Patents by Inventor Xiaolong Lai
Xiaolong Lai has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8191113Abstract: A trusted network connect (TNC) system based on tri-element peer authentication (TePA) is provided. An network access requestor (NAR) of an access requestor (AR) is connected to a TNC client (TNCC), and the TNCC is connected to and integrity measurement collector (IMC1) through a integrity measurement collector interface (IF-IMC). An network access controller (NAC) of an access controller (AC) is connected to a TNC server (TNCS) in a data bearer manner. The TNCS is connected to an IMC2 through the IF-IMC. A user authentication service unit (UASU) of a policy manager (PM) is connected to a platform evaluation service unit (PESU) through an integrity measurement verifier interface (IF-IMV). Thus, the technical problems in the prior art of poor extensibility, complex key agreement process, and low security are solved.Type: GrantFiled: December 1, 2009Date of Patent: May 29, 2012Assignee: China Iwncomm Co., Ltd.Inventors: Yuelei Xiao, Jun Cao, Xiaolong Lai, Zhenhai Huang
-
Patent number: 8176325Abstract: A port based peer access control method, comprises the steps of: 1) enabling the authentication control entity; 2) two authentication control entities authenticating each other; 3) setting the status of the controlled port. The method may further comprise the steps of enabling the authentication server entity, two authentication subsystems negotiating the key. By modifying the asymmetry of background technique, the invention has advantages of peer control, distinguishable authentication control entity, good scalability, good security, simple key negotiation process, relatively complete system, high flexibility, thus the invention can satisfy the requirements of central management as well as resolve the technical issues of the prior network access control method, including complex process, poor security, poor scalability, so it provides essential guarantee for secure network access.Type: GrantFiled: February 21, 2006Date of Patent: May 8, 2012Assignee: China Iwncomm Co., Ltd.Inventors: Xiaolong Lai, Jun Cao, Bianling Zhang, Zhenhai Huang, Hong Guo
-
Publication number: 20120060205Abstract: The invention involves a method and a system for station (STA) switching when a wireless terminal point (WTP) completes wireless local area network (WLAN) privacy infrastructure (WPI) in a convergent WLAN. The method includes steps as follows. The STA implements re-association rebinding process with a target access controller (AC) over a target WTP. A base key is requested by the target AC from an associated AC. An associated WTP is informed to delete the STA by the associated AC, and the target WTP is informed to add the STA by the target AC. A session key is negotiated based on the requested base key by the STA and the target AC, and is synchronized between the target AC and the target WTP. The method enables fast and safe switching of the STA between WTPs under the control of different controllers in the convergent WLAN based on WAPI protocol.Type: ApplicationFiled: December 14, 2009Publication date: March 8, 2012Applicant: CHINA IWNCOMM CO., LTD.Inventors: Manxia Tie, Jun Cao, Zhiqiang Du, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20120054831Abstract: The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.Type: ApplicationFiled: December 7, 2009Publication date: March 1, 2012Applicant: CHINA IWNCOMM CO., LTD.Inventors: Zhiqiang Du, Jun Cao, Manxia Tie, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20120005718Abstract: Disclosed is a trusted network connect system for enhancing the security, the system including an access requester of the system network that connects to a policy enforcement point in the manner of authentication protocol, and network-connects to the access authorizer via a network authorization transport protocol interface, an integrity evaluation interface and an integrity measurement interface, a policy enforcement point network-connects to the access authorizer via a policy enforcement interface, an access authorizer network-connects to the policy manager via a user authentication authorization interface, a platform evaluation authorization interface and the integrity measurement interface, and an access requester network-connects to a policy manager via the integrity measurement interface.Type: ApplicationFiled: July 21, 2008Publication date: January 5, 2012Applicant: CHINA IWNCOMM CO, LTDInventors: Yuelei Xiao, Jun Cao, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20110314286Abstract: An access authentication method applying to IBSS network involves the following steps of: 1) performing authentication role configuration for network entities; 2) authenticating an authentication entity and a request entity that have been performed the authentication role configuration via an authentication protocol; and 3) after finishing the authentication, the authentication entity and the request entity perform the key negotiation, wherein, the message integrity check field and protocol synchronization lock-in field are added in a key negotiation message. The access authentication method applying to IBSS network provided by the invention has the advantages of the better safeness and the higher execution efficiency.Type: ApplicationFiled: October 30, 2008Publication date: December 22, 2011Applicant: CHINA IWNCOMM CO., LTD.Inventors: Manxia Tie, Jun Cao, Xiaolong Lai, Jiandong Li, Liaojun Pang, Zhenhai Huang
