专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

31. 发明申请

US20120159169A1 BIDIRECTIONAL ENTITY AUTHENTICATION METHOD WITH INTRODUCTION OF ONLINE THIRD PARTY 有权
标题翻译：双向实体验证方法与引言第三方
公开(公告)号：US20120159169A1
公开(公告)日：2012-06-21
申请号：US13392899
申请日：2009-12-29
申请人： Xiaolong Lai , Jun Cao , Manxia Tie , Yuelei Xiao , Zhenhai Huang
发明人： Xiaolong Lai , Jun Cao , Manxia Tie , Yuelei Xiao , Zhenhai Huang
IPC分类号： H04L9/28 , H04L9/30
CPC分类号： H04L9/3213 , H04L9/3263
摘要： An entity bidirectional authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 1 to an entity A; 2) after receiving the message 1, the entity A sends a message 2 to a trusted third party TP; 3) after receiving the message 2, the trusted third party TP verifies the validities of the entity A and the entity B; 4) after verifying the validities of the entity A and the entity B, the trusted third party TP returns a message 3 to the entity A; 5) after receiving message 3, the entity A sends a message 4 to the entity B; 6) after receiving the message 4, the entity B performs the verification to complete the authentication for the entity A; 7) the entity B sends a message 5 to the entity A; 8) after receiving the message 5, the entity A performs the verification to complete the authentication for the entity B. The scheme mentioned above provides an online searching and authentication mechanism for the disclosed keys, and thus simplifies the running condition of the protocol. In the practical application, the bidirectional authentication method of the present invention enables the bidirectional validity authentication between the user and the network.
摘要翻译：通过引入在线第三方的实体双向认证方法包括以下步骤：1）实体B向实体A发送消息1; 2）收到消息1后，实体A向可信第三方TP发送消息2; 3）收到消息2后，信任第三方TP验证实体A和实体B的有效性; 4）验证实体A和实体B的有效性后，可信第三方TP向实体A返回消息3; 5）接收到消息3后，实体A向实体B发送消息4; 6）接收到消息4后，实体B进行验证，完成实体A的认证; 7）实体B向实体A发送消息5; 8）接收到消息5后，实体A进行验证，完成实体B的认证。上述方案提供了所公开密钥的在线搜索和认证机制，从而简化了协议的运行状态。在实际应用中，本发明的双向认证方法能够实现用户和网络之间的双向有效认证。

32. 发明申请

US20110310771A1 METHOD FOR REALIZING CONVERGENT WAPI NETWORK ARCHITECTURE WITH SPLIT MAC MODE 有权
标题翻译：用于实现具有分割MAC模式的变换WAPI网络架构的方法
公开(公告)号：US20110310771A1
公开(公告)日：2011-12-22
申请号：US13203643
申请日：2009-12-14
申请人： Manxia Tie , Jun Cao , Zhiqiang Du , Xiaolong Lai , Li Ge , Zhenhai Huang
发明人： Manxia Tie , Jun Cao , Zhiqiang Du , Xiaolong Lai , Li Ge , Zhenhai Huang
IPC分类号： H04L12/28
CPC分类号： H04W12/06 , H04W12/04 , H04W84/12
摘要： A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by a wireless terminal point is constructed through separating the MAC function and the WAPI function of the wireless access point apart to the wireless terminal point and an access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the wireless terminal point realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station by using WPI.
摘要翻译：用于实现具有分离式媒体接入控制（MAC）模式的融合无线局域网（WLAN）认证和隐私基础设施（WAPI）网络架构的方法包括以下步骤：用于通过以下方式实现WLAN隐私基础设施（WPI）的分割MAC模式通过将无线接入点的MAC功能和WAPI功能分离到无线终端点和接入控制器来构建无线终端点; 在无线终端实现WPI的分割MAC模式下实现WAPI和融合WLAN网络系统架构的集成; 在站点，无线终端点和访问控制器之间执行关联连接处理; 执行在接入控制器和无线终端点之间通知执行WLAN认证基础设施（WAI）协议的开始的过程; 执行在站点和访问控制器之间执行WAI协议的过程; 执行用于在接入控制器和无线终端点之间通知执行WAI协议的结束的过程; 通过使用WPI在无线终端点和站之间执行秘密通信处理。

