公开(公告)号：US20120151554A1

公开(公告)日：2012-06-14

申请号：US13391051

申请日：2009-12-23

Applicant: Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

Inventor： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/205

Abstract: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

Abstract translation: 本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

公开(公告)号：US08689283B2

公开(公告)日：2014-04-01

申请号：US13391051

申请日：2009-12-23

Applicant: Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

Inventor： Manxia Tie ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang ,  Qin Li ,  Zhiqiang Du

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/205

Abstract: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

Abstract translation: 本发明涉及有线局域网的安全访问控制方法和系统，该方法包括以下步骤：1）请求者（REQ）与认证接入控制器（AAC）协商安全策略; 2）请求者（REQ）和认证访问控制器（AAC）认证身份; 3）请求者（REQ）与认证接入控制器（AAC）协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络，电信网络等各种网络架构; 可扩展性好，支持多种认证方式; 支持不同安全级别的认证协议，满足各种用户的要求; 协议的子模块是独立的，灵活的，易于被接受或拒绝。

公开(公告)号：US20130232551A1

公开(公告)日：2013-09-05

申请号：US13884749

申请日：2011-06-24

Applicant: Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qin Li

Inventor： Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qin Li

IPC: H04L29/06

CPC classification number: H04L63/12 ,  H04L9/3255 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/0853

Abstract: The present invention discloses a method for anonymous entity identification, which comprises the following steps: an entity A transmits an RA and an IGA to an entity B; the entity B returns an RB, an IGB and a TokenBA to the entity A; the entity A sends an RA′, the RB, the IGA and the IGB to a credible third-party TP; the credible third-party TP checks the validity of a first group and a second group according to the IGA and the IGB; the credible third-party TP returns an RESGA, an RESGB, and a TokenTA to the entity A, or returns the RESGA, the RESGA, a TokenTA1 and a TokenTA2 to the entity A; and the entity A performs a verification after receiving them; the entity A sends a TokenAB to the entity B; and the entity B performs the verification after receiving it. In the present invention, there is no need to send the identity information of the entity to be identified to an opposite terminal, so that anonymous identity identification is realized.

Abstract translation: 本发明公开了一种匿名实体识别方法，包括以下步骤：实体A向实体B发送RA和IGA; 实体B向实体A返回RB，IGB和TokenBA; 实体A将RA'，RB，IGA和IGB发送到可信的第三方TP; 可靠的第三方TP根据IGA和IGB检查第一组和第二组的有效性; 可信第三方TP向实体A返回RESGA，RESGB和TokenTA，或将RESGA，RESGA，TokenTA1和TokenTA2返回给实体A; 实体A在接收到验证后进行验证; 实体A向实体B发送TokenAB; 并且实体B在接收到该验证之后执行验证。 在本发明中，不需要将要识别的实体的身份信息发送到对方终端，从而实现匿名身份识别。

公开(公告)号：US09225728B2

公开(公告)日：2015-12-29

申请号：US13884749

申请日：2011-06-24

Applicant: Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qin Li

Inventor： Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qin Li

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/12 ,  H04L9/3255 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/0853

Abstract: The present invention discloses a method for anonymous entity identification, which comprises the following steps: an entity A transmits an RA and an IGA to an entity B; the entity B returns an RB, an IGB and a TokenBA to the entity A; the entity A sends an RA′, the RB, the IGA and the IGB to a credible third-party TP; the credible third-party TP checks the validity of a first group and a second group according to the IGA and the IGB; the credible third-party TP returns an RESGA, an RESGB, and a TokenTA to the entity A, or returns the RESGA, the RESGA, a TokenTA1 and a TokenTA2 to the entity A; and the entity A performs a verification after receiving them; the entity A sends a TokenAB to the entity B; and the entity B performs the verification after receiving it. In the present invention, there is no need to send the identity information of the entity to be identified to an opposite terminal, so that anonymous identity identification is realized.

Abstract translation: 本发明公开了一种匿名实体识别方法，包括以下步骤：实体A向实体B发送RA和IGA; 实体B向实体A返回RB，IGB和TokenBA; 实体A将RA'，RB，IGA和IGB发送到可信的第三方TP; 可靠的第三方TP根据IGA和IGB检查第一组和第二组的有效性; 可信第三方TP向实体A返回RESGA，RESGB和TokenTA，或将RESGA，RESGA，TokenTA1和TokenTA2返回给实体A; 实体A在接收到验证后进行验证; 实体A向实体B发送TokenAB; 并且实体B在接收到该验证之后执行验证。 在本发明中，不需要将要识别的实体的身份信息发送到对方终端，从而实现匿名身份识别。

公开(公告)号：US08819778B2

公开(公告)日：2014-08-26

申请号：US13320469

申请日：2009-12-07

Applicant: Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

Inventor： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC: H04L29/06 ,  H04W12/06

CPC classification number: H04W36/0038 ,  H04L41/0803 ,  H04L63/205 ,  H04W12/06 ,  H04W92/12

Abstract: The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.