-
Publication number: 20110310771Abstract: A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by a wireless terminal point is constructed through separating the MAC function and the WAPI function of the wireless access point apart to the wireless terminal point and an access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the wireless terminal point realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller iType: ApplicationFiled: December 14, 2009Publication date: December 22, 2011Applicant: CHINA IWNCOMM CO., LTD.Inventors: Manxia Tie, Jun Cao, Zhiqiang Du, Xiaolong Lai, Li Ge, Zhenhai Huang
-
Publication number: 20110307621Abstract: A method for implementing a convergent Wireless Local Area Network (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture in a local Medium Access Control (MAC) mode is provided and includes the following steps: the MAC function and WAPI function of Access Point (AP) are divided between Wireless Terminal Point (WTP) and Access Controller (AC) to construct a local MAC mode; the convergence of WAPI protocol and the convergent WLAN network architecture is implemented in the local MAC mode; the process of association and connection between STAtion (STA), WTP and AC is performed; the process of notification of the beginning of the execution of the WLAN Authentication Infrastructure (WAI) protocol between AC and WTP is performed; the process of the execution of the WAI protocol between STA and AC is performed; the process of notification of the end of the execution of the WAI protocol between AC and WTP is performed; the process of encrypted communication between WTP and STA is performed by usType: ApplicationFiled: December 14, 2009Publication date: December 15, 2011Inventors: Xiaolong Lai, Jun Cao, Zhiqiang Du, Manxia Tie, Li Ge, Zhenhai Huang
-
Publication number: 20110307943Abstract: A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by an access controller is constructed through splitting the MAC function and the WAPI function of the wireless access point apart to a wireless terminal point and the access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the access controller realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed;Type: ApplicationFiled: December 14, 2009Publication date: December 15, 2011Applicant: CHINA IWNCOMM CO., LTD.Inventors: Zhiqiang Du, Jun Cao, Manxia Tie, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20110252239Abstract: The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.Type: ApplicationFiled: December 7, 2009Publication date: October 13, 2011Applicant: CHINA IWNCOMM CO., LTD.Inventors: Xiaolong Lai, Jun Cao, Yuelei Xiao, Manxia Tie, Zhenhai Huang, Bianlin Zhang, Yanan Hu
-
Publication number: 20110243330Abstract: An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.Type: ApplicationFiled: December 8, 2009Publication date: October 6, 2011Applicant: CHINA IWNCOMM CO., LTD.Inventors: Yanan Hu, Jun Cao, Yuelei Xiao, Manxia Tie, Zhenhai Huang, Xiaolong Lai
-
Publication number: 20110202992Abstract: A method for authenticating a trusted platform based on the Tri-element Peer Authentication (TePA). The method includes the following steps: A) a second attesting system sends the first message to a first attesting system; B) the first attesting system sends a second message to the second attesting system after receiving the first message; C) the second attesting system sends a third message to a Trusted Third Party (TTP) after receiving the second message; D) the TTP sends a fourth message to the second attesting system after receiving the third message; E) the second attesting system sends a fifth message to the first attesting system after receiving the fourth message; and F) the first attesting system performs an access control after receiving the fifth message.Type: ApplicationFiled: November 3, 2009Publication date: August 18, 2011Applicant: CHINA IWNCOMM CO., LTD.Inventors: Yuelei Xiao, Jun Cao, Li Ge, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20110191579Abstract: A trusted network connect method for enhancing security, it pre-prepares platform integrity information, sets an integrity verify demand. A network access requestor initiates an access request, a network access authority starts a process for bi-directional user authentication, begins to perform the triplex element peer authentication protocol with a user authentication service unit. After the success of the bi-directional user authentication, a TNC server and a TNC client perform bi-directional platform integrity evaluation. The network access requestor and the network access authority control ports according to their respective recommendations, implement the mutual access control of the access requestor and the access authority. The present invention solves the technical problems in the background technologies: the security is lower relatively, the access requestor may be unable to verify the validity of the AIK credential and the platform integrity evaluation is not parity.Type: ApplicationFiled: July 21, 2008Publication date: August 4, 2011Applicant: CHINA IWNCOMM CO, LTDInventors: Yuelei Xiao, Jun Cao, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20110162042Abstract: A trusted network management method of trusted network connections based on tri-element peer authentication. A trusted management proxy and a trusted management system are respectively installed and configured on a host to be managed and a management host, and are verified as local