公开(公告)号：US08571223B2

公开(公告)日：2013-10-29

申请号：US13382651

申请日：2009-12-29

Applicant: Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

Inventor： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

IPC: H04L9/08

CPC classification number: H04W12/04 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/0833 ,  H04L9/3228 ,  H04L9/3242 ,  H04L63/062 ,  H04L63/065 ,  H04L63/126 ,  H04L2209/38 ,  H04L2209/601 ,  H04L2209/805 ,  H04W12/06 ,  H04W84/18

Abstract: A method for combining authentication and secret keys management mechanism in a sensor network includes the following steps: 1) pre-distribution of the secret key, which includes 1.1) the pre-distribution of the communication secret key and 1.2) the pre-distribution of the initial broadcast message authentication secret key; 2) authentication, which includes 2.1) the authentication of the node identity and 2.2) the authentication of the broadcast message; and 3) negotiation of the session secret key by the nodes.

Abstract translation: 一种将认证和秘密密钥管理机制组合在传感器网络中的方法，包括以下步骤：1）秘密密钥的预分配，其中包括1.1）通信秘密密钥的预分配，以及1.2）预分发 初始广播消息认证密钥; 2）认证，其中包括2.1）节点身份认证和2.2）广播消息的认证; 3）节点会话密钥协商。

公开(公告)号：US20130283045A1

公开(公告)日：2013-10-24

申请号：US13995641

申请日：2011-06-17

Applicant: Qin Li ,  Jun Cao ,  Manxia Tie

Inventor： Qin Li ,  Jun Cao ,  Manxia Tie

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L63/0428 ,  H04L9/08 ,  H04L63/162

Abstract: There are a terminal device capable of link layer encryption and decryption and a data process method thereof, and the terminal device includes a link layer processing module including a control module, a data frame encryption module, a data frame decryption module, a key management module, an algorithm module, a transmission port and a reception port; and the control module is connected with the transmission port through the data frame encryption module, the reception port is connected with the control module through the data frame decryption module, the control module is connected with the key management module, the data frame encryption module is connected with the data frame decryption module through the key management module, and the data frame encryption module is connected with the data frame decryption module through the algorithm module.

Abstract translation: 存在能够进行链路层加密和解密的终端设备及其数据处理方法，并且终端设备包括链路层处理模块，该链路层处理模块包括控制模块，数据帧加密模块，数据帧解密模块，密钥管理模块 算法模块，传输端口和接收端口; 控制模块通过数据帧加密模块与传输端口连接，接收端口通过数据帧解密模块与控制模块连接，控制模块与密钥管理模块连接，数据帧加密模块为 通过密钥管理模块与数据帧解密模块相连，数据帧加密模块通过算法模块与数据帧解密模块连接。

公开(公告)号：US08547205B2

公开(公告)日：2013-10-01

申请号：US13056856

申请日：2009-07-28

Applicant: Liaojun Pang ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

Inventor： Liaojun Pang ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC: G05B19/00 ,  H04Q5/22

CPC classification number: H04L63/0869 ,  H04L9/3236 ,  H04L9/3273 ,  H04L63/0492 ,  H04L2209/42 ,  H04L2209/805 ,  H04M15/48 ,  H04M2215/0156

Abstract: An anonymous authentication method based on a pre-shared key, a reader-writer, an electronic tag and an anonymous bidirectional authentication system are disclosed. The method comprises the following steps: 1) a reader-writer sends an accessing authentication requirement group to the electronic tag; 2) after the electronic tag receives the accessing authentication requirement group, an accessing authentication response group is constructed and sent to the reader-writer; 3) after the reader-writer receives the accessing authentication response group, an accessing authentication confirmation group is constructed and sent to the electronic tag; 4) the electronic tag carries out confirmation according to the accessing authentication confirmation group.

