会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Trusted network management method of trusted network connections based on tri-element peer authentication
    • 基于三元对等认证的可信网络连接的可信网络管理方法
    • US08756654B2
    • 2014-06-17
    • US13059798
    • 2009-08-20
    • Yuelei XiaoJun CaoXiaolong LaiZhenhai Huang
    • Yuelei XiaoJun CaoXiaolong LaiZhenhai Huang
    • G06F17/00G06F7/04G06F17/30G06F15/16H04L29/06
    • H04L41/28H04L9/3234H04L9/3263H04L63/0823H04L63/0876H04L63/105H04L63/20H04L2209/127H04L2209/76
    • A trusted network management method of trusted network connections based on tri-element peer authentication. A trusted management proxy and a trusted management system are respectively installed and configured on a host to be managed and a management host, and are verified as local trusted. When the host to be managed and the management host are not connected to the trusted network, they use the trusted network connection method based on the tri-element peer authentication to connect to the trusted network respectively, and subsequently perform the authentications and the cipher key negotiations of the trusted management proxy and the trusted management system; when the host to be managed and the management host have not completed the user authentication and the cipher key negotiation process, they use the tri-element peer authentication protocol to complete the user authentication and the cipher key negotiation process, then use the tri-element peer authentication protocol to implement the remote trust of the trusted management proxy and the trusted management system, and finally perform network management. The present invention can actively defend attacks, reinforce the safety of the trusted network management architecture, and realize the trusted network management of distributed control and centralized management.
    • 基于三元对等认证的可信网络连接的可信网络管理方法。 分别在要管理的主机和管理主机上安装和配置可信管理代理和可信管理系统,并将其验证为本地可信。 当要管理的主机和管理主机没有连接到可信网络时,他们使用基于三元对等认证的可信网络连接方法分别连接到可信网络,然后执行认证和密码密钥 可信管理代理和可信管理系统的协商; 当要管理的主机和管理主机尚未完成用户认证和密钥协商过程时,他们使用三元素对等体认证协议完成用户认证和密钥协商过程,然后使用三元素 对等体认证协议,实现可信管理代理和可信管理系统的远程信任,最终执行网络管理。 本发明可以积极防御攻击,加强可信网管理架构的安全性,实现分布式控制和集中管理的可信网络管理。
    • 3. 发明授权
    • Method for realizing trusted network management
    • 实现可信网络管理的方法
    • US08230220B2
    • 2012-07-24
    • US12631491
    • 2009-12-04
    • Yuelei XiaoJun CaoXiaolong LaiZhenhai Huang
    • Yuelei XiaoJun CaoXiaolong LaiZhenhai Huang
    • H04L29/06
    • H04L63/20
    • A method for realizing trusted network management is provided. A trusted management agent resides on a managed host, and a trusted management system resides on a management host. The trusted management agent and the trusted management system are software modules, which are both based on a trusted computing platform and signed after being authenticated by a trusted third party of the trusted management agent and the trusted management system. Trusted platform modules of the managed host and the management host can perform integrity measurement, storage, and report for the trusted management agent and the trusted management system. Therefore, the managed host and the management host can ensure that the trusted management agent and the trusted management system are trustworthy. Then, the trusted management agent and the trusted management system execute a network management function, thus realizing the trusted network management. Therefore, the technical problem in the prior art that the network management security cannot be ensured due to the mutual attack between an agent, a host where the agent resides, and a manager system is solved, and trusted network management is realized.
    • 提供了一种实现可信网络管理的方法。 可信管理代理驻留在受管主机上,可管理系统驻留在管理主机上。 信任管理代理和信任管理系统是软件模块,它们都是基于可信计算平台,经信任管理代理和可信管理系统的信任第三方认证后进行签名。 托管主机和管理主机的可信平台模块可以对可信管理代理和可信管理系统执行完整性测量,存储和报告。 因此,托管主机和管理主机可以确保可信管理代理和可信管理系统是值得信赖的。 然后,信任管理代理和信任管理系统执行网络管理功能,从而实现可信网络管理。 因此,现有技术的技术问题是解决了代理,代理所在的主机与管理者系统之间的相互攻击而不能确保网络管理安全性,并实现了可信网络管理。
    • 4. 发明申请
    • AUTHENTICATION ASSOCIATED SUITE DISCOVERY AND NEGOTIATION METHOD
    • 认证相关的套装发现和谈判方法
    • US20110243330A1
    • 2011-10-06
    • US13133890
    • 2009-12-08
    • Yanan HuJun CaoYuelei XiaoManxia TieZhenhai HuangXiaolong Lai
    • Yanan HuJun CaoYuelei XiaoManxia TieZhenhai HuangXiaolong Lai
    • H04W12/06H04W12/04
    • H04W12/04H04W12/06
    • An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.
