公开(公告)号：US20250071084A1

公开(公告)日：2025-02-27

申请号：US18724877

申请日：2022-12-09

Applicant: CHINA IWNCOMM CO., LTD.

Inventor： Jinfa GUO ,  Ming DU ,  Guoqiang ZHANG ,  Xiang YAN

IPC: H04L61/256

Abstract: The present application discloses an NAT detection method between network nodes, a device, and a storage medium. The method includes: a request node obtains first node information, takes the obtained first node information as payload data of an NAT detection request message or an NAT detection result request message, performs IP packet encapsulation on the NAT detection request message or the NAT detection result request message, performs protection processing on an NAT detection request packet obtained after encapsulation, sends the NAT detection request packet to a response node; and the response node performs deprotection processing on the received NAT detection request packet and obtains the payload data of the NAT detection request message or the NAT detection result request message, compares the obtained payload data with corresponding content in a first IP header of the NAT detection request packet, and determines an NAT detection result according to the comparison result.

公开(公告)号：US20250056228A1

公开(公告)日：2025-02-13

申请号：US18721918

申请日：2022-11-02

Applicant: CHINA IWNCOMM CO., LTD.

Inventor： Yucun TIAN ,  Long XIAO ,  Guoqiang ZHANG ,  Xiang YAN

IPC: H04W12/069

Abstract: A network access method and apparatus, relating to the technical field of communications. The method comprises: a terminal determining, according to a selected target network, an auxiliary network associated with the target network (S201); connecting the auxiliary network, and obtaining a digital certificate from the auxiliary network (S202), the digital certificate being used for accessing the target network; installing the digital certificate (S203); and accessing the target network by using the digital certificate (S204). According to the method, the digital certificate for accessing the target network is obtained on the basis of the auxiliary network, networking operation steps are simplified, and the usability is improved.

公开(公告)号：US20240056296A1

公开(公告)日：2024-02-15

申请号：US18259305

申请日：2021-12-21

Applicant: CHINA IWNCOMM CO., LTD.

Inventor： Manxia TIE ,  Jun CAO ,  Xiaorong ZHAO ,  Xiaolong LAI ,  Qin LI ,  Bianling ZHANG ,  Xiang YAN ,  Dandan MA

IPC: H04L9/08 ,  H04L9/30

CPC classification number: H04L9/088 ,  H04L9/30

Abstract: Disclosed in embodiments of the present application are an identity authentication method. Bidirectional or unidirectional identity authentication between an authentication access controller and a requesting device is implemented by using a pre-shared key, thereby laying a foundation for ensuring that a user accessing a network is legitimate and/or a network accessed by a user is legitimate, so as to implement secret communication between the requesting device and the authentication access controller. In addition, in an identity authentication process, a verified party performs calculation on information comprising the pre-shared key of two parties and random numbers respectively generated by the two parties to obtain an identity authentication key, and performs calculation on specified content by using the identity authentication key to obtain an identity authentication code of the verified party. According to the method for calculating an identity authentication code provided by the present application, key exchange calculation is combined, and the capability of resistance to dictionary brute-force attack or to quantum computing attack in the authentication process is enhanced by means of an ingenious detail design. Also disclosed in the embodiments of the present application are an authentication access controller, a requesting device, a storage medium, a program, and a program product.

公开(公告)号：US20210314170A1

公开(公告)日：2021-10-07

申请号：US16482463

申请日：2018-02-13

Applicant: CHINA IWNCOMM CO., LTD.

Inventor： Yuehui WANG ,  Bianling ZHANG ,  Manxia TIE ,  Xiaolong LAI ,  Qin LI ,  Weigang TONG ,  Guoqiang ZHANG ,  Zhiqiang DU ,  Xiang YAN

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: A method and device for managing a digital certificate are provided. A digital certificate requesting device negotiates with a digital certificate issuing device by using an acquired authorization code, to establish a security data channel and generate a security key, and messages can be encrypted with the generated data communication key during a process of message interaction between the digital certificate requesting device and the digital certificate issuing device, thereby effectively increasing the security in data transmission. The method and device are applicable for automatically requesting for, querying, updating, revoking a digital certificate and acquiring a digital certificate revocation list in various scenarios

公开(公告)号：US10243829B2

公开(公告)日：2019-03-26

申请号：US15309861

申请日：2015-04-17

Applicant: China IWNCOMM Co., LTD.

