| Patent application number | Description | Published |
|---|
| 20080288777 | A Peer-to-Peer Access Control Method Based on Ports - A port based peer access control method, comprises the steps of: 1) enabling the authentication control entity; 2) two authentication control entities authenticating each other; 3) setting the status of the controlled port. The method may further comprise the steps of enabling the authentication server entity, two authentication subsystems negotiating the key. By modifying the asymmetry of background technique, the invention has advantages of peer control, distinguishable authentication control entity, good scalability, good security, simple key negotiation process, relatively complete system, high flexibility, thus the invention can satisfy the requirements of central management as well as resolve the technical issues of the prior network access control method, including complex process, poor security, poor scalability, so it provides essential guarantee for secure network access. | 11-20-2008 |
| 20090013378 | Method for Testing Safety Access Protocol Conformity of Access Point and Apparatus Thereof - The invention relates to a method and device for testing conformity of a secure access protocol at an access point. The method includes the steps of: capturing a data packet of a secure access protocol in a secure access authentication process at an access point under test; and analyzing and checking an encapsulation format of the captured data packet of the secure access protocol and a protocol flow. With the invention the test result is independent of the implementation of an upper-layer protocol, and a correct test result can be obtained regardless of deviant implementation of a reference equipment, to thereby improve correctness of the test result. With the invention, an error in the implementation of the protocol can also be located precisely in accordance with detailed information obtained from the data packet of the protocol, and a simulative test of a possible exception is introduced, thereby ensuring that a product which passes the test conforms to the standard and interoperability. | 01-08-2009 |
| 20090300358 | METHOD FOR MANAGING NETWORK KEY AND UPDATING SESSION KEY - A method for managing network key and updating session key is provided. The step of the key management includes: constructing key request group, constructing key negotiation response group, and constructing key negotiation acknowledgement group. The step of multicasting key management method includes multicasting main key negotiation protocol and multicasting session key distribution protocol. The multicasting main key negotiation protocol comprises key updating informs group, constructing encryption key negotiation request group, constructing key negotiation response group and constructing key negotiation acknowledgement group. The multicasting session key distribution protocol comprises multicasting session key request and multicasting session key distribution. | 12-03-2009 |
| 20090323930 | HIGH-EFFICIENT ENCRYPTION AND DECRYPTION PROCESSING METHOD FOR IMPLEMENTING SMS4 ALGORITHM - An encrypting/decrypting processing method for implementing SMS4 algorithm in high efficiency is provided. After preparing constant array, input external data into register section, firstly make primary data conversion and then make secondary data conversion, finally repeat data conversion course until complete all specified data conversion courses and obtain processing result of circulating data encryption/decryption. And it solves the technical problems of data conversion in the background technique that number of circulating times is large and encrypting efficiency is low, simplifying the chip design, largely optimizing integrity of chip signal and being able to improve interference immunity of system and reduce system cost. | 12-31-2009 |
| 20090327812 | METHOD, DEVICE AND COMPUTER ACCESSIBLE MEDIUM FOR SECURE ACCESS PROTOCOL CONFORMANCE TESTING ON AUTHENTICATION SERVER - Exemplary embodiments of a method, device and computer-accessible medium for secure access protocol conformance testing on an authentication service entity can be provided. According to one exemplary embodiment, it is possible to determine whether a certificate issued by the authentication service entity to be tested complies with a corresponding specification of a standard. An authentication requester can be simulated to send a certificate authentication request message to the authentication service entity to be tested. A certificate authentication response fed back from the authentication service entity to be tested can be captured. Further, a secure access protocol conformance testing result on the authentication service entity to be tested can be obtained by analyzing the certificate authentication response. | 12-31-2009 |
| 20100009656 | NETWORK ACCESS AUTHENTICATION AND AUTHORIZATION METHOD AND AN AUTHORIZATION KEY UPDATING METHOD - A network access authentication and authorization method includes the steps of: constructing an access and authorization request packet; constructing a certificate authentication request packet, constructing a certificate authentication response packet; constructing an access and authorization response packet; constructing an access and authorization acknowledgement packet. And an authorization key updating method includes the steps of: constructing an access and authorization request packet; constructing an access and authorization response packet; constructing an access and authorization acknowledgement packet. The invention resolves the security problem that a mobile terminal accesses a base station in the wideband wireless multimedia network, and realizes both bi-directional identity authentication of a mobile terminal and a base station and unidirectional identity authentication from a base station to a mobile terminal. The authorization key negotiation calculation is simple, and the key management is simply realized by using message acknowledgement manner. The invention is applied to the wired network and the wireless network, such as the wireless local area network, the wireless metropolitan area network, and the broadband wireless multimedia network etc. | 01-14-2010 |
