 4)验证实体A和实体B的有效性后,可信第三方TP向实体A返回消息3; 5)接收到消息3后,实体A向实体B发送消息4; 6)接收到消息4后,实体B进行验证,完成实体A的认证; 7)实体B向实体A发送消息5; 8)接收到消息5后,实体A进行验证,完成实体B的认证。上述方案提供了所公开密钥的在线搜索和认证机制,从而简化了协议的运行状态。 在实际应用中,本发明的双向认证方法能够实现用户和网络之间的双向有效认证。

    Access method suitable for wireless personal area network
    7.
    发明授权
    Access method suitable for wireless personal area network 有权
    接入方式适用于无线个域网

    公开(公告)号:US08533781B2

    公开(公告)日:2013-09-10

    申请号:US13058099

    申请日:2009-07-28

    IPC分类号: G06F7/04

    CPC分类号: H04W12/06 H04W48/10

    摘要: The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods.

    摘要翻译: 本发明的实施例公开了适用于无线个人区域网(WPAN)的接入方法。 在协调器广播信标帧之后,根据信标帧,设备识别协调器对设备所需的认证需求和认证方式。 如果协调人对设备没有认证需求,则设备和协调人直接进行关联过程; 否则,根据所选择的认证方式和相应的认证机制协商信息,设备向协调器发送认证访问请求; 然后根据设备选择的认证方式,协调器与设备进行认证和会话密钥协商过程; 最后,协调器向设备发送认证接入响应,当认证接入响应的认证状态成功时,设备与协调器进行关联过程。 认证和会话密钥协商的过程可以基于原语控制,也可以基于端口控制。 如果设备与协调器成功关联,则协调器将网络地址分配给设备,因此设备可以正常与协调器进行通信。 本发明解决了现有WPAN接入方式安全性较低,效率较低的技术问题。

    ACCESS METHOD SUITABLE FOR WIRELESS PERSONAL AREA NETWORK
    8.
    发明申请
    ACCESS METHOD SUITABLE FOR WIRELESS PERSONAL AREA NETWORK 有权
    适用于无线个人区域网络的接入方法

    公开(公告)号:US20110145890A1

    公开(公告)日:2011-06-16

    申请号:US13058099

    申请日:2009-07-28

    IPC分类号: G06F7/04

    CPC分类号: H04W12/06 H04W48/10

    摘要: The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods.

    摘要翻译: 本发明的实施例公开了适用于无线个人区域网(WPAN)的接入方法。 在协调器广播信标帧之后,根据信标帧,设备识别协调器对设备所需的认证需求和认证方式。 如果协调人对设备没有认证需求,则设备和协调人直接进行关联过程; 否则,根据所选择的认证方式和相应的认证机制协商信息,设备向协调器发送认证访问请求; 然后根据设备选择的认证方式,协调器与设备进行认证和会话密钥协商过程; 最后,协调器向设备发送认证接入响应,当认证接入响应的认证状态成功时,设备与协调器进行关联过程。 认证和会话密钥协商的过程可以基于原语控制,也可以基于端口控制。 如果设备与协调器成功关联,则协调器将网络地址分配给设备,因此设备可以正常与协调器进行通信。 本发明解决了现有WPAN接入方式安全性较低,效率较低的技术问题。

    MULTICAST KEY NEGOTIATION METHOD SUITABLE FOR GROUP CALLING SYSTEM AND A SYSTEM THEREOF
    9.
    发明申请
    MULTICAST KEY NEGOTIATION METHOD SUITABLE FOR GROUP CALLING SYSTEM AND A SYSTEM THEREOF 有权
    适用于集团呼叫系统的多媒体关键协商方法及其系统

    公开(公告)号:US20130016838A1

    公开(公告)日:2013-01-17

    申请号:US13637375

    申请日:2010-05-12

    IPC分类号: H04L9/28

    摘要: The present invention discloses a multicast key negotiation method suitable for group calling system and a system thereof. The method includes that: a user terminal (UT) negotiates about a unicast key with a base station (BS), derives an information encryption key and an integrity verifying key according to the unicast key, and registers a service group identifier that the UT belongs to at the BS; the BS notifies the UT the multicast key of the service group that the UT needs to apply, constructs a multicast key notification packet, and sends it to the UT; after receiving the multicast key notification packet sent by the BS, the UT obtains the multicast key of the service group that the UT needs to apply by decrypting a service group key application list, constructs a multicast key confirmation packet, and sends it to the BS; the BS confirms that the multicast key of the UT service group is built successfully according to the multicast key confirmation packet sent by the UT.

    摘要翻译: 本发明公开了适用于群呼系统的组播密钥协商方法及其系统。 该方法包括:用户终端(UT)与基站(BS)协商关于单播密钥,根据单播密钥导出信息加密密钥和完整性验证密钥,并注册UT所属的服务组标识符 到BS; BS向UT通知UT需要应用的业务组的组播密钥,构建组播密钥通知报文,并将其发送给UT; UT收到BS发送的组播密钥通知报文后,通过解密业务组密钥应用列表获取UT需要应用的业务组的组播密钥,构建组播密钥确认报文,并发送给BS ; 根据UT发送的组播密钥确认包,BS确认UT服务组的组播密钥成功建立。

    Entity bi-directional identificator method and system based on trustable third party
    10.
    发明授权
    Entity bi-directional identificator method and system based on trustable third party 有权
    基于可信第三方的实体双向识别方法和系统

    公开(公告)号:US08356179B2

    公开(公告)日:2013-01-15

    申请号:US12739678

    申请日:2008-10-23

    摘要: An entity bi-directional identification method and system based on a trustable third party thereof are provided. The system comprises a first entity, which is for sending a first message to a second entity, sending a third message to a third entity after receiving a second message sent by the second entity, verifying the fourth message after receiving a fourth message sent by the third entity, sending a fifth message to the second entity after the verification is finished; the second entity, which is for receiving the first message sent by the first entity, sending the second message to the first entity, verifying the fifth message after receiving the fifth message sent by the first entity; the third entity, which is for receiving the third message sent by the first entity, checking if the first entity and the second entity are legal, implementing the pretreatment according to the checking result, sending the first entity the fourth message after the treatment is finished.

    摘要翻译: 提供了一种基于可信任第三方的实体双向识别方法和系统。 该系统包括用于向第二实体发送第一消息的第一实体,在接收到由第二实体发送的第二消息之后向第三实体发送第三消息,在接收到由第二实体发送的第四消息之后验证第四消息 第三实体,在验证完成之后向第二实体发送第五消息; 所述第二实体用于接收由所述第一实体发送的所述第一消息,向所述第一实体发送所述第二消息,在接收到由所述第一实体发送的所述第五消息之后验证所述第五消息; 用于接收第一实体发送的第三消息的第三实体,检查第一实体和第二实体是否合法,根据检查结果实现预处理,在处理完成之后发送第一实体第四消息 。