CHINA IWNCOMM CO., LTD. Patent applications |
Patent application number | Title | Published |
20150222427 | TWO-WAY KEY SWITCHING METHOD AND IMPLEMENTATION DEVICE - A two-way key switching method and an implementation device. The method includes: when acquiring a new key, any end in a communication link setting a new key transmitting direction to be unavailable and setting a new key receiving direction to be available; after it is presumed or determined that at least n opposite ends have acquired the new key and before an original key is invalid, the any end starting a first key switching process, to set the transmitting direction of the original key to be unavailable and set the new key transmitting direction to be available, where N≧n≧1, and N is the total number of receiving sides corresponding to the transmitting side; according to a protection identifier of data transmitted from the opposite end, the any end selecting a valid key to perform deprotection; and after the data is successfully deprotected with the new key for the first time, the any end starting a second key switching process, to set the receiving direction of the original key to be unavailable. By limiting the sequence of each end on a communication link to perform key switching, the present invention ensures that each end can correctly deprotect data transmitted from an opposite end. | 08-06-2015 |
20150222425 | ONE-WAY KEY SWITCHING METHOD AND IMPLEMENTATION DEVICE - A one-way key switching method and an implementation device. The method comprises: after obtaining a new key and before deducing or determining that at least n receivers obtain the new key, a sender setting the sending direction of the new key as unavailable and keeping the sending direction of an original key as available; after obtaining the new key and before deducing or determining that at least n receivers obtain the new key, before the original key is invalid, the sender starting up a key switching process, i.e. setting the sending direction of the original key as unavailable and setting the sending direction of the new key as available; where N≧n≧1, N is the total number of the receivers corresponding to the sender. | 08-06-2015 |
20150106898 | METHOD, DEVICE, AND SYSTEM FOR IDENTITY AUTHENTICATION - A method for identity authentication comprises: 1) a first authenticator transmitting to a second authenticator a first identity authentication message; 2) the second authenticator transmitting to the first authenticator a second identity authentication message; 3) the first authenticator transmitting to an authentication server a third identity authentication message; 4) the authentication server verifying the validity of a secure domain for the second authenticator on the basis of the third identity authentication message; 5) the authentication server transmitting to the first authenticator a fourth identity authentication message; and, 6) the first authenticator authenticating when the fourth identity authentication message is received. The identity authentication system mainly comprises: the first authenticator, the second authenticator, the secure domain for the second authenticator, and the authentication server. | 04-16-2015 |
20140007231 | SWITCH ROUTE EXPLORING METHOD, SYSTEM AND DEVICE | 01-02-2014 |
20130283045 | TERMINAL DEVICE CAPABLE OF LINK LAYER ENCRYPTION AND DECRYPTION AND DATA PROCESSING METHOD THEREOF - There are a terminal device capable of link layer encryption and decryption and a data process method thereof, and the terminal device includes a link layer processing module including a control module, a data frame encryption module, a data frame decryption module, a key management module, an algorithm module, a transmission port and a reception port; and the control module is connected with the transmission port through the data frame encryption module, the reception port is connected with the control module through the data frame decryption module, the control module is connected with the key management module, the data frame encryption module is connected with the data frame decryption module through the key management module, and the data frame encryption module is connected with the data frame decryption module through the algorithm module. | 10-24-2013 |
20130283044 | SWITCH EQUIPMENT AND DATA PROCESSING METHOD FOR SUPPORTING LINK LAYER SECURITY TRANSMISSION - A switch equipment and data processing method for supporting link layer security transmission are provided. The switch equipment for supporting link layer security transmission comprises a switch module and multiple port modules, each port module is electrically connected with the switch module respectively; the port module supports a link layer key management capability, and is used for establishing a share key for encrypting and decrypting data frames between the switch equipment and other network nodes. | 10-24-2013 |
20130232551 | METHOD AND DEVICE FOR ANONYMOUS ENTITY IDENTIFICATION - The present invention discloses a method for anonymous entity identification, which comprises the following steps: an entity A transmits an R | 09-05-2013 |
20130227289 | ANONYMOUS ENTITY AUTHENTICATION METHOD AND SYSTEM - An anonymous entity authentication method includes the steps of: an entity B sending RB and IGB; an entity A sending RB, R′A, IGA and IGB to a trusted third party TP, the trusted third party TP checking a group GA and a group GB against IGA and IGB for legality; the trusted third party TP returning ResGA, ResGB and a token TokenTA or returning ResGA, ResGB, TokenTA | 08-29-2013 |
20130205374 | METHOD AND SYSTEM FOR NETWORK ACCESS CONTROL - A method and a system for network access control are provided, which are based on cipher code mechanism. After a visitor has raised an access request, an access controller in the destination network processes the access request and initiates an authentication request on the visitor identity to an authentication server through the visitor. The access controller in the destination network accomplishes the authentication on the visitor identity according to the public authentication result of the authentication server transferred by the visitor, and performs according to the authorization policy the authorization management on the successfully authenticated visitor. The present invention solves the problem of incapableness of performing the access control when the access controller can not directly use the authentication service provided by the authentication server. The present invention can sufficiently satisfy the real application requirements of access control on visitor. | 08-08-2013 |
20130133030 | PLATFORM AUTHENTICATION STRATEGY MANAGEMENT METHOD AND DEVICE FOR TRUSTED CONNECTION ARCHITECTURE - Provided are a platform authentication strategy management method for trusted connection architecture (TCA), and the trusted network connection (TNC) client, TNC access point and evaluation strategy service provider for implementing the method in the TCA. In the embodiments of the present invention, the platform authentication strategy for the access requester can be configured in the TNC access point or the evaluation strategy service provider, and the platform authentication strategy for the access requester configured in the evaluation strategy service provider can be delivered to the TNC access point. Moreover, a component-type-level convergence platform evaluation strategy can be executed in the TNC access point or the evaluation strategy service provider, to ensure that the realization of the TCA platform authentication has good application extensibility. | 05-23-2013 |
