公开(公告)号：US08386772B2

公开(公告)日：2013-02-26

申请号：US12398580

申请日：2009-03-05

申请人： Hongguang Guan

发明人： Hongguang Guan

IPC分类号： H04L29/06

CPC分类号： H04L63/08 ,  H04L63/123 ,  H04L63/162

摘要： A method for generating a secure association key (SAK), a method for realizing medium access control security (MACsec) and a network device are provided. The method for generating an SAK includes the following steps. A sending key selection protocol (KSP) instance sends a key selection protocol data unit (KSPDU) to the other KSP instances in the same secure connectivity association (CA). The KSPDU includes a secure connectivity association key identifier (CKI) of the instance and information about a MACsec level that the sending KSP instance belongs to. If the receiving KSP instance and the sending KSP instance belong to the CA with the same MACsec level, an SAK is generated based on the KSPDU. The MACsec of multiple levels in a communication network and the secure MACsec network communication with multiple levels are realized, thus ensuring the confidentiality of the network communication.

摘要翻译： 提供了一种用于生成安全关联密钥（SAK）的方法，实现媒体访问控制安全（MACsec）的方法和网络设备。 生成SAK的方法包括以下步骤。 发送密钥选择协议（KSP）实例将密钥选择协议数据单元（KSPDU）发送到相同安全连接性关联（CA）中的其他KSP实例。 KSPDU包括实例的安全连接关联密钥标识符（CKI）和关于发送KSP实例所属的MACsec级别的信息。 如果接收的KSP实例和发送KSP实例属于具有相同MACsec级别的CA，则基于KSPDU生成SAK。 实现了通信网络中多级MACsec和多级安全MACsec网络通信，保证了网络通信的机密性。

公开(公告)号：US08112479B2

公开(公告)日：2012-02-07

申请号：US12403519

申请日：2009-03-13

申请人： Hongguang Guan

发明人： Hongguang Guan

IPC分类号： G06F15/16

CPC分类号： H04L67/104 ,  H04L61/1582 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1063

摘要： A method and system for establishing a peer to peer connection in a P2P network and a peer device in the P2P network, wherein the method comprises of the following: (1) a management node in the P2P network receives a resource request; (2) the management node selects one or more peers which meet the demand from a resource list established previously according to the logon information of the other peers in the P2P network to return it to a resource request peer; (3) the connection is established between the said resource request peer and the said peers which meet the demand.

摘要翻译： 一种用于在P2P网络和P2P网络中的对等设备建立对等连接的方法和系统，其中所述方法包括：（1）P2P网络中的管理节点接收资源请求; （2）管理节点根据P2P网络中的其他对等体的登录信息从先前建立的资源列表中选择满足需求的一个或多个对等体，将其返回给资源请求对等体; （3）在满足需求的所述资源请求对等体和所述对等体之间建立连接。

公开(公告)号：US20120011576A1

公开(公告)日：2012-01-12

申请号：US13234470

申请日：2011-09-16

申请人： Hongguang Guan ,  Xiaoyu Gong ,  Yungui Wang ,  Hongguang Li

发明人： Hongguang Guan ,  Xiaoyu Gong ,  Yungui Wang ,  Hongguang Li

IPC分类号： H04L9/32 ,  G06F15/16 ,  G06F21/00

CPC分类号： H04W12/06 ,  H04L63/062 ,  H04L63/0892 ,  H04W12/04

摘要： The present invention relates to mobile communications technologies, and discloses a method, device, and system for pre-authentication. A pre-authentication device receives a pre-authentication message that carries a pre-authentication option; determines a Mobile Node (MN) to be pre-authenticated according to the pre-authentication message; sends an authentication request message to an Authentication, Authorization and Accounting (AAA) server to request authentication of the MN; receives an authentication response message that is sent by the AAA server, where the authentication response message carries a pre-authentication key used between a Candidate Authenticator (CA) and the MN; and sends the pre-authentication key to the MN. Through implementation of the present invention, the pre-authentication key is obtained before the MN switches to the CA. In this way, security of communication is enhanced, and delay of switching and authentication is shortened.

