公开(公告)号：US20090271635A1

公开(公告)日：2009-10-29

申请号：US12388315

申请日：2009-02-18

申请人： Hongwei Liu ,  Shuling Liu ,  Jiwei Wei ,  Bing Liu

发明人： Hongwei Liu ,  Shuling Liu ,  Jiwei Wei ,  Bing Liu

IPC分类号： G06F21/00

CPC分类号： G06F21/32 ,  G06Q20/3578 ,  G06Q20/388 ,  G06Q20/405 ,  G06Q20/40975 ,  G07C9/00158 ,  G07F7/1008 ,  G07F7/122 ,  H04L9/3231 ,  H04L9/3263 ,  H04L9/3273 ,  H04L2209/56

摘要： The present invention discloses a method and system for authentication. The method for authentication includes: acquiring the privilege security level corresponding to a client-end; inquiring the identity security level corresponding to the privilege security level according to an established relation of association between privilege security level and identity security level; determining the authentication parameters for identity authentication according to the identity security level; performing identity authentication on the client-end using the authentication parameters; and obtaining an authentication result. The identity authentication and privilege authentication are combined, and identity authentication is performed according to the identity security level in accord with the privilege security level so that rules of identity authentication can be adjusted, and the flexibility of the process of authentication may be improved.

摘要翻译： 本发明公开了一种认证方法和系统。 验证方法包括：获取对应于客户端的特权安全级别; 根据特权安全级别与身份认证级别之间建立的关联关系，查询对应于特权安全级别的身份安全级别; 根据身份安全级别确定身份认证的认证参数; 使用认证参数在客户端执行身份认证; 并获得认证结果。 组合身份认证和特权认证，根据身份认证安全级别，根据特权安全级别进行身份认证，从而可以调整身份认证规则，提高认证过程的灵活性。

公开(公告)号：US20070088948A1

公开(公告)日：2007-04-19

申请号：US11580591

申请日：2006-10-13

申请人： Changfeng Ji ,  Jiwei Wei ,  Shuling Liu ,  Zhibin Zheng

发明人： Changfeng Ji ,  Jiwei Wei ,  Shuling Liu ,  Zhibin Zheng

IPC分类号： H04L9/00

CPC分类号： H04L63/102 ,  H04L63/145 ,  H04L67/34 ,  H04W8/22 ,  H04W8/245 ,  H04W12/08 ,  H04W12/12

摘要： A correlative reacting system and a method for implementing security update of mobile station. The correlative reacting system includes a security correlative agent at a terminal side and a security correlative server at a network side communicated with the security correlative agent via an air interface. In the present invention, the correlative reacting system performs an information interaction with the mobile station, controls the mobile station to carry out an automatic security update. The automatic security update includes automatic downloading and installation, update of the security correlative agent, and automatic recovery of the insecurity factors of the mobile station and the like.

摘要翻译： 一种相关的反应系统和一种实现移动台安全更新的方法。 相关反应系统包括终端侧的安全相关代理和网络侧的安全相关服务器，其通过空中接口与安全性相关代理进行通信。 在本发明中，相关反应系统与移动台进行信息交互，控制移动台进行自动安全更新。 自动安全更新包括自动下载和安装，安全相关代理的更新以及移动台的不安全因素的自动恢复等。

公开(公告)号：US20070089165A1

公开(公告)日：2007-04-19

申请号：US11549186

申请日：2006-10-13

申请人： Jiwei Wei ,  Zhibin Zheng ,  Shuling Liu

发明人： Jiwei Wei ,  Zhibin Zheng ,  Shuling Liu

IPC分类号： H04L9/32

CPC分类号： H04L51/12 ,  H04L63/0227 ,  H04L63/104 ,  H04L63/1433

摘要： This invention provides a method and system for network security control. A server at the network side analyzes local security correlation information collected and reported by terminal devices, and determines a security strategy according to the result of the analysis. Since correlative reacting between the network side and the terminal side is implemented and the security strategy is established according to the information from the terminal devices, threats against security from a terminal device can be resisted from the beginning. A relative large number of information sources can be taken into account when determining the security strategy such that the determined security strategy is more reasonable and accurate. Furthermore, a differential security service can be provided for terminal devices with different subscriber levels. This invention also provides a method and system for preventing junk mails based on the concept of correlative reacting between a terminal and a server.

