公开(公告)号：US20130212390A1

公开(公告)日：2013-08-15

申请号：US13879619

申请日：2010-12-22

Applicant: Zhiqiang Du ,  Manxia Tie ,  Guoqiang Zhang ,  Qin Li

Inventor： Zhiqiang Du ,  Manxia Tie ,  Guoqiang Zhang ,  Qin Li

IPC: H04L9/32

CPC classification number: H04L9/32 ,  H04L9/3271 ,  H04W12/06

Abstract: A method and a system for authenticating an entity based on a symmetric encryption algorithm are provided. The method includes the following steps: 1) an entity A sends an authentication request message to an entity B; 2) after receiving the authentication request message, the entity B sends an authentication response message to the entity A; 3) the entity A determines the validity of the entity B according to the received authentication response message. The implementation cost of the system can be reduced by using the authentication according to the invention.

Abstract translation: 提供了一种基于对称加密算法认证实体的方法和系统。 该方法包括以下步骤：1）实体A向实体B发送认证请求消息; 2）接收到认证请求报文后，实体B向实体A发送认证响应消息; 3）实体A根据收到的认证响应消息确定实体B的有效性。 通过使用根据本发明的认证可以减少系统的实现成本。

公开(公告)号：US09450756B2

公开(公告)日：2016-09-20

申请号：US13879619

申请日：2010-12-22

Applicant: Zhiqiang Du ,  Manxia Tie ,  Guoqiang Zhang ,  Qin Li

Inventor： Zhiqiang Du ,  Manxia Tie ,  Guoqiang Zhang ,  Qin Li

IPC: H04L9/32 ,  H04W12/06

CPC classification number: H04L9/32 ,  H04L9/3271 ,  H04W12/06

Abstract: A method and a system for authenticating an entity based on a symmetric encryption algorithm are provided. The method includes the following steps: 1) an entity A sends an authentication request message to an entity B; 2) after receiving the authentication request message, the entity B sends an authentication response message to the entity A; 3) the entity A determines the validity of the entity B according to the received authentication response message. The implementation cost of the system can be reduced by using the authentication according to the invention.

Abstract translation: 提供了一种基于对称加密算法认证实体的方法和系统。 该方法包括以下步骤：1）实体A向实体B发送认证请求消息; 2）接收到认证请求报文后，实体B向实体A发送认证响应消息; 3）实体A根据收到的认证响应消息确定实体B的有效性。 通过使用根据本发明的认证可以减少系统的实现成本。

公开(公告)号：US20130283044A1

公开(公告)日：2013-10-24

申请号：US13995593

申请日：2011-06-17

Applicant: Manxia Tie ,  Qin Li ,  Zhiqiang Du

Inventor： Manxia Tie ,  Qin Li ,  Zhiqiang Du

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L63/0428 ,  H04L9/08 ,  H04L63/06 ,  H04L63/162

Abstract: A switch equipment and data processing method for supporting link layer security transmission are provided. The switch equipment for supporting link layer security transmission comprises a switch module and multiple port modules, each port module is electrically connected with the switch module respectively; the port module supports a link layer key management capability, and is used for establishing a share key for encrypting and decrypting data frames between the switch equipment and other network nodes.

Abstract translation: 提供了用于支持链路层安全传输的交换机设备和数据处理方法。 用于支持链路层安全传输的交换机设备包括交换机模块和多个端口模块，每个端口模块分别与交换机模块电连接; 端口模块支持链路层密钥管理功能，用于建立共享密钥，用于加密和解密交换机设备与其他网络节点之间的数据帧。

公开(公告)号：US20120151554A1

公开(公告)日：2012-06-14

申请号：US13391051

申请日：2009-12-23

Applicant: Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

Inventor： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/205

Abstract: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

Abstract translation: 本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

公开(公告)号：US09264405B2

公开(公告)日：2016-02-16

申请号：US13995593

申请日：2011-06-17

Applicant: Manxia Tie ,  Qin Li ,  Zhiqiang Du

Inventor： Manxia Tie ,  Qin Li ,  Zhiqiang Du

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L63/0428 ,  H04L9/08 ,  H04L63/06 ,  H04L63/162

Abstract: A switch equipment and data processing method for supporting link layer security transmission are provided. The switch equipment for supporting link layer security transmission comprises a switch module and multiple port modules, each port module is electrically connected with the switch module respectively; the port module supports a link layer key management capability, and is used for establishing a share key for encrypting and decrypting data frames between the switch equipment and other network nodes.