33. 发明申请

US20110307621A1 METHOD FOR IMPLEMENTING A CONVERGENT WIRELESS LOCAL AREA NETWORK (WLAN) AUTHENTICATION AND PRIVACY INFRASTRUCTURE (WAPI) NETWORK ARCHITECTURE IN A LOCAL MAC MODE 有权
标题翻译：在局部MAC模式下实现无线局域网（WLAN）认证和隐私基础设施（WAPI）网络架构的方法
公开(公告)号：US20110307621A1
公开(公告)日：2011-12-15
申请号：US13203646
申请日：2009-12-14
申请人： Xiaolong Lai , Jun Cao , Zhiqiang Du , Manxia Tie , Li Ge , Zhenhai Huang
发明人： Xiaolong Lai , Jun Cao , Zhiqiang Du , Manxia Tie , Li Ge , Zhenhai Huang
IPC分类号： G06F15/16
CPC分类号： H04W12/06 , H04L63/062 , H04L63/065 , H04L63/08 , H04L63/10 , H04W12/04 , H04W84/12 , H04W88/08 , H04W88/12 , H04W92/12
摘要： A method for implementing a convergent Wireless Local Area Network (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture in a local Medium Access Control (MAC) mode is provided and includes the following steps: the MAC function and WAPI function of Access Point (AP) are divided between Wireless Terminal Point (WTP) and Access Controller (AC) to construct a local MAC mode; the convergence of WAPI protocol and the convergent WLAN network architecture is implemented in the local MAC mode; the process of association and connection between STAtion (STA), WTP and AC is performed; the process of notification of the beginning of the execution of the WLAN Authentication Infrastructure (WAI) protocol between AC and WTP is performed; the process of the execution of the WAI protocol between STA and AC is performed; the process of notification of the end of the execution of the WAI protocol between AC and WTP is performed; the process of encrypted communication between WTP and STA is performed by use of WPI.
摘要翻译：提供了一种在本地媒体访问控制（MAC）模式下实现融合无线局域网（WLAN）认证和隐私基础设施（WLAN）网络架构的方法，包括以下步骤：接入点的MAC功能和WAPI功能 AP）分为无线终端点（WTP）和接入控制器（AC）之间，构成本地MAC模式; WAPI协议和融合WLAN网络架构的融合在本地MAC模式下实现; 执行STAtion（STA），WTP和AC之间的关联和连接过程; 执行在AC和WTP之间通知WLAN认证基础设施（WAI）协议的开始的过程; 执行STA和AC之间的WAI协议的执行过程; 执行在AC和WTP之间通知WAI协议的执行结束的过程; WTP和STA之间的加密通信过程通过使用WPI进行。

34. 发明申请

US20110103589A1 KEY DISTRIBUTING METHOD, PUBLIC KEY OF KEY DISTRIBUTION CENTRE ONLINE UPDATING METHOD AND DEVICE 审中-公开
标题翻译：关键分配方法，公钥关键分销中心在线更新方法和设备
公开(公告)号：US20110103589A1
公开(公告)日：2011-05-05
申请号：US12994690
申请日：2009-05-26
申请人： Manxia Tie , Jun Cao , Xiaolong Lai , Zhenhai Huang
发明人： Manxia Tie , Jun Cao , Xiaolong Lai , Zhenhai Huang
IPC分类号： H04L9/08
CPC分类号： H04L9/083 , H04L9/0825 , H04L9/0891
摘要： A key distributing method, a public key of key distribution centre online updating method, a key distribution centre, a communication entity and a key management system. The system includes: communication entities, a carrying device, a key distribution centre and a database, wherein the carrying device carries or transports the information during the key distributing course and the public key online updating course, the database stores whether each communication entity registered secret service; the database connects with the key distribution centre, the key distribution centre connects with the carrying device, and the carrying device connects with each communication entity. Using the cipher technology of public key, a key distribution system is provided based on principle of three-element peer authentication (TePA). The system safely distributes the communication key to each pair entities to enable keys have PFS attribute, reduces the key management complexity of the system, and realizes online updating of the public key of the trusted third party i.e. key distribution centre.
摘要翻译：密钥分发方式，密钥分发中心在线更新方法公钥，密钥分发中心，通信实体和密钥管理系统。该系统包括：通信实体，携带设备，密钥分发中心和数据库，其中携带设备在密钥分发过程和公钥在线更新过程期间携带或传送信息，数据库存储每个通信实体是否注册了秘密服务; 数据库与密钥分发中心连接，密钥分发中心与承载设备连接，承载设备与各通信实体连接。利用公钥密码技术，基于三元对等认证（TePA）的原理，提供了一种密钥分发系统。系统将通信密钥安全地分配给每对实体，使密钥具有PFS属性，降低系统的密钥管理复杂度，实现可信第三方即密钥分发中心的公开密钥的在线更新。

