会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明申请
    • AUTHENTICATION ASSOCIATED SUITE DISCOVERY AND NEGOTIATION METHOD
    • 认证相关的套装发现和谈判方法
    • US20110243330A1
    • 2011-10-06
    • US13133890
    • 2009-12-08
    • Yanan HuJun CaoYuelei XiaoManxia TieZhenhai HuangXiaolong Lai
    • Yanan HuJun CaoYuelei XiaoManxia TieZhenhai HuangXiaolong Lai
    • H04W12/06H04W12/04
    • H04W12/04H04W12/06
    • An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.
    • 用于超宽带网络的认证相关套件发现和协商方法。 该方法包括以下步骤:1)在发起者和应答者的信息元素IE列表中添加成对的时间密钥PTK建立IE和组时间密钥GTK分布IE,并设置相应的信息元素标识符ID,2 )基于认证相关套件发现和协商方法的认证关联过程。 本发明提供的用于超宽带网络的认证相关套件发现和协商方法可以向网络提供安全解决方案的发现和协商功能,以便在多对成对临时密钥PTK建立计划时更好地满足各种应用需求 或多组时态密钥GTK分发计划并存。
    • 2. 发明申请
    • METHOD FOR PROTECTING THE FIRST MESSAGE OF SECURITY PROTOCOL
    • 保护安全协议第一信息的方法
    • US20110252239A1
    • 2011-10-13
    • US13140632
    • 2009-12-07
    • Xiaolong LaiJun CaoYuelei XiaoManxia TieZhenhai HuangBianlin ZhangYanan Hu
    • Xiaolong LaiJun CaoYuelei XiaoManxia TieZhenhai HuangBianlin ZhangYanan Hu
    • H04L9/32
    • H04W12/10H04L9/0838H04L9/3242H04L9/3273H04L63/123H04L2209/80
    • The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.
    • 本发明提供一种保护安全协议的第一消息的方法,该方法包括以下步骤:1)初始化步骤; 2)发起方发送第一个消息; 3)响应端接收第一条消息。 用于保护本发明提供的安全协议的第一消息的方法可以实现:1)由发起端和响应侧共享的预共享主密钥(PSMK)和第一消息中的安全参数 通过使用消息完整性代码(MIC)或消息认证码(MAC)的计算功能来限制,从而有效地避免了安全协议中的第一消息的制造攻击; 2)在计算第一个消息的MIC或MAC期间,仅选择PSMK和第一个消息的安全参数进行计算,从而有效减少发起方和响应方的计算负载,计算资源为 保存
    • 4. 发明授权
    • Authentication associated suite discovery and negotiation method
    • 认证相关套件发现和协商方法
    • US08625801B2
    • 2014-01-07
    • US13133890
    • 2009-12-08
    • Yanan HuJun CaoYuelei XiaoManxia TieZhenhai HuangXiaolong Lai
    • Yanan HuJun CaoYuelei XiaoManxia TieZhenhai HuangXiaolong Lai
    • H04W12/06H04W12/04H04L9/32
    • H04W12/04H04W12/06
    • An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.
    • 用于超宽带网络的认证相关套件发现和协商方法。 该方法包括以下步骤:1)在发起者和应答者的信息元素IE列表中添加成对的时间密钥PTK建立IE和组时间密钥GTK分布IE,并设置相应的信息元素标识符ID,2 )基于认证相关套件发现和协商方法的认证关联过程。 本发明提供的用于超宽带网络的认证相关套件发现和协商方法可以向网络提供安全解决方案的发现和协商功能,以便在多对成对临时密钥PTK建立计划时更好地满足各种应用需求 或多组时态密钥GTK分发计划并存。
    • 5. 发明申请
    • BIDIRECTIONAL ENTITY AUTHENTICATION METHOD WITH INTRODUCTION OF ONLINE THIRD PARTY
    • 双向实体验证方法与引言第三方
    • US20120159169A1
    • 2012-06-21
    • US13392899
    • 2009-12-29
    • Xiaolong LaiJun CaoManxia TieYuelei XiaoZhenhai Huang
    • Xiaolong LaiJun CaoManxia TieYuelei XiaoZhenhai Huang
    • H04L9/28H04L9/30
    • H04L9/3213H04L9/3263
    • An entity bidirectional authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 1 to an entity A; 2) after receiving the message 1, the entity A sends a message 2 to a trusted third party TP; 3) after receiving the message 2, the trusted third party TP verifies the validities of the entity A and the entity B; 4) after verifying the validities of the entity A and the entity B, the trusted third party TP returns a message 3 to the entity A; 5) after receiving message 3, the entity A sends a message 4 to the entity B; 6) after receiving the message 4, the entity B performs the verification to complete the authentication for the entity A; 7) the entity B sends a message 5 to the entity A; 8) after receiving the message 5, the entity A performs the verification to complete the authentication for the entity B. The scheme mentioned above provides an online searching and authentication mechanism for the disclosed keys, and thus simplifies the running condition of the protocol. In the practical application, the bidirectional authentication method of the present invention enables the bidirectional validity authentication between the user and the network.
