公开(公告)号：US08752126B2

公开(公告)日：2014-06-10

申请号：US13059547

申请日：2009-08-20

Applicant: Liaojun Pang ,  Jun Cao ,  Manxia Tie

Inventor： Liaojun Pang ,  Jun Cao ,  Manxia Tie

IPC: G06F7/04 ,  G06F17/30 ,  G06F15/16 ,  H04L29/06

CPC classification number: H04W12/04 ,  H04L9/085 ,  H04L9/3073 ,  H04L63/062 ,  H04L2209/601

Abstract: A method for enhancing the security of the multicast or broadcast system comprises the following steps: after having established the system parameter, the base station receives the register request message transmitted by the terminal, and the register request message carries the device identity information of the terminal; the base station registers the terminal according to the register request message and transmits the authorization key to the terminal after successful registration. By the base station establishing the specific system parameter, generating and awarding the corresponding terminal's key based on the parameter, the embodiment of the present invention can construct a secure network system of multicast or broadcast effectively and solve the security problem of the multicast or broadcast from the base station to the terminal in the network system.

Abstract translation: 一种用于增强多播或广播系统的安全性的方法包括以下步骤：在建立了系统参数之后，基站接收终端发送的注册请求消息，并且注册请求消息携带终端的设备身份信息 ; 基站根据注册请求消息注册终端，并在成功注册后向终端发送授权密钥。 由基站建立具体的系统参数，根据参数生成和授予相应的终端密钥，本发明的实施例可以有效构建安全的组播或广播网络系统，解决组播或广播的安全问题 基站到终端在网络系统中。

公开(公告)号：US08412943B2

公开(公告)日：2013-04-02

申请号：US12741982

申请日：2008-11-07

Applicant: Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

Inventor： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC: H04L29/00

CPC classification number: H04L9/3247 ,  G06F21/445 ,  G06Q20/3823 ,  G06Q20/388 ,  G06Q20/4097 ,  H04L9/0847 ,  H04L9/321 ,  H04L9/3271 ,  H04L63/0869 ,  H04L2209/80 ,  H04W12/06

Abstract: A two-way access authentication method comprises: According to the system parameters pre-established by the third entity, the first entity sends the access authentication request packet to the second entity, then the second entity validates whether the signature of first entity is correct, and if yes, the share master key of second entity is calculated; the second entity generates the access authentication response packet and sends it to the first entity, then the first entity validates whether the signature of access authentication response packet and the message integrity check code are correct; if yes, the share master key of first entity is calculated; the first entity sends the access authentication acknowledge packet to the second entity, then the second entity validates the integrity of the access authentication acknowledge packet, if passing the validation, the share master key of first entity is consistent with that of the second entity, and the access authentication is achieved. For improving the security, after received the access authentication request packet sent by the first entity, the second entity may perform the identity validity validation and generates the access authentication response packet after passing the validation.

Abstract translation: 双向接入认证方法包括：根据第三实体预先建立的系统参数，第一实体向第二实体发送接入认证请求报文，第二实体验证第一实体的签名是否正确， 如果是，则计算第二实体的共享主密钥; 第二实体生成接入认证响应报文并将其发送给第一实体，则第一实体验证接入认证响应报文的签名和消息完整性检查码是否正确; 如果是，则计算第一实体的共享主密钥; 第一实体向第二实体发送接入认证确认分组，则第二实体验证接入认证确认分组的完整性，如果通过验证，则第一实体的共享主密钥与第二实体的共享主密钥一致， 实现了访问认证。 为了提高安全性，在接收到由第一实体发送的接入认证请求分组之后，第二实体可以在通过验证之后执行身份有效性验证并生成接入认证响应分组。

公开(公告)号：US20110314286A1

公开(公告)日：2011-12-22

申请号：US12740082

申请日：2008-10-30

Applicant: Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Jiandong Li ,  Liaojun Pang ,  Zhenhai Huang

Inventor： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Jiandong Li ,  Liaojun Pang ,  Zhenhai Huang

IPC: H04L9/08 ,  G06F15/16

CPC classification number: H04W12/06 ,  H04L63/1466 ,  H04L63/162 ,  H04W12/04 ,  H04W84/12

Abstract: An access authentication method applying to IBSS network involves the following steps of: 1) performing authentication role configuration for network entities; 2) authenticating an authentication entity and a request entity that have been performed the authentication role configuration via an authentication protocol; and 3) after finishing the authentication, the authentication entity and the request entity perform the key negotiation, wherein, the message integrity check field and protocol synchronization lock-in field are added in a key negotiation message. The access authentication method applying to IBSS network provided by the invention has the advantages of the better safeness and the higher execution efficiency.

