专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20110252239A1 METHOD FOR PROTECTING THE FIRST MESSAGE OF SECURITY PROTOCOL 有权
标题翻译：保护安全协议第一信息的方法
公开(公告)号：US20110252239A1
公开(公告)日：2011-10-13
申请号：US13140632
申请日：2009-12-07
申请人： Xiaolong Lai , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Bianlin Zhang , Yanan Hu
发明人： Xiaolong Lai , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Bianlin Zhang , Yanan Hu
IPC分类号： H04L9/32
CPC分类号： H04W12/10 , H04L9/0838 , H04L9/3242 , H04L9/3273 , H04L63/123 , H04L2209/80
摘要： The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.
摘要翻译：本发明提供一种保护安全协议的第一消息的方法，该方法包括以下步骤：1）初始化步骤; 2）发起方发送第一个消息; 3）响应端接收第一条消息。用于保护本发明提供的安全协议的第一消息的方法可以实现：1）由发起端和响应侧共享的预共享主密钥（PSMK）和第一消息中的安全参数通过使用消息完整性代码（MIC）或消息认证码（MAC）的计算功能来限制，从而有效地避免了安全协议中的第一消息的制造攻击; 2）在计算第一个消息的MIC或MAC期间，仅选择PSMK和第一个消息的安全参数进行计算，从而有效减少发起方和响应方的计算负载，计算资源为保存

2. 发明申请

US20110243330A1 AUTHENTICATION ASSOCIATED SUITE DISCOVERY AND NEGOTIATION METHOD 有权
标题翻译：认证相关的套装发现和谈判方法
公开(公告)号：US20110243330A1
公开(公告)日：2011-10-06
申请号：US13133890
申请日：2009-12-08
申请人： Yanan Hu , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Xiaolong Lai
发明人： Yanan Hu , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Xiaolong Lai
IPC分类号： H04W12/06 , H04W12/04
CPC分类号： H04W12/04 , H04W12/06
摘要： An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.
摘要翻译：用于超宽带网络的认证相关套件发现和协商方法。该方法包括以下步骤：1）在发起者和应答者的信息元素IE列表中添加成对的时间密钥PTK建立IE和组时间密钥GTK分布IE，并设置相应的信息元素标识符ID，2 ）基于认证相关套件发现和协商方法的认证关联过程。本发明提供的用于超宽带网络的认证相关套件发现和协商方法可以向网络提供安全解决方案的发现和协商功能，以便在多对成对临时密钥PTK建立计划时更好地满足各种应用需求或多组时态密钥GTK分发计划并存。

3. 发明授权

US08625801B2 Authentication associated suite discovery and negotiation method 有权
标题翻译：认证相关套件发现和协商方法
公开(公告)号：US08625801B2
公开(公告)日：2014-01-07
申请号：US13133890
申请日：2009-12-08
申请人： Yanan Hu , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Xiaolong Lai
发明人： Yanan Hu , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Xiaolong Lai
IPC分类号： H04W12/06 , H04W12/04 , H04L9/32
CPC分类号： H04W12/04 , H04W12/06
摘要： An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.
摘要翻译：用于超宽带网络的认证相关套件发现和协商方法。该方法包括以下步骤：1）在发起者和应答者的信息元素IE列表中添加成对的时间密钥PTK建立IE和组时间密钥GTK分布IE，并设置相应的信息元素标识符ID，2 ）基于认证相关套件发现和协商方法的认证关联过程。本发明提供的用于超宽带网络的认证相关套件发现和协商方法可以向网络提供安全解决方案的发现和协商功能，以便在多对成对临时密钥PTK建立计划时更好地满足各种应用需求或多组时态密钥GTK分发计划并存。

4. 发明申请

US20130016838A1 MULTICAST KEY NEGOTIATION METHOD SUITABLE FOR GROUP CALLING SYSTEM AND A SYSTEM THEREOF 有权
标题翻译：适用于集团呼叫系统的多媒体关键协商方法及其系统
公开(公告)号：US20130016838A1
公开(公告)日：2013-01-17
申请号：US13637375
申请日：2010-05-12
申请人： Yanan Hu , Jun Cao , Manxia Tie , Zhenhai Huang
发明人： Yanan Hu , Jun Cao , Manxia Tie , Zhenhai Huang
IPC分类号： H04L9/28
CPC分类号： H04W12/04 , H04L12/189 , H04L63/065 , H04W12/10
摘要： The present invention discloses a multicast key negotiation method suitable for group calling system and a system thereof. The method includes that: a user terminal (UT) negotiates about a unicast key with a base station (BS), derives an information encryption key and an integrity verifying key according to the unicast key, and registers a service group identifier that the UT belongs to at the BS; the BS notifies the UT the multicast key of the service group that the UT needs to apply, constructs a multicast key notification packet, and sends it to the UT; after receiving the multicast key notification packet sent by the BS, the UT obtains the multicast key of the service group that the UT needs to apply by decrypting a service group key application list, constructs a multicast key confirmation packet, and sends it to the BS; the BS confirms that the multicast key of the UT service group is built successfully according to the multicast key confirmation packet sent by the UT.
摘要翻译：本发明公开了适用于群呼系统的组播密钥协商方法及其系统。该方法包括：用户终端（UT）与基站（BS）协商关于单播密钥，根据单播密钥导出信息加密密钥和完整性验证密钥，并注册UT所属的服务组标识符到BS; BS向UT通知UT需要应用的业务组的组播密钥，构建组播密钥通知报文，并将其发送给UT; UT收到BS发送的组播密钥通知报文后，通过解密业务组密钥应用列表获取UT需要应用的业务组的组播密钥，构建组播密钥确认报文，并发送给BS ; 根据UT发送的组播密钥确认包，BS确认UT服务组的组播密钥成功建立。

