公开(公告)号：US10038561B2

公开(公告)日：2018-07-31

申请号：US14911143

申请日：2014-08-14

Applicant: CHINA IWNCOMM CO., LTD.

Inventor： Zhiyong Li ,  Hongtao Wan ,  Xiang Yan

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/30 ,  H04L9/08

CPC classification number: H04L9/3252 ,  H04L9/0861 ,  H04L9/3066

Abstract: Disclosed are a method and device for generating a digital signature. The method comprises: a device generating a digital signature parameter r that meets an effective determining condition; generating a digital signature parameter s according to the following formula s=((1+dA)−1·(r+k)−r)mod n, by using a private key dA, a random number k, r, and an elliptic curve parameter n, a value range of k being [1, n−1]; determining if the generated s is 0; if s is 0, regenerating r that meets the effective determining condition, and regenerating s by using dA, the regenerated k with the value range of [1, n−1] and the regenerated r and n, until s is not 0; converting data types of r and s that is not 0 into byte strings, to obtain a digital signature (r, s). According to the technical solutions provided by embodiments of this application, a digital signature parameter s is obtained by using a simplified calculation formula, and the number of times that big integers are calculated can be reduced, so that the calculation efficiency of generating a digital signature based on an SM2 digital signature generation algorithm is improved.

公开(公告)号：US09313026B2

公开(公告)日：2016-04-12

申请号：US14361750

申请日：2012-11-26

Applicant: China IWNCOMM Co., Ltd.

Inventor： Zhiyong Li ,  Xiang Yan

IPC: H04L9/08 ,  H04L9/30 ,  H04L9/14

CPC classification number: H04L9/0819 ,  H04L9/0869 ,  H04L9/14 ,  H04L9/3033 ,  H04L9/3066 ,  H04L2209/24

Abstract: The invention relates to the technical field of information, and disclosed in the present invention are a key negotiation method and apparatus according to the SM2 key exchange protocol. The method is implemented as follows: two negotiation parties both calculate a parameter W according to the minimum positive integer value in the permissible values of X which enable an inequality n≦2X to hold, and perform key negotiation with the opposite negotiation party according to the parameter W. Compared with a method for calculating the parameter W through calculating log 2 (n) logarithmic value firstly and then rounding up the logarithmic value, the method disclosed by the invention has the advantages that the calculated amount is effectively reduced, and the implementation complexity of an algorithm is reduced, thereby greatly improving the implementation efficiency of the key negotiation process based on the SM2 key exchange protocol, and then optimizing the engineering implementation of the SM2 key exchange protocol.

Abstract translation: 本发明涉及信息技术领域，在本发明中公开的是根据SM2密钥交换协议的密钥协商方法和装置。 该方法实现如下：两个协商方根据X的允许值中的最小正整数值计算参数W，使得不等式n＆nlE; 2X保持不变，并根据相应协商方进行密钥协商 参数W.与通过首先计算log 2（n）对数值然后舍入对数值的方法计算参数W的方法相比，本发明公开的方法具有计算量有效降低的优点，并且实现 降低了算法的复杂度，从而大大提高了基于SM2密钥交换协议的密钥协商过程的实现效率，然后优化了SM2密钥交换协议的工程实现。

公开(公告)号：US20150172043A1

公开(公告)日：2015-06-18

申请号：US14408276

申请日：2013-06-09

Applicant: China IWNCOMM Co., LTD.

Inventor： Zhiyong Li ,  Jun Cao ,  Xiang Yan

IPC: H04L9/06 ,  H04L9/16 ,  H04L9/32

CPC classification number: H04L9/0631 ,  G09C1/00 ,  H04L9/065 ,  H04L9/16 ,  H04L9/3263 ,  H04L2209/122

Abstract: Disclosed are a method for conducting data encryption and decryption using a symmetric cryptography algorithm and a table look-up device. The method comprises: when it is determined that it is required to use S-boxes to look up a table in a symmetric cryptography algorithm, determining all types of S-boxes to be used; for each type of S-box, determining the total number Ni of the type of S-box, and when Ni is larger than 1, determining that the type of S-box meets a multiplexing condition; and when data encryption and decryption are conducted using the symmetric cryptography algorithm, multiplexing at least one type of S-box which meets the multiplexing condition. The present application can reduce the occupation by the symmetric cryptography algorithm of hardware resources under the condition of comparative shortage of hardware resources.