20130080783 | METHOD FOR ESTABLISHING SECURE NETWORK ARCHITECTURE, METHOD AND SYSTEM FOR SECURE COMMUNICATION - A method for establishing a secure network architecture, a method and system for secure communication are provided. Said method for establishing a secure network architecture includes: 1) constructing the network architecture where the identities of nodes are legal, including: neighboring node discovery; performing identities certification and shared key negotiation between a node and the neighbor node; 2) constructing a secure switching device architecture, including: establishing a shared key between every two of the switch devices. | 03-28-2013 |
20130016838 | MULTICAST KEY NEGOTIATION METHOD SUITABLE FOR GROUP CALLING SYSTEM AND A SYSTEM THEREOFAANM Hu; YananAACI Xi'anAACO CNAAGP Hu; Yanan Xi'an CNAANM Cao; JunAACI Xi'anAACO CNAAGP Cao; Jun Xi'an CNAANM Tie; ManxiaAACI Xi'anAACO CNAAGP Tie; Manxia Xi'an CNAANM Huang; ZhenhaiAACI Xi'anAACO CNAAGP Huang; Zhenhai Xi'an CN - The present invention discloses a multicast key negotiation method suitable for group calling system and a system thereof. The method includes that: a user terminal (UT) negotiates about a unicast key with a base station (BS), derives an information encryption key and an integrity verifying key according to the unicast key, and registers a service group identifier that the UT belongs to at the BS; the BS notifies the UT the multicast key of the service group that the UT needs to apply, constructs a multicast key notification packet, and sends it to the UT; after receiving the multicast key notification packet sent by the BS, the UT obtains the multicast key of the service group that the UT needs to apply by decrypting a service group key application list, constructs a multicast key confirmation packet, and sends it to the BS; the BS confirms that the multicast key of the UT service group is built successfully according to the multicast key confirmation packet sent by the UT. | 01-17-2013 |
20120300939 | KEY MANAGEMENT AND NODE AUTHENTICATION METHOD FOR SENSOR NETWORK - A key management and node authentication method for a sensor network is disclosed. The method comprises the following steps of: 1) keys pre-distribution: before deploying the network, communication keys for establishing security connection between nodes are pre-distributed to all of nodes by a deployment server. 2) Keys establishment: after deploying the network, a pair key for the security connection is established between nodes, which includes the following steps of: 2.1) establishment of shared keys: the pair key is established between neighbor nodes in which the shared keys are existed; 2.2) path keys establishment: the pair key is established between the nodes in which there is no shared keys but there is a multi-hop security connection. 3) Node identity (ID) authentication: before formally communicating between nodes, the identity is authenticated so as to determine the legality and the validity of the identity of the other. It is possible for effectively resisting attacks such as wiretapping, tampering, and replaying and the like for the network communication, realizing the secret communication between the nodes, effectively saving resources of the nodes of the sensor network, and prolonging the service lift of the sensor network in the method. | 11-29-2012 |
20120278623 | METHOD AND SYSTEM FOR SECRET COMMUNICATION BETWEEN NODES - The present invention discloses a method and system for secret communication between nodes in a wired Local Area Network (LAN). The method of secret communication between nodes in the wired LAN includes the following steps: 1) a sharing key is established; 2) the route probe is exchanged; 3) the data communication is classified; 4) the secret communication is processed among the nodes. According to the different communication situations among the nodes, the method of secret communication between nodes provided in the present invention can process the classification and select an appropriate secret communication strategy; compared with per-hop encryption, the calculation load of the exchange equipment is reduced, and the transmission delay of data packets is shortened; compared with the method that inter-station keys are established in pairs of nodes in order to protect the communication secret, the key number is reduced, and the key management is simplified. | 11-01-2012 |
20120254617 | METHOD AND SYSTEM FOR ESTABLISHING SECURITY CONNECTION BETWEEN SWITCH EQUIPMENTS - A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved. | 10-04-2012 |
20120219149 | ENCRYPTION AND DECRYPTION PROCESSING METHOD, SYSTEM AND COMPUTER-ACCESSIBLE MEDIUM FOR ACHIEVING SMS4 CRYPTOGRAPHIC PROCEDURE - An encryption and decryption processing system for achieving SMS4 cryptographic procedure can be provided. The system includes a repeating encryption and decryption data processing device comprising a first constant array storing unit, a first data registering unit and a first data converting unit. The first constant array storing unit stores a first constant array and send it to N-data converting sub-units of the first data converting unit. The first data registering unit registers data, deliver the registered data to a first data converting sub-unit. The N-data converting sub-units perform a data conversion processing, and transmit the obtained conversion data to a next data converting sub-unit for subsequent processing until the data conversion processing processes are completed, a particular number of the completed processed being equal to a value of a data depth. | 08-30-2012 |
20120198240 | METHOD AND SYSTEM FOR ENTITY PUBLIC KEY ACQUIRING, CERTIFICATE VALIDATION AND AUTHENTICATION BY INTRODUCING AN ONLINE CREDIBLE THIRD PARTY - A method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party is disclosed. The method includes the following steps: 1) an entity B transmits a message 1 to an entity A; 2) the entity A transmits a message 2 to a credible third party TP after receiving the message 1; 3) the credible third party TP determines the response RepTA after receiving the message 2; 4) the credible third party TP returns a message 3 to the entity A; 5) the entity A returns a message 4 to the entity B after receiving the message 3; 6) the entity B receives the message 4; 7) the entity B transmits a message 5 to the entity A; 8) the entity A receives the message 5. The present invention can achieve public key acquisition, certificate validation and authentication of the entity by integrating them in one protocol, thereby facilitate the execution efficiency and the effect of the protocol and facilitate the combination with various public key acquisition and public key certificate state enquiry protocols. The present invention suits with a “user-access point-server” access network structure to meet the authentication requirement of the access network. | 08-02-2012 |