    • 用于超宽带网络的认证相关套件发现和协商方法。 该方法包括以下步骤:1)在发起者和应答者的信息元素IE列表中添加成对的时间密钥PTK建立IE和组时间密钥GTK分布IE,并设置相应的信息元素标识符ID,2 )基于认证相关套件发现和协商方法的认证关联过程。 本发明提供的用于超宽带网络的认证相关套件发现和协商方法可以向网络提供安全解决方案的发现和协商功能,以便在多对成对临时密钥PTK建立计划时更好地满足各种应用需求 或多组时态密钥GTK分发计划并存。
    • 5. 发明申请
    • METHOD FOR MANAGING WIRELESS MULTI-HOP NETWORK KEY
    • 无线多路网络密钥管理方法
    • US20100299519A1
    • 2010-11-25
    • US12864317
    • 2009-01-21
    • Yuelei XiaoJun CaoXiaolong LaiZhenhai Huang
    • Yuelei XiaoJun CaoXiaolong LaiZhenhai Huang
    • H04L9/00
    • H04W12/04H04L9/083H04L9/0866H04L9/0891H04L63/061H04L2209/80H04L2463/061H04W84/18
    • A method for managing wireless multi-hop network key is applicable to a security application protocol when a WAPI frame method (TePA, an access control method based on the ternary peer-to-peer identification) is applied in a concrete network containing a Wireless Local Area Network, a Wireless Metropolitan Area Network AN and a Wireless Personal Area Network. The key management method of the present invention includes the steps of key generation, key distribution, key storage, key modification and key revocation. The present invention solves the technical problems that the prior pre-share-key based key management method is not suitable for larger networks and the PKI-based key management method is not suitable for wireless multi-hop networks; the public-key system and the ternary structure are adopted, thereby the security and the performance of the wireless multi-hop networks are improved.
    • 一种用于管理无线多跳网络密钥的方法适用于安全应用协议,当WAPI帧方法(TePA,基于三进制对等体标识的访问控制方法)被应用于包含无线本地 区域网络,无线城域网AN和无线个域网。 本发明的密钥管理方法包括密钥生成,密钥分配,密钥存储,密钥修改,密钥撤销等步骤。 本发明解决了以前的基于共享密钥的密钥管理方法不适用于较大网络的技术问题,而基于PKI的密钥管理方法不适用于无线多跳网络; 采用公钥系统和三元结构,提高无线多跳网络的安全性和性能。
    • 8. 发明授权
    • Trusted network connect system based on tri-element peer authentication
    • 基于三元素对等认证的可信网络连接系统
    • US08191113B2
    • 2012-05-29
    • US12628903
    • 2009-12-01
    • Yuelei XiaoJun CaoXiaolong LaiZhenhai Huang
    • Yuelei XiaoJun CaoXiaolong LaiZhenhai Huang
    • G06F7/04G06F15/16G06F17/30H04L29/06G06F15/173
    • H04L63/20H04L9/321H04L9/3263H04L63/061H04L63/08H04L63/0869H04L63/0876H04L63/10H04L2209/127
    • A trusted network connect (TNC) system based on tri-element peer authentication (TePA) is provided. An network access requestor (NAR) of an access requestor (AR) is connected to a TNC client (TNCC), and the TNCC is connected to and integrity measurement collector (IMC1) through a integrity measurement collector interface (IF-IMC). An network access controller (NAC) of an access controller (AC) is connected to a TNC server (TNCS) in a data bearer manner. The TNCS is connected to an IMC2 through the IF-IMC. A user authentication service unit (UASU) of a policy manager (PM) is connected to a platform evaluation service unit (PESU) through an integrity measurement verifier interface (IF-IMV). Thus, the technical problems in the prior art of poor extensibility, complex key agreement process, and low security are solved. TePA is adopted in both the network access layer and the integrity evaluation layer to implement mutual user authentication and platform integrity evaluation, so that the security of the entire TNC architecture is improved.