| 20100031031 | SYSTEMS, METHODS AND COMPUTER-ACCESSIBLE MEDIA FOR ACQUIRING AND AUTHENTICATING PUBLIC KEY CERTIFICATE STATUS - Exemplary embodiments of systems, methods and computer-accessible medium can be provided for obtaining and verifying a public key certificate status. In particular, it is possible to construct and send a certificate query request, construct and send a combined certificate query request, construct and send a combined certificate status response, deliver a certificate status response, perform a verification by the general access point, and/or perform a verification by the user equipment. The exemplary embodiments address some of the deficiencies of conventional methods which have a complicated implementation as well as likely inability of such conventional methods to be applied to the network architecture of user equipment, a general access point and a server. The exemplary embodiments of the systems, methods and computer-accessible medium can obtain a user certificate status to provide certificate statuses of the user or the user equipment and the general access point when the user equipment accesses the network via the general access point. Message exchanges can be reduced, bandwidth and calculation resources can be saved, and higher efficiency can be achieved. According to another exemplary embodiment, by way of adding random numbers into the certificate query request and the combined certificate query request, as well as the message m, freshness of the certificate status response can be facilitated and even ensured, and security protection can be enhanced. | 02-04-2010 |
| 20100037302 | PEER-TO-PEER ACCESS CONTROL METHOD OF TRIPLE UNIT STRUCTURE - This invention relates to a peer-to-peer access control method of a triple-unit structure for safely implementing bidirectional authentication between the terminal and the network. According to the method, on the basis of the access control method of the existing double-unit triple-entity structure, the authenticator function is implemented in the access controller, and the authentication protocol function is implemented in the terminal and the access controller, so that the terminal, the access controller and the server all participate in the authentication, and the trust relationship is established between the terminal and the access controller directly, which renders security very reliable. The invention not only solves the technical problems of the access control method of the existing double-unit double-entity structure that the access flexibility is limited and the extension of the number of the access controllers is inconvenient, but also solves the technical problems of the existing access control method of the double-unit triple-entity structure that the process for establishing the trust relationship is complicated and the security of the network may be influenced, thus achieving advantages of high security performance, no requirement of changing existing network structures and relative independency of the authentication protocol. | 02-11-2010 |
| 20100077213 | TRUSTED NETWORK CONNECT SYSTEM BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network connect (TNC) system based on tri-element peer authentication (TePA) is provided. An network access requestor (NAR) of an access requestor (AR) is connected to a TNC client (TNCC), and the TNCC is connected to and integrity measurement collector (IMC | 03-25-2010 |
| 20100077454 | TRUSTED NETWORK CONNECT METHOD BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network connect (TNC) method based on tri-element peer authentication is provided, which includes the following steps. Platform integrity information is prepared in advance. An integrity verification requirement is predefined. A network access requestor initiates an access request to a network access controller. The network access controller starts a mutual user authentication process, and performs a tri-element peer authentication protocol with a user authentication serving unit. After the mutual user authentication is successful, a TNC client, a TNC server, and a platform evaluation serving unit implement platform integrity evaluation by using a tri-element peer authentication method. The network access requestor and the network access controller control ports according to recommendations received respectively, so as to implement mutual access control between the access requestor and the access controller. Thus, the technical problems in the prior art of poor extensibility, complex key agreement process, low security, and that platform integrity evaluation is not peer-to-peer are solved by the present invention. Through the method of the present invention, key management and integrity verification mechanisms of the TNC are simplified, and the range of applicability of the TNC is expanded. | 03-25-2010 |