5. 发明授权

US08787574B2 Multicast key negotiation method suitable for group calling system and a system thereof 有权
标题翻译：组播密钥协商方法适用于群组呼叫系统及其系统
公开(公告)号：US08787574B2
公开(公告)日：2014-07-22
申请号：US13637375
申请日：2010-05-12
申请人： Yanan Hu , Jun Cao , Manxia Tie , Zhenhai Huang
发明人： Yanan Hu , Jun Cao , Manxia Tie , Zhenhai Huang
IPC分类号： H04K1/00 , H04L9/00 , H04L9/32
CPC分类号： H04W12/04 , H04L12/189 , H04L63/065 , H04W12/10
摘要： The present invention discloses a multicast key negotiation method suitable for group calling system and a system thereof. The method includes that: a user terminal (UT) negotiates about a unicast key with a base station (BS), derives an information encryption key and an integrity verifying key according to the unicast key, and registers a service group identifier that the UT belongs to at the BS; the BS notifies the UT the multicast key of the service group that the UT needs to apply, constructs a multicast key notification packet, and sends it to the UT; after receiving the multicast key notification packet sent by the BS, the UT obtains the multicast key of the service group that the UT needs to apply by decrypting a service group key application list, constructs a multicast key confirmation packet, and sends it to the BS; the BS confirms that the multicast key of the UT service group is built successfully according to the multicast key confirmation packet sent by the UT.
摘要翻译：本发明公开了适用于群呼系统的组播密钥协商方法及其系统。该方法包括：用户终端（UT）与基站（BS）协商关于单播密钥，根据单播密钥导出信息加密密钥和完整性验证密钥，并注册UT所属的服务组标识符到BS; BS向UT通知UT需要应用的业务组的组播密钥，构建组播密钥通知报文，并将其发送给UT; UT收到BS发送的组播密钥通知报文后，通过解密业务组密钥应用列表获取UT需要应用的业务组的组播密钥，构成组播密钥确认报文，并发送给BS ; 根据UT发送的组播密钥确认包，BS确认UT服务组的组播密钥成功建立。

6. 发明授权

US08572378B2 Method for protecting the first message of security protocol 有权
标题翻译：保护安全协议第一条消息的方法
公开(公告)号：US08572378B2
公开(公告)日：2013-10-29
申请号：US13140632
申请日：2009-12-07
申请人： Xiaolong Lai , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Bianling Zhang , Yanan Hu
发明人： Xiaolong Lai , Jun Cao , Yuelei Xiao , Manxia Tie , Zhenhai Huang , Bianling Zhang , Yanan Hu
IPC分类号： H04L29/06
CPC分类号： H04W12/10 , H04L9/0838 , H04L9/3242 , H04L9/3273 , H04L63/123 , H04L2209/80
摘要： The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.
摘要翻译：本发明提供一种保护安全协议的第一消息的方法，该方法包括以下步骤：1）初始化步骤; 2）发起方发送第一个消息; 3）响应端接收第一条消息。用于保护本发明提供的安全协议的第一消息的方法可以实现：1）由起始侧和响应侧共享的预共享主密钥（PSMK）和第一消息中的安全参数通过使用消息完整性代码（MIC）或消息认证码（MAC）的计算功能来限制，从而有效地避免了安全协议中的第一消息的制造攻击; 2）在计算第一个消息的MIC或MAC期间，仅选择PSMK和第一个消息的安全参数进行计算，从而有效减少发起方和响应方的计算负载，计算资源为保存

7. 发明授权

US08819778B2 Method and system for switching station in centralized WLAN when WPI is performed by access controller 有权
标题翻译： WPI由接入控制器执行时，集中式WLAN切换站的方法和系统
公开(公告)号：US08819778B2
公开(公告)日：2014-08-26
申请号：US13320469
申请日：2009-12-07
申请人： Zhiqiang Du , Jun Cao , Manxia Tie , Xiaolong Lai , Zhenhai Huang
发明人： Zhiqiang Du , Jun Cao , Manxia Tie , Xiaolong Lai , Zhenhai Huang
IPC分类号： H04L29/06 , H04W12/06
CPC分类号： H04W36/0038 , H04L41/0803 , H04L63/205 , H04W12/06 , H04W92/12
摘要： The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.
摘要翻译：本发明的实施例涉及一种当WLAN隐私基础设施（WPI）由接入控制器（AC）执行时，在集中式无线局域网（WLAN）中切换台站的方法和系统。该方法包括：步骤1：站通过目的无线终端（WTP）与AC重新关联; 步骤2：AC通知相关的WTP删除站; 步骤3：AC通知目的地WTP加入车站。本发明基于在交换台处理过程中的无线接入点协议（CAPWAP）控制消息的控制和提供，实现了加入站和删除站之间的AC和WTP的操作。因此，本发明可以在同一AC下的WTP之间快速，安全地实现站切换。