Abstract translation: 本发明的实施例涉及一种当WLAN隐私基础设施（WPI）由接入控制器（AC）执行时，在集中式无线局域网（WLAN）中切换台站的方法和系统。 该方法包括：步骤1：站通过目的无线终端（WTP）与AC重新关联; 步骤2：AC通知相关的WTP删除站; 步骤3：AC通知目的地WTP加入车站。 本发明基于在交换台处理过程中的无线接入点协议（CAPWAP）控制消息的控制和提供，实现了加入站和删除站之间的AC和WTP的操作。 因此，本发明可以在同一AC下的WTP之间快速，安全地实现站切换。

公开(公告)号：US20120054831A1

公开(公告)日：2012-03-01

申请号：US13320469

申请日：2009-12-07

Applicant: Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

Inventor： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC: H04W12/06 ,  H04W48/00 ,  H04W72/04

CPC classification number: H04W36/0038 ,  H04L41/0803 ,  H04L63/205 ,  H04W12/06 ,  H04W92/12

Abstract: The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.

Abstract translation: 本发明的实施例涉及一种当WLAN隐私基础设施（WPI）由接入控制器（AC）执行时，在集中式无线局域网（WLAN）中切换台站的方法和系统。 该方法包括：步骤1：站通过目的无线终端（WTP）与AC重新关联; 步骤2：AC通知相关的WTP删除站; 步骤3：AC通知目的地WTP加入车站。 本发明基于在交换台处理过程中的无线接入点协议（CAPWAP）控制消息的控制和提供，实现了加入站和删除站之间的AC和WTP的操作。 因此，本发明可以在同一AC下的WTP之间快速，安全地实现站切换。

公开(公告)号：US09325694B2

公开(公告)日：2016-04-26

申请号：US13884712

申请日：2011-07-11

Applicant: Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qiongwen Liang

Inventor： Zhiqiang Du ,  Manxia Tie ,  Xiaolong Lai ,  Qiongwen Liang

IPC: H04L9/32 ,  H04L29/06 ,  H04M3/42

CPC classification number: H04L63/0807 ,  H04L9/3213 ,  H04L9/3247 ,  H04L63/0421 ,  H04L2209/42 ,  H04M3/42008

Abstract: An anonymous entity authentication method includes the steps of: an entity B sending RB and IGB; an entity A sending RB, R′A, IGA and IGB to a trusted third party TP, the trusted third party TP checking a group GA and a group GB against IGA and IGB for legality; the trusted third party TP returning ResGA, ResGB and a token TokenTA or returning ResGA, ResGB, TokenTA1 and TokenTA2 to the entity A; the entity A sending TokenAB and IGA to the entity B for authentication by the entity B; and the entity B sending TokenBA to the entity A for authentication by the entity A. In this solution, anonymous entity authentication can be performed without passing identity information of the authenticated entity itself to the opposite entity. Furthermore this solution further relates to an anonymous entity authentication apparatus and a trusted third party.

Abstract translation: 匿名实体认证方法包括以下步骤：实体B发送RB和IGB; 实体A向受信任的第三方TP发送RB，R'A，IGA和IGB，可信第三方TP检查组GA，组GB对IGA和IGB进行合法性检查; 可信第三方TP返回ResGA，ResGB和令牌TokenTA或返回ResGA，ResGB，TokenTA1和TokenTA2到实体A; 实体A向实体B发送TokenAB和IGA以供实体B认证; 并且实体B向实体A发送TokenBA以进行实体A的认证。在该解决方案中，可以执行匿名实体认证，而不将认证实体本身的身份信息传递给相对实体。 此外，该解决方案还涉及匿名实体认证装置和可信第三方。

公开(公告)号：US09015331B2

公开(公告)日：2015-04-21

申请号：US13203646

申请日：2009-12-14

Applicant: Xiaolong Lai ,  Jun Cao ,  Zhiqiang Du ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

Inventor： Xiaolong Lai ,  Jun Cao ,  Zhiqiang Du ,  Manxia Tie ,  Li Ge ,  Zhenhai Huang

IPC: G06F15/16 ,  H04W12/06 ,  H04L29/06 ,  H04W84/12 ,  H04W12/04

CPC classification number: H04W12/06 ,  H04L63/062 ,  H04L63/065 ,  H04L63/08 ,  H04L63/10 ,  H04W12/04 ,  H04W84/12 ,  H04W88/08 ,  H04W88/12 ,  H04W92/12

Abstract: A method for implementing a convergent Wireless Local Area Network (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture in a local Medium Access Control (MAC) mode is provided and includes the following steps: the MAC function and WAPI function of Access Point (AP) are divided between Wireless Terminal Point (WTP) and Access Controller (AC) to construct a local MAC mode; the convergence of WAPI protocol and the convergent WLAN network architecture is implemented in the local MAC mode; the process of association and connection between Station (STA), WTP and AC is performed; the process of notification of the beginning of the execution of the WLAN Authentication Infrastructure (WAI) protocol between AC and WTP is performed; the process of the execution of the WAI protocol between STA and AC is performed; the process of notification of the end of the execution of the WAI protocol between AC and WTP is performed; the process of encrypted communication between WTP and STA is performed by use of WPI.