Abstract translation: 适用于IBSS网络的接入认证方法包括以下步骤：1）对网络实体进行认证角色配置; 2）通过认证协议认证已经执行认证角色配置的认证实体和请求实体; 和3）认证完成后，认证实体和请求实体进行密钥协商，其中消息完整性检查字段和协议同步锁定字段被添加到密钥协商消息中。 适用于本发明提供的IBSS网络的接入认证方法具有安全性更高，执行效率更高的优点。

公开(公告)号：US20110289562A1

公开(公告)日：2011-11-24

申请号：US13059547

申请日：2009-08-20

Applicant: Liaojun Pang ,  Jun Cao ,  Manxia Tie

Inventor： Liaojun Pang ,  Jun Cao ,  Manxia Tie

IPC: G06F17/30

CPC classification number: H04W12/04 ,  H04L9/085 ,  H04L9/3073 ,  H04L63/062 ,  H04L2209/601

Abstract: A method for enhancing the security of the multicast or broadcast system comprises the following steps: after having established the system parameter, the base station receives the register request message transmitted by the terminal, and the register request message carries the device identity information of the terminal; the base station registers the terminal according to the register request message and transmits the authorization key to the terminal after successful registration. By the base station establishing the specific system parameter, generating and awarding the corresponding terminal's key based on the parameter, the embodiment of the present invention can construct a secure network system of multicast or broadcast effectively and solve the security problem of the multicast or broadcast from the base station to the terminal in the network system.

Abstract translation: 一种用于增强多播或广播系统的安全性的方法包括以下步骤：在建立了系统参数之后，基站接收终端发送的注册请求消息，并且注册请求消息携带终端的设备身份信息 ; 基站根据注册请求消息注册终端，并在成功注册后向终端发送授权密钥。 由基站建立具体的系统参数，根据参数生成和授予相应的终端密钥，本发明的实施例可以有效构建安全的组播或广播网络系统，解决组播或广播的安全问题 基站到终端在网络系统中。

公开(公告)号：US20100250952A1

公开(公告)日：2010-09-30

申请号：US12741982

申请日：2008-11-07

Applicant: Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

Inventor： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC: H04L9/32 ,  G06F21/00

CPC classification number: H04L9/3247 ,  G06F21/445 ,  G06Q20/3823 ,  G06Q20/388 ,  G06Q20/4097 ,  H04L9/0847 ,  H04L9/321 ,  H04L9/3271 ,  H04L63/0869 ,  H04L2209/80 ,  H04W12/06

Abstract: A two-way access authentication method comprises: According to the system parameters pre-established by the third entity, the first entity sends the access authentication request packet to the second entity, then the second entity validates whether the signature of first entity is correct, and if yes, the share master key of second entity is calculated; the second entity generates the access authentication response packet and sends it to the first entity, then the first entity validates whether the signature of access authentication response packet and the message integrity check code are correct; if yes, the share master key of first entity is calculated; the first entity sends the access authentication acknowledge packet to the second entity, then the second entity validates the integrity of the access authentication acknowledge packet, if passing the validation, the share master key of first entity is consistent with that of the second entity, and the access authentication is achieved. For improving the security, after received the access authentication request packet sent by the first entity, the second entity may perform the identity validity validation and generates the access authentication response packet after passing the validation.