8. 发明授权

US08417955B2 Entity bidirectional authentication method and system 有权
标题翻译：实体双向认证方式和系统
公开(公告)号：US08417955B2
公开(公告)日：2013-04-09
申请号：US12808049
申请日：2008-12-09
申请人： Manxia Tie , Jun Cao , Zhenhai Huang , Xiaolong Lai
发明人： Manxia Tie , Jun Cao , Zhenhai Huang , Xiaolong Lai
IPC分类号： H04L29/06
CPC分类号： H04L9/321 , H04L9/3247
摘要： An entity bidirectional authentication method and system, the method involves: the first entity sends the first message; the second entity sends the second message to the credible third party after receiving the said first message; the said credible third party returns the third message after receiving the second message; the said second entity sends the fourth message after receiving the third message and verifying it; the said first entity receives the said fourth message and verifies it, completes the authentication. Compared with the conventional authentication mechanism, the invention defines an on-line retrieval and authentication mechanism of a public key, realizes the centralized management for it, simplifies the operating condition of the protocol, and facilitates the application and implement.
摘要翻译：一种实体双向认证方法和系统，该方法涉及：第一实体发送第一消息; 第二实体在接收到所述第一消息之后将第二消息发送到可信第三方; 所述可信第三方在接收到第二消息后返回第三消息; 所述第二实体在接收到第三消息并验证之后发送第四消息; 所述第一实体接收所述第四消息并对其进行验证，从而完成认证。与常规认证机制相比，本发明定义了公钥的在线检索和认证机制，实现了集中管理，简化了协议的工作状态，便于应用和实现。

9. 发明授权

US08412943B2 Two-way access authentication method 有权
标题翻译：双向访问认证方式
公开(公告)号：US08412943B2
公开(公告)日：2013-04-02
申请号：US12741982
申请日：2008-11-07
申请人： Liaojun Pang , Jun Cao , Manxia Tie , Zhenhai Huang
发明人： Liaojun Pang , Jun Cao , Manxia Tie , Zhenhai Huang
IPC分类号： H04L29/00
CPC分类号： H04L9/3247 , G06F21/445 , G06Q20/3823 , G06Q20/388 , G06Q20/4097 , H04L9/0847 , H04L9/321 , H04L9/3271 , H04L63/0869 , H04L2209/80 , H04W12/06
摘要： A two-way access authentication method comprises: According to the system parameters pre-established by the third entity, the first entity sends the access authentication request packet to the second entity, then the second entity validates whether the signature of first entity is correct, and if yes, the share master key of second entity is calculated; the second entity generates the access authentication response packet and sends it to the first entity, then the first entity validates whether the signature of access authentication response packet and the message integrity check code are correct; if yes, the share master key of first entity is calculated; the first entity sends the access authentication acknowledge packet to the second entity, then the second entity validates the integrity of the access authentication acknowledge packet, if passing the validation, the share master key of first entity is consistent with that of the second entity, and the access authentication is achieved. For improving the security, after received the access authentication request packet sent by the first entity, the second entity may perform the identity validity validation and generates the access authentication response packet after passing the validation.
摘要翻译：双向接入认证方法包括：根据第三实体预先建立的系统参数，第一实体向第二实体发送接入认证请求报文，第二实体验证第一实体的签名是否正确，如果是，则计算第二实体的共享主密钥; 第二实体生成接入认证响应报文并将其发送给第一实体，则第一实体验证接入认证响应报文的签名和消息完整性检查码是否正确; 如果是，则计算第一实体的共享主密钥; 第一实体向第二实体发送接入认证确认分组，则第二实体验证接入认证确认分组的完整性，如果通过验证，则第一实体的共享主密钥与第二实体的共享主密钥一致，实现了访问认证。为了提高安全性，在接收到由第一实体发送的接入认证请求分组之后，第二实体可以在通过验证之后执行身份有效性验证并生成接入认证响应分组。

10. 发明申请

US20120151554A1 SECURITY ACCESS CONTROL METHOD AND SYSTEM FOR WIRED LOCAL AREA NETWORK 有权
标题翻译：用于有线局域网的安全访问控制方法和系统
公开(公告)号：US20120151554A1
公开(公告)日：2012-06-14
申请号：US13391051
申请日：2009-12-23
申请人： Manxia Tie , Jun Cao , Li Ge , Xiaolong Lai , Zhenhai Huang , Qin Li , Zhiqiang Du
发明人： Manxia Tie , Jun Cao , Li Ge , Xiaolong Lai , Zhenhai Huang , Qin Li , Zhiqiang Du
IPC分类号： H04L29/06
CPC分类号： H04L63/20 , H04L63/061 , H04L63/0823 , H04L63/205
摘要： The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.
摘要翻译：本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式