20120167190 | ENTITY AUTHENTICATION METHOD WITH INTRODUCTION OF ONLINE THIRD PARTY - An entity authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message | 06-28-2012 |
20120159169 | BIDIRECTIONAL ENTITY AUTHENTICATION METHOD WITH INTRODUCTION OF ONLINE THIRD PARTY - An entity bidirectional authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message | 06-21-2012 |
20120151554 | SECURITY ACCESS CONTROL METHOD AND SYSTEM FOR WIRED LOCAL AREA NETWORK - The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected. | 06-14-2012 |
20120114124 | METHOD FOR COMBINING AUTHENTICATION AND SECRET KEYS MANAGEMENT MECHANISM IN A SENSOR NETWORK - A method for combining authentication and secret keys management mechanism in a sensor network includes the following steps: 1) pre-distribution of the secret key, which includes 1.1) the pre-distribution of the communication secret key and 1.2) the pre-distribution of the initial broadcast message authentication secret key; 2) authentication, which includes 2.1) the authentication of the node identity and 2.2) the authentication of the broadcast message; and 3) negotiation of the session secret key by the nodes. | 05-10-2012 |
20120079561 | ACCESS CONTROL METHOD FOR TRI-ELEMENT PEER AUTHENTICATION CREDIBLE NETWORK CONNECTION STRUCTURE - An access control method for a TePA-based TNC architecture is provided, including: 1) performing encapsulation of user authentication protocol data and platform authentication protocol data in the TePA-based TNC architecture: 1.1) encapsulating the user authentication protocol data in a Data field of TAEP packets, and interacting with the TAEP packets between an access requestor and an access controller, and between the access controller and a policy manager, to perform mutual user authentication between the access requestor and the access controller, and establish a secure channel between the access requestor and the access controller; and 1.2) encapsulating the platform authentication protocol data in a Data field of TAEP packets, and, for platform authentication protocol data between the access requestor and the access controller, encapsulating a TAEP packet of the platform authentication protocol data in a Data field of another TAEP packet to form a nested encapsulation. | 03-29-2012 |
20120060205 | METHOD AND SYSTEM FOR STATION SWITCHING WHEN WIRELESS TERMINAL POINT COMPLETES WPI IN CONVERGENT WLAN - The invention involves a method and a system for station (STA) switching when a wireless terminal point (WTP) completes wireless local area network (WLAN) privacy infrastructure (WPI) in a convergent WLAN. The method includes steps as follows. The STA implements re-association rebinding process with a target access controller (AC) over a target WTP. A base key is requested by the target AC from an associated AC. An associated WTP is informed to delete the STA by the associated AC, and the target WTP is informed to add the STA by the target AC. A session key is negotiated based on the requested base key by the STA and the target AC, and is synchronized between the target AC and the target WTP. The method enables fast and safe switching of the STA between WTPs under the control of different controllers in the convergent WLAN based on WAPI protocol. | 03-08-2012 |
20120047555 | PLATFORM AUTHENTICATION METHOD SUITABLE FOR TRUSTED NETWORK CONNECT ARCHITECTURE BASED ON TRI-ELEMENT PEER AUTHENTICATION - The invention discloses a platform authentication method suitable for trusted network connect (TNC) architecture based on tri-element peer authentication (TePA). The method relates to a platform authentication protocol of tri-element peer authentication, and the protocol improves network security as compared with prior platform authentication protocols; in the platform authentication protocol of the TNC architecture based on TePA, a policy manager plays a role as a trusted third party, which is convenient for concentrated management, thus enhancing manageability; the invention relates to the platform authentication protocol of the TNC architecture based on TePA, has different implementation methods and is beneficial for different dispositions and realizations. | 02-23-2012 |
20120036553 | METHOD FOR ESTABLISHING TRUSTED NETWORK CONNECT FRAMEWORK OF TRI-ELEMENT PEER AUTHENTICATION - The present invention provides a method for establishing the trusted network connect framework of tri-element peer authentication. The method includes: the implement of trusted network transport interface (IF-TNT); the implement of authentication policy service interface (IF-APS); the implement of trusted network connect (TNC) client-TNC access point interface (IF-TNCCAP); the implement of evaluation policy service interface (IF-EPS); the implement of integrity measurement collector interface (IF-IMC); the implement of integrity measurement verifier interface (IF-IMV); and the implement of integrity measurement (IF-IM). The embodiments of the present invention can establish the trust of the terminals, implement the trusted network connect of the terminals, implement the trusted authentication among the terminals, implement the trusted management of the terminals, and establish the TNC framework based on tri-element peer authentication (TePA) by defining the interfaces. | 02-09-2012 |
20120005718 | TRUSTED NETWORK CONNECT SYSTEM FOR ENHANCING THE SECURITY - Disclosed is a trusted network connect system for enhancing the security, the system including an access requester of the system network that connects to a policy enforcement point in the manner of authentication protocol, and network-connects to the access authorizer via a network authorization transport protocol interface, an integrity evaluation interface and an integrity measurement interface, a policy enforcement point network-connects to the access authorizer via a policy enforcement interface, an access authorizer network-connects to the policy manager via a user authentication authorization interface, a platform evaluation authorization interface and the integrity measurement interface, and an access requester network-connects to a policy manager via the integrity measurement interface. | 01-05-2012 |
20110314286 | ACCESS AUTHENTICATION METHOD APPLYING TO IBSS NETWORK - An access authentication method applying to IBSS network involves the following steps of: 1) performing authentication role configuration for network entities; 2) authenticating an authentication entity and a request entity that have been performed the authentication role configuration via an authentication protocol; and 3) after finishing the authentication, the authentication entity and the request entity perform the key negotiation, wherein, the message integrity check field and protocol synchronization lock-in field are added in a key negotiation message. The access authentication method applying to IBSS network provided by the invention has the advantages of the better safeness and the higher execution efficiency. | 12-22-2011 |