Abstract translation: 双向接入认证方法包括：根据第三实体预先建立的系统参数，第一实体向第二实体发送接入认证请求报文，第二实体验证第一实体的签名是否正确， 如果是，则计算第二实体的共享主密钥; 第二实体生成接入认证响应报文并将其发送给第一实体，则第一实体验证接入认证响应报文的签名和消息完整性检查码是否正确; 如果是，则计算第一实体的共享主密钥; 第一实体向第二实体发送接入认证确认分组，则第二实体验证接入认证确认分组的完整性，如果通过验证，则第一实体的共享主密钥与第二实体的共享主密钥一致， 实现了访问认证。 为了提高安全性，在接收到由第一实体发送的接入认证请求分组之后，第二实体可以在通过验证之后执行身份有效性验证并生成接入认证响应分组。

公开(公告)号：US08332628B2

公开(公告)日：2012-12-11

申请号：US13055296

申请日：2009-07-20

Applicant: Liaojun Pang ,  Jun Cao ,  Manxia Tie

Inventor： Liaojun Pang ,  Jun Cao ,  Manxia Tie

IPC: H04L29/06

CPC classification number: H04L9/0869 ,  H04L9/083 ,  H04L9/3073 ,  H04L9/321 ,  H04L9/3271 ,  H04L2209/805

Abstract: A method for accessing data safely, which is suitable for the electronic tag with low performance, is provided. The method comprises the following steps: when performing a data writing process, the first read-write device encrypts the message MSG and then writes the message in the electronic tag; when performing a data reading process, the second read-write device sends a data request packet to the electronic tag; the electronic tag sends a data response packet to the second read-write device according to the data request packet; the second read-write device sends a key request packet to a trusted third party; the trusted third party verifies the validity of the identity of the second read-write device according to the key request packet, and sends a key response packet to the second read-write device upon the verification is passed; the second read-write device obtains the plain text of the electronic tag message MSG according to the key response packet. This invention can realize the safe access of the data of the electronic tag with low performance.

Abstract translation: 提供了一种安全访问数据的方法，适用于低性能的电子标签。 该方法包括以下步骤：当执行数据写入处理时，第一读写装置加密消息MSG，然后将消息写入电子标签; 当执行数据读取处理时，第二读写装置向电子标签发送数据请求包; 电子标签根据数据请求包向第二读写装置发送数据响应包; 第二读写装置向可信第三方发送密钥请求包; 受信任的第三方根据密钥请求分组验证第二读写装置的身份的有效性，并且在验证通过时向第二读写装置发送密钥响应分组; 第二读写装置根据密钥响应包获得电子标签消息MSG的明文。 本发明可以实现低性能电子标签数据的安全访问。

公开(公告)号：US08312278B2

公开(公告)日：2012-11-13

申请号：US12740082

申请日：2008-10-30

Applicant: Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Jiandong Li ,  Liaojun Pang ,  Zhenhai Huang

Inventor： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Jiandong Li ,  Liaojun Pang ,  Zhenhai Huang

IPC: H04L9/32

CPC classification number: H04W12/06 ,  H04L63/1466 ,  H04L63/162 ,  H04W12/04 ,  H04W84/12

Abstract: An access authentication method applying to IBSS network involves the following steps of: 1) performing authentication role configuration for network entities; 2) authenticating an authentication entity and a request entity that have been performed the authentication role configuration via an authentication protocol; and 3) after finishing the authentication, the authentication entity and the request entity perform the key negotiation, wherein, the message integrity check field and protocol synchronization lock-in field are added in a key negotiation message. The access authentication method applying to IBSS network provided by the invention has the advantages of the better safeness and the higher execution efficiency.

Abstract translation: 适用于IBSS网络的接入认证方法包括以下步骤：1）对网络实体进行认证角色配置; 2）通过认证协议认证已经执行认证角色配置的认证实体和请求实体; 和3）认证完成后，认证实体和请求实体进行密钥协商，其中消息完整性检查字段和协议同步锁定字段被添加到密钥协商消息中。 适用于本发明提供的IBSS网络的接入认证方法具有安全性更高，执行效率更高的优点。

公开(公告)号：US20100268954A1

公开(公告)日：2010-10-21

申请号：US12741567

申请日：2008-11-07

Applicant: Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

Inventor： Liaojun Pang ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC: H04L9/32

CPC classification number: H04L9/3242 ,  H04L9/0847 ,  H04L9/321 ,  H04L9/3271 ,  H04L2209/80

Abstract: A method of one-way access authentication is disclosed. The method includes the following steps. According to system parameters set up by a third entity, a second entity sends an authentication request and key distribution grouping message to a first entity. The first entity verifies the validity of the message sent from the second entity, and if it is valid, the first entity generates authentication and key response grouping message and sends it to the second entity, which verifies the validity of the message sent from the first entity, and if it is valid, the second entity generates the authentication and key confirmation grouping message and sends the message to the first entity. The first entity verifies the validity of the authentication and key conformation grouping message, and if it is valid, the authentication succeeds and the key is regarded as the master key of agreement.