Abstract translation: 公开了使用对称加密算法和表查找装置进行数据加密和解密的方法。 该方法包括：当确定需要使用S盒来查找对称加密算法中的表时，确定要使用的所有类型的S盒; 对于每种类型的S盒，确定S盒类型的总数Ni，并且当Ni大于1时，确定S盒的类型满足多路复用条件; 并且当使用对称加密算法进行数据加密和解密时，复用满足复用条件的至少一种类型的S盒。 在硬件资源比较短缺的情况下，本应用可以减少硬件资源对称密码算法的占用。

公开(公告)号：US20160191252A1

公开(公告)日：2016-06-30

申请号：US14911143

申请日：2014-08-14

Applicant: CHINA IWNCOMM CO., LTD.

Inventor： Zhiyong Li ,  Hongtao Wan ,  Xiang Yan

IPC: H04L9/32 ,  H04L9/30 ,  H04L9/08

CPC classification number: H04L9/3252 ,  H04L9/0861 ,  H04L9/3066

Abstract: Disclosed are a method and device for generating a digital signature. The method comprises: a device generating a digital signature parameter r that meets an effective determining condition; generating a digital signature parameter s according to the following formula s=((1+dA)−1·(r+k)−r)mod n, by using a private key dA, a random number k, r, and an elliptic curve parameter n, a value range of k being [1, n−1]; determining if the generated s is 0; if s is 0, regenerating r that meets the effective determining condition, and regenerating s by using dA, the regenerated k with the value range of [1, n−1] and the regenerated r and n, until s is not 0; converting data types of r and s that is not 0 into byte strings, to obtain a digital signature (r, s). According to the technical solutions provided by embodiments of this application, a digital signature parameter s is obtained by using a simplified calculation formula, and the number of times that big integers are calculated can be reduced, so that the calculation efficiency of generating a digital signature based on an SM2 digital signature generation algorithm is improved.

Abstract translation: 公开了一种用于生成数字签名的方法和装置。 该方法包括：产生满足有效判定条件的数字签名参数r的装置; 通过使用私钥dA，随机数k，r和椭圆形，根据以下公式s =（（1 + dA）-1·（r + k）-r）mod n生成数字签名参数s 曲线参数n，k的值范围为[1，n-1]; 确定生成的s是否为0; 如果s为0，则再生满足有效判定条件的r，并使用dA再生s，再生k的值范围为[1，n-1]，再生r和n，直到s不为0; 将不为0的r和s的数据类型转换为字节串，以获得数字签名（r，s）。 根据本申请实施例提供的技术方案，通过使用简化的计算公式获得数字签名参数s，并且可以减少计算大整数的次数，从而生成数字签名的计算效率 基于SM2数字签名生成算法得到改进。

公开(公告)号：US09374218B2

公开(公告)日：2016-06-21

申请号：US14408276

申请日：2013-06-09

Applicant: China IWNCOMM Co., LTD.

Inventor： Zhiyong Li ,  Jun Cao ,  Xiang Yan

IPC: G06F21/00 ,  H04L9/06 ,  G09C1/00 ,  H04L9/16 ,  H04L9/32

CPC classification number: H04L9/0631 ,  G09C1/00 ,  H04L9/065 ,  H04L9/16 ,  H04L9/3263 ,  H04L2209/122

Abstract: Disclosed are a method for conducting data encryption and decryption using a symmetric cryptography algorithm and a table look-up device. The method comprises: when it is determined that it is required to use S-boxes to look up a table in a symmetric cryptography algorithm, determining all types of S-boxes to be used; for each type of S-box, determining the total number Ni of the type of S-box, and when Ni is larger than 1, determining that the type of S-box meets a multiplexing condition; and when data encryption and decryption are conducted using the symmetric cryptography algorithm, multiplexing at least one type of S-box which meets the multiplexing condition. The present application can reduce the occupation by the symmetric cryptography algorithm of hardware resources under the condition of comparative shortage of hardware resources.

Abstract translation: 公开了使用对称加密算法和表查找装置进行数据加密和解密的方法。 该方法包括：当确定需要使用S盒来查找对称加密算法中的表时，确定要使用的所有类型的S盒; 对于每种类型的S盒，确定S盒类型的总数Ni，并且当Ni大于1时，确定S盒的类型满足多路复用条件; 并且当使用对称加密算法进行数据加密和解密时，复用满足复用条件的至少一种类型的S盒。 在硬件资源比较短缺的情况下，本应用可以减少硬件资源对称密码算法的占用。

公开(公告)号：US11363010B2

公开(公告)日：2022-06-14

申请号：US16482463

申请日：2018-02-13

Applicant: CHINA IWNCOMM CO., LTD.

