| Patent application number | Description | Published |
|---|
| 20100250952 | TWO-WAY ACCESS AUTHENTICATION METHOD - A two-way access authentication method comprises: According to the system parameters pre-established by the third entity, the first entity sends the access authentication request packet to the second entity, then the second entity validates whether the signature of first entity is correct, and if yes, the share master key of second entity is calculated; the second entity generates the access authentication response packet and sends it to the first entity, then the first entity validates whether the signature of access authentication response packet and the message integrity check code are correct; if yes, the share master key of first entity is calculated; the first entity sends the access authentication acknowledge packet to the second entity, then the second entity validates the integrity of the access authentication acknowledge packet, if passing the validation, the share master key of first entity is consistent with that of the second entity, and the access authentication is achieved. For improving the security, after received the access authentication request packet sent by the first entity, the second entity may perform the identity validity validation and generates the access authentication response packet after passing the validation. | 09-30-2010 |
| 20100263023 | TRUSTED NETWORK ACCESS CONTROLLING METHOD BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network access controlling method based upon tri-element peer authentication comprises: Firstly initializing creditability collectors and a creditability verifier; then carrying out a tri-element peer authentication protocol among a network access requester, a network access controller and an authentication strategy server in a network access control layer to realize bi-directional user authentication between the access requester and the access controller; When authentication is successful or the locale strategy requires to carry out a when a platform creditability evaluation process, the TNC terminal, TNC server and evaluation strategy server in a trusted platform evaluation layer performing the tri-element peer authentication protocol to realize bi-directional platform creditability authentication between the access requester and the access controller; Finally the access requester and the access controller controlling ports according to the recommendation generated by the TNAC client terminal and the TNAC service terminal. The invention solves the technical problem about poor expandability in background, and further solves the problem about complex key negotiation and relatively low safety. | 10-14-2010 |
| 20100268954 | METHOD OF ONE-WAY ACCESS AUTHENTICATION - A method of one-way access authentication is disclosed. The method includes the following steps. According to system parameters set up by a third entity, a second entity sends an authentication request and key distribution grouping message to a first entity. The first entity verifies the validity of the message sent from the second entity, and if it is valid, the first entity generates authentication and key response grouping message and sends it to the second entity, which verifies the validity of the message sent from the first entity, and if it is valid, the second entity generates the authentication and key confirmation grouping message and sends the message to the first entity. The first entity verifies the validity of the authentication and key conformation grouping message, and if it is valid, the authentication succeeds and the key is regarded as the master key of agreement. | 10-21-2010 |
| 20100284534 | PACKET CIPHER ALGORITHM BASED ENCRYPTION PROCESSING DEVICE - A packet cipher algorithm based encryption processing device includes a key expand unit and an encryption unit. The key expand unit comprises a key expand unit data registration component and at least one key expand unit data conversion component. The encryption unit comprises an encryption unit data registration component and at least one encryption unit data conversion component, and the number of the encryption unit data conversion component is the same as that of the key expand unit data conversion component, and besides, they are one to one. A sub-key output of each key expand unit data conversion component connects the corresponding sub-key input of each encryption unit data conversion component to solve the technical problems that the encryption efficiency of the prior packet cipher algorithm based encryption processing device is low and the cost is high. The advantage of the present invention is reducing the resource consumption and further reducing the achievement cost of the device under the premise of keeping the high efficiency of the prior art. | 11-11-2010 |
| 20100293370 | AUTHENTICATION ACCESS METHOD AND AUTHENTICATION ACCESS SYSTEM FOR WIRELESS MULTI-HOP NETWORK - Authentication access method and authentication access system for wireless multi-hop network. Terminal equipment and coordinator have the capability of port control, the coordinator broadcasts a beacon frame, and the terminal equipment selects an authentication and key management suite and transmits a connecting request command to the coordinator. The coordinator performs authentication with the terminal equipment according to the authentication and key management suite which is selected by the terminal equipment, after authenticated, transmits a connecting response command to the terminal equipment. The terminal equipment and the coordinator control the port according to the authentication result, therefore the authenticated access for the wireless multi-hop network is realized. The invention solves the security problem of the wireless multi-hop network authentication method. | 11-18-2010 |
