专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明授权

US08417955B2 Entity bidirectional authentication method and system 有权
标题翻译：实体双向认证方式和系统
公开(公告)号：US08417955B2
公开(公告)日：2013-04-09
申请号：US12808049
申请日：2008-12-09
申请人： Manxia Tie , Jun Cao , Zhenhai Huang , Xiaolong Lai
发明人： Manxia Tie , Jun Cao , Zhenhai Huang , Xiaolong Lai
IPC分类号： H04L29/06
CPC分类号： H04L9/321 , H04L9/3247
摘要： An entity bidirectional authentication method and system, the method involves: the first entity sends the first message; the second entity sends the second message to the credible third party after receiving the said first message; the said credible third party returns the third message after receiving the second message; the said second entity sends the fourth message after receiving the third message and verifying it; the said first entity receives the said fourth message and verifies it, completes the authentication. Compared with the conventional authentication mechanism, the invention defines an on-line retrieval and authentication mechanism of a public key, realizes the centralized management for it, simplifies the operating condition of the protocol, and facilitates the application and implement.
摘要翻译：一种实体双向认证方法和系统，该方法涉及：第一实体发送第一消息; 第二实体在接收到所述第一消息之后将第二消息发送到可信第三方; 所述可信第三方在接收到第二消息后返回第三消息; 所述第二实体在接收到第三消息并验证之后发送第四消息; 所述第一实体接收所述第四消息并对其进行验证，从而完成认证。与常规认证机制相比，本发明定义了公钥的在线检索和认证机制，实现了集中管理，简化了协议的工作状态，便于应用和实现。

22. 发明授权

US08412943B2 Two-way access authentication method 有权
标题翻译：双向访问认证方式
公开(公告)号：US08412943B2
公开(公告)日：2013-04-02
申请号：US12741982
申请日：2008-11-07
申请人： Liaojun Pang , Jun Cao , Manxia Tie , Zhenhai Huang
发明人： Liaojun Pang , Jun Cao , Manxia Tie , Zhenhai Huang
IPC分类号： H04L29/00
CPC分类号： H04L9/3247 , G06F21/445 , G06Q20/3823 , G06Q20/388 , G06Q20/4097 , H04L9/0847 , H04L9/321 , H04L9/3271 , H04L63/0869 , H04L2209/80 , H04W12/06
摘要： A two-way access authentication method comprises: According to the system parameters pre-established by the third entity, the first entity sends the access authentication request packet to the second entity, then the second entity validates whether the signature of first entity is correct, and if yes, the share master key of second entity is calculated; the second entity generates the access authentication response packet and sends it to the first entity, then the first entity validates whether the signature of access authentication response packet and the message integrity check code are correct; if yes, the share master key of first entity is calculated; the first entity sends the access authentication acknowledge packet to the second entity, then the second entity validates the integrity of the access authentication acknowledge packet, if passing the validation, the share master key of first entity is consistent with that of the second entity, and the access authentication is achieved. For improving the security, after received the access authentication request packet sent by the first entity, the second entity may perform the identity validity validation and generates the access authentication response packet after passing the validation.
摘要翻译：双向接入认证方法包括：根据第三实体预先建立的系统参数，第一实体向第二实体发送接入认证请求报文，第二实体验证第一实体的签名是否正确，如果是，则计算第二实体的共享主密钥; 第二实体生成接入认证响应报文并将其发送给第一实体，则第一实体验证接入认证响应报文的签名和消息完整性检查码是否正确; 如果是，则计算第一实体的共享主密钥; 第一实体向第二实体发送接入认证确认分组，则第二实体验证接入认证确认分组的完整性，如果通过验证，则第一实体的共享主密钥与第二实体的共享主密钥一致，实现了访问认证。为了提高安全性，在接收到由第一实体发送的接入认证请求分组之后，第二实体可以在通过验证之后执行身份有效性验证并生成接入认证响应分组。

