公开(公告)号：US09225728B2

公开(公告)日：2015-12-29

申请号：US13884749

申请日：2011-06-24

Applicant: Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qin Li

Inventor： Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qin Li

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/12 ,  H04L9/3255 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/0853

Abstract: The present invention discloses a method for anonymous entity identification, which comprises the following steps: an entity A transmits an RA and an IGA to an entity B; the entity B returns an RB, an IGB and a TokenBA to the entity A; the entity A sends an RA′, the RB, the IGA and the IGB to a credible third-party TP; the credible third-party TP checks the validity of a first group and a second group according to the IGA and the IGB; the credible third-party TP returns an RESGA, an RESGB, and a TokenTA to the entity A, or returns the RESGA, the RESGA, a TokenTA1 and a TokenTA2 to the entity A; and the entity A performs a verification after receiving them; the entity A sends a TokenAB to the entity B; and the entity B performs the verification after receiving it. In the present invention, there is no need to send the identity information of the entity to be identified to an opposite terminal, so that anonymous identity identification is realized.

Abstract translation: 本发明公开了一种匿名实体识别方法，包括以下步骤：实体A向实体B发送RA和IGA; 实体B向实体A返回RB，IGB和TokenBA; 实体A将RA'，RB，IGA和IGB发送到可信的第三方TP; 可靠的第三方TP根据IGA和IGB检查第一组和第二组的有效性; 可信第三方TP向实体A返回RESGA，RESGB和TokenTA，或将RESGA，RESGA，TokenTA1和TokenTA2返回给实体A; 实体A在接收到验证后进行验证; 实体A向实体B发送TokenAB; 并且实体B在接收到该验证之后执行验证。 在本发明中，不需要将要识别的实体的身份信息发送到对方终端，从而实现匿名身份识别。

公开(公告)号：US09038143B2

公开(公告)日：2015-05-19

申请号：US13879136

申请日：2011-03-15

Applicant: Zhiqiang Du ,  Manxia Tie ,  Zhenhai Huang ,  Jun Cao

Inventor： Zhiqiang Du ,  Manxia Tie ,  Zhenhai Huang ,  Jun Cao

IPC: G06F7/04 ,  H04L29/06

CPC classification number: H04L63/08

Abstract: A method and a system for network access control are provided, which are based on cipher code mechanism. After a visitor has raised an access request, an access controller in the destination network processes the access request and initiates an authentication request on the visitor identity to an authentication server through the visitor. The access controller in the destination network accomplishes the authentication on the visitor identity according to the public authentication result of the authentication server transferred by the visitor, and performs according to the authorization policy the authorization management on the successfully authenticated visitor. The present invention solves the problem of incapableness of performing the access control when the access controller can not directly use the authentication service provided by the authentication server. The present invention can sufficiently satisfy the real application requirements of access control on visitor.

Abstract translation: 提供了一种基于密码机制的网络访问控制方法和系统。 在访问者提出访问请求之后，目的地网络中的访问控制器处理访问请求，并通过访问者向认证服务器发起对访问者身份的认证请求。 目的地网络中的接入控制器根据访问者转发的认证服务器的公共认证结果对访客身份进行认证，并根据认证策略对成功认证的访问者进行授权管理。 本发明解决了当访问控制器不能直接使用认证服务器提供的认证服务时执行访问控制的不适用性的问题。 本发明可以充分满足访客访问控制的实际应用需求。

公开(公告)号：US08850190B2

公开(公告)日：2014-09-30

申请号：US13814899

申请日：2011-04-27

Applicant: Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

Inventor： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L9/0816 ,  H04L9/083 ,  H04L9/321 ,  H04L63/06 ,  H04L2463/062

Abstract: The present invention provides a secret communication method, apparatus and system. The method comprises: 1) determining a neighboring encryption switching equipment shared by a first user terminal and a second user terminal, wherein the first user terminal and the second user terminal are neighboring user terminals (1); 2) establishing, by the neighboring encryption switching equipment, an inter-station key for communication between the first user terminal and the second terminal (2); 3) performing data secret communication between the first user terminal and the second terminal by using the inter-station key (3). With the present invention, the neighboring user terminals needing to perform the secret communication can establish the inter-station key without performing identity authentication with each other, and can perform the secret communication with the inter-station key, and thereby the network load is reduced.