摘要翻译： 本发明提供了一种用于网络安全控制的方法和系统。 网络侧的服务器分析终端设备收集和报告的本地安全关联信息，并根据分析结果确定安全策略。 由于实现了网络侧和终端侧的相关反应，根据终端设备的信息建立安全策略，从一开始就可以抵制来自终端设备的安全威胁。 在确定安全策略时，可以考虑相对较大数量的信息源，使得确定的安全策略更为合理和准确。 此外，可以为具有不同订户级别的终端设备提供差分安全服务。 本发明还提供了一种基于终端和服务器之间的相关反应概念来防止垃圾邮件的方法和系统。

公开(公告)号：US20080065895A1

公开(公告)日：2008-03-13

申请号：US11697601

申请日：2007-04-06

申请人： Shuling Liu ,  Jiwei Wei ,  Chao Li

发明人： Shuling Liu ,  Jiwei Wei ,  Chao Li

IPC分类号： H04L9/00

CPC分类号： H04L9/3231 ,  H04L9/3263 ,  H04L63/0861

摘要： Methods and systems for implementing authentication on information security are disclosed, and the process includes: receiving from a user an access request which carries an attribute certificate, wherein the attribute certificate includes an extension identifier for indicating a biometric certificate associated with the attribute certificate; acquiring the biometric certificate, determining, according to the extension identifier, whether the acquired biometric certificate is associated with the attribute certificate carried in the access request; if the biometric certificate is associated with the attribute certificate, acquiring biometric feature data of the user, and performing identity authentication based on the biometric feature data and the biometric certificate; performing privilege authentication based on the attribute certificate; and controlling the access based on the results of the identity authentication and privilege authentication. A corresponding relation is established between the privilege authentication and the identity authentication so that the privilege management can be performed accurately and reliably.

摘要翻译： 公开了实现信息安全认证的方法和系统，该过程包括：从用户接收携带属性证书的访问请求，其中属性证书包括用于指示与属性证书相关联的生物特征证书的扩展标识符; 获取所述生物特征证书，根据所述扩展标识确定所获取的生物特征证书是否与所述访问请求中携带的属性证书相关联; 如果所述生物特征证书与所述属性证书相关联，则获取所述用户的生物特征数据，并且基于所述生物特征数据和所述生物特征证书执行身份认证; 基于属性证书执行特权认证; 并根据身份认证和特权认证的结果来控制访问。 在特权认证和身份认证之间建立对应关系，使得权限管理能够准确可靠地执行。

公开(公告)号：US07933584B2

公开(公告)日：2011-04-26

申请号：US11580591

申请日：2006-10-13

申请人： Changfeng Ji ,  Jiwei Wei ,  Shuling Liu ,  Zhibin Zheng

发明人： Changfeng Ji ,  Jiwei Wei ,  Shuling Liu ,  Zhibin Zheng

IPC分类号： H04M1/65 ,  H04M1/68 ,  H04M3/16

CPC分类号： H04L63/102 ,  H04L63/145 ,  H04L67/34 ,  H04W8/22 ,  H04W8/245 ,  H04W12/08 ,  H04W12/12

摘要： A correlative reacting system and a method for implementing security update of mobile station. The correlative reacting system includes a security correlative agent at a terminal side and a security correlative server at a network side communicated with the security correlative agent via an air interface. In the present invention, the correlative reacting system performs an information interaction with the mobile station, controls the mobile station to carry out an automatic security update. The automatic security update includes automatic downloading and installation, update of the security correlative agent, and automatic recovery of the insecurity factors of the mobile station and the like.