Abstract translation: 提供了一种在本地媒体访问控制（MAC）模式下实现融合无线局域网（WLAN）认证和隐私基础设施（WLAN）网络架构的方法，包括以下步骤：接入点的MAC功能和WAPI功能 AP）分为无线终端点（WTP）和接入控制器（AC）之间，构成本地MAC模式; WAPI协议和融合WLAN网络架构的融合在本地MAC模式下实现; 执行站（STA），WTP和AC之间的关联和连接的过程; 执行在AC和WTP之间通知WLAN认证基础设施（WAI）协议的开始的过程; 执行STA和AC之间的WAI协议的执行过程; 执行在AC和WTP之间通知WAI协议的执行结束的过程; WTP和STA之间的加密通信过程通过使用WPI进行。

公开(公告)号：US08855018B2

公开(公告)日：2014-10-07

申请号：US13203643

申请日：2009-12-14

Applicant: Manxia Tie ,  Jun Cao ,  Zhiqiang Du ,  Xiaolong Lai ,  Li Ge ,  Zhenhai Huang

Inventor： Manxia Tie ,  Jun Cao ,  Zhiqiang Du ,  Xiaolong Lai ,  Li Ge ,  Zhenhai Huang

IPC: H04L12/28 ,  H04W12/06 ,  H04W12/04 ,  H04W84/12

CPC classification number: H04W12/06 ,  H04W12/04 ,  H04W84/12

Abstract: A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by a wireless terminal point is constructed through separating the MAC function and the WAPI function of the wireless access point apart to the wireless terminal point and an access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the wireless terminal point realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station by using WPI.

Abstract translation: 用于实现具有分离式媒体接入控制（MAC）模式的融合无线局域网（WLAN）认证和隐私基础设施（WAPI）网络架构的方法包括以下步骤：用于通过以下方式实现WLAN隐私基础设施（WPI）的分割MAC模式 无线终端通过将无线接入点的MAC功能和WAPI功能分离到无线终端点和接入控制器来构建; 在无线终端实现WPI的分割MAC模式下实现WAPI和融合WLAN网络系统架构的集成; 在站点，无线终端点和访问控制器之间执行关联连接处理; 执行在接入控制器和无线终端点之间通知执行WLAN认证基础设施（WAI）协议的开始的过程; 执行在站点和访问控制器之间执行WAI协议的过程; 执行用于在接入控制器和无线终端点之间通知执行WAI协议的结束的过程; 通过使用WPI在无线终端点和站之间执行秘密通信处理。

公开(公告)号：US20110310771A1

公开(公告)日：2011-12-22

申请号：US13203643

申请日：2009-12-14

Applicant: Manxia Tie ,  Jun Cao ,  Zhiqiang Du ,  Xiaolong Lai ,  Li Ge ,  Zhenhai Huang

Inventor： Manxia Tie ,  Jun Cao ,  Zhiqiang Du ,  Xiaolong Lai ,  Li Ge ,  Zhenhai Huang

IPC: H04L12/28

CPC classification number: H04W12/06 ,  H04W12/04 ,  H04W84/12

Abstract: A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by a wireless terminal point is constructed through separating the MAC function and the WAPI function of the wireless access point apart to the wireless terminal point and an access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the wireless terminal point realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station by using WPI.

Abstract translation: 用于实现具有分离式媒体接入控制（MAC）模式的融合无线局域网（WLAN）认证和隐私基础设施（WAPI）网络架构的方法包括以下步骤：用于通过以下方式实现WLAN隐私基础设施（WPI）的分割MAC模式 通过将无线接入点的MAC功能和WAPI功能分离到无线终端点和接入控制器来构建无线终端点; 在无线终端实现WPI的分割MAC模式下实现WAPI和融合WLAN网络系统架构的集成; 在站点，无线终端点和访问控制器之间执行关联连接处理; 执行在接入控制器和无线终端点之间通知执行WLAN认证基础设施（WAI）协议的开始的过程; 执行在站点和访问控制器之间执行WAI协议的过程; 执行用于在接入控制器和无线终端点之间通知执行WAI协议的结束的过程; 通过使用WPI在无线终端点和站之间执行秘密通信处理。