| 20100306839 | ENTITY BI-DIRECTIONAL IDENTIFICATOR METHOD AND SYSTEM BASED ON TRUSTABLE THIRD PARTY - An entity bi-directional identification method and system based on a trustable third party thereof are provided. The system comprises a first entity, which is for sending a first message to a second entity, sending a third message to a third entity after receiving a second message sent by the second entity, verifying the fourth message after receiving a fourth message sent by the third entity, sending a fifth message to the second entity after the verification is finished; the second entity, which is for receiving the first message sent by the first entity, sending the second message to the first entity, verifying the fifth message after receiving the fifth message sent by the first entity; the third entity, which is for receiving the third message sent by the first entity, checking if the first entity and the second entity are legal, implementing the pretreatment according to the checking result, sending the first entity the fourth message after the treatment is finished. | 12-02-2010 |
| 20110191579 | TRUSTED NETWORK CONNECT METHOD FOR ENHANCING SECURITY - A trusted network connect method for enhancing security, it pre-prepares platform integrity information, sets an integrity verify demand. A network access requestor initiates an access request, a network access authority starts a process for bi-directional user authentication, begins to perform the triplex element peer authentication protocol with a user authentication service unit. After the success of the bi-directional user authentication, a TNC server and a TNC client perform bi-directional platform integrity evaluation. The network access requestor and the network access authority control ports according to their respective recommendations, implement the mutual access control of the access requestor and the access authority. The present invention solves the technical problems in the background technologies: the security is lower relatively, the access requestor may be unable to verify the validity of the AIK credential and the platform integrity evaluation is not parity. The present invention may simplify the management of the key and the mechanism of integrity verification, expand the application scope of the trusted network connect. | 08-04-2011 |
| 20110202992 | METHOD FOR AUTHENTICATING A TRUSTED PLATFORM BASED ON THE TRI-ELEMENT PEER AUTHENTICATION(TEPA) - A method for authenticating a trusted platform based on the Tri-element Peer Authentication (TePA). The method includes the following steps: A) a second attesting system sends the first message to a first attesting system; B) the first attesting system sends a second message to the second attesting system after receiving the first message; C) the second attesting system sends a third message to a Trusted Third Party (TTP) after receiving the second message; D) the TTP sends a fourth message to the second attesting system after receiving the third message; E) the second attesting system sends a fifth message to the first attesting system after receiving the fourth message; and F) the first attesting system performs an access control after receiving the fifth message. The method for authenticating a trusted platform based on TePA of the present invention adopts the security architecture of TePA, and improves the safety of an evaluation agreement of the trusted platform, realizes the mutual evaluation of the trusted platform between the attesting systems, and extends the application ranges. | 08-18-2011 |
| 20110314286 | ACCESS AUTHENTICATION METHOD APPLYING TO IBSS NETWORK - An access authentication method applying to IBSS network involves the following steps of: 1) performing authentication role configuration for network entities; 2) authenticating an authentication entity and a request entity that have been performed the authentication role configuration via an authentication protocol; and 3) after finishing the authentication, the authentication entity and the request entity perform the key negotiation, wherein, the message integrity check field and protocol synchronization lock-in field are added in a key negotiation message. The access authentication method applying to IBSS network provided by the invention has the advantages of the better safeness and the higher execution efficiency. | 12-22-2011 |
| 20120005718 | TRUSTED NETWORK CONNECT SYSTEM FOR ENHANCING THE SECURITY - Disclosed is a trusted network connect system for enhancing the security, the system including an access requester of the system network that connects to a policy enforcement point in the manner of authentication protocol, and network-connects to the access authorizer via a network authorization transport protocol interface, an integrity evaluation interface and an integrity measurement interface, a policy enforcement point network-connects to the access authorizer via a policy enforcement interface, an access authorizer network-connects to the policy manager via a user authentication authorization interface, a platform evaluation authorization interface and the integrity measurement interface, and an access requester network-connects to a policy manager via the integrity measurement interface. | 01-05-2012 |
