公开(公告)号：US07984298B2

公开(公告)日：2011-07-19

申请号：US11848092

申请日：2007-08-30

申请人： Jiwei Wei ,  Xuyan Fan ,  Chao Li

发明人： Jiwei Wei ,  Xuyan Fan ,  Chao Li

IPC分类号： H04L9/32

CPC分类号： H04L63/0869 ,  H04L63/061 ,  H04L63/0807 ,  H04L63/205 ,  H04W12/04 ,  H04W12/06

摘要： The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.

摘要翻译： 本发明公开了一种基于移动网络的端到端通信认证方法，应用于包括请求业务的第一业务实体，提供业务的第二业务实体和实体认证中心EAC; 分别根据协商的认证方式在第一服务实体和EAC之间以及第二服务实体与EAC之间进行相互认证; 如果所述第一服务实体请求所述第二服务实体提供所述服务，则所述EAC根据协商的认证方式提供询问所述第一服务实体和所述第二服务实体的认证，并根据协商的认证方式生成共享导出密钥; 所述第一服务实体和所述第二服务实体根据所述共享导出密钥和所述协商认证方式彼此认证，并且生成用于保护所述服务的会话密钥。

公开(公告)号：US20090307492A1

公开(公告)日：2009-12-10

申请号：US12537659

申请日：2009-08-07

申请人： Zhenfu CAO ,  Xiaolei DONG ,  Rongxing LU ,  Zhenchuan CHAI ,  Jiwei WEI

发明人： Zhenfu CAO ,  Xiaolei DONG ,  Rongxing LU ,  Zhenchuan CHAI ,  Jiwei WEI

IPC分类号： H04L9/32

CPC分类号： H04L63/0869 ,  H04L9/0844 ,  H04L9/3073

摘要： A bidirectional authentication method, a system, and a network device, that relates to network information security are provided. The method may include: a network device configured to generate an inspection parameter according to a public key of the peer network device and a private key of the network device, the public key and the private key of the network device being generated according to an identifier of the network device. The network device may perform reciprocal authentication according to the inspection parameter generated by the network device and an inspection parameter sent by the peer network device. A system and a network device for bidirectional authentication are also provided herein. As such, extra calculation caused by certificate authentication may be reduced, and thus provide a more secure and reliable system having a simplified key management.

摘要翻译： 提供了与网络信息安全相关的双向认证方法，系统和网络设备。 该方法可以包括：网络设备，被配置为根据对等网络设备的公钥和网络设备的私钥，根据标识符生成的网络设备的公开密钥和私钥来生成检查参数 的网络设备。 网络设备可以根据由网络设备产生的检查参数和对等网络设备发送的检查参数来进行互认认证。 本文还提供了用于双向认证的系统和网络设备。 因此，可以减少由证书认证引起的额外计算，从而提供具有简化的密钥管理的更安全和可靠的系统。

公开(公告)号：US20070088948A1

公开(公告)日：2007-04-19

申请号：US11580591

申请日：2006-10-13

申请人： Changfeng Ji ,  Jiwei Wei ,  Shuling Liu ,  Zhibin Zheng

发明人： Changfeng Ji ,  Jiwei Wei ,  Shuling Liu ,  Zhibin Zheng

IPC分类号： H04L9/00

CPC分类号： H04L63/102 ,  H04L63/145 ,  H04L67/34 ,  H04W8/22 ,  H04W8/245 ,  H04W12/08 ,  H04W12/12

摘要： A correlative reacting system and a method for implementing security update of mobile station. The correlative reacting system includes a security correlative agent at a terminal side and a security correlative server at a network side communicated with the security correlative agent via an air interface. In the present invention, the correlative reacting system performs an information interaction with the mobile station, controls the mobile station to carry out an automatic security update. The automatic security update includes automatic downloading and installation, update of the security correlative agent, and automatic recovery of the insecurity factors of the mobile station and the like.