Inventor： Jun Cao ,  Qin Li ,  Yuehui Wang ,  Yanan Hu ,  Qi Pan ,  Bianling Zhang

IPC: G06F15/173 ,  H04L12/26 ,  H04L29/06

Abstract: A communication protocol testing method, a tested device and a testing platform. The method includes: the tested device and the reference device execute a communication protocol, a message sent and/or received during execution of the communication protocol serving as a first message, and the first message being encapsulated in a data encapsulation format of the communication protocol; the tested device encapsulates a part of data or all the data in the first message and/or known data of the tested device according to a unified data encapsulation format to generate a second message; and the testing platform acquires the second message, parses the acquired second message according to the unified data encapsulation format to obtain a part of data or all the data in the second message, executes testing items, and outputs testing results, thereby completing the test.

公开(公告)号：US20160191252A1

公开(公告)日：2016-06-30

申请号：US14911143

申请日：2014-08-14

Applicant: CHINA IWNCOMM CO., LTD.

Inventor： Zhiyong Li ,  Hongtao Wan ,  Xiang Yan

IPC: H04L9/32 ,  H04L9/30 ,  H04L9/08

CPC classification number: H04L9/3252 ,  H04L9/0861 ,  H04L9/3066

Abstract: Disclosed are a method and device for generating a digital signature. The method comprises: a device generating a digital signature parameter r that meets an effective determining condition; generating a digital signature parameter s according to the following formula s=((1+dA)−1·(r+k)−r)mod n, by using a private key dA, a random number k, r, and an elliptic curve parameter n, a value range of k being [1, n−1]; determining if the generated s is 0; if s is 0, regenerating r that meets the effective determining condition, and regenerating s by using dA, the regenerated k with the value range of [1, n−1] and the regenerated r and n, until s is not 0; converting data types of r and s that is not 0 into byte strings, to obtain a digital signature (r, s). According to the technical solutions provided by embodiments of this application, a digital signature parameter s is obtained by using a simplified calculation formula, and the number of times that big integers are calculated can be reduced, so that the calculation efficiency of generating a digital signature based on an SM2 digital signature generation algorithm is improved.

Abstract translation: 公开了一种用于生成数字签名的方法和装置。 该方法包括：产生满足有效判定条件的数字签名参数r的装置; 通过使用私钥dA，随机数k，r和椭圆形，根据以下公式s =（（1 + dA）-1·（r + k）-r）mod n生成数字签名参数s 曲线参数n，k的值范围为[1，n-1]; 确定生成的s是否为0; 如果s为0，则再生满足有效判定条件的r，并使用dA再生s，再生k的值范围为[1，n-1]，再生r和n，直到s不为0; 将不为0的r和s的数据类型转换为字节串，以获得数字签名（r，s）。 根据本申请实施例提供的技术方案，通过使用简化的计算公式获得数字签名参数s，并且可以减少计算大整数的次数，从而生成数字签名的计算效率 基于SM2数字签名生成算法得到改进。

公开(公告)号：US09374218B2

公开(公告)日：2016-06-21

申请号：US14408276

申请日：2013-06-09

Applicant: China IWNCOMM Co., LTD.