20110310771 | METHOD FOR REALIZING CONVERGENT WAPI NETWORK ARCHITECTURE WITH SPLIT MAC MODE - A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by a wireless terminal point is constructed through separating the MAC function and the WAPI function of the wireless access point apart to the wireless terminal point and an access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the wireless terminal point realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station by using WPI. | 12-22-2011 |
20110307943 | METHOD FOR REALIZING CONVERGENT WAPI NETWORK ARCHITECTURE WITH SEPARATE MAC MODE - A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by an access controller is constructed through splitting the MAC function and the WAPI function of the wireless access point apart to a wireless terminal point and the access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the access controller realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station point by using WPI. | 12-15-2011 |
20110289562 | METHOD FOR ENHANCING THE SECURITY OF THE MULTICAST OR BROADCAST SYSTEM - A method for enhancing the security of the multicast or broadcast system comprises the following steps: after having established the system parameter, the base station receives the register request message transmitted by the terminal, and the register request message carries the device identity information of the terminal; the base station registers the terminal according to the register request message and transmits the authorization key to the terminal after successful registration. By the base station establishing the specific system parameter, generating and awarding the corresponding terminal's key based on the parameter, the embodiment of the present invention can construct a secure network system of multicast or broadcast effectively and solve the security problem of the multicast or broadcast from the base station to the terminal in the network system. | 11-24-2011 |
20110252239 | METHOD FOR PROTECTING THE FIRST MESSAGE OF SECURITY PROTOCOL - The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved. | 10-13-2011 |
20110243330 | AUTHENTICATION ASSOCIATED SUITE DISCOVERY AND NEGOTIATION METHOD - An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist. | 10-06-2011 |
20110239271 | TRUSTED NETWORK CONNECTION IMPLEMENTING METHOD BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network connection implementing method based on Tri-element Peer Authentication is provided in present invention, the method includes: step 1, configuring and initializing; step 2, requesting for network connection, wherein an access requester sends a network connection request to and access controller, and the access controller receives the network connection request; step 3, authenticating user ID; and step 4, authenticating a platform. The invention enhances the safety of the trusted network connection implementing method, widens the application range of the trusted network connection implementing method based on the Tri-element Peer Authentication, satisfies requirements of different network apparatuses and improves the efficiency of the trusted network connection implementing method based on the Tri-element Peer Authentication. The invention is not only applied to the trusted network connection of entities, but also applied to the trusted communication among the peer entities, and is further applied to the trusted management of the entities, thus the applicability of the trusted network connection implementing method based on the Tri-element Peer Authentication is improved. | 09-29-2011 |
20110238996 | TRUSTED NETWORK CONNECT HANDSHAKE METHOD BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network connect handshake method based on tri-element peer authentication is provided, which comprises the following steps. An access controller (AC) sends message | 09-29-2011 |
20110202992 | METHOD FOR AUTHENTICATING A TRUSTED PLATFORM BASED ON THE TRI-ELEMENT PEER AUTHENTICATION(TEPA) - A method for authenticating a trusted platform based on the Tri-element Peer Authentication (TePA). The method includes the following steps: A) a second attesting system sends the first message to a first attesting system; B) the first attesting system sends a second message to the second attesting system after receiving the first message; C) the second attesting system sends a third message to a Trusted Third Party (TTP) after receiving the second message; D) the TTP sends a fourth message to the second attesting system after receiving the third message; E) the second attesting system sends a fifth message to the first attesting system after receiving the fourth message; and F) the first attesting system performs an access control after receiving the fifth message. The method for authenticating a trusted platform based on TePA of the present invention adopts the security architecture of TePA, and improves the safety of an evaluation agreement of the trusted platform, realizes the mutual evaluation of the trusted platform between the attesting systems, and extends the application ranges. | 08-18-2011 |
20110194697 | MULTICASE KEY DISTRIBUTION METHOD, UPDATED METHOD, AND BASE STATION BASED ON UNICAST CONVERSATION KEY - A multicast key distribution method, an update method, and a base station based on unicast conversation key, the distribution method includes the following steps: 1) the base station composes groups of multicast key distribution; 2) the base station broadcasts the groups of multicast key distribution to all terminals; 3) the terminals acquire the multicast conversation key by calculating. The present invention solves the problem that the efficiency of the multicast key distribution based on unicast conversation key is low in the prior art, and provides a multicast key distribution method based on unicast conversation key. | 08-11-2011 |
20110191579 | TRUSTED NETWORK CONNECT METHOD FOR ENHANCING SECURITY - A trusted network connect method for enhancing security, it pre-prepares platform integrity information, sets an integrity verify demand. A network access requestor initiates an access request, a network access authority starts a process for bi-directional user authentication, begins to perform the triplex element peer authentication protocol with a user authentication service unit. After the success of the bi-directional user authentication, a TNC server and a TNC client perform bi-directional platform integrity evaluation. The network access requestor and the network access authority control ports according to their respective recommendations, implement the mutual access control of the access requestor and the access authority. The present invention solves the technical problems in the background technologies: the security is lower relatively, the access requestor may be unable to verify the validity of the AIK credential and the platform integrity evaluation is not parity. The present invention may simplify the management of the key and the mechanism of integrity verification, expand the application scope of the trusted network connect. | 08-04-2011 |