Inventor： Yuehui Wang ,  Bianling Zhang ,  Manxia Tie ,  Xiaolong Lai ,  Qin Li ,  Weigang Tong ,  Guoqiang Zhang ,  Zhiqiang Du ,  Xiang Yan

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/08 ,  H04L9/32

Abstract: A method and device for managing a digital certificate are provided. A digital certificate requesting device negotiates with a digital certificate issuing device by using an acquired authorization code, to establish a security data channel and generate a security key, and messages can be encrypted with the generated data communication key during a process of message interaction between the digital certificate requesting device and the digital certificate issuing device, thereby effectively increasing the security in data transmission. The method and device are applicable for automatically requesting for, querying, updating, revoking a digital certificate and acquiring a digital certificate revocation list in various scenarios.

公开(公告)号：US20180331831A1

公开(公告)日：2018-11-15

申请号：US15766312

申请日：2016-08-11

Applicant: China IWNCOMM Co., LTD.

Inventor： Zhiqiang Du ,  Bianling Zhang ,  Qin Li ,  Xiang Yan ,  Guoqiang Zhang

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L9/321 ,  H04L9/0869 ,  H04L29/06 ,  H04L63/061 ,  H04L63/0807 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/0876

Abstract: Provided are an entity identity validity verification method and device with multiple trusted third parties being involved. In the application, validity of identities of entities performing mutual identity validity verification can only be verified by different trusted third parties. During the verification process, the trusted third parties that are respectively trusted by the two entities interact with each other, and provide services for verifying validity of an identity of one entity by the other entity, to complete identity validity verification between the entities.

公开(公告)号：US11751052B2

公开(公告)日：2023-09-05

申请号：US16482475

申请日：2018-02-27

Applicant: CHINA IWNCOMM CO., LTD.

Inventor： Yucun Tian ,  Wei Zhang ,  Weigang Tong ,  Xiang Yan

IPC: H04W48/08 ,  H04W12/069 ,  H04W12/06 ,  H04W12/69

CPC classification number: H04W12/069 ,  H04W12/068 ,  H04W12/69 ,  H04W48/08

Abstract: Disclosed in the present invention are a credential information processing method and apparatus for network connection, and an application (APP). The method comprises: in response to an instruction for applying for a network credential for a second terminal, a first terminal sends a first credential downloading request to a server; the first terminal receives first credential information sent by the server; and the second terminal receives the first credential information sent directly by the first terminal from a system memory of the first terminal and a network identifier of a wireless network to be connected, the second terminal stores the first credential information directly into a secure storage region of the second terminal from a system memory of the second terminal, and the second terminal connects a wireless network corresponding to the network identifier by using the first credential information in the secure storage region.

公开(公告)号：US11323433B2

公开(公告)日：2022-05-03

申请号：US16645149

申请日：2018-09-07

Applicant: CHINA IWNCOMM CO., LTD.

Inventor： Yuehui Wang ,  Bianling Zhang ,  Manxia Tie ,  Xiaolong Lai ,  Qin Li ,  Weigang Tong ,  Guoqiang Zhang ,  Zhiqiang Du ,  Xiang Yan

IPC: H04L29/06 ,  H04L9/32

Abstract: Provided in the present invention are a digital credential management method and a device, the method comprising: a digital credential application device negotiating establishment of a secure data channel with a digital credential issuing device, and sending to the digital credential issuing device a digital credential management request message; the digital credential issuing device receiving the message, and sending to the digital credential application device a digital credential management verification request message; the digital credential application device receiving the verification request message, and sending to the digital credential issuing device a digital credential management verification response message; the digital credential issuing device receiving the digital credential management verification response message, and sending to the digital credential application device a digital credential management response message; the digital credential application device receiving the digital credential management response message, and sending to the digital credential issuing device a digital credential management confirmation message.

公开(公告)号：US10652029B2

公开(公告)日：2020-05-12

申请号：US15765223

申请日：2016-08-23

Applicant: China IWNCOMM Co., LTD.

Inventor： Zhiqiang Du ,  Bianling Zhang ,  Qin Li ,  Xiang Yan ,  Guoqiang Zhang

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/30

Abstract: Provided are an entity identity validity verification method and device with multiple trusted third parties being involved. In the application, validity of identities of entities performing mutual identity validity verification can only be verified by different trusted third parties. During the verification process, the trusted third parties that are respectively trusted by the two entities interact with each other, and provide services for mutual identity validity verification between the entities, to complete the identity validity verification between the entities.