Abstract translation: 本发明提供一种秘密通信方法，装置和系统。 该方法包括：1）确定由第一用户终端和第二用户终端共享的相邻加密交换设备，其中第一用户终端和第二用户终端是相邻的用户终端（1）; 2）由相邻加密交换设备建立用于第一用户终端和第二终端（2）之间的通信的站间密钥; 3）使用站间密钥（3）执行第一用户终端与第二终端之间的数据秘密通信。 通过本发明，需要执行秘密通信的相邻用户终端可以建立站间密钥，而不进行彼此的身份认证，并且可以执行与站间密钥的秘密通信，从而减少网络负载 。

公开(公告)号：US08813199B2

公开(公告)日：2014-08-19

申请号：US13203645

申请日：2009-12-14

Applicant: Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

Inventor： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC: G06F15/16 ,  H04L29/06 ,  H04W12/06 ,  H04W84/12

CPC classification number: H04W12/06 ,  H04L63/08 ,  H04L63/10 ,  H04W84/12

Abstract: A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by an access controller is constructed through splitting the MAC function and the WAPI function of the wireless access point apart to a wireless terminal point and the access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the access controller realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station point by using WPI.

Abstract translation: 用于实现具有分离式媒体接入控制（MAC）模式的融合无线局域网（WLAN）认证和隐私基础设施（WAPI）网络架构的方法包括以下步骤：用于通过以下方式实现WLAN隐私基础设施（WPI）的分割MAC模式 通过将无线接入点的MAC功能和WAPI功能分离到无线终端点和接入控制器来构建接入控制器; 在接入控制器实现WPI的分割MAC模式下实现WAPI和融合WLAN网络系统架构的集成; 在站点，无线终端点和访问控制器之间执行关联连接处理; 执行在接入控制器和无线终端点之间通知执行WLAN认证基础设施（WAI）协议的开始的过程; 执行在站点和访问控制器之间执行WAI协议的过程; 执行用于在接入控制器和无线终端点之间通知执行WAI协议的结束的过程; 通过使用WPI在无线终端点和站点之间执行秘密通信处理。

公开(公告)号：US08750521B2

公开(公告)日：2014-06-10

申请号：US13320496

申请日：2009-12-14

Applicant: Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

Inventor： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC: H04L9/00 ,  H04L9/08 ,  H04L29/06 ,  G06F21/10 ,  H04W12/02 ,  H04W12/04

CPC classification number: H04L9/08 ,  G06F21/10 ,  H04L9/0838 ,  H04L63/062 ,  H04L63/205 ,  H04W12/02 ,  H04W12/04 ,  H04W36/0038 ,  H04W84/12

Abstract: The invention involves a method and a system for station (STA) switching when a wireless terminal point (WTP) completes wireless local area network (WLAN) privacy infrastructure (WPI) in a convergent WLAN. The method includes steps as follows. The STA implements re-association rebinding process with a target access controller (AC) over a target WTP. A base key is requested by the target AC from an associated AC. An associated WTP is informed to delete the STA by the associated AC, and the target WTP is informed to add the STA by the target AC. A session key is negotiated based on the requested base key by the STA and the target AC, and is synchronized between the target AC and the target WTP. The method enables fast and safe switching of the STA between WTPs under the control of different controllers in the convergent WLAN based on WAPI protocol.