摘要翻译： 一种相关的反应系统和一种实现移动台安全更新的方法。 相关反应系统包括终端侧的安全相关代理和网络侧的安全相关服务器，其通过空中接口与安全性相关代理进行通信。 在本发明中，相关反应系统与移动台进行信息交互，控制移动台进行自动安全更新。 自动安全更新包括自动下载和安装，安全相关代理的更新以及移动台的不安全因素的自动恢复等。

公开(公告)号：US08539249B2

公开(公告)日：2013-09-17

申请号：US11584364

申请日：2006-10-20

申请人： Jiwei Wei ,  Zhibin Zheng ,  Chao Li

发明人： Jiwei Wei ,  Zhibin Zheng ,  Chao Li

IPC分类号： G06F21/00

CPC分类号： G06F21/42 ,  G06F21/6218 ,  G06F2221/2113 ,  G06F2221/2115 ,  G06F2221/2137 ,  H04L9/3231 ,  H04L9/3263

摘要： A system and a method for security authentication, in which a biometric authentication subsystem in the security authentication system receives a biometric certificate held by the user and the user's biometric information from a user terminal; the biometric certificate contains the user's biometric template or the storage address of the biometric template; next, the biometric authentication subsystem authenticates the biometric certificate, performs matching between the biometric information and the biometric template, and generates the identity authentication result. The invention can also combine biometric authentication with PMI privilege authentication, so as to enhance security of identity authentication in PMI and widen applicability of biometric authentication.

摘要翻译： 一种用于安全认证的系统和方法，其中安全认证系统中的生物认证子系统从用户终端接收用户所持有的生物特征证书和用户的生物特征信息; 生物特征证书包含用户的生物特征模板或生物识别模板的存储地址; 接下来，生物认证子系统认证生物特征证书，执行生物特征信息与生物特征模板之间的匹配，并生成身份认证结果。 本发明还可以将生物识别认证与PMI特权认证结合起来，提升PMI身份认证的安全性，拓宽生物认证的适用性。

公开(公告)号：US20110258447A1

公开(公告)日：2011-10-20

申请号：US13160152

申请日：2011-06-14

申请人： Jiwei WEI ,  Xuyan FAN ,  Chao LI

发明人： Jiwei WEI ,  Xuyan FAN ,  Chao LI

IPC分类号： H04L9/32

CPC分类号： H04L63/0869 ,  H04L63/061 ,  H04L63/0807 ,  H04L63/205 ,  H04W12/04 ,  H04W12/06

摘要： The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.

摘要翻译： 本发明公开了一种基于移动网络的端到端通信认证方法，应用于包括请求业务的第一业务实体，提供业务的第二业务实体和实体认证中心EAC; 分别根据协商的认证方式在第一服务实体和EAC之间以及第二服务实体与EAC之间进行相互认证; 如果所述第一服务实体请求所述第二服务实体提供所述服务，则所述EAC根据协商的认证方式提供询问所述第一服务实体和所述第二服务实体的认证，并根据协商的认证方式生成共享导出密钥; 所述第一服务实体和所述第二服务实体根据所述共享导出密钥和所述协商认证方式彼此认证，并且生成用于保护所述服务的会话密钥。

公开(公告)号：US20090271635A1

公开(公告)日：2009-10-29

申请号：US12388315

申请日：2009-02-18

申请人： Hongwei Liu ,  Shuling Liu ,  Jiwei Wei ,  Bing Liu

发明人： Hongwei Liu ,  Shuling Liu ,  Jiwei Wei ,  Bing Liu

IPC分类号： G06F21/00

CPC分类号： G06F21/32 ,  G06Q20/3578 ,  G06Q20/388 ,  G06Q20/405 ,  G06Q20/40975 ,  G07C9/00158 ,  G07F7/1008 ,  G07F7/122 ,  H04L9/3231 ,  H04L9/3263 ,  H04L9/3273 ,  H04L2209/56

摘要： The present invention discloses a method and system for authentication. The method for authentication includes: acquiring the privilege security level corresponding to a client-end; inquiring the identity security level corresponding to the privilege security level according to an established relation of association between privilege security level and identity security level; determining the authentication parameters for identity authentication according to the identity security level; performing identity authentication on the client-end using the authentication parameters; and obtaining an authentication result. The identity authentication and privilege authentication are combined, and identity authentication is performed according to the identity security level in accord with the privilege security level so that rules of identity authentication can be adjusted, and the flexibility of the process of authentication may be improved.