20110162042 | TRUSTED METWORK MANAGEMENT METHOD OF TRUSTED NETWORK CONNECTIONS BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network management method of trusted network connections based on tri-element peer authentication. A trusted management proxy and a trusted management system are respectively installed and configured on a host to be managed and a management host, and are verified as local trusted. When the host to be managed and the management host are not connected to the trusted network, they use the trusted network connection method based on the tri-element peer authentication to connect to the trusted network respectively, and subsequently perform the authentications and the cipher key negotiations of the trusted management proxy and the trusted management system; when the host to be managed and the management host have not completed the user authentication and the cipher key negotiation process, they use the tri-element peer authentication protocol to complete the user authentication and the cipher key negotiation process, then use the tri-element peer authentication protocol to implement the remote trust of the trusted management proxy and the trusted management system, and finally perform network management. The present invention can actively defend attacks, reinforce the safety of the trusted network management architecture, and realize the trusted network management of distributed control and centralized management. | 06-30-2011 |
20110145890 | ACCESS METHOD SUITABLE FOR WIRELESS PERSONAL AREA NETWORK - The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods. | 06-16-2011 |
20110145425 | TRUSTED NETWORK MANAGEMENT METHOD BASED ON TCPA/TCG TRUSTED NETWORK CONNECTION - A trusted network management method based on TCPA/TCG trusted network connection is provided. A trusted management agent and a trusted management system are installed and configured on a managed host and a managing host respectively and verified to be creditable locally; when the managed host and the managing host have not yet connected into a trusted network, they connect into the trusted network separately by using a method based on TCPA/TCG trusted network connection and then performs authentication and key negotiation procedure between the trusted management agent and the trusted management system; when the managed host and the managing host have not yet performed the user authentication and key negotiation procedure, they perform user authentication and key negotiation procedure, then realize the remote creditability of the trusted management agent and the trusted management system, and finally, perform network management. | 06-16-2011 |
20110133902 | ELECTRONIC LABEL AUTHENTICATING METHOD AND SYSTEM - An electronic label authenticating method is provided, the method includes: the electronic label receives an accessing authenticating request group sent by a reader-writer, the group carries a first parameter selected by the reader-writer; the electronic label sends a response group of the accessing authenticating to the reader-writer, the response group of the accessing authenticating includes the first parameter and a second parameter selected by the electronic label; the electronic label receives an acknowledgement group of the accessing authenticating feed back by the reader-writer; the electronic label validates the acknowledgement group of the accessing authenticating. An electronic label authenticating system is also provided, the system includes a reader-writer and an electronic label. | 06-09-2011 |
20110133883 | ANONYMOUS AUTHENTICATION METHOD BASED ON PRE-SHARED CIPHER KEY, READER-WRITER, ELECTRONIC TAG AND SYSTEM THEREOF - An anonymous authentication method based on a pre-shared key, a reader-writer, an electronic tag and an anonymous bidirectional authentication system are disclosed. The method comprises the following steps: 1) a reader-writer sends an accessing authentication requirement group to the electronic tag; 2) after the electronic tag receives the accessing authentication requirement group, an accessing authentication response group is constructed and sent to the reader-writer; 3) after the reader-writer receives the accessing authentication response group, an accessing authentication confirmation group is constructed and sent to the electronic tag; 4) the electronic tag carries out confirmation according to the accessing authentication confirmation group. | 06-09-2011 |
20110126000 | METHOD FOR ACCESSING DATA SAFELY SUITABLE FOR ELECTRONIC TAG - A method for accessing data safely, which is suitable for the electronic tag with low performance, is provided. The method comprises the following steps: when performing a data writing process, the first read-write device encrypts the message MSG and then writes the message in the electronic tag; when performing a data reading process, the second read-write device sends a data request packet to the electronic tag; the electronic tag sends a data response packet to the second read-write device according to the data request packet; the second read-write device sends a key request packet to a trusted third party; the trusted third party verifies the validity of the identity of the second read-write device according to the key request packet, and sends a key response packet to the second read-write device upon the verification is passed; the second read-write device obtains the plain text of the electronic tag message MSG according to the key response packet. This invention can realize the safe access of the data of the electronic tag with low performance. | 05-26-2011 |
20110103589 | KEY DISTRIBUTING METHOD, PUBLIC KEY OF KEY DISTRIBUTION CENTRE ONLINE UPDATING METHOD AND DEVICE - A key distributing method, a public key of key distribution centre online updating method, a key distribution centre, a communication entity and a key management system. The system includes: communication entities, a carrying device, a key distribution centre and a database, wherein the carrying device carries or transports the information during the key distributing course and the public key online updating course, the database stores whether each communication entity registered secret service; the database connects with the key distribution centre, the key distribution centre connects with the carrying device, and the carrying device connects with each communication entity. Using the cipher technology of public key, a key distribution system is provided based on principle of three-element peer authentication (TePA). The system safely distributes the communication key to each pair entities to enable keys have PFS attribute, reduces the key management complexity of the system, and realizes online updating of the public key of the trusted third party i.e. key distribution centre. | 05-05-2011 |
20110055569 | ROAMING AUTHENTICATION METHOD BASED ON WAPI - A roaming authentication method based on WAPI. The present invention includes the steps of adopting a terminal and a wireless access point to initiate a WAPI security mechanism, relating the terminal to the wireless access point, and initiating a WAPI authentication process and so on. And a highly safe and convenient roaming authentication method based on WAPI is provided, so as to solve the technical problem that how the specific method of certificate roaming authentication is realized, the certificate of external network authentication server can not be obtained to establish a trustful relationship, and the terminal perhaps can not realize roaming authentication. | 03-03-2011 |