| 20100083349 | METHOD FOR REALIZING TRUSTED NETWORK MANAGEMENT - A method for realizing trusted network management is provided. A trusted management agent resides on a managed host, and a trusted management system resides on a management host. The trusted management agent and the trusted management system are software modules, which are both based on a trusted computing platform and signed after being authenticated by a trusted third party of the trusted management agent and the trusted management system. Trusted platform modules of the managed host and the management host can perform integrity measurement, storage, and report for the trusted management agent and the trusted management system. Therefore, the managed host and the management host can ensure that the trusted management agent and the trusted management system are trustworthy. Then, the trusted management agent and the trusted management system execute a network management function, thus realizing the trusted network management. Therefore, the technical problem in the prior art that the network management security cannot be ensured due to the mutual attack between an agent, a host where the agent resides, and a manager system is solved, and trusted network management is realized. | 04-01-2010 |
| 20100251334 | TRUSTED NETWORK ACCESS CONTROL SYSTEM BASED TERNARY EQUAL IDENTIFICATION - A trusted network access control system based on ternary equal identification is provided. The system includes access requestor AR, access controller AC and policy manager PM as well as the protocol interface among them. The protocol interface between the AR and AC includes a trusted network transmission interface (IF-TNT) and IF-TNACCS interface between TNAC client and TNAC server. The protocol interface between the AC and PM includes an identification policy service interface IF-APS, evaluation policy service interface IF-EPS and a trust measurement interface IF-TM. The protocol interface between the AR and PM includes a trust measurement interface IF-TM. | 09-30-2010 |
| 20100254530 | BLOCK CIPHER ALGORITHM BASED ENCRYPTION PROCESSING METHOD - A block cipher algorithm based encryption processing method comprises the following steps: external key registration, external data registration, key expansion, data encryption conversion, internal data registration, and data iteration processing, which solves the problems of the prior ciphering method based on block cipher algorithm, such as low ciphering efficiency and high implementation cost, and efficiently reduces the resource consumption under the premise of keeping the high efficiency of the prior art, thereby reducing the implementation cost of the device. When the number of the conversion component is 1, the resource consumption is only about 60 percent of the prior art; and when the number of the conversion component is 2, the resource consumption is only about 70 percent of the prior art. The present invention increases a sub-key registration unit, which can reduce the critical paths and increase the clock dominant frequency of the ciphering equipment during the implementation of integrated circuits, thereby improving the ciphering capacity of the inventive method. | 10-07-2010 |
| 20100262832 | ENTITY BIDIRECTIONAL AUTHENTICATION METHOD AND SYSTEM - An entity bidirectional authentication method and system, the method involves: the first entity sends the first message; the second entity sends the second message to the credible third party after receiving the said first message; the said credible third party returns the third message after receiving the second message; the said second entity sends the fourth message after receiving the third message and verifying it; the said first entity receives the said fourth message and verifies it, completes the authentication. Compared with the conventional authentication mechanism, the invention defines an on-line retrieval and authentication mechanism of a public key, realizes the centralized management for it, simplifies the operating condition of the protocol, and facilitates the application and implement. | 10-14-2010 |
| 20100293378 | METHOD, DEVICE AND SYSTEM OF ID BASED WIRELESS MULTI-HOP NETWORK AUTHENTICATION ACCESS - A method, device and system of ID based wireless multi-hop network authentication access are provided, which are used for security application protocol when the WAPI frame method (TePA, Triple-Element and Peer Authentication based access control method) is applied over the specific network including the wireless LAN, wireless WAN and wireless private network. The method includes the following steps: defining non-controlled port and controlled port; the coordinator broadcasts the beacon frame, the terminal device sends the connection request command; the coordinator and the terminal device perform the authentication procedure; the coordinator opens the controlled port and sends the connection response command at the same time if the authentication is successful; the terminal device receives the connection response command and opens the controlled port in order to access the network. The method of the present invention solves the technical problem of the presence of the security trouble in the present wireless multi-hop network authentication access method, improves the security and performance of accessing the wireless multi-hop network from the terminal device, and ensures the communication safety between the terminal device and the coordinator. | 11-18-2010 |