摘要翻译： 一种相关的反应系统和一种实现移动台安全更新的方法。 相关反应系统包括终端侧的安全相关代理和网络侧的安全相关服务器，其通过空中接口与安全性相关代理进行通信。 在本发明中，相关反应系统与移动台进行信息交互，控制移动台进行自动安全更新。 自动安全更新包括自动下载和安装，安全相关代理的更新以及移动台的不安全因素的自动恢复等。

公开(公告)号：US07984298B2

公开(公告)日：2011-07-19

申请号：US11848092

申请日：2007-08-30

申请人： Jiwei Wei ,  Xuyan Fan ,  Chao Li

发明人： Jiwei Wei ,  Xuyan Fan ,  Chao Li

IPC分类号： H04L9/32

CPC分类号： H04L63/0869 ,  H04L63/061 ,  H04L63/0807 ,  H04L63/205 ,  H04W12/04 ,  H04W12/06

摘要： The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.

摘要翻译： 本发明公开了一种基于移动网络的端到端通信认证方法，应用于包括请求业务的第一业务实体，提供业务的第二业务实体和实体认证中心EAC; 分别根据协商的认证方式在第一服务实体和EAC之间以及第二服务实体与EAC之间进行相互认证; 如果所述第一服务实体请求所述第二服务实体提供所述服务，则所述EAC根据协商的认证方式提供询问所述第一服务实体和所述第二服务实体的认证，并根据协商的认证方式生成共享导出密钥; 所述第一服务实体和所述第二服务实体根据所述共享导出密钥和所述协商认证方式彼此认证，并且生成用于保护所述服务的会话密钥。

公开(公告)号：US08738914B2

公开(公告)日：2014-05-27

申请号：US12482821

申请日：2009-06-11

申请人： Zhenfu Cao ,  Xiaolei Dong ,  Jun Shao ,  Jiwei Wei

发明人： Zhenfu Cao ,  Xiaolei Dong ,  Jun Shao ,  Jiwei Wei

IPC分类号： H04L9/00

CPC分类号： H04L9/0841

摘要： The embodiments of the present disclosure disclose a method and apparatus for reducing the parameter transmission bandwidth. The parameter sender reduces the values of the parameters before sending the parameters to the parameter receiver. This scheme reduces the bandwidth consumed during parameter transmission, thus makes the transmission more efficient. The embodiment of the present disclosure also discloses a method for key exchange. This method reduces the values of the transmission parameters before sending the transmission parameters. This saves the bandwidth compared with the protocol in the prior art. Besides, the embodiment of the present disclosure discloses a system for key exchange. The parameter sender sends the transmission parameters to the bandwidth processing unit. The bandwidth processing unit performs a modulo operation on the received transmission parameters and then sends the processed transmission parameters to the parameter receiver, thus reducing the bandwidth consumed in the transmission of transmission parameters.

摘要翻译： 本公开的实施例公开了一种用于减少参数传输带宽的方法和装置。 在将参数发送给参数接收器之前，参数发送器减少参数的值。 该方案减少参数传输期间消耗的带宽，从而使传输更有效率。 本公开的实施例还公开了一种用于密钥交换的方法。 该方法在发送传输参数之前减少传输参数的值。 这节省了与现有技术中的协议相比的带宽。 此外，本公开的实施例公开了一种用于密钥交换的系统。 参数发送方将传输参数发送到带宽处理单元。 带宽处理单元对所接收的传输参数进行模运算，然后将经处理的传输参数发送到参数接收机，从而减少传输参数传输中消耗的带宽。

公开(公告)号：US08539249B2

公开(公告)日：2013-09-17

申请号：US11584364

申请日：2006-10-20

申请人： Jiwei Wei ,  Zhibin Zheng ,  Chao Li

发明人： Jiwei Wei ,  Zhibin Zheng ,  Chao Li

IPC分类号： G06F21/00

CPC分类号： G06F21/42 ,  G06F21/6218 ,  G06F2221/2113 ,  G06F2221/2115 ,  G06F2221/2137 ,  H04L9/3231 ,  H04L9/3263

摘要： A system and a method for security authentication, in which a biometric authentication subsystem in the security authentication system receives a biometric certificate held by the user and the user's biometric information from a user terminal; the biometric certificate contains the user's biometric template or the storage address of the biometric template; next, the biometric authentication subsystem authenticates the biometric certificate, performs matching between the biometric information and the biometric template, and generates the identity authentication result. The invention can also combine biometric authentication with PMI privilege authentication, so as to enhance security of identity authentication in PMI and widen applicability of biometric authentication.

