公开(公告)号：US09009466B2

公开(公告)日：2015-04-14

申请号：US13995641

申请日：2011-06-17

Applicant: Qin Li ,  Jun Cao ,  Manxia Tie

Inventor： Qin Li ,  Jun Cao ,  Manxia Tie

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L63/0428 ,  H04L9/08 ,  H04L63/162

Abstract: There are a terminal device capable of link layer encryption and decryption and a data process method thereof, and the terminal device includes a link layer processing module including a control module, a data frame encryption module, a data frame decryption module, a key management module, an algorithm module, a transmission port and a reception port; and the control module is connected with the transmission port through the data frame encryption module, the reception port is connected with the control module through the data frame decryption module, the control module is connected with the key management module, the data frame encryption module is connected with the data frame decryption module through the key management module, and the data frame encryption module is connected with the data frame decryption module through the algorithm module.

Abstract translation: 存在能够进行链路层加密和解密的终端设备及其数据处理方法，并且终端设备包括链路层处理模块，该链路层处理模块包括控制模块，数据帧加密模块，数据帧解密模块，密钥管理模块 算法模块，传输端口和接收端口; 控制模块通过数据帧加密模块与传输端口连接，接收端口通过数据帧解密模块与控制模块连接，控制模块与密钥管理模块连接，数据帧加密模块为 通过密钥管理模块与数据帧解密模块相连，数据帧加密模块通过算法模块与数据帧解密模块连接。

公开(公告)号：US08646055B2

公开(公告)日：2014-02-04

申请号：US13391526

申请日：2009-12-24

Applicant: Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

Inventor： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Zhenhai Huang

IPC: G06F21/00

CPC classification number: H04L63/061 ,  H04L63/0869 ,  H04L63/20

Abstract: A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester (REQ) and Authentication Access Controller (AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.

Abstract translation: 公开了一种基于预共享密钥的网络访问控制的方法和系统。 该方法包括以下步骤：1）在REQuester（REQ）和认证接入控制器（AAC）之间实现安全策略协商; 2）在REQ和AAC之间实现身份认证和单播密钥协商; 3）REQ和AAC之间通知组播密钥。 应用该方法和系统，可以在用户和网络之间实现快速双向认证。

公开(公告)号：US20140007231A1

公开(公告)日：2014-01-02

申请号：US13702785

申请日：2011-01-14

Applicant: Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

Inventor： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang

IPC: H04L29/06

CPC classification number: H04L63/1475 ,  H04L45/26

Abstract: A switch route exploring method, system and device are provided in the present invention. The method comprises that: a transmitting source node NSource constructs a switch route exploring request packet and transmits it to a destination node NDestination; the switch route exploring request packet comprises information of switch route from the transmitting source node NSource to the destination node NDestination, wherein the information is known by the transmitting source node NSource; and the destination node NDestination constructs a switch route exploring response packet and transmits it to the transmitting source node NSource.

Abstract translation: 在本发明中提供了一种开关路径探索方法，系统和装置。 该方法包括：发送源节点NSource构建探索请求分组的交换路由，并将其发送到目的节点NDestination; 所述交换路由探索请求分组包括从所述发送源节点NSource到所述目的节点NDestination的切换路由的信息，其中，所述信息由所述发送源节点NSource知道; 并且目的地节点NDestination构建探索响应分组的交换机路由，并将其发送到发送源节点NSource。

公开(公告)号：US20130283045A1

公开(公告)日：2013-10-24

申请号：US13995641

申请日：2011-06-17

Applicant: Qin Li ,  Jun Cao ,  Manxia Tie

Inventor： Qin Li ,  Jun Cao ,  Manxia Tie

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L63/0428 ,  H04L9/08 ,  H04L63/162

Abstract: There are a terminal device capable of link layer encryption and decryption and a data process method thereof, and the terminal device includes a link layer processing module including a control module, a data frame encryption module, a data frame decryption module, a key management module, an algorithm module, a transmission port and a reception port; and the control module is connected with the transmission port through the data frame encryption module, the reception port is connected with the control module through the data frame decryption module, the control module is connected with the key management module, the data frame encryption module is connected with the data frame decryption module through the key management module, and the data frame encryption module is connected with the data frame decryption module through the algorithm module.

