Abstract: A method for a WLAN-enabled device to access to a network is provided, including the following steps. An intelligent terminal device acquires a key KEY1, encrypts, by using the KEY 1, access information of a wireless access device that is known by the intelligent terminal device, and then transmits the access information as well as the unique identification information. WLAN-enabled device sniffs and acquires the unique identification information and the encrypted access information, generates the KEY1 based on the unique identification information and a preset key material, and decrypts the encrypted access information by using the KEY1 to obtain the access information. The present invention further relates to a WLAN-enabled device for implementing the method and an intelligent terminal device.

Abstract: An entity authentication method includes: an entity A generates and sends NA to an entity B; the entity B generates NB and ZSEEDB, computes a key MKA?KEIA and first encrypted authentication data AuthEncDataB, and sends the NB?NA?AuthEncDataB to the entity A for verification; the entity A generates ZSEEDA, computes second encrypted authentication data AuthEncDataA, a shared key seed Z, a master key MK and a first message authentication identifier MacTagA, and sends the NA?NB?AuthEncDataA?MacTagA to the entity B for verification; the entity B computes Z, MK and MacTagA, compares the MacTagA with the received MacTagA, and if the two are equal, considers that the entity A is valid; the entity B computes and sends a second message authentication identifier MacTagB to the entity A; and the entity A computes MacTagB, compares the MacTagB with the received MacTagB, and if the two are equal, considers that the entity B is valid.

Abstract: A communication protocol testing method, a tested device and a testing platform. The method includes: the tested device and the reference device execute a communication protocol, a message sent and/or received during execution of the communication protocol serving as a first message, and the first message being encapsulated in a data encapsulation format of the communication protocol; the tested device encapsulates a part of data or all the data in the first message and/or known data of the tested device according to a unified data encapsulation format to generate a second message; and the testing platform acquires the second message, parses the acquired second message according to the unified data encapsulation format to obtain a part of data or all the data in the second message, executes testing items, and outputs testing results, thereby completing the test.

Abstract: A method and device device for authentication are provided. The method includes: a second authenticator transmitting to a first authenticator a first identity authentication message; the first authenticator transmitting to an authentication server a second identity authentication message; the authentication server verifying the validity of a secure domain where the second authenticator is at and of the first authenticator on the basis of the second identity authentication message; the authentication server returning to the first authenticator a third identity authentication message; the first authenticator transmitting to the second authenticator a fourth identity authentication message; the second authenticator proceeding to verification when the fourth identity authentication message is received; the second authenticator transmitting to the first authenticator a fifth identity authentication message; and the first authenticator proceeding when the fifth identity authentication message is received.

Abstract: A one-way key switching method and an implementation device. The method comprises: after obtaining a new key and before deducing or determining that at least n receivers obtain the new key, a sender setting the sending direction of the new key as unavailable and keeping the sending direction of an original key as available; after obtaining the new key and before deducing or determining that at least n receivers obtain the new key, before the original key is invalid, the sender starting up a key switching process, i.e. setting the sending direction of the original key as unavailable and setting the sending direction of the new key as available; where N?n?1, N is the total number of the receivers corresponding to the sender.

Abstract: A method and a system for authenticating an entity based on a symmetric encryption algorithm are provided. The method includes the following steps: 1) an entity A sends an authentication request message to an entity B; 2) after receiving the authentication request message, the entity B sends an authentication response message to the entity A; 3) the entity A determines the validity of the entity B according to the received authentication response message. The implementation cost of the system can be reduced by using the authentication according to the invention.

Abstract: In a digital certificate automatic application method, device and system, a digital certificate applicant notifies a digital certificate issuer of supported digital certificate generation methods. If a digital certificate issued by the issuer is available, then the issuer is notified of the existing digital certificate information. Otherwise, the issuer is notified of the certificate information required to be contained in a newly applied digital certificate. The issuer selects a digital certificate generation method from the digital certificate generation methods supported by the applicant, and notifies the applicant. If the applicant must apply for a new digital certificate, then the new digital certificate information is generated and the applicant is notified. Otherwise, the applicant is notified of the invalid digital certificate information. The applicant determines the digital certificate to be used according to the notification from the issuer.

Abstract: A method and a system for testing an authentication server. The method comprises: installing a certificate of an authentication server to be tested in a monitor console and installing a certificate of the monitor console in the authentication server to be tested; constructing and sending, by the monitor console, based on a configuration type of the authentication server to be tested, according to a roaming authentication protocol, roaming authentication protocol data to the authentication server to be tested; capturing response data sent by the authentication server to be tested, and performing comparative analysis to determine whether field information in the response data is consistent with locally stored respective information; and displaying that the authentication server to be tested is tested successfully in a case that the field information in the response data is completely consistent with the locally stored respective information; otherwise, displaying comparative analysis information.

Abstract: Disclosed are a method and device for generating a digital signature. The method comprises: a device generating a digital signature parameter r that meets an effective determining condition; generating a digital signature parameter s according to the following formula s=((1+dA)?1·(r+k)?r)mod n, by using a private key dA, a random number k, r, and an elliptic curve parameter n, a value range of k being [1, n?1]; determining if the generated s is 0; if s is 0, regenerating r that meets the effective determining condition, and regenerating s by using dA, the regenerated k with the value range of [1, n?1] and the regenerated r and n, until s is not 0; converting data types of r and s that is not 0 into byte strings, to obtain a digital signature (r, s).

Abstract: Disclosed are a method for conducting data encryption and decryption using a symmetric cryptography algorithm and a table look-up device. The method comprises: when it is determined that it is required to use S-boxes to look up a table in a symmetric cryptography algorithm, determining all types of S-boxes to be used; for each type of S-box, determining the total number Ni of the type of S-box, and when Ni is larger than 1, determining that the type of S-box meets a multiplexing condition; and when data encryption and decryption are conducted using the symmetric cryptography algorithm, multiplexing at least one type of S-box which meets the multiplexing condition. The present application can reduce the occupation by the symmetric cryptography algorithm of hardware resources under the condition of comparative shortage of hardware resources.