trusted.Type: ApplicationFiled: August 20, 2009Publication date: June 30, 2011Applicant: CHINA IWNCOMM CO., LTDInventors: Yuelei Xiao, Jun Cao, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20110145425Abstract: A trusted network management method based on TCPA/TCG trusted network connection is provided. A trusted management agent and a trusted management system are installed and configured on a managed host and a managing host respectively and verified to be creditable locally; when the managed host and the managing host have not yet connected into a trusted network, they connect into the trusted network separately by using a method based on TCPA/TCG trusted network connection and then performs authentication and key negotiation procedure between the trusted management agent and the trusted management system; when the managed host and the managing host have not yet performed the user authentication and key negotiation procedure, they perform user authentication and key negotiation procedure, then realize the remote creditability of the trusted management agent and the trusted management system, and finally, perform network management.Type: ApplicationFiled: August 20, 2009Publication date: June 16, 2011Applicant: China Iwncomm Co., Ltd.Inventors: Yuelei Xiao, Jun Cao, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20110145890Abstract: The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment.Type: ApplicationFiled: July 28, 2009Publication date: June 16, 2011Applicant: CHINA IWNCOMM CO., LTD.Inventors: Manxia Tie, Jun Cao, Yuelei Xiao, Zhenhai Huang, Xiaolong Lai
-
Publication number: 20110133902Abstract: An electronic label authenticating method is provided, the method includes: the electronic label receives an accessing authenticating request group sent by a reader-writer, the group carries a first parameter selected by the reader-writer; the electronic label sends a response group of the accessing authenticating to the reader-writer, the response group of the accessing authenticating includes the first parameter and a second parameter selected by the electronic label; the electronic label receives an acknowledgement group of the accessing authenticating feed back by the reader-writer; the electronic label validates the acknowledgement group of the accessing authenticating. An electronic label authenticating system is also provided, the system includes a reader-writer and an electronic label.Type: ApplicationFiled: July 24, 2009Publication date: June 9, 2011Applicant: China Iwncomm Co., Ltd.Inventors: Liaojun Pang, Manxia Tie, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20110133883Abstract: An anonymous authentication method based on a pre-shared key, a reader-writer, an electronic tag and an anonymous bidirectional authentication system are disclosed. The method comprises the following steps: 1) a reader-writer sends an accessing authentication requirement group to the electronic tag; 2) after the electronic tag receives the accessing authentication requirement group, an accessing authentication response group is constructed and sent to the reader-writer; 3) after the reader-writer receives the accessing authentication response group, an accessing authentication confirmation group is constructed and sent to the electronic tag; 4) the electronic tag carries out confirmation according to the accessing authentication confirmation group.Type: ApplicationFiled: July 28, 2009Publication date: June 9, 2011Applicant: CHINA IWNCOMM CO., LTD.Inventors: Liaojun Pang, Manxia Tie, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20110103589Abstract: A key distributing method, a public key of key distribution centre online updating method, a key distribution centre, a communication entity and a key management system. The system includes: communication entities, a carrying device, a key distribution centre and a database, wherein the carrying device carries or transports the information during the key distributing course and the public key online updating course, the database stores whether each communication entity registered secret service; the database connects with the key distribution centre, the key distribution centre connects with the carrying device, and the carrying device connects with each communication entity. Using the cipher technology of public key, a key distribution system is provided based on principle of three-element peer authentication (TePA).Type: ApplicationFiled: May 26, 2009Publication date: May 5, 2011Applicant: CHINA IWNCOMM CO., LTD.Inventors: Manxia Tie, Jun Cao, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20110078438Abstract: An entity bidirectional-identification method for supporting fast handoff involves three security elements, which includes two identification elements A and B and a trusted third party (TP). All identification entities of a same element share a public key certification or own a same public key. When any identification entity in identification element A and any identification entity in identification element B need to identify each other, if identification protocol has never been operated between the two identification elements that they belong to respectively, the whole identification protocol process will be operated; otherwise, interaction of identification protocol will be acted only between the two identification entities.Type: ApplicationFiled: May 27, 2009Publication date: March 31, 2011Inventors: Manxia Tie, Jun Cao, Zhenhai Huang, Xiaolong Lai