| 20100299519 | METHOD FOR MANAGING WIRELESS MULTI-HOP NETWORK KEY - A method for managing wireless multi-hop network key is applicable to a security application protocol when a WAPI frame method (TePA, an access control method based on the ternary peer-to-peer identification) is applied in a concrete network containing a Wireless Local Area Network, a Wireless Metropolitan Area Network AN and a Wireless Personal Area Network. The key management method of the present invention includes the steps of key generation, key distribution, key storage, key modification and key revocation. The present invention solves the technical problems that the prior pre-share-key based key management method is not suitable for larger networks and the PKI-based key management method is not suitable for wireless multi-hop networks; the public-key system and the ternary structure are adopted, thereby the security and the performance of the wireless multi-hop networks are improved. | 11-25-2010 |
| 20100316221 | SECURE TRANSMISSION METHOD FOR BROADBAND WIRELESS MULTIMEDIA NETWORK BROADCASTING COMMUNICATION - A secure transmission method for broadband wireless multimedia network broadcasting communication includes the following steps: a secure channel between big base station and small base station is established by utilizing security protocols; the big base station distributes a Broadcast Traffic Encryption Key to each small base station through the secure channel; the small base station transmits the Broadcast Traffic Encryption Key to the user passing the authentication and authorization. The above solution solves the problem of broadcast secure communication of the big base station working in the mixed covering mode of large and small cells, realizes the identification of not only the user but also the base station, and ensures that only the authorized user can receive broadcast service. | 12-16-2010 |
| 20110004767 | BIDIRECTIONAL ENTITY AUTHENTICATION METHOD BASED ON THE CREDIBLE THIRD PARTY - A bidirectional entity authentication method based on the credible third party includes the steps that: entity A receives message | 01-06-2011 |
| 20110029776 | WIRELESS PERSONAL AREA NETWORK ACCESS METHOD BASED ON PRIMITIVE - A wireless personal area network access method based on the primitive, includes: a coordinator broadcasts a beacon frame to the device which requests connecting to the wireless personal area network (WPAN), the beacon frame includes the authentication request information for the device and the authentication and a key management tool supported by the coordinator; the device authenticates the authentication request information, when the coordinator has an authentication request to the device, the coordinator and the device execute the authentication based on the primitive and obtains the conversation key. | 02-03-2011 |
| 20110055554 | WIRELESS PERSONAL AREA NETWORK ACCESSING METHOD - A wireless personal area network accessing method is provided, the method includes that: a coordinator broadcasts a beacon frame, the beacon frame includes the information about whether the coordinator sends an authentication requirement, the beacon frame also includes the authentication supported by the coordinator and key management package when a device receipts the authentication requirement, the device receives the beacon frame, the authentication between the coordinator and the device is made by using a authentication method corresponding to the authentication supported by the coordinator and key management package, when the device determines that the coordinator and the device is directly made according to the authentication result, or the association between the coordinator and the device is made after making session key negotiation. | 03-03-2011 |
| 20110055561 | ACCESS AUTHENTICATION METHOD SUITABLE FOR THE WIRE-LINE AND WIRELESS NETWORK - An access authentication method includes pre-establishing a security channel between the authentication server of the access point and the authentication server of the user terminal and performing the authentication process at user terminal and access point. The authentication process includes 1) the access point sending the authentication_activating message; 2) the user terminal sending the authentication server of user terminal request message; 3) the authentication server of the user terminal sending to the user terminal response message; and 4) completing the authentication. | 03-03-2011 |
| 20110055569 | ROAMING AUTHENTICATION METHOD BASED ON WAPI - A roaming authentication method based on WAPI. The present invention includes the steps of adopting a terminal and a wireless access point to initiate a WAPI security mechanism, relating the terminal to the wireless access point, and initiating a WAPI authentication process and so on. And a highly safe and convenient roaming authentication method based on WAPI is provided, so as to solve the technical problem that how the specific method of certificate roaming authentication is realized, the certificate of external network authentication server can not be obtained to establish a trustful relationship, and the terminal perhaps can not realize roaming authentication. | 03-03-2011 |
| 20110078438 | ENTITY BIDIRECTIONAL-IDENTIFICATION METHOD FOR SUPPORTING FAST HANDOFF - An entity bidirectional-identification method for supporting fast handoff involves three security elements, which includes two identification elements A and B and a trusted third party (TP). All identification entities of a same element share a public key certification or own a same public key. When any identification entity in identification element A and any identification entity in identification element B need to identify each other, if identification protocol has never been operated between the two identification elements that they belong to respectively, the whole identification protocol process will be operated; otherwise, interaction of identification protocol will be acted only between the two identification entities. Application of the present invention not only centralizes management of public key and simplifies protocol operation condition, but also utilizes the concept of security domain so as to reduce management complexity of public key, shorten identification time and satisfy fast handoff requirements on the premises of guaranteeing security characteristics such as one key for every pair of identification entities, one secret key for every identification and forward secrecy. | 03-31-2011 |