    • 通过引入在线第三方的实体双向认证方法包括以下步骤:1)实体B向实体A发送消息1; 2)收到消息1后,实体A向可信第三方TP发送消息2; 3)收到消息2后,信任第三方TP验证实体A和实体B的有效性; 4)验证实体A和实体B的有效性后,可信第三方TP向实体A返回消息3; 5)接收到消息3后,实体A向实体B发送消息4; 6)接收到消息4后,实体B进行验证,完成实体A的认证; 7)实体B向实体A发送消息5; 8)接收到消息5后,实体A进行验证,完成实体B的认证。上述方案提供了所公开密钥的在线搜索和认证机制,从而简化了协议的运行状态。 在实际应用中,本发明的双向认证方法能够实现用户和网络之间的双向有效认证。
    • 6. 发明授权
    • Method for protecting the first message of security protocol
    • 保护安全协议第一条消息的方法
    • US08572378B2
    • 2013-10-29
    • US13140632
    • 2009-12-07
    • Xiaolong LaiJun CaoYuelei XiaoManxia TieZhenhai HuangBianling ZhangYanan Hu
    • Xiaolong LaiJun CaoYuelei XiaoManxia TieZhenhai HuangBianling ZhangYanan Hu
    • H04L29/06
    • H04W12/10H04L9/0838H04L9/3242H04L9/3273H04L63/123H04L2209/80
    • The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.
    • 本发明提供一种保护安全协议的第一消息的方法,该方法包括以下步骤:1)初始化步骤; 2)发起方发送第一个消息; 3)响应端接收第一条消息。 用于保护本发明提供的安全协议的第一消息的方法可以实现:1)由起始侧和响应侧共享的预共享主密钥(PSMK)和第一消息中的安全参数 通过使用消息完整性代码(MIC)或消息认证码(MAC)的计算功能来限制,从而有效地避免了安全协议中的第一消息的制造攻击; 2)在计算第一个消息的MIC或MAC期间,仅选择PSMK和第一个消息的安全参数进行计算,从而有效减少发起方和响应方的计算负载,计算资源为 保存
    • 7. 发明授权
    • Access method suitable for wireless personal area network
    • 接入方式适用于无线个域网
    • US08533781B2
    • 2013-09-10
    • US13058099
    • 2009-07-28
    • Manxia TieJun CaoYuelei XiaoZhenhai HuangXiaolong Lai
    • Manxia TieJun CaoYuelei XiaoZhenhai HuangXiaolong Lai
    • G06F7/04
    • H04W12/06H04W48/10
    • The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods.