Abstract translation: 提供了用于支持链路层安全传输的交换机设备和数据处理方法。 用于支持链路层安全传输的交换机设备包括交换机模块和多个端口模块，每个端口模块分别与交换机模块电连接; 端口模块支持链路层密钥管理功能，用于建立共享密钥，用于加密和解密交换机设备与其他网络节点之间的数据帧。

公开(公告)号：US08689283B2

公开(公告)日：2014-04-01

申请号：US13391051

申请日：2009-12-23

Applicant: Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

Inventor： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/205

Abstract: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

Abstract translation: 本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

公开(公告)号：US20130232551A1

公开(公告)日：2013-09-05

申请号：US13884749

申请日：2011-06-24

Applicant: Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qin Li

Inventor： Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qin Li

IPC: H04L29/06

CPC classification number: H04L63/12 ,  H04L9/3255 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/0853

Abstract: The present invention discloses a method for anonymous entity identification, which comprises the following steps: an entity A transmits an RA and an IGA to an entity B; the entity B returns an RB, an IGB and a TokenBA to the entity A; the entity A sends an RA′, the RB, the IGA and the IGB to a credible third-party TP; the credible third-party TP checks the validity of a first group and a second group according to the IGA and the IGB; the credible third-party TP returns an RESGA, an RESGB, and a TokenTA to the entity A, or returns the RESGA, the RESGA, a TokenTA1 and a TokenTA2 to the entity A; and the entity A performs a verification after receiving them; the entity A sends a TokenAB to the entity B; and the entity B performs the verification after receiving it. In the present invention, there is no need to send the identity information of the entity to be identified to an opposite terminal, so that anonymous identity identification is realized.

Abstract translation: 本发明公开了一种匿名实体识别方法，包括以下步骤：实体A向实体B发送RA和IGA; 实体B向实体A返回RB，IGB和TokenBA; 实体A将RA'，RB，IGA和IGB发送到可信的第三方TP; 可靠的第三方TP根据IGA和IGB检查第一组和第二组的有效性; 可信第三方TP向实体A返回RESGA，RESGB和TokenTA，或将RESGA，RESGA，TokenTA1和TokenTA2返回给实体A; 实体A在接收到验证后进行验证; 实体A向实体B发送TokenAB; 并且实体B在接收到该验证之后执行验证。 在本发明中，不需要将要识别的实体的身份信息发送到对方终端，从而实现匿名身份识别。

公开(公告)号：US20130159706A1

公开(公告)日：2013-06-20

申请号：US13814899

申请日：2011-04-27

Applicant: Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

Inventor： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

IPC: H04L9/08

CPC classification number: H04L9/0816 ,  H04L9/083 ,  H04L9/321 ,  H04L63/06 ,  H04L2463/062

Abstract: The present invention provides a secret communication method, apparatus and system. The method comprises: 1) determining a neighboring encryption switching equipment shared by a first user terminal and a second user terminal, wherein the first user terminal and the second user terminal are neighboring user terminals (1); 2) establishing, by the neighboring encryption switching equipment, an inter-station key for communication between the first user terminal and the second terminal (2); 3) performing data secret communication between the first user terminal and the second terminal by using the inter-station key (3). With the present invention, the neighboring user terminals needing to perform the secret communication can establish the inter-station key without performing identity authentication with each other, and can perform the secret communication with the inter-station key, and thereby the network load is reduced.