    • 提供了基于三元素对等认证(TePA)的可信网络连接(TNC)系统。 访问请求者(AR)的网络接入请求者(NAR)连接到TNC客户端(TNCC),TNCC通过完整性测量收集器接口(IF-IMC)连接到完整性测量收集器(IMC1)。 接入控制器(AC)的网络接入控制器(NAC)以数据承载方式连接到TNC服务器(TNCS)。 TNCS通过IF-IMC连接到IMC2。 策略管理器(PM)的用户认证服务单元(UASU)通过完整性测量验证器接口(IF-IMV)连接到平台评估服务单元(PESU)。 因此,解决了现有技术中可扩展性差,复杂密钥协商过程和低安全性的技术问题。 TePA被采用于网络接入层和完整性评估层,实现了互用用户认证和平台完整性评估,从而提高了整个TNC架构的安全性。
    • 9. 发明申请
    • METHOD FOR AUTHENTICATING A TRUSTED PLATFORM BASED ON THE TRI-ELEMENT PEER AUTHENTICATION(TEPA)
    • 基于三元认证(TEPA)认证受信任平台的方法
    • US20110202992A1
    • 2011-08-18
    • US13119909
    • 2009-11-03
    • Yuelei XiaoJun CaoLi GeXiaolong LaiZhenhai Huang
    • Yuelei XiaoJun CaoLi GeXiaolong LaiZhenhai Huang
    • H04L9/32G06F21/00
    • H04L63/083G06F21/33H04L9/321H04L9/3234H04L9/3247H04L9/3263H04L63/0876H04L63/105H04L63/20H04L2209/80
    • A method for authenticating a trusted platform based on the Tri-element Peer Authentication (TePA). The method includes the following steps: A) a second attesting system sends the first message to a first attesting system; B) the first attesting system sends a second message to the second attesting system after receiving the first message; C) the second attesting system sends a third message to a Trusted Third Party (TTP) after receiving the second message; D) the TTP sends a fourth message to the second attesting system after receiving the third message; E) the second attesting system sends a fifth message to the first attesting system after receiving the fourth message; and F) the first attesting system performs an access control after receiving the fifth message. The method for authenticating a trusted platform based on TePA of the present invention adopts the security architecture of TePA, and improves the safety of an evaluation agreement of the trusted platform, realizes the mutual evaluation of the trusted platform between the attesting systems, and extends the application ranges.
    • 一种基于三元素对等认证(TePA)认证可信平台的方法。 该方法包括以下步骤:A)第二证明系统将第一消息发送到第一认证系统; B)第一证明系统在接收到第一消息之后向第二认证系统发送第二消息; C)第二证明系统在接收到第二消息之后向受信任的第三方(TTP)发送第三消息; D)TTP在接收到第三消息之后向第二认证系统发送第四消息; E)第二证明系统在接收到第四消息之后向第一认证系统发送第五消息; 和F)第一认证系统在接收到第五消息之后执行访问控制。 本发明基于TePA认证信任平台的方法采用了TePA的安全架构,提高了可信平台评估协议的安全性,实现了认证系统之间信任平台的相互评估,并扩展了 应用范围。
    • 10. 发明申请
    • TRUSTED NETWORK CONNECT METHOD FOR ENHANCING SECURITY
    • 用于增强安全性的有效网络连接方法
    • US20110191579A1
    • 2011-08-04
    • US12671575
    • 2008-07-21
    • Yuelei XiaoJun CaoXiaolong LaiZhenhai Huang
    • Yuelei XiaoJun CaoXiaolong LaiZhenhai Huang
    • H04L9/32H04L29/06H04L9/08
    • H04L63/0869H04L9/0844H04L9/3247H04L9/3263H04L41/0893H04L63/0876H04L63/105H04L63/20H04L2209/127
    • A trusted network connect method for enhancing security, it pre-prepares platform integrity information, sets an integrity verify demand. A network access requestor initiates an access request, a network access authority starts a process for bi-directional user authentication, begins to perform the triplex element peer authentication protocol with a user authentication service unit. After the success of the bi-directional user authentication, a TNC server and a TNC client perform bi-directional platform integrity evaluation. The network access requestor and the network access authority control ports according to their respective recommendations, implement the mutual access control of the access requestor and the access authority. The present invention solves the technical problems in the background technologies: the security is lower relatively, the access requestor may be unable to verify the validity of the AIK credential and the platform integrity evaluation is not parity. The present invention may simplify the management of the key and the mechanism of integrity verification, expand the application scope of the trusted network connect.
    • 一种可靠的网络连接方法,用于增强安全性,预先准备平台完整性信息,设置完整性验证需求。 网络访问请求者发起访问请求,网络访问权限启动用于双向用户认证的过程,开始与用户认证服务单元一起执行三重元素对等认证协议。 在双向用户认证成功之后,TNC服务器和TNC客户端执行双向平台完整性评估。 网络访问请求者和网络访问权限控制端口根据各自的建议,实现访问请求者和访问权限的相互访问控制。 本发明解决了后台技术中的技术问题:安全性相对较低,访问请求者可能无法验证AIK凭据的有效性,平台完整性评估不是奇偶校验。 本发明可以简化密钥的管理和完整性验证的机制,扩大可信网络连接的应用范围。