Abstract translation: 公开了一种基于预共享密钥，读写器，电子标签和匿名双向认证系统的匿名认证方法。 该方法包括以下步骤：1）读写器向电子标签发送访问认证要求组; 2）电子标签收到接入认证要求组后，构建接入认证响应组并发送给读写器; 3）在读写器接收到访问认证响应组之后，建立访问认证确认组并发送给电子标签; 4）电子标签根据访问认证确认组进行确认。

公开(公告)号：US20130205374A1

公开(公告)日：2013-08-08

申请号：US13879136

申请日：2011-03-15

Applicant: Zhiqiang Du ,  Manxia Tie ,  Zhenhai Huang ,  Jun Cao

Inventor： Zhiqiang Du ,  Manxia Tie ,  Zhenhai Huang ,  Jun Cao

IPC: H04L29/06

CPC classification number: H04L63/08

Abstract: A method and a system for network access control are provided, which are based on cipher code mechanism. After a visitor has raised an access request, an access controller in the destination network processes the access request and initiates an authentication request on the visitor identity to an authentication server through the visitor. The access controller in the destination network accomplishes the authentication on the visitor identity according to the public authentication result of the authentication server transferred by the visitor, and performs according to the authorization policy the authorization management on the successfully authenticated visitor. The present invention solves the problem of incapableness of performing the access control when the access controller can not directly use the authentication service provided by the authentication server. The present invention can sufficiently satisfy the real application requirements of access control on visitor.

Abstract translation: 提供了一种基于密码机制的网络访问控制方法和系统。 在访问者提出访问请求之后，目的地网络中的访问控制器处理访问请求，并通过访问者向认证服务器发起对访问者身份的认证请求。 目的地网络中的接入控制器根据访问者转发的认证服务器的公共认证结果对访客身份进行认证，并根据认证策略对成功认证的访问者进行授权管理。 本发明解决了当访问控制器不能直接使用认证服务器提供的认证服务时执行访问控制的不适用性的问题。 本发明可以充分满足访客访问控制的实际应用需求。

公开(公告)号：US08495712B2

公开(公告)日：2013-07-23

申请号：US12519955

申请日：2007-06-25

Applicant: Xiaolong Lai ,  Jun Cao ,  Manxia Tie ,  Bianling Zhang

Inventor： Xiaolong Lai ,  Jun Cao ,  Manxia Tie ,  Bianling Zhang

IPC: H04L29/00

CPC classification number: H04L63/0869

Abstract: This invention relates to a peer-to-peer access control method of a triple-unit structure for safely implementing bidirectional authentication between the terminal and the network. According to the method, on the basis of the access control method of the existing double-unit triple-entity structure, the authenticator function is implemented in the access controller, and the authentication protocol function is implemented in the terminal and the access controller, so that the terminal, the access controller and the server all participate in the authentication, and the trust relationship is established between the terminal and the access controller directly, which renders security very reliable. The invention not only solves the technical problems of the access control method of the existing double-unit double-entity structure that the access flexibility is limited and the extension of the number of the access controllers is inconvenient, but also solves the technical problems of the existing access control method of the double-unit triple-entity structure that the process for establishing the trust relationship is complicated and the security of the network may be influenced, thus achieving advantages of high security performance, no requirement of changing existing network structures and relative independency of the authentication protocol.

Abstract translation: 本发明涉及用于在终端和网络之间安全地实现双向认证的三单元结构的对等接入控制方法。 根据该方法，在现有的双单元三实体结构的访问控制方法的基础上，在接入控制器中实现认证方的功能，在终端和接入控制器中实现认证协议功能， 终端，接入控制器和服务器都参与认证，直接在终端和接入控制器之间建立信任关系，使安全性非常可靠。 本发明不仅解决了现有的双单元双实体结构的访问控制方法的技术问题，即访问灵活性有限，访问控制器数量的扩展不方便，而且解决了 建立信任关系的过程复杂，网络安全性可能受影响的双单元三实体结构的现有访问控制方法，从而实现高安全性能的优势，无需改变现有网络结构和相对性 认证协议的独立性。

公开(公告)号：US08356179B2

公开(公告)日：2013-01-15

申请号：US12739678

申请日：2008-10-23

Applicant: Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Liaojun Pang ,  Zhenhai Huang

Inventor： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Liaojun Pang ,  Zhenhai Huang

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  H04L9/32

CPC classification number: H04L63/0869 ,  H04L9/3213 ,  H04L9/3273 ,  H04L63/0823 ,  H04L63/126

Abstract: An entity bi-directional identification method and system based on a trustable third party thereof are provided. The system comprises a first entity, which is for sending a first message to a second entity, sending a third message to a third entity after receiving a second message sent by the second entity, verifying the fourth message after receiving a fourth message sent by the third entity, sending a fifth message to the second entity after the verification is finished; the second entity, which is for receiving the first message sent by the first entity, sending the second message to the first entity, verifying the fifth message after receiving the fifth message sent by the first entity; the third entity, which is for receiving the third message sent by the first entity, checking if the first entity and the second entity are legal, implementing the pretreatment according to the checking result, sending the first entity the fourth message after the treatment is finished.