Abstract translation: 存在能够进行链路层加密和解密的终端设备及其数据处理方法，并且终端设备包括链路层处理模块，该链路层处理模块包括控制模块，数据帧加密模块，数据帧解密模块，密钥管理模块 算法模块，传输端口和接收端口; 控制模块通过数据帧加密模块与传输端口连接，接收端口通过数据帧解密模块与控制模块连接，控制模块与密钥管理模块连接，数据帧加密模块为 通过密钥管理模块与数据帧解密模块相连，数据帧加密模块通过算法模块与数据帧解密模块连接。

公开(公告)号：US08755528B2

公开(公告)日：2014-06-17

申请号：US13516257

申请日：2010-05-21

Applicant: Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

Inventor： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC: G06F21/00

Abstract: A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

公开(公告)号：US20120257755A1

公开(公告)日：2012-10-11

申请号：US13516257

申请日：2010-05-21

Applicant: Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

Inventor： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC: H04L9/08

CPC classification number: H04L9/083 ,  H04L63/061

Abstract: A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

Abstract translation: 公开了一种在站间建立安全连接的方法和系统。 该方法包括：1）交换设备接收由第一用户终端发送的站间密钥请求分组; 2）交换设备生成站间密钥，构建站间密钥通告报文，并发送给第二用户终端; 3）交换设备接收由第二用户终端发送的站间密钥通告响应报文; 4）交换机构建一个站间密钥通知应答报文，并发送给第一用户终端; 5）交换机接收第一用户终端发送的站间密钥通告响应报文。 交换设备为直接连接到交换机设备的两个站建立站间密钥，本发明的实施例通过该站点密钥确保站点之间的用户数据的机密性和完整性。

公开(公告)号：US20120151554A1

公开(公告)日：2012-06-14

申请号：US13391051

申请日：2009-12-23

Applicant: Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

Inventor： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/205

Abstract: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

Abstract translation: 本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

公开(公告)号：US08843748B2

公开(公告)日：2014-09-23

申请号：US13702217

申请日：2011-01-10

Applicant: Manxia Tie ,  Jun Cao ,  Qin Li ,  Li Ge

Inventor： Manxia Tie ,  Jun Cao ,  Qin Li ,  Li Ge

IPC: H04L29/06 ,  H04L9/08 ,  H04L12/18

CPC classification number: H04L9/0844 ,  H04L12/18 ,  H04L63/061

Abstract: A method for establishing a secure network architecture, a method and system for secure communication are provided. The method for establishing a secure network architecture includes: 1) constructing the network architecture where the identities of nodes are legal, including: neighboring node discovery; performing identities certification and shared key negotiation between a node and the neighbor node; 2) constructing a secure switching device architecture, including: establishing a shared key between every two of the switch devices.

Abstract translation: 提供了一种用于建立安全网络架构的方法，一种用于安全通信的方法和系统。 建立安全网络架构的方法包括：1）构建节点身份合法的网络架构，包括：邻居节点发现; 执行节点与邻居节点之间的身份认证和共享密钥协商; 2）构建安全交换设备架构，包括：在每两个交换设备之间建立共享密钥。

公开(公告)号：US08689283B2

公开(公告)日：2014-04-01

申请号：US13391051

申请日：2009-12-23

Applicant: Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

Inventor： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/205

Abstract: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

Abstract translation: 本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

公开(公告)号：US08831227B2

公开(公告)日：2014-09-09

申请号：US13516257

申请日：2010-05-21

Applicant: Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

Inventor： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC: G06F21/00 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/083 ,  H04L63/061

Abstract: A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.

Abstract translation: 公开了一种在站间建立安全连接的方法和系统。 该方法包括：1）交换设备接收由第一用户终端发送的站间密钥请求分组; 2）交换设备生成站间密钥，构建站间密钥通告报文，并发送给第二用户终端; 3）交换设备接收由第二用户终端发送的站间密钥通告响应报文; 4）交换机构建一个站间密钥通知应答报文，并发送给第一用户终端; 5）交换机接收第一用户终端发送的站间密钥通告响应报文。 交换设备为直接连接到交换机设备的两个站建立站间密钥，本发明的实施例通过该站点密钥确保站点之间的用户数据的机密性和完整性。