摘要翻译： 本发明涉及移动通信技术，并且公开了一种用于预认证的方法，设备和系统。 预认证装置接收携带预认证选项的预认证消息; 根据所述预认证消息确定要进行预认证的移动节点（MN）; 向认证，授权和计费（AAA）服务器发送认证请求消息，以请求MN的认证; 接收由AAA服务器发送的认证响应消息，其中认证响应消息携带候选认证者（CA）和MN之间使用的预认证密钥; 并将预认证密钥发送给MN。 通过实施本发明，在MN切换到CA之前获得预认证密钥。 以这种方式，通信的安全性得到增强，并且交换和认证的延迟被缩短。

公开(公告)号：US20090232011A1

公开(公告)日：2009-09-17

申请号：US12465184

申请日：2009-05-13

申请人： Jijun Li ,  Yuping Zhao ,  Hongguang Guan

发明人： Jijun Li ,  Yuping Zhao ,  Hongguang Guan

IPC分类号： H04L12/26 ,  H04L12/56

CPC分类号： H04L43/50

摘要： A method, system, and apparatus for diagnosing a route in a network based on a Diameter protocol are provided. The method includes the following steps. A source Diameter node generates a diagnosis message and sends it. An intermediate Diameter node adds diagnosis information thereof to the diagnosis message after receiving it and forwards it until the diagnosis message is forwarded to a Diameter server capable of processing the diagnosis message or a Diameter node incapable of forwarding the diagnosis message. The Diameter server or the Diameter node generates a response message and sends it carrying diagnosis information thereof, information in the diagnosis message, and a response type. The intermediate Diameter node adds the diagnosis information thereof to the response message after receiving it, and forwards it until the response message is forwarded to the source Diameter node. The source Diameter node parses the response message to obtain route related information.

摘要翻译： 提供了一种基于Diameter协议来诊断网络中的路由的方法，系统和装置。 该方法包括以下步骤。 源Diameter节点生成诊断消息并将其发送。 中间Diameter节点在接收到诊断消息后将其诊断信息添加到诊断消息中，并将其转发直到诊断消息转发到能够处理诊断消息的Diameter服务器或不能转发诊断消息的Diameter节点。 Diameter服务器或Diameter节点生成一个响应消息并发送它携带其诊断信息，诊断消息中的信息和响应类型。 中间Diameter节点在接收到响应消息后将其诊断信息添加到响应消息中，并将其转发，直到响应消息转发到源Diameter节点。 源Diameter节点解析响应消息以获取路由相关信息。

公开(公告)号：US20090059920A1

公开(公告)日：2009-03-05

申请号：US12262521

申请日：2008-10-31

申请人： Hongguang GUAN

发明人： Hongguang GUAN

IPC分类号： H04L12/56

CPC分类号： H04L45/50 ,  H04L45/02 ,  H04L45/62 ,  H04L47/10 ,  H04Q11/0062 ,  H04Q2011/0077 ,  H04Q2011/0088

摘要： The present invention discloses a method for processing LMP packet carrying a control message, which includes: receiving the LMP packet carrying a control message from a peer LMP node, determining whether a state of a control channel is an available state according to the LMP packet, and updating or resetting a HelloDeadInterval timer if the control channel is in the available state. When the control channel is in the available state, the processed LMP packet is sent to the peer node, a new LMP packet carrying the control message is generated and sent to the peer node, and a HelloInterval timer is updated or reset. The present invention further provides a LMP processing unit and a LMP packet processing node.