Abstract translation: 提供了一种基于可信任第三方的实体双向识别方法和系统。 该系统包括用于向第二实体发送第一消息的第一实体，在接收到由第二实体发送的第二消息之后向第三实体发送第三消息，在接收到由第二实体发送的第四消息之后验证第四消息 第三实体，在验证完成之后向第二实体发送第五消息; 所述第二实体用于接收由所述第一实体发送的所述第一消息，向所述第一实体发送所述第二消息，在接收到由所述第一实体发送的所述第五消息之后验证所述第五消息; 用于接收第一实体发送的第三消息的第三实体，检查第一实体和第二实体是否合法，根据检查结果实现预处理，在处理完成之后发送第一实体第四消息 。

公开(公告)号：US08195935B2

公开(公告)日：2012-06-05

申请号：US12442462

申请日：2007-07-16

Applicant: Haibo Tian ,  Jun Cao ,  Liaojun Pang ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang

Inventor： Haibo Tian ,  Jun Cao ,  Liaojun Pang ,  Manxia Tie ,  Zhenhai Huang ,  Bianling Zhang

IPC: H04L29/06

CPC classification number: H04L9/3268 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0823 ,  H04L2209/60 ,  H04L2209/80

Abstract: Exemplary embodiments of systems, methods and computer-accessible medium can be provided for obtaining and verifying a public key certificate status. In particular, it is possible to construct and send a certificate query request, construct and send a combined certificate query request, construct and send a combined certificate status response, deliver a certificate status response, perform a verification by the general access point, and/or perform a verification by the user equipment. The exemplary embodiments address some of the deficiencies of conventional methods which have a complicated implementation as well as likely inability of such conventional methods to be applied to the network architecture of user equipment, a general access point and a server. The exemplary embodiments of the systems, methods and computer-accessible medium can obtain a user certificate status to provide certificate statuses of the user or the user equipment and the general access point when the user equipment accesses the network via the general access point. Message exchanges can be reduced, bandwidth and calculation resources can be saved, and higher efficiency can be achieved. According to another exemplary embodiment, by way of adding random numbers into the certificate query request and the combined certificate query request, as well as the message m, freshness of the certificate status response can be facilitated and even ensured, and security protection can be enhanced.

Abstract translation: 可以提供系统，方法和计算机可访问介质的示例性实施例，以获得和验证公钥证书状态。 特别地，可以构建和发送证书查询请求，构造和发送组合的证书查询请求，构造并发送组合证书状态响应，递送证书状态响应，由一般接入点执行验证和/ 或执行用户设备的验证。 示例性实施例解决了具有复杂实现的常规方法的一些缺陷以及这种常规方法可能不适用于用户设备，通用接入点和服务器的网络架构的一些缺陷。 当用户设备经由通用接入点访问网络时，系统，方法和计算机可访问介质的示例性实施例可以获得用户证书状态以提供用户或用户设备以及通用接入点的证书状态。 可以减少消息交换，节省带宽和计算资源，实现更高的效率。 根据另一示例性实施例，通过在证书查询请求和组合证书查询请求中添加随机数以及消息m，可以促进并甚至确保证书状态响应的新鲜度，并且可以增强安全性保护 。

公开(公告)号：US20110194697A1

公开(公告)日：2011-08-11

申请号：US13060126

申请日：2009-08-20

Applicant: Liaojun Pang ,  Jun Cao ,  Manxia Tie

Inventor： Liaojun Pang ,  Jun Cao ,  Manxia Tie

IPC: H04L9/08

CPC classification number: H04W12/04 ,  H04L9/0833 ,  H04L9/0844 ,  H04L9/0891 ,  H04L63/065 ,  H04W12/10 ,  H04W88/08

Abstract: A multicast key distribution method, an update method, and a base station based on unicast conversation key, the distribution method includes the following steps: 1) the base station composes groups of multicast key distribution; 2) the base station broadcasts the groups of multicast key distribution to all terminals; 3) the terminals acquire the multicast conversation key by calculating. The present invention solves the problem that the efficiency of the multicast key distribution based on unicast conversation key is low in the prior art, and provides a multicast key distribution method based on unicast conversation key.