摘要翻译： 本发明公开了一种认证方法和系统。 验证方法包括：获取对应于客户端的特权安全级别; 根据特权安全级别与身份认证级别之间建立的关联关系，查询对应于特权安全级别的身份安全级别; 根据身份安全级别确定身份认证的认证参数; 使用认证参数在客户端执行身份认证; 并获得认证结果。 组合身份认证和特权认证，根据身份认证安全级别，根据特权安全级别进行身份认证，从而可以调整身份认证规则，提高认证过程的灵活性。

公开(公告)号：US20080065895A1

公开(公告)日：2008-03-13

申请号：US11697601

申请日：2007-04-06

申请人： Shuling Liu ,  Jiwei Wei ,  Chao Li

发明人： Shuling Liu ,  Jiwei Wei ,  Chao Li

IPC分类号： H04L9/00

CPC分类号： H04L9/3231 ,  H04L9/3263 ,  H04L63/0861

摘要： Methods and systems for implementing authentication on information security are disclosed, and the process includes: receiving from a user an access request which carries an attribute certificate, wherein the attribute certificate includes an extension identifier for indicating a biometric certificate associated with the attribute certificate; acquiring the biometric certificate, determining, according to the extension identifier, whether the acquired biometric certificate is associated with the attribute certificate carried in the access request; if the biometric certificate is associated with the attribute certificate, acquiring biometric feature data of the user, and performing identity authentication based on the biometric feature data and the biometric certificate; performing privilege authentication based on the attribute certificate; and controlling the access based on the results of the identity authentication and privilege authentication. A corresponding relation is established between the privilege authentication and the identity authentication so that the privilege management can be performed accurately and reliably.

摘要翻译： 公开了实现信息安全认证的方法和系统，该过程包括：从用户接收携带属性证书的访问请求，其中属性证书包括用于指示与属性证书相关联的生物特征证书的扩展标识符; 获取所述生物特征证书，根据所述扩展标识确定所获取的生物特征证书是否与所述访问请求中携带的属性证书相关联; 如果所述生物特征证书与所述属性证书相关联，则获取所述用户的生物特征数据，并且基于所述生物特征数据和所述生物特征证书执行身份认证; 基于属性证书执行特权认证; 并根据身份认证和特权认证的结果来控制访问。 在特权认证和身份认证之间建立对应关系，使得权限管理能够准确可靠地执行。

公开(公告)号：US08738914B2

公开(公告)日：2014-05-27

申请号：US12482821

申请日：2009-06-11

申请人： Zhenfu Cao ,  Xiaolei Dong ,  Jun Shao ,  Jiwei Wei

发明人： Zhenfu Cao ,  Xiaolei Dong ,  Jun Shao ,  Jiwei Wei

IPC分类号： H04L9/00

CPC分类号： H04L9/0841

摘要： The embodiments of the present disclosure disclose a method and apparatus for reducing the parameter transmission bandwidth. The parameter sender reduces the values of the parameters before sending the parameters to the parameter receiver. This scheme reduces the bandwidth consumed during parameter transmission, thus makes the transmission more efficient. The embodiment of the present disclosure also discloses a method for key exchange. This method reduces the values of the transmission parameters before sending the transmission parameters. This saves the bandwidth compared with the protocol in the prior art. Besides, the embodiment of the present disclosure discloses a system for key exchange. The parameter sender sends the transmission parameters to the bandwidth processing unit. The bandwidth processing unit performs a modulo operation on the received transmission parameters and then sends the processed transmission parameters to the parameter receiver, thus reducing the bandwidth consumed in the transmission of transmission parameters.