20110055554 | WIRELESS PERSONAL AREA NETWORK ACCESSING METHOD - A wireless personal area network accessing method is provided, the method includes that: a coordinator broadcasts a beacon frame, the beacon frame includes the information about whether the coordinator sends an authentication requirement, the beacon frame also includes the authentication supported by the coordinator and key management package when a device receipts the authentication requirement, the device receives the beacon frame, the authentication between the coordinator and the device is made by using a authentication method corresponding to the authentication supported by the coordinator and key management package, when the device determines that the coordinator and the device is directly made according to the authentication result, or the association between the coordinator and the device is made after making session key negotiation. | 03-03-2011 |
20110029776 | WIRELESS PERSONAL AREA NETWORK ACCESS METHOD BASED ON PRIMITIVE - A wireless personal area network access method based on the primitive, includes: a coordinator broadcasts a beacon frame to the device which requests connecting to the wireless personal area network (WPAN), the beacon frame includes the authentication request information for the device and the authentication and a key management tool supported by the coordinator; the device authenticates the authentication request information, when the coordinator has an authentication request to the device, the coordinator and the device execute the authentication based on the primitive and obtains the conversation key. | 02-03-2011 |
20100306839 | ENTITY BI-DIRECTIONAL IDENTIFICATOR METHOD AND SYSTEM BASED ON TRUSTABLE THIRD PARTY - An entity bi-directional identification method and system based on a trustable third party thereof are provided. The system comprises a first entity, which is for sending a first message to a second entity, sending a third message to a third entity after receiving a second message sent by the second entity, verifying the fourth message after receiving a fourth message sent by the third entity, sending a fifth message to the second entity after the verification is finished; the second entity, which is for receiving the first message sent by the first entity, sending the second message to the first entity, verifying the fifth message after receiving the fifth message sent by the first entity; the third entity, which is for receiving the third message sent by the first entity, checking if the first entity and the second entity are legal, implementing the pretreatment according to the checking result, sending the first entity the fourth message after the treatment is finished. | 12-02-2010 |
20100299519 | METHOD FOR MANAGING WIRELESS MULTI-HOP NETWORK KEY - A method for managing wireless multi-hop network key is applicable to a security application protocol when a WAPI frame method (TePA, an access control method based on the ternary peer-to-peer identification) is applied in a concrete network containing a Wireless Local Area Network, a Wireless Metropolitan Area Network AN and a Wireless Personal Area Network. The key management method of the present invention includes the steps of key generation, key distribution, key storage, key modification and key revocation. The present invention solves the technical problems that the prior pre-share-key based key management method is not suitable for larger networks and the PKI-based key management method is not suitable for wireless multi-hop networks; the public-key system and the ternary structure are adopted, thereby the security and the performance of the wireless multi-hop networks are improved. | 11-25-2010 |
20100293370 | AUTHENTICATION ACCESS METHOD AND AUTHENTICATION ACCESS SYSTEM FOR WIRELESS MULTI-HOP NETWORK - Authentication access method and authentication access system for wireless multi-hop network. Terminal equipment and coordinator have the capability of port control, the coordinator broadcasts a beacon frame, and the terminal equipment selects an authentication and key management suite and transmits a connecting request command to the coordinator. The coordinator performs authentication with the terminal equipment according to the authentication and key management suite which is selected by the terminal equipment, after authenticated, transmits a connecting response command to the terminal equipment. The terminal equipment and the coordinator control the port according to the authentication result, therefore the authenticated access for the wireless multi-hop network is realized. The invention solves the security problem of the wireless multi-hop network authentication method. | 11-18-2010 |
20100284534 | PACKET CIPHER ALGORITHM BASED ENCRYPTION PROCESSING DEVICE - A packet cipher algorithm based encryption processing device includes a key expand unit and an encryption unit. The key expand unit comprises a key expand unit data registration component and at least one key expand unit data conversion component. The encryption unit comprises an encryption unit data registration component and at least one encryption unit data conversion component, and the number of the encryption unit data conversion component is the same as that of the key expand unit data conversion component, and besides, they are one to one. A sub-key output of each key expand unit data conversion component connects the corresponding sub-key input of each encryption unit data conversion component to solve the technical problems that the encryption efficiency of the prior packet cipher algorithm based encryption processing device is low and the cost is high. The advantage of the present invention is reducing the resource consumption and further reducing the achievement cost of the device under the premise of keeping the high efficiency of the prior art. | 11-11-2010 |
20100268954 | METHOD OF ONE-WAY ACCESS AUTHENTICATION - A method of one-way access authentication is disclosed. The method includes the following steps. According to system parameters set up by a third entity, a second entity sends an authentication request and key distribution grouping message to a first entity. The first entity verifies the validity of the message sent from the second entity, and if it is valid, the first entity generates authentication and key response grouping message and sends it to the second entity, which verifies the validity of the message sent from the first entity, and if it is valid, the second entity generates the authentication and key confirmation grouping message and sends the message to the first entity. The first entity verifies the validity of the authentication and key conformation grouping message, and if it is valid, the authentication succeeds and the key is regarded as the master key of agreement. | 10-21-2010 |