摘要翻译： 本发明公开了一种处理携带控制消息的LMP包的方法，包括：从对等体LMP节点接收携带控制消息的LMP包，根据LMP包确定控制信道的状态是否为可用状态， 并且如果控制信道处于可用状态，则更新或重置HelloDeadInterval定时器。 当控制信道处于可用状态时，处理后的LMP报文被发送到对端节点，产生携带控制报文的新的LMP报文，发送给对端节点，更新或重置HelloInterval定时器。 本发明还提供一种LMP处理单元和一个LMP分组处理节点。

公开(公告)号：US08443419B2

公开(公告)日：2013-05-14

申请号：US13234470

申请日：2011-09-16

申请人： Hongguang Guan ,  Xiaoyu Gong ,  Yungui Wang ,  Hongguang Li

发明人： Hongguang Guan ,  Xiaoyu Gong ,  Yungui Wang ,  Hongguang Li

IPC分类号： H04L9/32 ,  H04L9/00

CPC分类号： H04W12/06 ,  H04L63/062 ,  H04L63/0892 ,  H04W12/04

摘要： The present invention relates to mobile communications technologies, and discloses a method, device, and system for pre-authentication. A pre-authentication device receives a pre-authentication message that carries a pre-authentication option; determines a Mobile Node (MN) to be pre-authenticated according to the pre-authentication message; sends an authentication request message to an Authentication, Authorization and Accounting (AAA) server to request authentication of the MN; receives an authentication response message that is sent by the AAA server, where the authentication response message carries a pre-authentication key used between a Candidate Authenticator (CA) and the MN; and sends the pre-authentication key to the MN. Through implementation of the present invention, the pre-authentication key is obtained before the MN switches to the CA. In this way, security of communication is enhanced, and delay of switching and authentication is shortened.

摘要翻译： 本发明涉及移动通信技术，并且公开了一种用于预认证的方法，设备和系统。 预认证装置接收携带预认证选项的预认证消息; 根据所述预认证消息确定要进行预认证的移动节点（MN）; 向认证，授权和计费（AAA）服务器发送认证请求消息，以请求MN的认证; 接收由AAA服务器发送的认证响应消息，其中认证响应消息携带候选认证者（CA）和MN之间使用的预认证密钥; 并将预认证密钥发送给MN。 通过实施本发明，在MN切换到CA之前获得预认证密钥。 以这种方式，通信的安全性得到增强，并且交换和认证的延迟被缩短。

公开(公告)号：US08055793B2

公开(公告)日：2011-11-08

申请号：US12393627

申请日：2009-02-26

申请人： Hongguang Guan

发明人： Hongguang Guan

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： H04L67/104 ,  H04L65/80 ,  H04L67/101 ,  H04L67/1063 ,  H04L67/1065 ,  H04L67/1068 ,  H04N21/4325 ,  H04N21/44004 ,  H04N21/4788

摘要： A method for reducing delay of playing media includes: a user node obtaining information on a list of nodes that can provide a desired program content; selects a best node among the nodes that can provide the program content corresponding to one or more time segments, wherein the program content is to be played in more than one time segment and the best node is closest to the user node among all the nodes; creating a connection with the selected best node; receiving media stream data of the program content from the best node; and playing the media stream data. An apparatus for reducing delay of media playing herein includes: a node information obtaining module, a best node selecting module, a connection creating module, and a playing module.

摘要翻译： 一种用于减少播放媒体的延迟的方法包括：用户节点获得关于可以提供所需节目内容的节点列表的信息; 选择可以提供与一个或多个时间段对应的节目内容的节点中的最佳节点，其中节目内容将在多于一个时间段中播放，并且最佳节点最接近所有节点中的用户节点; 创建与所选最佳节点的连接; 从最佳节点接收节目内容的媒体流数据; 并播放媒体流数据。 用于减少媒体播放延迟的装置包括：节点信息获取模块，最佳节点选择模块，连接创建模块和播放模块。

公开(公告)号：US07821963B2

公开(公告)日：2010-10-26

申请号：US12394602

申请日：2009-02-27

申请人： Hongguang Guan

发明人： Hongguang Guan

IPC分类号： G01R31/08 ,  G01F11/00 ,  H04L12/28 ,  H04L12/56

CPC分类号： H04L12/462 ,  H04L45/00 ,  H04L45/12 ,  H04L45/123 ,  H04L45/48

摘要： A method for root path calculation in a shortest path bridge, including: in the case that there are a plurality of equivalent paths whose total path cost to a root bridge is equal, determining a root path corresponding to the root bridge based on the minimum/maximum value of bridge ID in the plurality of equivalent paths. The method can generate symmetric paths for different root bridges under a multiple spanning tree circumstance of shortest path bridge.