| 20120151554 | SECURITY ACCESS CONTROL METHOD AND SYSTEM FOR WIRED LOCAL AREA NETWORK - The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected. | 06-14-2012 |
| 20120159587 | METHOD AND SYSTEM FOR PRE-SHARED-KEY-BASED NETWORK SECURITY ACCESS CONTROL - A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester(REQ) and Authentication Access Controller(AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network. | 06-21-2012 |
| 20120198240 | METHOD AND SYSTEM FOR ENTITY PUBLIC KEY ACQUIRING, CERTIFICATE VALIDATION AND AUTHENTICATION BY INTRODUCING AN ONLINE CREDIBLE THIRD PARTY - A method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party is disclosed. The method includes the following steps: 1) an entity B transmits a message 1 to an entity A; 2) the entity A transmits a message 2 to a credible third party TP after receiving the message 1; 3) the credible third party TP determines the response RepTA after receiving the message 2; 4) the credible third party TP returns a message 3 to the entity A; 5) the entity A returns a message 4 to the entity B after receiving the message 3; 6) the entity B receives the message 4; 7) the entity B transmits a message 5 to the entity A; 8) the entity A receives the message 5. The present invention can achieve public key acquisition, certificate validation and authentication of the entity by integrating them in one protocol, thereby facilitate the execution efficiency and the effect of the protocol and facilitate the combination with various public key acquisition and public key certificate state enquiry protocols. The present invention suits with a “user-access point-server” access network structure to meet the authentication requirement of the access network. | 08-02-2012 |
| 20120254617 | METHOD AND SYSTEM FOR ESTABLISHING SECURITY CONNECTION BETWEEN SWITCH EQUIPMENTS - A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved. | 10-04-2012 |
| 20120257755 | METHOD AND SYSTEM FOR ESTABLISHING SECURE CONNECTION BETWEEN STATIONS - A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations. | 10-11-2012 |
| 20130016838 | MULTICAST KEY NEGOTIATION METHOD SUITABLE FOR GROUP CALLING SYSTEM AND A SYSTEM THEREOFAANM Hu; YananAACI Xi'anAACO CNAAGP Hu; Yanan Xi'an CNAANM Cao; JunAACI Xi'anAACO CNAAGP Cao; Jun Xi'an CNAANM Tie; ManxiaAACI Xi'anAACO CNAAGP Tie; Manxia Xi'an CNAANM Huang; ZhenhaiAACI Xi'anAACO CNAAGP Huang; Zhenhai Xi'an CN - The present invention discloses a multicast key negotiation method suitable for group calling system and a system thereof. The method includes that: a user terminal (UT) negotiates about a unicast key with a base station (BS), derives an information encryption key and an integrity verifying key according to the unicast key, and registers a service group identifier that the UT belongs to at the BS; the BS notifies the UT the multicast key of the service group that the UT needs to apply, constructs a multicast key notification packet, and sends it to the UT; after receiving the multicast key notification packet sent by the BS, the UT obtains the multicast key of the service group that the UT needs to apply by decrypting a service group key application list, constructs a multicast key confirmation packet, and sends it to the BS; the BS confirms that the multicast key of the UT service group is built successfully according to the multicast key confirmation packet sent by the UT. | 01-17-2013 |
| 20130080783 | METHOD FOR ESTABLISHING SECURE NETWORK ARCHITECTURE, METHOD AND SYSTEM FOR SECURE COMMUNICATION - A method for establishing a secure network architecture, a method and system for secure communication are provided. Said method for establishing a secure network architecture includes: 1) constructing the network architecture where the identities of nodes are legal, including: neighboring node discovery; performing identities certification and shared key negotiation between a node and the neighbor node; 2) constructing a secure switching device architecture, including: establishing a shared key between every two of the switch devices. | 03-28-2013 |
| 20140007231 | SWITCH ROUTE EXPLORING METHOD, SYSTEM AND DEVICE | 01-02-2014 |
| Patent application number | Description | Published |
|---|
| 20090319493 | PIPELINE ARCHITECTURE FOR A NETWORK DEVICE - Various example embodiments are disclosed. According to an example embodiment, an apparatus may include a plurality of search engine pipeline stages, each of the plurality of search engine pipeline stages being configured to submit a particular search request to a plurality of search engines. The apparatus may also include the plurality of search engines, each of said plurality of search engines being configured to provide search results to one or more of the plurality of search engine pipeline stages | 12-24-2009 |