Abstract translation: 本发明涉及无线终端（WTP）完成融合WLAN中的无线局域网（WLAN）隐私基础设施（WPI）时的站（STA）切换的方法和系统。 该方法包括以下步骤。 STA通过目标访问控制器（AC）在目标WTP上实现重新关联重新绑定过程。 来自相关AC的目标AC请求基本密钥。 通知关联的WTP通过关联的AC删除STA，通知目标WTP通过目标AC添加STA。 会话密钥基于STA和目标AC所请求的基本密钥进行协商，并在目标AC与目标WTP之间同步。 该方法能够在基于WAPI协议的融合WLAN中的不同控制器的控制下，在WTP之间快速，安全地切换STA。

公开(公告)号：US20130326584A1

公开(公告)日：2013-12-05

申请号：US13819698

申请日：2010-12-21

Applicant: Zhiqiang Du ,  Manxia Tie ,  Yanan Hu ,  Zhenhai Huang

Inventor： Zhiqiang Du ,  Manxia Tie ,  Yanan Hu ,  Zhenhai Huang

IPC: G06F21/30

CPC classification number: G06F21/30 ,  H04L9/3273 ,  H04L63/08 ,  H04L63/0884 ,  H04L2209/805

Abstract: A method and a system for entity authentication in a resource-limited network are provided by the present invention. Said method comprises the following steps: 1) entity A sends an authentication request message to entity B; 2) after receiving the authentication request message, entity B sends an authentication response message to entity A; and 3) entity A determines the validity of entity B according to the received authentication response message. The authentication between entities in a resource-limited network can be implemented by the application of the present invention.

Abstract translation: 本发明提供了一种资源有限的网络中用于实体认证的方法和系统。 所述方法包括以下步骤：1）实体A向实体B发送认证请求消息; 2）接收认证请求消息后，实体B向实体A发送认证响应消息; 3）实体A根据收到的认证响应消息确定实体B的有效性。 可以通过本发明的应用来实现资源有限的网络中的实体之间的认证。

公开(公告)号：US20130227289A1

公开(公告)日：2013-08-29

申请号：US13884712

申请日：2011-07-11

Applicant: Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qiongwen Liang

Inventor： Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qiongwen Liang

IPC: H04L29/06

CPC classification number: H04L63/0807 ,  H04L9/3213 ,  H04L9/3247 ,  H04L63/0421 ,  H04L2209/42 ,  H04M3/42008

Abstract: An anonymous entity authentication method includes the steps of: an entity B sending RB and IGB; an entity A sending RB, R′A, IGA and IGB to a trusted third party TP, the trusted third party TP checking a group GA and a group GB against IGA and IGB for legality; the trusted third party TP returning ResGA, ResGB and a token TokenTA or returning ResGA, ResGB, TokenTA1 and TokenTA2 to the entity A; the entity A sending TokenAB and IGA to the entity B for authentication by the entity B; and the entity B sending TokenBA to the entity A for authentication by the entity A. In this solution, anonymous entity authentication can be performed without passing identity information of the authenticated entity itself to the opposite entity. Furthermore this solution further relates to an anonymous entity authentication apparatus and a trusted third party.

Abstract translation: 匿名实体认证方法包括以下步骤：实体B发送RB和IGB; 实体A向受信任的第三方TP发送RB，R'A，IGA和IGB，可信第三方TP检查组GA，组GB对IGA和IGB进行合法性检查; 可信第三方TP返回ResGA，ResGB和令牌TokenTA或返回ResGA，ResGB，TokenTA1和TokenTA2到实体A; 实体A向实体B发送TokenAB和IGA以供实体B认证; 并且实体B向实体A发送TokenBA以进行实体A的认证。在该解决方案中，可以执行匿名实体认证，而不将认证实体本身的身份信息传递给相对实体。 此外，该解决方案还涉及匿名实体认证装置和可信第三方。

公开(公告)号：US20120114124A1

公开(公告)日：2012-05-10

申请号：US13382651

申请日：2009-12-29

Applicant: Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

Inventor： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

IPC: H04L9/08 ,  H04L9/14

CPC classification number: H04W12/04 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/0833 ,  H04L9/3228 ,  H04L9/3242 ,  H04L63/062 ,  H04L63/065 ,  H04L63/126 ,  H04L2209/38 ,  H04L2209/601 ,  H04L2209/805 ,  H04W12/06 ,  H04W84/18

Abstract: A method for combining authentication and secret keys management mechanism in a sensor network includes the following steps: 1) pre-distribution of the secret key, which includes 1.1) the pre-distribution of the communication secret key and 1.2) the pre-distribution of the initial broadcast message authentication secret key; 2) authentication, which includes 2.1) the authentication of the node identity and 2.2) the authentication of the broadcast message; and 3) negotiation of the session secret key by the nodes.