35. 发明申请

US20110004767A1 BIDIRECTIONAL ENTITY AUTHENTICATION METHOD BASED ON THE CREDIBLE THIRD PARTY 有权
标题翻译：基于可信第三方的双向实体认证方法
公开(公告)号：US20110004767A1
公开(公告)日：2011-01-06
申请号：US12920931
申请日：2009-03-04
申请人： Manxia Tie , Jun Cao , Xiaolong Lai , Zhenhai Huang
发明人： Manxia Tie , Jun Cao , Xiaolong Lai , Zhenhai Huang
IPC分类号： H04L9/32
CPC分类号： H04L63/0807 , H04L63/0823 , H04L63/0869 , H04L63/0884
摘要： A bidirectional entity authentication method based on the credible third party includes the steps that: entity A receives message 1 sent from entity B including the authentication parameters of said entity B, and sends message 2 to the credible third party TP, said message 2 including the authentication parameters of entity B and the authentication parameters of entity A; entity A receives message 3 sent from said credible third party TP, said message 3 including the checking result after checking that whether said entity A and entity B are legal based on said message 2 by said credible third party TP; entity A gets the authentication result of entity B after authenticating said message 3, and sends message 4 to said entity B to make entity B authenticating based on said message 4 and getting the authentication result of entity A. The invention simplifies the operation condition of the protocol, reduces the computing capability requirement of the authentication entity, and satisfies the high security requirement of the network device lack of resource.
摘要翻译：基于可信第三方的双向实体认证方法包括以下步骤：实体A接收从实体B发送的包括所述实体B的认证参数的消息1，并向可信第三方TP发送消息2，所述消息2包括实体B的认证参数和实体A的认证参数; 实体A从所述可信第三方TP接收到从所述可信第三方TP发送的消息3，所述消息3在根据所述可信第三方TP的所述消息2检查所述实体A和实体B是否合法之后包括检查结果; 实体A在认证所述消息3之后获得实体B的认证结果，并向所述实体B发送消息4，以使实体B基于所述消息4进行认证，并获得实体A的认证结果。本发明简化了实体B的操作条件协议，降低了认证实体的计算能力要求，满足了网络设备缺乏资源的高安全性要求。

