公开(公告)号：US08755528B2

公开(公告)日：2014-06-17

申请号：US13516257

申请日：2010-05-21

Applicant: Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

Inventor： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC: G06F21/00

Abstract: A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

公开(公告)号：US20120257755A1

公开(公告)日：2012-10-11

申请号：US13516257

申请日：2010-05-21

Applicant: Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

Inventor： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC: H04L9/08

CPC classification number: H04L9/083 ,  H04L63/061

Abstract: A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

Abstract translation: 公开了一种在站间建立安全连接的方法和系统。 该方法包括：1）交换设备接收由第一用户终端发送的站间密钥请求分组; 2）交换设备生成站间密钥，构建站间密钥通告报文，并发送给第二用户终端; 3）交换设备接收由第二用户终端发送的站间密钥通告响应报文; 4）交换机构建一个站间密钥通知应答报文，并发送给第一用户终端; 5）交换机接收第一用户终端发送的站间密钥通告响应报文。 交换设备为直接连接到交换机设备的两个站建立站间密钥，本发明的实施例通过该站点密钥确保站点之间的用户数据的机密性和完整性。

公开(公告)号：US20120151554A1

公开(公告)日：2012-06-14

申请号：US13391051

申请日：2009-12-23

Applicant: Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

Inventor： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/205

Abstract: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

Abstract translation: 本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

公开(公告)号：US08646055B2

公开(公告)日：2014-02-04

申请号：US13391526

申请日：2009-12-24

Applicant: Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

Inventor： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

IPC: G06F21/00

CPC classification number: H04L63/061 ,  H04L63/0869 ,  H04L63/20

Abstract: A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester (REQ) and Authentication Access Controller (AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.

Abstract translation: 公开了一种基于预共享密钥的网络访问控制的方法和系统。 该方法包括以下步骤：1）在REQuester（REQ）和认证接入控制器（AAC）之间实现安全策略协商; 2）在REQ和AAC之间实现身份认证和单播密钥协商; 3）REQ和AAC之间通知组播密钥。 应用该方法和系统，可以在用户和网络之间实现快速双向认证。

公开(公告)号：US08843748B2

公开(公告)日：2014-09-23

申请号：US13702217

申请日：2011-01-10

Applicant: Manxia Tie ,  Jun Cao ,  Qin Li ,  Li Ge

Inventor： Manxia Tie ,  Jun Cao ,  Qin Li ,  Li Ge

IPC: H04L29/06 ,  H04L9/08 ,  H04L12/18

CPC classification number: H04L9/0844 ,  H04L12/18 ,  H04L63/061

Abstract: A method for establishing a secure network architecture, a method and system for secure communication are provided. The method for establishing a secure network architecture includes: 1) constructing the network architecture where the identities of nodes are legal, including: neighboring node discovery; performing identities certification and shared key negotiation between a node and the neighbor node; 2) constructing a secure switching device architecture, including: establishing a shared key between every two of the switch devices.

Abstract translation: 提供了一种用于建立安全网络架构的方法，一种用于安全通信的方法和系统。 建立安全网络架构的方法包括：1）构建节点身份合法的网络架构，包括：邻居节点发现; 执行节点与邻居节点之间的身份认证和共享密钥协商; 2）构建安全交换设备架构，包括：在每两个交换设备之间建立共享密钥。

公开(公告)号：US08689283B2

公开(公告)日：2014-04-01

申请号：US13391051

申请日：2009-12-23

Applicant: Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

Inventor： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/205

Abstract: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

Abstract translation: 本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

公开(公告)号：US08831227B2

公开(公告)日：2014-09-09

申请号：US13516257

申请日：2010-05-21

Applicant: Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

Inventor： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC: G06F21/00 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/083 ,  H04L63/061

Abstract: A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

Abstract translation: 公开了一种在站间建立安全连接的方法和系统。 该方法包括：1）交换设备接收由第一用户终端发送的站间密钥请求分组; 2）交换设备生成站间密钥，构建站间密钥通告报文，并发送给第二用户终端; 3）交换设备接收由第二用户终端发送的站间密钥通告响应报文; 4）交换机构建一个站间密钥通知应答报文，并发送给第一用户终端; 5）交换机接收第一用户终端发送的站间密钥通告响应报文。 交换设备为直接连接到交换机设备的两个站建立站间密钥，本发明的实施例通过该站点密钥确保站点之间的用户数据的机密性和完整性。

公开(公告)号：US08713303B2

公开(公告)日：2014-04-29

申请号：US13515394

申请日：2010-05-26

Applicant: Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

Inventor： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

IPC: H04L29/06 ,  H04K1/00 ,  H04L9/08 ,  H04W12/04 ,  H04L9/32

CPC classification number: H04L9/0838 ,  H04L12/6418 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/162

Abstract: A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved.

Abstract translation: 在本发明中公开了一种用于在交换机设备之间建立安全连接的方法和系统。 该系统包括第一开关设备和第二开关设备; 第一交换机设备向第二交换机设备发送交换机密钥协商激活分组和交换机密钥协商响应分组; 第二交换机设备向第一交换机设备发送交换机密钥协商请求报文。 本发明的实施例通过在两个交换机设备之间建立共享切换密钥来提供交换机设备之间数据安全传输的安全策略，从而保证了数据链路层交换机设备之间数据传输过程的机密性。 可以减少交换机的计算负担和从发送端到接收端的数据包的延迟，提高网络传输的效率。

公开(公告)号：US20120254617A1

公开(公告)日：2012-10-04

申请号：US13515394

申请日：2010-05-26

Applicant: Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

Inventor： Qin Li ,  Jun Cao ,  Li Ge ,  Manxia Tie ,  Zhenhai Huang

IPC: H04L9/32

CPC classification number: H04L9/0838 ,  H04L12/6418 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/162

Abstract: A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved.

Abstract translation: 在本发明中公开了一种用于在交换机设备之间建立安全连接的方法和系统。 该系统包括第一开关设备和第二开关设备; 第一交换机设备向第二交换机设备发送交换机密钥协商激活分组和交换机密钥协商响应分组; 第二交换机设备向第一交换机设备发送交换机密钥协商请求报文。 本发明的实施例通过在两个交换机设备之间建立共享切换密钥来提供交换机设备之间数据安全传输的安全策略，从而保证了数据链路层交换机设备之间数据传输过程的机密性。 可以减少交换机的计算负担和从发送端到接收端的数据包的延迟，提高网络传输的效率。

公开(公告)号：US20120159587A1

公开(公告)日：2012-06-21

申请号：US13391526

申请日：2009-12-24

Applicant: Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

Inventor： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

IPC: G06F21/20

CPC classification number: H04L63/061 ,  H04L63/0869 ,  H04L63/20

Abstract: A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester(REQ) and Authentication Access Controller(AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.

Abstract translation: 公开了一种基于预共享密钥的网络访问控制的方法和系统。 该方法包括以下步骤：1）在REQuester（REQ）和认证接入控制器（AAC）之间实现安全策略协商; 2）在REQ和AAC之间实现身份认证和单播密钥协商; 3）REQ和AAC之间通知组播密钥。 应用该方法和系统，可以在用户和网络之间实现快速双向认证。