20100263023 | TRUSTED NETWORK ACCESS CONTROLLING METHOD BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network access controlling method based upon tri-element peer authentication comprises: Firstly initializing creditability collectors and a creditability verifier; then carrying out a tri-element peer authentication protocol among a network access requester, a network access controller and an authentication strategy server in a network access control layer to realize bi-directional user authentication between the access requester and the access controller; When authentication is successful or the locale strategy requires to carry out a when a platform creditability evaluation process, the TNC terminal, TNC server and evaluation strategy server in a trusted platform evaluation layer performing the tri-element peer authentication protocol to realize bi-directional platform creditability authentication between the access requester and the access controller; Finally the access requester and the access controller controlling ports according to the recommendation generated by the TNAC client terminal and the TNAC service terminal. The invention solves the technical problem about poor expandability in background, and further solves the problem about complex key negotiation and relatively low safety. | 10-14-2010 |
20100262832 | ENTITY BIDIRECTIONAL AUTHENTICATION METHOD AND SYSTEM - An entity bidirectional authentication method and system, the method involves: the first entity sends the first message; the second entity sends the second message to the credible third party after receiving the said first message; the said credible third party returns the third message after receiving the second message; the said second entity sends the fourth message after receiving the third message and verifying it; the said first entity receives the said fourth message and verifies it, completes the authentication. Compared with the conventional authentication mechanism, the invention defines an on-line retrieval and authentication mechanism of a public key, realizes the centralized management for it, simplifies the operating condition of the protocol, and facilitates the application and implement. | 10-14-2010 |
20100251334 | TRUSTED NETWORK ACCESS CONTROL SYSTEM BASED TERNARY EQUAL IDENTIFICATION - A trusted network access control system based on ternary equal identification is provided. The system includes access requestor AR, access controller AC and policy manager PM as well as the protocol interface among them. The protocol interface between the AR and AC includes a trusted network transmission interface (IF-TNT) and IF-TNACCS interface between TNAC client and TNAC server. The protocol interface between the AC and PM includes an identification policy service interface IF-APS, evaluation policy service interface IF-EPS and a trust measurement interface IF-TM. The protocol interface between the AR and PM includes a trust measurement interface IF-TM. | 09-30-2010 |
20100250952 | TWO-WAY ACCESS AUTHENTICATION METHOD - A two-way access authentication method comprises: According to the system parameters pre-established by the third entity, the first entity sends the access authentication request packet to the second entity, then the second entity validates whether the signature of first entity is correct, and if yes, the share master key of second entity is calculated; the second entity generates the access authentication response packet and sends it to the first entity, then the first entity validates whether the signature of access authentication response packet and the message integrity check code are correct; if yes, the share master key of first entity is calculated; the first entity sends the access authentication acknowledge packet to the second entity, then the second entity validates the integrity of the access authentication acknowledge packet, if passing the validation, the share master key of first entity is consistent with that of the second entity, and the access authentication is achieved. For improving the security, after received the access authentication request packet sent by the first entity, the second entity may perform the identity validity validation and generates the access authentication response packet after passing the validation. | 09-30-2010 |
20100250941 | WAPI UNICAST SECRET KEY NEGOTIATION METHOD - A WAPI unicast secret key negotiation method includes the following steps: 1 a authenticator entity adds a message integrity code onto a unicast secret key negotiation request packet, and transmits it to a authentication supplicant entity; 2 after the authentication supplicant entity receives the unicast secret key negotiation request packet, it performs validation, and it discards the packet directly if it is not correct; the authentication supplicant entity performs other validation if it is correct; when the validation is successful, it responds a unicast secret key negotiation response packet to the authenticator entity; 3 after the authenticator entity receives the unicast secret key negotiation response packet, it performs validation, if the validation is successful, it responds the unicast secret key negotiation acknowledge packet to the authentication supplicant entity; 4 after the authentication supplicant entity receives the unicast secret key negotiation acknowledge packet, it performs validation, if the validation is successful it negotiates and obtains a consistent unicast session secret key. The present invention resolves the DoS attacking problem which exists in the unicast secret key management protocol in the present WAPI security mechanism. | 09-30-2010 |
20100232597 | ENCRYPTION AND DECRYPTION PROCESSING METHOD, SYSTEM AND COMPUTER-ACCESSIBLE MEDIUM FOR ACHIEVING SMS4 CRYPTOGRAPHIC PROCEDURE - An encryption and decryption processing method of achieving SMS4 cryptographic algorithm and a system thereof are disclosed. Firstly, the method prepares constant arrays, inputs the external data into a data registering unit and deals with the first data conversion; secondly, deals with the second data conversion; thirdly, repeats the second data conversion, until completing all the prescribed data conversion, and then achieving the results of repeating encryption and decryption processing. | 09-16-2010 |
20100083349 | METHOD FOR REALIZING TRUSTED NETWORK MANAGEMENT - A method for realizing trusted network management is provided. A trusted management agent resides on a managed host, and a trusted management system resides on a management host. The trusted management agent and the trusted management system are software modules, which are both based on a trusted computing platform and signed after being authenticated by a trusted third party of the trusted management agent and the trusted management system. Trusted platform modules of the managed host and the management host can perform integrity measurement, storage, and report for the trusted management agent and the trusted management system. Therefore, the managed host and the management host can ensure that the trusted management agent and the trusted management system are trustworthy. Then, the trusted management agent and the trusted management system execute a network management function, thus realizing the trusted network management. Therefore, the technical problem in the prior art that the network management security cannot be ensured due to the mutual attack between an agent, a host where the agent resides, and a manager system is solved, and trusted network management is realized. | 04-01-2010 |