| 20100046373 | TIMESTAMP METERING AND ROLLOVER PROTECTION IN A NETWORK DEVICE - A network device for processing data on a data network includes a plurality of ports, configured to receive data from a data network and to send processed data to the data network, a memory management unit configured store data on and retrieve data from the memory and a metering unit configured to police a flow of the processed data to be sent to the network device. The metering unit is configured to utilize a series of leaky bucket units, where tokens are added to each leaky bucket unit only when that particular leaky bucket unit is accessed. The metering unit is also configured to add the tokens based on a prior timestamp value, a current timing value and an established rate and a multiplication to establish the tokens is accomplished by shifting a register of the established rate. | 02-25-2010 |
| 20100202295 | PROGRAMMABLE METERING BEHAVIOR BASED ON A TABLE LOOKUP - A network device for processing data on a data network including a plurality of ports, configured to receive data from a data network and to send processed data to the data network via an egress port, a controller interface, configured to communicate with an external controller, a memory management unit, configured store data on and retrieve data from the memory and a metering unit, configured to police a flow of the processed data to be sent to the egress port. The metering unit further includes programmable registers, in communication with the controller interface, configured to be programmed through controller signals sent through the controller interface from the external controller, such at all aspects of the flow of the processed data may be controlled by the external controller. | 08-12-2010 |
| 20130318256 | DYNAMIC TABLE SHARING OF MEMORY SPACE WITHIN A NETWORK DEVICE - A network device for processing data on a data network includes a port interface configured to receive a data packet from a data network and to send a processed data packet to an egress port of the plurality of ports, a packet evaluation module configured to parse the received data packet and modify the received data packet to form the processed data packet and a search engine configured to perform searches of lookup tables using parsed data packet values and to return search results to the packet evaluation module to assist in modifying the received data packet. At least one lookup table shares at least two different types of entries in that same at least one lookup table, where the search engine is configured to distinguish between the at least two different types of entries in that same at least one lookup table. | 11-28-2013 |
| Patent application number | Description | Published |
|---|
| 20090255648 | PROTECTIVE DEVICE FOR PROTECTING THERMAL INTERFACE MATERIAL AND FASTENERS OF HEAT DISSIPATION DEVICE - A heat dissipation device assembly includes a heat dissipation device for dissipating heat from an electronic element and a protective device assembly. The heat dissipation device includes a base with fasteners extending therethrough, a plurality of fins arranged on a top of the base, and a heat conducting plate attached on a bottom of the base. A thermal interface material is spread on a bottom surface of the heat conducting plate. The protective device assembly includes a first cover attached to a bottom of the heat conducting plate and a second cover separated from the first cover and attached to a lateral side of the base. The first cover protects the thermal interface material from being contaminated and the second cover protects the fasteners from dropping from the base, when the heat dissipation device is transported. | 10-15-2009 |
| 20090310304 | HEAT DISSIPATION DEVICE - A heat dissipation device includes a first heat sink, a second heat sink located on the first heat sink, a third heat sink located on the second heat sink, and a heat conducting member formed by bending a flat, plate-like member and connecting the first, second and third heat sinks. The heat conducting member includes a heat absorbing section contacting with the first heat sink, and first and second heat dissipating sections extending inwards from upper ends of first and second connecting sections extending upwardly from two ends of the heat absorbing section, respectively. The first heat dissipating section is sandwiched between the first and second heat sinks, and the second heat dissipating section is sandwiched between the second and third heat sinks. A width of the first and second heat dissipating sections is identical to that of the second heat sink. | 12-17-2009 |
| 20100097763 | HEAT DISSIPATION DEVICE - A heat dissipation device adapted for cooling an electronic device mounted on a printed circuited board includes a heat spreader thermally contacting the electronic device, a fin assembly comprising a plurality of fins, a first heat pipe interconnecting the fin assembly and the heat spreader and a plurality of supporting posts inserted in the fin assembly. | 04-22-2010 |
| 20100155023 | HEAT DISSIPATION APPARATUS HAVING HEAT PIPES INSERTED THEREIN - A heat dissipation apparatus includes a base, a heat sink on the base, two heat pipes thermally connecting the base and the heat sink and a fan mounted in the heat sink. The heat sink comprises a first fin group placed on the base and a second fin group located on the first fin group. Each heat pipe comprises an evaporation section connected to the base, a condensation section and an adiabatic section interconnecting the evaporation section and the condensation section. The condensation sections of the heat pipes are sandwiched between the first and second fin groups and surround the fan. | 06-24-2010 |