| 20110103589 | KEY DISTRIBUTING METHOD, PUBLIC KEY OF KEY DISTRIBUTION CENTRE ONLINE UPDATING METHOD AND DEVICE - A key distributing method, a public key of key distribution centre online updating method, a key distribution centre, a communication entity and a key management system. The system includes: communication entities, a carrying device, a key distribution centre and a database, wherein the carrying device carries or transports the information during the key distributing course and the public key online updating course, the database stores whether each communication entity registered secret service; the database connects with the key distribution centre, the key distribution centre connects with the carrying device, and the carrying device connects with each communication entity. Using the cipher technology of public key, a key distribution system is provided based on principle of three-element peer authentication (TePA). The system safely distributes the communication key to each pair entities to enable keys have PFS attribute, reduces the key management complexity of the system, and realizes online updating of the public key of the trusted third party i.e. key distribution centre. | 05-05-2011 |
| 20110126000 | METHOD FOR ACCESSING DATA SAFELY SUITABLE FOR ELECTRONIC TAG - A method for accessing data safely, which is suitable for the electronic tag with low performance, is provided. The method comprises the following steps: when performing a data writing process, the first read-write device encrypts the message MSG and then writes the message in the electronic tag; when performing a data reading process, the second read-write device sends a data request packet to the electronic tag; the electronic tag sends a data response packet to the second read-write device according to the data request packet; the second read-write device sends a key request packet to a trusted third party; the trusted third party verifies the validity of the identity of the second read-write device according to the key request packet, and sends a key response packet to the second read-write device upon the verification is passed; the second read-write device obtains the plain text of the electronic tag message MSG according to the key response packet. This invention can realize the safe access of the data of the electronic tag with low performance. | 05-26-2011 |
| 20110145425 | TRUSTED NETWORK MANAGEMENT METHOD BASED ON TCPA/TCG TRUSTED NETWORK CONNECTION - A trusted network management method based on TCPA/TCG trusted network connection is provided. A trusted management agent and a trusted management system are installed and configured on a managed host and a managing host respectively and verified to be creditable locally; when the managed host and the managing host have not yet connected into a trusted network, they connect into the trusted network separately by using a method based on TCPA/TCG trusted network connection and then performs authentication and key negotiation procedure between the trusted management agent and the trusted management system; when the managed host and the managing host have not yet performed the user authentication and key negotiation procedure, they perform user authentication and key negotiation procedure, then realize the remote creditability of the trusted management agent and the trusted management system, and finally, perform network management. | 06-16-2011 |
| 20110145890 | ACCESS METHOD SUITABLE FOR WIRELESS PERSONAL AREA NETWORK - The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods. | 06-16-2011 |
| 20110162042 | TRUSTED METWORK MANAGEMENT METHOD OF TRUSTED NETWORK CONNECTIONS BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network management method of trusted network connections based on tri-element peer authentication. A trusted management proxy and a trusted management system are respectively installed and configured on a host to be managed and a management host, and are verified as local trusted. When the host to be managed and the management host are not connected to the trusted network, they use the trusted network connection method based on the tri-element peer authentication to connect to the trusted network respectively, and subsequently perform the authentications and the cipher key negotiations of the trusted management proxy and the trusted management system; when the host to be managed and the management host have not completed the user authentication and the cipher key negotiation process, they use the tri-element peer authentication protocol to complete the user authentication and the cipher key negotiation process, then use the tri-element peer authentication protocol to implement the remote trust of the trusted management proxy and the trusted management system, and finally perform network management. The present invention can actively defend attacks, reinforce the safety of the trusted network management architecture, and realize the trusted network management of distributed control and centralized management. | 06-30-2011 |