Abstract translation: 基于单播对话密钥的组播密钥分发方法，更新方法和基站，分发方法包括以下步骤：1）基站组成组播密钥分发组; 2）基站向所有终端广播组播密钥分发组播; 3）终端通过计算获取组播对话密钥。 本发明解决了现有技术中基于单播对话密钥的组播密钥分发的效率低的问题，并且提供了基于单播会话密钥的组播密钥分发方法。

公开(公告)号：US20110133883A1

公开(公告)日：2011-06-09

申请号：US13056856

申请日：2009-07-28

Applicant: Liaojun Pang ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

Inventor： Liaojun Pang ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC: G05B19/00 ,  H04L9/00

CPC classification number: H04L63/0869 ,  H04L9/3236 ,  H04L9/3273 ,  H04L63/0492 ,  H04L2209/42 ,  H04L2209/805 ,  H04M15/48 ,  H04M2215/0156

Abstract: An anonymous authentication method based on a pre-shared key, a reader-writer, an electronic tag and an anonymous bidirectional authentication system are disclosed. The method comprises the following steps: 1) a reader-writer sends an accessing authentication requirement group to the electronic tag; 2) after the electronic tag receives the accessing authentication requirement group, an accessing authentication response group is constructed and sent to the reader-writer; 3) after the reader-writer receives the accessing authentication response group, an accessing authentication confirmation group is constructed and sent to the electronic tag; 4) the electronic tag carries out confirmation according to the accessing authentication confirmation group.

Abstract translation: 公开了一种基于预共享密钥，读写器，电子标签和匿名双向认证系统的匿名认证方法。 该方法包括以下步骤：1）读写器向电子标签发送访问认证要求组; 2）电子标签收到接入认证要求组后，构建接入认证响应组并发送给读写器; 3）在读写器接收到访问认证响应组之后，建立访问认证确认组并发送给电子标签; 4）电子标签根据访问认证确认组进行确认。

公开(公告)号：US20110126000A1

公开(公告)日：2011-05-26

申请号：US13055296

申请日：2009-07-20

Applicant: Liaojun Pang ,  Jun Cao ,  Manxia Tie

Inventor： Liaojun Pang ,  Jun Cao ,  Manxia Tie

IPC: H04W12/06 ,  H04W12/04

CPC classification number: H04L9/0869 ,  H04L9/083 ,  H04L9/3073 ,  H04L9/321 ,  H04L9/3271 ,  H04L2209/805

Abstract: A method for accessing data safely, which is suitable for the electronic tag with low performance, is provided. The method comprises the following steps: when performing a data writing process, the first read-write device encrypts the message MSG and then writes the message in the electronic tag; when performing a data reading process, the second read-write device sends a data request packet to the electronic tag; the electronic tag sends a data response packet to the second read-write device according to the data request packet; the second read-write device sends a key request packet to a trusted third party; the trusted third party verifies the validity of the identity of the second read-write device according to the key request packet, and sends a key response packet to the second read-write device upon the verification is passed; the second read-write device obtains the plain text of the electronic tag message MSG according to the key response packet. This invention can realize the safe access of the data of the electronic tag with low performance.

Abstract translation: 提供了一种安全访问数据的方法，适用于低性能的电子标签。 该方法包括以下步骤：当执行数据写入处理时，第一读写装置加密消息MSG，然后将消息写入电子标签; 当执行数据读取处理时，第二读写装置向电子标签发送数据请求包; 电子标签根据数据请求包向第二读写装置发送数据响应包; 第二读写装置向可信第三方发送密钥请求包; 受信任的第三方根据密钥请求分组验证第二读写装置的身份的有效性，并且在验证通过时向第二读写装置发送密钥响应分组; 第二读写装置根据密钥响应包获得电子标签消息MSG的明文。 本发明可以实现低性能电子标签数据的安全访问。