36. 发明授权

US08813199B2 Method for realizing convergent WAPI network architecture with separate MAC mode 有权
标题翻译：用于实现具有单独MAC模式的融合WAPI网络架构的方法
公开(公告)号：US08813199B2
公开(公告)日：2014-08-19
申请号：US13203645
申请日：2009-12-14
申请人： Zhiqiang Du , Jun Cao , Manxia Tie , Xiaolong Lai , Zhenhai Huang
发明人： Zhiqiang Du , Jun Cao , Manxia Tie , Xiaolong Lai , Zhenhai Huang
IPC分类号： G06F15/16 , H04L29/06 , H04W12/06 , H04W84/12
CPC分类号： H04W12/06 , H04L63/08 , H04L63/10 , H04W84/12
摘要： A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by an access controller is constructed through splitting the MAC function and the WAPI function of the wireless access point apart to a wireless terminal point and the access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the access controller realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station point by using WPI.
摘要翻译：用于实现具有分离式媒体接入控制（MAC）模式的融合无线局域网（WLAN）认证和隐私基础设施（WAPI）网络架构的方法包括以下步骤：用于通过以下方式实现WLAN隐私基础设施（WPI）的分割MAC模式通过将无线接入点的MAC功能和WAPI功能分离到无线终端点和接入控制器来构建接入控制器; 在接入控制器实现WPI的分割MAC模式下实现WAPI和融合WLAN网络系统架构的集成; 在站点，无线终端点和访问控制器之间执行关联连接处理; 执行在接入控制器和无线终端点之间通知执行WLAN认证基础设施（WAI）协议的开始的过程; 执行在站点和访问控制器之间执行WAI协议的过程; 执行用于在接入控制器和无线终端点之间通知执行WAI协议的结束的过程; 通过使用WPI在无线终端点和站点之间执行秘密通信处理。

37. 发明授权

US08750521B2 Method and system for station switching when wireless terminal point completes WPI in convergent WLAN 有权
标题翻译：无线终端在融合WLAN中完成WPI时的站切换方法和系统
公开(公告)号：US08750521B2
公开(公告)日：2014-06-10
申请号：US13320496
申请日：2009-12-14
申请人： Zhiqiang Du , Jun Cao , Manxia Tie , Xiaolong Lai , Zhenhai Huang
发明人： Zhiqiang Du , Jun Cao , Manxia Tie , Xiaolong Lai , Zhenhai Huang
IPC分类号： H04L9/00 , H04L9/08 , H04L29/06 , G06F21/10 , H04W12/02 , H04W12/04
CPC分类号： H04L9/08 , G06F21/10 , H04L9/0838 , H04L63/062 , H04L63/205 , H04W12/02 , H04W12/04 , H04W36/0038 , H04W84/12
摘要： The invention involves a method and a system for station (STA) switching when a wireless terminal point (WTP) completes wireless local area network (WLAN) privacy infrastructure (WPI) in a convergent WLAN. The method includes steps as follows. The STA implements re-association rebinding process with a target access controller (AC) over a target WTP. A base key is requested by the target AC from an associated AC. An associated WTP is informed to delete the STA by the associated AC, and the target WTP is informed to add the STA by the target AC. A session key is negotiated based on the requested base key by the STA and the target AC, and is synchronized between the target AC and the target WTP. The method enables fast and safe switching of the STA between WTPs under the control of different controllers in the convergent WLAN based on WAPI protocol.
摘要翻译：本发明涉及无线终端（WTP）完成融合WLAN中的无线局域网（WLAN）隐私基础设施（WPI）时的站（STA）切换的方法和系统。该方法包括以下步骤。 STA通过目标访问控制器（AC）在目标WTP上实现重新关联重新绑定过程。来自相关AC的目标AC请求基本密钥。通知关联的WTP通过关联的AC删除STA，通知目标WTP通过目标AC添加STA。会话密钥基于STA和目标AC所请求的基本密钥进行协商，并在目标AC与目标WTP之间同步。该方法能够在基于WAPI协议的融合WLAN中的不同控制器的控制下，在WTP之间快速，安全地切换STA。

38. 发明授权

US08572378B2 Method for protecting the first message of security protocol 有权
标题翻译：保护安全协议第一条消息的方法
公开(公告)号：US08572378B2
公开(公告)日：2013-10-29
申请号：US13140632
申请日：2009-12-07
申请人： Xiaolong Lai , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Bianling Zhang , Yanan Hu
发明人： Xiaolong Lai , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Bianling Zhang , Yanan Hu
IPC分类号： H04L29/06
CPC分类号： H04W12/10 , H04L9/0838 , H04L9/3242 , H04L9/3273 , H04L63/123 , H04L2209/80
摘要： The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.
摘要翻译：本发明提供一种保护安全协议的第一消息的方法，该方法包括以下步骤：1）初始化步骤; 2）发起方发送第一个消息; 3）响应端接收第一条消息。用于保护本发明提供的安全协议的第一消息的方法可以实现：1）由起始侧和响应侧共享的预共享主密钥（PSMK）和第一消息中的安全参数通过使用消息完整性代码（MIC）或消息认证码（MAC）的计算功能来限制，从而有效地避免了安全协议中的第一消息的制造攻击; 2）在计算第一个消息的MIC或MAC期间，仅选择PSMK和第一个消息的安全参数进行计算，从而有效减少发起方和响应方的计算负载，计算资源为保存