23. 发明申请

US20120328063A1 Low Latency High Bandwidth CDR Architecture 有权
标题翻译：低延迟高带宽CDR体系结构
公开(公告)号：US20120328063A1
公开(公告)日：2012-12-27
申请号：US13168861
申请日：2011-06-24
申请人： Anand Jitendra Vasani , Jun Cao , Afshin Momtaz
发明人： Anand Jitendra Vasani , Jun Cao , Afshin Momtaz
IPC分类号： H04L7/02
CPC分类号： H04L7/0079 , H03L7/0812 , H04L7/033
摘要： Provided is a low latency high bandwidth clock and data recovery (CDR) system. For example, there is a low latency high bandwidth CDR system including a demultiplexer configured to convert a high frequency input datastream to a low frequency output datastream according to a first latency and a phase error processor at least partially embedded into the demultiplexer and configured to determine a datastream phase error of the high frequency input datastream according to a second latency. The embedded phase error processor allows a portion of a total latency of the CDR system due to the demultiplexer and the phase error processor to be less than a sum of the first and second latencies.
摘要翻译：提供了低延迟高带宽时钟和数据恢复（CDR）系统。例如，存在低延迟高带宽CDR系统，其包括解复用器，其被配置为根据第一等待时间将高频输入数据流转换为低频输出数据流，并且相位误差处理器至少部分地被嵌入到解复用器中并且被配置为确定根据第二等待时间，高频输入数据流的数据流相位误差。嵌入式相位误差处理器允许由于解复用器和相位误差处理器而导致的CDR系统的总等待时间的一部分小于第一和第二延迟的和。

24. 发明授权

US08311216B2 Packet cipher algorithm based encryption processing device 有权
标题翻译：基于分组密码算法的加密处理设备
公开(公告)号：US08311216B2
公开(公告)日：2012-11-13
申请号：US12743491
申请日：2008-11-13
申请人： Wei Wang , Jun Cao , Xiang Yan
发明人： Wei Wang , Jun Cao , Xiang Yan
IPC分类号： H04K1/00 , H04K1/06 , H04L9/00 , H04L9/08
CPC分类号： H04L9/0625 , H04L2209/24
摘要： A packet cipher algorithm based encryption processing device includes a key expand unit and an encryption unit. The key expand unit comprises a key expand unit data registration component and at least one key expand unit data conversion component. The encryption unit comprises an encryption unit data registration component and at least one encryption unit data conversion component, and the number of the encryption unit data conversion component is the same as that of the key expand unit data conversion component, and besides, they are one to one. A sub-key output of each key expand unit data conversion component connects the corresponding sub-key input of each encryption unit data conversion component to solve the technical problems that the encryption efficiency of the prior packet cipher algorithm based encryption processing device is low and the cost is high. The advantage of the present invention is reducing the resource consumption and further reducing the achievement cost of the device under the premise of keeping the high efficiency of the prior art.
摘要翻译：基于分组密码算法的加密处理装置包括密钥扩展单元和加密单元。密钥扩展单元包括密钥扩展单元数据注册组件和至少一个密钥扩展单元数据转换组件。加密单元包括加密单元数据注册组件和至少一个加密单元数据转换组件，并且加密单元数据转换组件的数量与密钥扩展单元数据转换组件的数量相同，此外，它们是一个到一个。每个密钥扩展单元数据转换组件的子密钥输出连接每个加密单元数据转换组件的相应子密钥输入，以解决现有的基于分组密码算法的加密处理设备的加密效率低的技术问题，成本高。本发明的优点是在保持现有技术的高效率的前提下，减少资源消耗并进一步降低设备的实现成本。

25. 发明申请

US20120257755A1 METHOD AND SYSTEM FOR ESTABLISHING SECURE CONNECTION BETWEEN STATIONS 有权
标题翻译：建立安全连接的方法和系统
公开(公告)号：US20120257755A1
公开(公告)日：2012-10-11
申请号：US13516257
申请日：2010-05-21
申请人： Li Ge , Jun Cao , Manxia Tie , Qin Li , Xiaolong Lai
发明人： Li Ge , Jun Cao , Manxia Tie , Qin Li , Xiaolong Lai
IPC分类号： H04L9/08
CPC分类号： H04L9/083 , H04L63/061
摘要： A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.
摘要翻译：公开了一种在站间建立安全连接的方法和系统。该方法包括：1）交换设备接收由第一用户终端发送的站间密钥请求分组; 2）交换设备生成站间密钥，构建站间密钥通告报文，并发送给第二用户终端; 3）交换设备接收由第二用户终端发送的站间密钥通告响应报文; 4）交换机构建一个站间密钥通知应答报文，并发送给第一用户终端; 5）交换机接收第一用户终端发送的站间密钥通告响应报文。交换设备为直接连接到交换机设备的两个站建立站间密钥，本发明的实施例通过该站点密钥确保站点之间的用户数据的机密性和完整性。