Inventor： Zhiyong Li ,  Jun Cao ,  Xiang Yan

IPC: G06F21/00 ,  H04L9/06 ,  G09C1/00 ,  H04L9/16 ,  H04L9/32

CPC classification number: H04L9/0631 ,  G09C1/00 ,  H04L9/065 ,  H04L9/16 ,  H04L9/3263 ,  H04L2209/122

Abstract: Disclosed are a method for conducting data encryption and decryption using a symmetric cryptography algorithm and a table look-up device. The method comprises: when it is determined that it is required to use S-boxes to look up a table in a symmetric cryptography algorithm, determining all types of S-boxes to be used; for each type of S-box, determining the total number Ni of the type of S-box, and when Ni is larger than 1, determining that the type of S-box meets a multiplexing condition; and when data encryption and decryption are conducted using the symmetric cryptography algorithm, multiplexing at least one type of S-box which meets the multiplexing condition. The present application can reduce the occupation by the symmetric cryptography algorithm of hardware resources under the condition of comparative shortage of hardware resources.

Abstract translation: 公开了使用对称加密算法和表查找装置进行数据加密和解密的方法。 该方法包括：当确定需要使用S盒来查找对称加密算法中的表时，确定要使用的所有类型的S盒; 对于每种类型的S盒，确定S盒类型的总数Ni，并且当Ni大于1时，确定S盒的类型满足多路复用条件; 并且当使用对称加密算法进行数据加密和解密时，复用满足复用条件的至少一种类型的S盒。 在硬件资源比较短缺的情况下，本应用可以减少硬件资源对称密码算法的占用。

公开(公告)号：US09047449B2

公开(公告)日：2015-06-02

申请号：US13819698

申请日：2010-12-21

Applicant: Zhiqiang Du ,  Manxia Tie ,  Yanan Hu ,  Zhenhai Huang

Inventor： Zhiqiang Du ,  Manxia Tie ,  Yanan Hu ,  Zhenhai Huang

IPC: G06F15/16 ,  G06F7/04 ,  G11C7/00 ,  H04L9/32 ,  G06F21/30 ,  H04L29/06

CPC classification number: G06F21/30 ,  H04L9/3273 ,  H04L63/08 ,  H04L63/0884 ,  H04L2209/805

Abstract: A method and a system for entity authentication in a resource-limited network are provided by the present invention. Said method comprises the following steps: 1) entity A sends an authentication request message to entity B; 2) after receiving the authentication request message, entity B sends an authentication response message to entity A; and 3) entity A determines the validity of entity B according to the received authentication response message. The authentication between entities in a resource-limited network can be implemented by the application of the present invention.

Abstract translation: 本发明提供了一种资源有限的网络中用于实体认证的方法和系统。 所述方法包括以下步骤：1）实体A向实体B发送认证请求消息; 2）接收认证请求消息后，实体B向实体A发送认证响应消息; 3）实体A根据收到的认证响应消息确定实体B的有效性。 可以通过本发明的应用来实现资源有限的网络中的实体之间的认证。

公开(公告)号：US08819778B2

公开(公告)日：2014-08-26

申请号：US13320469

申请日：2009-12-07

Applicant: Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

Inventor： Zhiqiang Du ,  Jun Cao ,  Manxia Tie ,  Xiaolong Lai ,  Zhenhai Huang

IPC: H04L29/06 ,  H04W12/06

CPC classification number: H04W36/0038 ,  H04L41/0803 ,  H04L63/205 ,  H04W12/06 ,  H04W92/12

Abstract: The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.

Abstract translation: 本发明的实施例涉及一种当WLAN隐私基础设施（WPI）由接入控制器（AC）执行时，在集中式无线局域网（WLAN）中切换台站的方法和系统。 该方法包括：步骤1：站通过目的无线终端（WTP）与AC重新关联; 步骤2：AC通知相关的WTP删除站; 步骤3：AC通知目的地WTP加入车站。 本发明基于在交换台处理过程中的无线接入点协议（CAPWAP）控制消息的控制和提供，实现了加入站和删除站之间的AC和WTP的操作。 因此，本发明可以在同一AC下的WTP之间快速，安全地实现站切换。

公开(公告)号：US08755528B2

公开(公告)日：2014-06-17

申请号：US13516257

申请日：2010-05-21

Applicant: Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

Inventor： Li Ge ,  Jun Cao ,  Manxia Tie ,  Qin Li ,  Xiaolong Lai

IPC: G06F21/00

Abstract: A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.