摘要翻译： 一种用于安全认证的系统和方法，其中安全认证系统中的生物认证子系统从用户终端接收用户所持有的生物特征证书和用户的生物特征信息; 生物特征证书包含用户的生物特征模板或生物识别模板的存储地址; 接下来，生物认证子系统认证生物特征证书，执行生物特征信息与生物特征模板之间的匹配，并生成身份认证结果。 本发明还可以将生物识别认证与PMI特权认证结合起来，提升PMI身份认证的安全性，拓宽生物认证的适用性。

公开(公告)号：US07769999B2

公开(公告)日：2010-08-03

申请号：US11649488

申请日：2007-01-04

申请人： Zhenfu Cao ,  Xiaolei Dong ,  Zhenchuan Chai ,  Zhibin Zheng ,  Jiwei Wei

发明人： Zhenfu Cao ,  Xiaolei Dong ,  Zhenchuan Chai ,  Zhibin Zheng ,  Jiwei Wei

IPC分类号： H04L29/06

CPC分类号： H04L9/3226 ,  G06F21/34 ,  G06F21/445 ,  G07C9/00039 ,  H04L9/3234 ,  H04L9/3236 ,  H04L2209/38

摘要： The present invention discloses a method and system for remote password based authentication using smart cards for accessing a communications network. The disclosed method does not require a remote authentication sever to maintain a table of passwords for all users. The disclosed method and system also support mutual authentication. It not only prevents the illegal use of system resources by an impersonator, the user can also authenticate the identity of the remote authentication server.

摘要翻译： 本发明公开了一种使用智能卡进行远程口令验证的方法和系统，用于访问通信网络。 所公开的方法不需要远程认证服务器来维护所有用户的密码表。 所公开的方法和系统还支持相互认证。 它不仅可以防止模拟人员非法使用系统资源，还可以验证远程认证服务器的身份。

公开(公告)号：US20090271624A1

公开(公告)日：2009-10-29

申请号：US12497930

申请日：2009-07-06

申请人： Zhenfu Cao ,  Xiaolei Dong ,  Rongxing Lu ,  Jiwei Wei

发明人： Zhenfu Cao ,  Xiaolei Dong ,  Rongxing Lu ,  Jiwei Wei

IPC分类号： H04L9/32

CPC分类号： G06F21/445 ,  H04L9/0844 ,  H04L9/3242 ,  H04L9/3273

摘要： The embodiments of the present disclosure disclose an authentication method, a system, a server, and a user node are disclosed herein. The method includes: generating, by a server, a server session key according to the identity information, at least one login information parameter, and the validity period included in the login information, generating at least one session key parameter of a user node according to the generator point of the algebraic curve, and sending at least one session key parameter of the user node to the user node; generating, by the user node, a user node session key according to at least one session key parameter of the user node; performing, by the server and the user node, mutual authentication according to the session keys. The authentication solution under the present disclosure is simple and practicable, and is also applicable to authenticating the user node in a grid computing platform.

摘要翻译： 本公开的实施例公开了本文公开的认证方法，系统，服务器和用户节点。 该方法包括：根据所述身份信息，至少一个登录信息参数和所述登录信息中包含的有效期，由服务器生成服务器会话密钥，根据所述用户节点生成用户节点的至少一个会话密钥参数 代数曲线的发生点，并向用户节点发送用户节点的至少一个会话密钥参数; 根据用户节点的至少一个会话密钥参数，由用户节点生成用户节点会话密钥; 由服务器和用户节点执行根据会话密钥的相互认证。 本公开的认证方案简单实用，也适用于认证网格计算平台中的用户节点。