摘要翻译： 一种在最短路径桥中进行根路径计算的方法，包括：在根桥的总路径开销相等的情况下，根据最小/最小路径桥的根路径确定根路径， 多个等效路径中的桥ID的最大值。 该方法可以在最短路径桥的多个生成树环境下生成不同根桥的对称路径。

公开(公告)号：US09118598B2

公开(公告)日：2015-08-25

申请号：US12415044

申请日：2009-03-31

申请人： Jijun Li ,  Jian Chen ,  Hongguang Guan

发明人： Jijun Li ,  Jian Chen ,  Hongguang Guan

IPC分类号： G06F15/173 ,  H04L12/717 ,  H04L12/701 ,  H04L12/751 ,  H04L12/721

CPC分类号： H04L45/42 ,  H04L45/00 ,  H04L45/02 ,  H04L45/70

摘要： A redirector, a relay, a system for configuring route information, and a method for updating route information are disclosed herein. The redirector includes: a route storing module and a route indicating module. The redirector further includes: a monitoring module which is coupled to communicate with the route storing module and configured to monitor change of the route configuration information; and a notifying module which is coupled to communicate with the monitoring module and configured to send a notification to the intermediate node managed by the redirector, where the notification indicates that the route information corresponding to the changed route configuration information is invalid. Through the foregoing solution, after the route configuration information changes, a notification may be sent in time to indicate that the previously subscribed route indication information is invalid, thus better ensuring correct forwarding of the service request message and improving the QoS.

摘要翻译： 本发明公开了一种重定向器，中继器，用于配置路由信息的系统以及更新路由信息的方法。 重定向器包括：路由存储模块和路由指示模块。 重定向器还包括：监控模块，其被耦合以与路由存储模块通信并被配置为监视路由配置信息的改变; 以及通知模块，其被耦合以与所述监视模块通信并且被配置为向所述重定向器管理的中间节点发送通知，其中所述通知指示对应于所述改变的路由配置信息的路由信息​​无效。 通过上述解决方案，在路由配置信息变化之后，可以及时发送通知，以指示先前订阅的路由指示信息是无效的，从而更好地确保服务请求消息的正确转发并提高QoS。

公开(公告)号：US08238363B2

公开(公告)日：2012-08-07

申请号：US12330918

申请日：2008-12-09

申请人： Hongguang Guan

发明人： Hongguang Guan

IPC分类号： H04W60/00

CPC分类号： H04W8/02 ,  H04L69/18 ,  H04W80/045

摘要： The disclosure provides a method and apparatus for a dual-stack Mobile Node (MN) to roam in an IPv4 network. The apparatus mainly includes a Foreign Home Agent (FHA). The method mainly includes: acquiring, by the MN, a temporary IPv4 address THOA that the FHA assigns to the MN, and registering its IPv4 Care-of Address (COA) in the FHA; and delivering, by the FHA, a packet between the MN and a Corresponding Node (CN) or Home Agent (HA), according to information about the IPv4 COA, which is assigned for the MN and has been registered by the MN in the FHA. With the method of the invention, a routing solution may be implemented for a dual-stack MN to roam from an IPv6 network to an IPv4 network.

摘要翻译： 本公开提供了一种双栈移动节点（MN）在IPv4网络中漫游的方法和装置。 该设备主要包括外籍居民代理（FHA）。 该方法主要包括：由MN获取FHA分配给MN的临时IPv4地址THOA，并在FHA中注册其IPv4转交地址（COA）; 以及由所述FHA在所述MN和对应节点（CN）或归属代理（HA）之间根据关于所述MN分配给MN并且已经由所述MN在FHA中注册的信息提供所述分组 。 利用本发明的方法，可以实现一种双栈MN从IPv6网络漫游到IPv4网络的路由解决方案。