Abstract translation: 一种将认证和秘密密钥管理机制组合在传感器网络中的方法，包括以下步骤：1）秘密密钥的预分配，其中包括1.1）通信秘密密钥的预分配，以及1.2）预分发 初始广播消息认证密钥; 2）认证，其中包括2.1）节点身份认证和2.2）广播消息的认证; 3）节点会话密钥协商。

公开(公告)号：US20120060205A1

公开(公告)日：2012-03-08

申请号：US13320496

申请日：2009-12-14

Applicant: Manxia Tie ,  Jun Cao ,  Zhiqiang Du ,  Xiaolong Lai ,  Zhenhai Huang

Inventor： Manxia Tie ,  Jun Cao ,  Zhiqiang Du ,  Xiaolong Lai ,  Zhenhai Huang

IPC: H04W12/04

CPC classification number: H04L9/08 ,  G06F21/10 ,  H04L9/0838 ,  H04L63/062 ,  H04L63/205 ,  H04W12/02 ,  H04W12/04 ,  H04W36/0038 ,  H04W84/12

Abstract: The invention involves a method and a system for station (STA) switching when a wireless terminal point (WTP) completes wireless local area network (WLAN) privacy infrastructure (WPI) in a convergent WLAN. The method includes steps as follows. The STA implements re-association rebinding process with a target access controller (AC) over a target WTP. A base key is requested by the target AC from an associated AC. An associated WTP is informed to delete the STA by the associated AC, and the target WTP is informed to add the STA by the target AC. A session key is negotiated based on the requested base key by the STA and the target AC, and is synchronized between the target AC and the target WTP. The method enables fast and safe switching of the STA between WTPs under the control of different controllers in the convergent WLAN based on WAPI protocol.

Abstract translation: 本发明涉及无线终端（WTP）完成融合WLAN中的无线局域网（WLAN）隐私基础设施（WPI）时的站（STA）切换的方法和系统。 该方法包括以下步骤。 STA通过目标访问控制器（AC）在目标WTP上实现重新关联重新绑定过程。 来自相关AC的目标AC请求基本密钥。 通知关联的WTP通过关联的AC删除STA，通知目标WTP通过目标AC添加STA。 会话密钥基于STA和目标AC所请求的基本密钥进行协商，并在目标AC与目标WTP之间同步。 该方法能够在基于WAPI协议的融合WLAN中的不同控制器的控制下，在WTP之间快速，安全地切换STA。

公开(公告)号：US20110307943A1

公开(公告)日：2011-12-15

申请号：US13203645

申请日：2009-12-14

Applicant: Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

Inventor： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC: H04W12/06 ,  H04W12/04 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L63/08 ,  H04L63/10 ,  H04W84/12

Abstract: A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by an access controller is constructed through splitting the MAC function and the WAPI function of the wireless access point apart to a wireless terminal point and the access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the access controller realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station point by using WPI.

Abstract translation: 用于实现具有分离式媒体接入控制（MAC）模式的融合无线局域网（WLAN）认证和隐私基础设施（WAPI）网络架构的方法包括以下步骤：用于通过以下方式实现WLAN隐私基础设施（WPI）的分割MAC模式 通过将无线接入点的MAC功能和WAPI功能分离到无线终端点和接入控制器来构建接入控制器; 在接入控制器实现WPI的分割MAC模式下实现WAPI和融合WLAN网络系统架构的集成; 在站点，无线终端点和访问控制器之间执行关联连接处理; 执行在接入控制器和无线终端点之间通知执行WLAN认证基础设施（WAI）协议的开始的过程; 执行在站点和访问控制器之间执行WAI协议的过程; 执行用于在接入控制器和无线终端点之间通知执行WAI协议的结束的过程; 通过使用WPI在无线终端点和站点之间执行秘密通信处理。