    • 本发明的实施例公开了适用于无线个人区域网(WPAN)的接入方法。 在协调器广播信标帧之后,根据信标帧,设备识别协调器对设备所需的认证需求和认证方式。 如果协调人对设备没有认证需求,则设备和协调人直接进行关联过程; 否则,根据所选择的认证方式和相应的认证机制协商信息,设备向协调器发送认证访问请求; 然后根据设备选择的认证方式,协调器与设备进行认证和会话密钥协商过程; 最后,协调器向设备发送认证接入响应,当认证接入响应的认证状态成功时,设备与协调器进行关联过程。 认证和会话密钥协商的过程可以基于原语控制,也可以基于端口控制。 如果设备与协调器成功关联,则协调器将网络地址分配给设备,因此设备可以正常与协调器进行通信。 本发明解决了现有WPAN接入方式安全性较低,效率较低的技术问题。
    • 8. 发明申请
    • ACCESS METHOD SUITABLE FOR WIRELESS PERSONAL AREA NETWORK
    • 适用于无线个人区域网络的接入方法
    • US20110145890A1
    • 2011-06-16
    • US13058099
    • 2009-07-28
    • Manxia TieJun CaoYuelei XiaoZhenhai HuangXiaolong Lai
    • Manxia TieJun CaoYuelei XiaoZhenhai HuangXiaolong Lai
    • G06F7/04
    • H04W12/06H04W48/10
    • The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods.
    • 本发明的实施例公开了适用于无线个人区域网(WPAN)的接入方法。 在协调器广播信标帧之后,根据信标帧,设备识别协调器对设备所需的认证需求和认证方式。 如果协调人对设备没有认证需求,则设备和协调人直接进行关联过程; 否则,根据所选择的认证方式和相应的认证机制协商信息,设备向协调器发送认证访问请求; 然后根据设备选择的认证方式,协调器与设备进行认证和会话密钥协商过程; 最后,协调器向设备发送认证接入响应,当认证接入响应的认证状态成功时,设备与协调器进行关联过程。 认证和会话密钥协商的过程可以基于原语控制,也可以基于端口控制。 如果设备与协调器成功关联,则协调器将网络地址分配给设备,因此设备可以正常与协调器进行通信。 本发明解决了现有WPAN接入方式安全性较低,效率较低的技术问题。
    • 9. 发明授权
    • Trusted network management method of trusted network connections based on tri-element peer authentication
    • 基于三元对等认证的可信网络连接的可信网络管理方法
    • US08756654B2
    • 2014-06-17
    • US13059798
    • 2009-08-20
    • Yuelei XiaoJun CaoXiaolong LaiZhenhai Huang
    • Yuelei XiaoJun CaoXiaolong LaiZhenhai Huang
    • G06F17/00G06F7/04G06F17/30G06F15/16H04L29/06
    • H04L41/28H04L9/3234H04L9/3263H04L63/0823H04L63/0876H04L63/105H04L63/20H04L2209/127H04L2209/76
    • A trusted network management method of trusted network connections based on tri-element peer authentication. A trusted management proxy and a trusted management system are respectively installed and configured on a host to be managed and a management host, and are verified as local trusted. When the host to be managed and the management host are not connected to the trusted network, they use the trusted network connection method based on the tri-element peer authentication to connect to the trusted network respectively, and subsequently perform the authentications and the cipher key negotiations of the trusted management proxy and the trusted management system; when the host to be managed and the management host have not completed the user authentication and the cipher key negotiation process, they use the tri-element peer authentication protocol to complete the user authentication and the cipher key negotiation process, then use the tri-element peer authentication protocol to implement the remote trust of the trusted management proxy and the trusted management system, and finally perform network management. The present invention can actively defend attacks, reinforce the safety of the trusted network management architecture, and realize the trusted network management of distributed control and centralized management.
    • 基于三元对等认证的可信网络连接的可信网络管理方法。 分别在要管理的主机和管理主机上安装和配置可信管理代理和可信管理系统,并将其验证为本地可信。 当要管理的主机和管理主机没有连接到可信网络时,他们使用基于三元对等认证的可信网络连接方法分别连接到可信网络,然后执行认证和密码密钥 可信管理代理和可信管理系统的协商; 当要管理的主机和管理主机尚未完成用户认证和密钥协商过程时,他们使用三元素对等体认证协议完成用户认证和密钥协商过程,然后使用三元素 对等体认证协议,实现可信管理代理和可信管理系统的远程信任,最终执行网络管理。 本发明可以积极防御攻击,加强可信网管理架构的安全性,实现分布式控制和集中管理的可信网络管理。