Abstract translation: 公开了一种单向接入认证方法。 该方法包括以下步骤。 根据由第三实体建立的系统参数，第二实体向第一实体发送认证请求和密钥分发分组消息。 第一实体验证从第二实体发送的消息的有效性，并且如果其有效，则第一实体生成认证和密钥响应分组消息并将其发送到第二实体，其验证从第一实体发送的消息的有效性 实体，如果有效，则第二实体生成认证和密钥确认分组消息，并将消息发送到第一实体。 第一个实体验证认证和密钥组合分组消息的有效性，如果认证成功，则认证成功，密钥被视为协商的主密钥。

公开(公告)号：US08588423B2

公开(公告)日：2013-11-19

申请号：US13060126

申请日：2009-08-20

Applicant: Liaojun Pang ,  Jun Cao ,  Manxia Tie

Inventor： Liaojun Pang ,  Jun Cao ,  Manxia Tie

IPC: H04L9/08

CPC classification number: H04W12/04 ,  H04L9/0833 ,  H04L9/0844 ,  H04L9/0891 ,  H04L63/065 ,  H04W12/10 ,  H04W88/08

Abstract: A multicast key distribution method, an update method, and a base station based on unicast conversation key, the distribution method includes the following steps: 1) the base station composes groups of multicast key distribution; 2) the base station broadcasts the groups of multicast key distribution to all terminals; 3) the terminals acquire the multicast conversation key through calculation. The present invention solves the problem that the efficiency of the multicast key distribution based on unicast conversation key is low in the prior art, and provides a multicast key distribution method based on unicast conversation key.

Abstract translation: 基于单播对话密钥的组播密钥分发方法，更新方法和基站，分发方法包括以下步骤：1）基站组成组播密钥分发组; 2）基站向所有终端广播组播密钥分发组播; 3）终端通过计算获取组播对话密钥。 本发明解决了现有技术中基于单播对话密钥的组播密钥分发的效率低的问题，并且提供了基于单播会话密钥的组播密钥分发方法。

公开(公告)号：US08356179B2

公开(公告)日：2013-01-15

申请号：US12739678

申请日：2008-10-23

Applicant: Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Liaojun Pang ,  Zhenhai Huang

Inventor： Manxia Tie ,  Jun Cao ,  Xiaolong Lai ,  Liaojun Pang ,  Zhenhai Huang

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  H04L9/32

CPC classification number: H04L63/0869 ,  H04L9/3213 ,  H04L9/3273 ,  H04L63/0823 ,  H04L63/126

Abstract: An entity bi-directional identification method and system based on a trustable third party thereof are provided. The system comprises a first entity, which is for sending a first message to a second entity, sending a third message to a third entity after receiving a second message sent by the second entity, verifying the fourth message after receiving a fourth message sent by the third entity, sending a fifth message to the second entity after the verification is finished; the second entity, which is for receiving the first message sent by the first entity, sending the second message to the first entity, verifying the fifth message after receiving the fifth message sent by the first entity; the third entity, which is for receiving the third message sent by the first entity, checking if the first entity and the second entity are legal, implementing the pretreatment according to the checking result, sending the first entity the fourth message after the treatment is finished.

Abstract translation: 提供了一种基于可信任第三方的实体双向识别方法和系统。 该系统包括用于向第二实体发送第一消息的第一实体，在接收到由第二实体发送的第二消息之后向第三实体发送第三消息，在接收到由第二实体发送的第四消息之后验证第四消息 第三实体，在验证完成之后向第二实体发送第五消息; 所述第二实体用于接收由所述第一实体发送的所述第一消息，向所述第一实体发送所述第二消息，在接收到由所述第一实体发送的所述第五消息之后验证所述第五消息; 用于接收第一实体发送的第三消息的第三实体，检查第一实体和第二实体是否合法，根据检查结果实现预处理，在处理完成之后发送第一实体第四消息 。