26. 发明授权

US08271780B2 Trusted network connect method for enhancing security 有权
标题翻译：可信网络连接方式，增强安全性
公开(公告)号：US08271780B2
公开(公告)日：2012-09-18
申请号：US12671575
申请日：2008-07-21
申请人： Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang
发明人： Yuelei Xiao , Jun Cao , Xiaolong Lai , Zhenhai Huang
IPC分类号： H04L9/00
CPC分类号： H04L63/0869 , H04L9/0844 , H04L9/3247 , H04L9/3263 , H04L41/0893 , H04L63/0876 , H04L63/105 , H04L63/20 , H04L2209/127
摘要： A trusted network connect method for enhancing security, it pre-prepares platform integrity information, sets an integrity verify demand. A network access requestor initiates an access request, a network access authority starts a process for bi-directional user authentication, begins to perform the triplex element peer authentication protocol with a user authentication service unit. After the success of the bi-directional user authentication, a TNC server and a TNC client perform bi-directional platform integrity evaluation. The network access requestor and the network access authority control ports according to their respective recommendations, implement the mutual access control of the access requestor and the access authority. The present invention solves the technical problems in the background technologies: the security is lower relatively, the access requestor may be unable to verify the validity of the AIK credential and the platform integrity evaluation is not parity. The present invention may simplify the management of the key and the mechanism of integrity verification, expand the application scope of the trusted network connect.
摘要翻译：一种可靠的网络连接方法，用于增强安全性，预先准备平台完整性信息，设置完整性验证需求。网络访问请求者发起访问请求，网络访问权限启动用于双向用户认证的过程，开始与用户认证服务单元一起执行三重元素对等认证协议。在双向用户认证成功之后，TNC服务器和TNC客户端执行双向平台完整性评估。网络访问请求者和网络访问权限控制端口根据各自的建议，实现访问请求者和访问权限的相互访问控制。本发明解决了后台技术中的技术问题：安全性相对较低，访问请求者可能无法验证AIK凭据的有效性，平台完整性评估不是奇偶校验。本发明可以简化密钥的管理和完整性验证的机制，扩大可信网络连接的应用范围。

27. 发明授权

US08225092B2 Access authentication method suitable for the wire-line and wireless network 有权
标题翻译：接入认证方式适用于有线和无线网络
公开(公告)号：US08225092B2
公开(公告)日：2012-07-17
申请号：US11816743
申请日：2006-02-21
申请人： Xiaolong Lal , Jun Cao , Hong Guo , Zhenhai Huang , Bianling Zhang
发明人： Xiaolong Lal , Jun Cao , Hong Guo , Zhenhai Huang , Bianling Zhang
IPC分类号： H04L29/06
CPC分类号： H04L63/0823 , H04L9/083 , H04L9/0891 , H04L9/3263 , H04L9/3273 , H04L2209/80
摘要： An access authentication method includes pre-establishing a security channel between the authentication server of the access point and the authentication server of the user terminal and performing the authentication process at user terminal and access point. The authentication process includes 1) the access point sending the authentication_activating message; 2) the user terminal sending the authentication server of user terminal request message; 3) the authentication server of the user terminal sending to the user terminal response message; and 4) completing the authentication.
摘要翻译：访问认证方法包括在接入点的认证服务器和用户终端的认证服务器之间预先建立安全信道，并在用户终端和接入点执行认证过程。认证过程包括：1）接入点发送认证激活消息; 2）用户终端发送用户终端请求消息的认证服务器; 3）用户终端的认证服务器发送给用户终端应答消息; 和4）完成认证。