摘要翻译： 本公开的实施例公开了一种用于减少参数传输带宽的方法和装置。 在将参数发送给参数接收器之前，参数发送器减少参数的值。 该方案减少参数传输期间消耗的带宽，从而使传输更有效率。 本公开的实施例还公开了一种用于密钥交换的方法。 该方法在发送传输参数之前减少传输参数的值。 这节省了与现有技术中的协议相比的带宽。 此外，本公开的实施例公开了一种用于密钥交换的系统。 参数发送方将传输参数发送到带宽处理单元。 带宽处理单元对所接收的传输参数进行模运算，然后将经处理的传输参数发送到参数接收机，从而减少传输参数传输中消耗的带宽。

公开(公告)号：US20070089165A1

公开(公告)日：2007-04-19

申请号：US11549186

申请日：2006-10-13

申请人： Jiwei Wei ,  Zhibin Zheng ,  Shuling Liu

发明人： Jiwei Wei ,  Zhibin Zheng ,  Shuling Liu

IPC分类号： H04L9/32

CPC分类号： H04L51/12 ,  H04L63/0227 ,  H04L63/104 ,  H04L63/1433

摘要： This invention provides a method and system for network security control. A server at the network side analyzes local security correlation information collected and reported by terminal devices, and determines a security strategy according to the result of the analysis. Since correlative reacting between the network side and the terminal side is implemented and the security strategy is established according to the information from the terminal devices, threats against security from a terminal device can be resisted from the beginning. A relative large number of information sources can be taken into account when determining the security strategy such that the determined security strategy is more reasonable and accurate. Furthermore, a differential security service can be provided for terminal devices with different subscriber levels. This invention also provides a method and system for preventing junk mails based on the concept of correlative reacting between a terminal and a server.

摘要翻译： 本发明提供了一种用于网络安全控制的方法和系统。 网络侧的服务器分析终端设备收集和报告的本地安全关联信息，并根据分析结果确定安全策略。 由于实现了网络侧和终端侧的相关反应，根据终端设备的信息建立安全策略，从一开始就可以抵制来自终端设备的安全威胁。 在确定安全策略时，可以考虑相对较大数量的信息源，使得确定的安全策略更为合理和准确。 此外，可以为具有不同订户级别的终端设备提供差分安全服务。 本发明还提供了一种基于终端和服务器之间的相关反应概念来防止垃圾邮件的方法和系统。

公开(公告)号：US08769669B2

公开(公告)日：2014-07-01

申请号：US13366011

申请日：2012-02-03

申请人： Zhengyi Le ,  Xinwen Zhang ,  John Waclawsky ,  Jiwei Wei

发明人： Zhengyi Le ,  Xinwen Zhang ,  John Waclawsky ,  Jiwei Wei

IPC分类号： G06F21/00 ,  G06F21/36 ,  H04W12/06

CPC分类号： G06F21/36 ,  G06F21/316 ,  G06F2221/2111 ,  G06F2221/2133 ,  H04W12/06

摘要： A user device comprising a processor configured to enable a mnemonic based digital signature scheme for user authentication that is based on a combination of one or more secrets and one or more actions implemented on the user device and associated with the secrets, and a device input system coupled to the processor and configured to detect the actions implemented on the user device. Also disclosed is an apparatus comprising a processor configured to implement a mnemonic based digital signature for authenticating a user, a device input system configured to enable the mnemonic based digital signature, and a memory unit configured to store input data that is used to recognize the mnemonic based digital signature, wherein the mnemonic based digital signature comprises a secret, an action associated with the secret and implemented using the device input system, and a cue associated with the action.

摘要翻译： 一种用户设备，包括：处理器，被配置为使得基于用户认证的基于助记符的数字签名方案是基于一个或多个秘密的组合以及在所述用户设备上实现并与所述秘密相关联的一个或多个动作的组合，以及设备输入系统 耦合到处理器并且被配置为检测在用户设备上实现的动作。 还公开了一种装置，包括被配置为实现用于认证用户的基于助记符的数字签名的处理器，被配置为启用基于助记符的数字签名的设备输入系统，以及被配置为存储用于识别助记符的输入数据的存储器单元 其中基于助记符的数字签名包括秘密，与秘密相关联并且使用设备输入系统实现的动作以及与该动作相关联的提示。