20100077454 | TRUSTED NETWORK CONNECT METHOD BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network connect (TNC) method based on tri-element peer authentication is provided, which includes the following steps. Platform integrity information is prepared in advance. An integrity verification requirement is predefined. A network access requestor initiates an access request to a network access controller. The network access controller starts a mutual user authentication process, and performs a tri-element peer authentication protocol with a user authentication serving unit. After the mutual user authentication is successful, a TNC client, a TNC server, and a platform evaluation serving unit implement platform integrity evaluation by using a tri-element peer authentication method. The network access requestor and the network access controller control ports according to recommendations received respectively, so as to implement mutual access control between the access requestor and the access controller. Thus, the technical problems in the prior art of poor extensibility, complex key agreement process, low security, and that platform integrity evaluation is not peer-to-peer are solved by the present invention. Through the method of the present invention, key management and integrity verification mechanisms of the TNC are simplified, and the range of applicability of the TNC is expanded. | 03-25-2010 |
20100077213 | TRUSTED NETWORK CONNECT SYSTEM BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network connect (TNC) system based on tri-element peer authentication (TePA) is provided. An network access requestor (NAR) of an access requestor (AR) is connected to a TNC client (TNCC), and the TNCC is connected to and integrity measurement collector (IMC | 03-25-2010 |
20100037302 | PEER-TO-PEER ACCESS CONTROL METHOD OF TRIPLE UNIT STRUCTURE - This invention relates to a peer-to-peer access control method of a triple-unit structure for safely implementing bidirectional authentication between the terminal and the network. According to the method, on the basis of the access control method of the existing double-unit triple-entity structure, the authenticator function is implemented in the access controller, and the authentication protocol function is implemented in the terminal and the access controller, so that the terminal, the access controller and the server all participate in the authentication, and the trust relationship is established between the terminal and the access controller directly, which renders security very reliable. The invention not only solves the technical problems of the access control method of the existing double-unit double-entity structure that the access flexibility is limited and the extension of the number of the access controllers is inconvenient, but also solves the technical problems of the existing access control method of the double-unit triple-entity structure that the process for establishing the trust relationship is complicated and the security of the network may be influenced, thus achieving advantages of high security performance, no requirement of changing existing network structures and relative independency of the authentication protocol. | 02-11-2010 |
20100031031 | SYSTEMS, METHODS AND COMPUTER-ACCESSIBLE MEDIA FOR ACQUIRING AND AUTHENTICATING PUBLIC KEY CERTIFICATE STATUS - Exemplary embodiments of systems, methods and computer-accessible medium can be provided for obtaining and verifying a public key certificate status. In particular, it is possible to construct and send a certificate query request, construct and send a combined certificate query request, construct and send a combined certificate status response, deliver a certificate status response, perform a verification by the general access point, and/or perform a verification by the user equipment. The exemplary embodiments address some of the deficiencies of conventional methods which have a complicated implementation as well as likely inability of such conventional methods to be applied to the network architecture of user equipment, a general access point and a server. The exemplary embodiments of the systems, methods and computer-accessible medium can obtain a user certificate status to provide certificate statuses of the user or the user equipment and the general access point when the user equipment accesses the network via the general access point. Message exchanges can be reduced, bandwidth and calculation resources can be saved, and higher efficiency can be achieved. According to another exemplary embodiment, by way of adding random numbers into the certificate query request and the combined certificate query request, as well as the message m, freshness of the certificate status response can be facilitated and even ensured, and security protection can be enhanced. | 02-04-2010 |
20100009656 | NETWORK ACCESS AUTHENTICATION AND AUTHORIZATION METHOD AND AN AUTHORIZATION KEY UPDATING METHOD - A network access authentication and authorization method includes the steps of: constructing an access and authorization request packet; constructing a certificate authentication request packet, constructing a certificate authentication response packet; constructing an access and authorization response packet; constructing an access and authorization acknowledgement packet. And an authorization key updating method includes the steps of: constructing an access and authorization request packet; constructing an access and authorization response packet; constructing an access and authorization acknowledgement packet. The invention resolves the security problem that a mobile terminal accesses a base station in the wideband wireless multimedia network, and realizes both bi-directional identity authentication of a mobile terminal and a base station and unidirectional identity authentication from a base station to a mobile terminal. The authorization key negotiation calculation is simple, and the key management is simply realized by using message acknowledgement manner. The invention is applied to the wired network and the wireless network, such as the wireless local area network, the wireless metropolitan area network, and the broadband wireless multimedia network etc. | 01-14-2010 |
20090300358 | METHOD FOR MANAGING NETWORK KEY AND UPDATING SESSION KEY - A method for managing network key and updating session key is provided. The step of the key management includes: constructing key request group, constructing key negotiation response group, and constructing key negotiation acknowledgement group. The step of multicasting key management method includes multicasting main key negotiation protocol and multicasting session key distribution protocol. The multicasting main key negotiation protocol comprises key updating informs group, constructing encryption key negotiation request group, constructing key negotiation response group and constructing key negotiation acknowledgement group. The multicasting session key distribution protocol comprises multicasting session key request and multicasting session key distribution. | 12-03-2009 |