28. 发明申请

US20120151554A1 SECURITY ACCESS CONTROL METHOD AND SYSTEM FOR WIRED LOCAL AREA NETWORK 有权
标题翻译：用于有线局域网的安全访问控制方法和系统
公开(公告)号：US20120151554A1
公开(公告)日：2012-06-14
申请号：US13391051
申请日：2009-12-23
申请人： Manxia Tie , Jun Cao , Li Ge , Xiaolong Lai , Zhenhai Huang , Qin Li , Zhiqiang Du
发明人： Manxia Tie , Jun Cao , Li Ge , Xiaolong Lai , Zhenhai Huang , Qin Li , Zhiqiang Du
IPC分类号： H04L29/06
CPC分类号： H04L63/20 , H04L63/061 , H04L63/0823 , H04L63/205
摘要： The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.
摘要翻译：本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

29. 发明授权

US08176325B2 Peer-to-peer access control method based on ports 有权
标题翻译：基于端口的对等访问控制方法
公开(公告)号：US08176325B2
公开(公告)日：2012-05-08
申请号：US11816715
申请日：2006-02-21
申请人： Xiaolong Lai , Jun Cao , Bianling Zhang , Zhenhai Huang , Hong Guo
发明人： Xiaolong Lai , Jun Cao , Bianling Zhang , Zhenhai Huang , Hong Guo
IPC分类号： H04L29/06
CPC分类号： H04L63/0869 , H04L9/0894 , H04L9/321 , H04L2209/80
摘要： A port based peer access control method, comprises the steps of: 1) enabling the authentication control entity; 2) two authentication control entities authenticating each other; 3) setting the status of the controlled port. The method may further comprise the steps of enabling the authentication server entity, two authentication subsystems negotiating the key. By modifying the asymmetry of background technique, the invention has advantages of peer control, distinguishable authentication control entity, good scalability, good security, simple key negotiation process, relatively complete system, high flexibility, thus the invention can satisfy the requirements of central management as well as resolve the technical issues of the prior network access control method, including complex process, poor security, poor scalability, so it provides essential guarantee for secure network access.
摘要翻译：一种基于端口的对等接入控制方法，包括步骤：1）启用认证控制实体; 2）两个认证控制实体相互认证; 3）设置受控端口的状态。该方法还可以包括以下步骤：启用认证服务器实体，两个认证子系统协商该密钥。通过修改背景技术的不对称性，本发明具有对等控制，可区分认证控制实体，良好的可扩展性，良好的安全性，简单的密钥协商过程，系统相对完整，灵活性高等优点，因此本发明可以满足中央管理的要求解决现有网络访问控制方法的技术问题，包括复杂过程，安全性差，可扩展性差，为安全网络访问提供了必要的保证。

30. 发明申请

US20120054831A1 METHOD AND SYSTEM FOR SWITCHING STATION IN CENTRALIZED WLAN WHEN WPI IS PERFORMED BY ACCESS CONTROLLER 有权
标题翻译：用于在WPI由访问控制器执行的中央WLAN中切换站的方法和系统
公开(公告)号：US20120054831A1
公开(公告)日：2012-03-01
申请号：US13320469
申请日：2009-12-07
申请人： Zhiqiang Du , Jun Cao , Manxia Tie , Xiaolong Lai , Zhenhai Huang
发明人： Zhiqiang Du , Jun Cao , Manxia Tie , Xiaolong Lai , Zhenhai Huang
IPC分类号： H04W12/06 , H04W48/00 , H04W72/04
CPC分类号： H04W36/0038 , H04L41/0803 , H04L63/205 , H04W12/06 , H04W92/12
摘要： The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.
摘要翻译：本发明的实施例涉及一种当WLAN隐私基础设施（WPI）由接入控制器（AC）执行时，在集中式无线局域网（WLAN）中切换台站的方法和系统。该方法包括：步骤1：站通过目的无线终端（WTP）与AC重新关联; 步骤2：AC通知相关的WTP删除站; 步骤3：AC通知目的地WTP加入车站。本发明基于在交换台处理过程中的无线接入点协议（CAPWAP）控制消息的控制和提供，实现了加入站和删除站之间的AC和WTP的操作。因此，本发明可以在同一AC下的WTP之间快速，安全地实现站切换。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式