Abstract translation: 本发明提供一种秘密通信方法，装置和系统。 该方法包括：1）确定由第一用户终端和第二用户终端共享的相邻加密交换设备，其中第一用户终端和第二用户终端是相邻的用户终端（1）; 2）由相邻加密交换设备建立用于第一用户终端和第二终端（2）之间的通信的站间密钥; 3）使用站间密钥（3）执行第一用户终端与第二终端之间的数据秘密通信。 通过本发明，需要执行秘密通信的相邻用户终端可以建立站间密钥，而不进行彼此的身份认证，并且可以执行与站间密钥的秘密通信，从而减少网络负载 。

公开(公告)号：US09225728B2

公开(公告)日：2015-12-29

申请号：US13884749

申请日：2011-06-24

Applicant: Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qin Li

Inventor： Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qin Li

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/12 ,  H04L9/3255 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/0853

Abstract: The present invention discloses a method for anonymous entity identification, which comprises the following steps: an entity A transmits an RA and an IGA to an entity B; the entity B returns an RB, an IGB and a TokenBA to the entity A; the entity A sends an RA′, the RB, the IGA and the IGB to a credible third-party TP; the credible third-party TP checks the validity of a first group and a second group according to the IGA and the IGB; the credible third-party TP returns an RESGA, an RESGB, and a TokenTA to the entity A, or returns the RESGA, the RESGA, a TokenTA1 and a TokenTA2 to the entity A; and the entity A performs a verification after receiving them; the entity A sends a TokenAB to the entity B; and the entity B performs the verification after receiving it. In the present invention, there is no need to send the identity information of the entity to be identified to an opposite terminal, so that anonymous identity identification is realized.

Abstract translation: 本发明公开了一种匿名实体识别方法，包括以下步骤：实体A向实体B发送RA和IGA; 实体B向实体A返回RB，IGB和TokenBA; 实体A将RA'，RB，IGA和IGB发送到可信的第三方TP; 可靠的第三方TP根据IGA和IGB检查第一组和第二组的有效性; 可信第三方TP向实体A返回RESGA，RESGB和TokenTA，或将RESGA，RESGA，TokenTA1和TokenTA2返回给实体A; 实体A在接收到验证后进行验证; 实体A向实体B发送TokenAB; 并且实体B在接收到该验证之后执行验证。 在本发明中，不需要将要识别的实体的身份信息发送到对方终端，从而实现匿名身份识别。

公开(公告)号：US08850190B2

公开(公告)日：2014-09-30

申请号：US13814899

申请日：2011-04-27

Applicant: Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

Inventor： Qin Li ,  Jun Cao ,  Manxia Tie ,  Zhenhai Huang ,  Zhiqiang Du

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L9/0816 ,  H04L9/083 ,  H04L9/321 ,  H04L63/06 ,  H04L2463/062

Abstract: The present invention provides a secret communication method, apparatus and system. The method comprises: 1) determining a neighboring encryption switching equipment shared by a first user terminal and a second user terminal, wherein the first user terminal and the second user terminal are neighboring user terminals (1); 2) establishing, by the neighboring encryption switching equipment, an inter-station key for communication between the first user terminal and the second terminal (2); 3) performing data secret communication between the first user terminal and the second terminal by using the inter-station key (3). With the present invention, the neighboring user terminals needing to perform the secret communication can establish the inter-station key without performing identity authentication with each other, and can perform the secret communication with the inter-station key, and thereby the network load is reduced.

Abstract translation: 本发明提供一种秘密通信方法，装置和系统。 该方法包括：1）确定由第一用户终端和第二用户终端共享的相邻加密交换设备，其中第一用户终端和第二用户终端是相邻的用户终端（1）; 2）由相邻加密交换设备建立用于第一用户终端和第二终端（2）之间的通信的站间密钥; 3）使用站间密钥（3）执行第一用户终端与第二终端之间的数据秘密通信。 通过本发明，需要执行秘密通信的相邻用户终端可以建立站间密钥，而不进行彼此的身份认证，并且可以执行与站间密钥的秘密通信，从而减少网络负载 。