39. 发明授权

US08533781B2 Access method suitable for wireless personal area network 有权
标题翻译：接入方式适用于无线个域网
公开(公告)号：US08533781B2
公开(公告)日：2013-09-10
申请号：US13058099
申请日：2009-07-28
申请人： Manxia Tie , Jun Cao , Yuelei Xiao , Zhenhai Huang , Xiaolong Lai
发明人： Manxia Tie , Jun Cao , Yuelei Xiao , Zhenhai Huang , Xiaolong Lai
IPC分类号： G06F7/04
CPC分类号： H04W12/06 , H04W48/10
摘要： The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods.
摘要翻译：本发明的实施例公开了适用于无线个人区域网（WPAN）的接入方法。在协调器广播信标帧之后，根据信标帧，设备识别协调器对设备所需的认证需求和认证方式。如果协调人对设备没有认证需求，则设备和协调人直接进行关联过程; 否则，根据所选择的认证方式和相应的认证机制协商信息，设备向协调器发送认证访问请求; 然后根据设备选择的认证方式，协调器与设备进行认证和会话密钥协商过程; 最后，协调器向设备发送认证接入响应，当认证接入响应的认证状态成功时，设备与协调器进行关联过程。认证和会话密钥协商的过程可以基于原语控制，也可以基于端口控制。如果设备与协调器成功关联，则协调器将网络地址分配给设备，因此设备可以正常与协调器进行通信。本发明解决了现有WPAN接入方式安全性较低，效率较低的技术问题。

40. 发明授权

US08510565B2 Bidirectional entity authentication method based on the credible third party 有权
标题翻译：基于可信第三方的双向实体认证方法
公开(公告)号：US08510565B2
公开(公告)日：2013-08-13
申请号：US12920931
申请日：2009-03-04
申请人： Manxia Tie , Jun Cao , Xiaolong Lai , Zhenhai Huang
发明人： Manxia Tie , Jun Cao , Xiaolong Lai , Zhenhai Huang
IPC分类号： H04L9/32
CPC分类号： H04L63/0807 , H04L63/0823 , H04L63/0869 , H04L63/0884
摘要： A bidirectional entity authentication method based on the credible third party includes the steps that: entity A receives message 1 sent from entity B including the authentication parameters of said entity B, and sends message 2 to the credible third party TP, said message 2 including the authentication parameters of entity B and the authentication parameters of entity A; entity A receives message 3 sent from said credible third party TP, said message 3 including the checking result after checking that whether said entity A and entity B are legal based on said message 2 by said credible third party TP; entity A gets the authentication result of entity B after authenticating said message 3, and sends message 4 to said entity B to make entity B authenticating based on said message 4 and getting the authentication result of entity A. The invention simplifies the operation condition of the protocol, reduces the computing capability requirement of the authentication entity, and satisfies the high security requirement of the network device lack of resource.
摘要翻译：基于可信第三方的双向实体认证方法包括以下步骤：实体A接收从实体B发送的包括所述实体B的认证参数的消息1，并向可信第三方TP发送消息2，所述消息2包括实体B的认证参数和实体A的认证参数; 实体A从所述可信第三方TP接收到从所述可信第三方TP发送的消息3，所述消息3在根据所述可信第三方TP的所述消息2检查所述实体A和实体B是否合法之后包括检查结果; 实体A在认证所述消息3之后获得实体B的认证结果，并向所述实体B发送消息4，以使实体B基于所述消息4进行认证，并获得实体A的认证结果。本发明简化了实体B的操作条件协议，降低了认证实体的计算能力要求，满足了网络设备缺乏资源的高安全性要求。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式