Abstract: Provided is an air interface security method. In the process of protocol transmission, the method executes: 1) a short-range coupling device sending a security parameter request message to a short-range card; 2) after receiving the security parameter request message, the short-range card conduct security parameter feedback on the short-range coupling device; and 3) the short-range coupling device and the short-range card establish a security link according to a security parameter. Provided are a short-range coupling device, a short-range card, etc. for achieving the method. By introducing a security mechanism, the present invention provides a security protection capability for an air interface, can provide identity authentication for a short-range coupling device and a short-range card to ensure the validity and authenticity of the identities of both sides in the communications, and at the same time, will not bring additional hardware overhead to the short-range coupling device and the short-range card.

Abstract: An anonymous entity authentication method includes the steps of: an entity B sending RB and IGB; an entity A sending RB, R?A, IGA and IGB to a trusted third party TP, the trusted third party TP checking a group GA and a group GB against IGA and IGB for legality; the trusted third party TP returning ResGA, ResGB and a token TokenTA or returning ResGA, ResGB, TokenTA1 and TokenTA2 to the entity A; the entity A sending TokenAB and IGA to the entity B for authentication by the entity B; and the entity B sending TokenBA to the entity A for authentication by the entity A. In this solution, anonymous entity authentication can be performed without passing identity information of the authenticated entity itself to the opposite entity. Furthermore this solution further relates to an anonymous entity authentication apparatus and a trusted third party.

Abstract: The invention relates to the technical field of information, and disclosed in the present invention are a key negotiation method and apparatus according to the SM2 key exchange protocol. The method is implemented as follows: two negotiation parties both calculate a parameter W according to the minimum positive integer value in the permissible values of X which enable an inequality n?2X to hold, and perform key negotiation with the opposite negotiation party according to the parameter W.

Abstract: A switch equipment and data processing method for supporting link layer security transmission are provided. The switch equipment for supporting link layer security transmission comprises a switch module and multiple port modules, each port module is electrically connected with the switch module respectively; the port module supports a link layer key management capability, and is used for establishing a share key for encrypting and decrypting data frames between the switch equipment and other network nodes.

Abstract: Provided are a platform authentication strategy management method for trusted connection architecture (TCA), and the trusted network connection (TNC) client, TNC access point and evaluation strategy service provider for implementing the method in the TCA. In the embodiments of the present invention, the platform authentication strategy for the access requester can be configured in the TNC access point or the evaluation strategy service provider, and the platform authentication strategy for the access requester configured in the evaluation strategy service provider can be delivered to the TNC access point. Moreover, a component-type-level convergence platform evaluation strategy can be executed in the TNC access point or the evaluation strategy service provider, to ensure that the realization of the TCA platform authentication has good application extensibility.

Abstract: The present invention discloses a method for anonymous entity identification, which comprises the following steps: an entity A transmits an RA and an IGA to an entity B; the entity B returns an RB, an IGB and a TokenBA to the entity A; the entity A sends an RA?, the RB, the IGA and the IGB to a credible third-party TP; the credible third-party TP checks the validity of a first group and a second group according to the IGA and the IGB; the credible third-party TP returns an RESGA, an RESGB, and a TokenTA to the entity A, or returns the RESGA, the RESGA, a TokenTA1 and a TokenTA2 to the entity A; and the entity A performs a verification after receiving them; the entity A sends a TokenAB to the entity B; and the entity B performs the verification after receiving it. In the present invention, there is no need to send the identity information of the entity to be identified to an opposite terminal, so that anonymous identity identification is realized.

Abstract: A switch route exploring method, system and device are provided in the present invention. The method comprises that: a transmitting source node NSource constructs a switch route exploring request packet and transmits it to a destination node NDestination; the switch route exploring request packet comprises information of switch route from the transmitting source node NSource to the destination node NDestination, wherein the information is known by the transmitting source node NSource; and the destination node NDestination constructs a switch route exploring response packet and transmits it to the transmitting source node NSource.

Abstract: A two-way key switching method and an implementation device. The method includes: when acquiring a new key, any end in a communication link setting a new key transmitting direction to be unavailable and setting a new key receiving direction to be available; after it is presumed or determined that at least n opposite ends have acquired the new key and before an original key is invalid, the any end starting a first key switching process, to set the transmitting direction of the original key to be unavailable and set the new key transmitting direction to be available, where N?n?1, and N is the total number of receiving sides corresponding to the transmitting side; according to a protection identifier of data transmitted from the opposite end, the any end selecting a valid key to perform deprotection; and after the data is successfully deprotected with the new key for the first time, the any end starting a second key switching process, to set the receiving direction of the original key to be unavailable.

Abstract: A one-way key switching method and an implementation device. The method comprises: after obtaining a new key and before deducing or determining that at least n receivers obtain the new key, a sender setting the sending direction of the new key as unavailable and keeping the sending direction of an original key as available; after obtaining the new key and before deducing or determining that at least n receivers obtain the new key, before the original key is invalid, the sender starting up a key switching process, i.e. setting the sending direction of the original key as unavailable and setting the sending direction of the new key as available; where N?n?1, N is the total number of the receivers corresponding to the sender.

Abstract: Disclosed are a method for conducting data encryption and decryption using a symmetric cryptography algorithm and a table look-up device. The method comprises: when it is determined that it is required to use S-boxes to look up a table in a symmetric cryptography algorithm, determining all types of S-boxes to be used; for each type of S-box, determining the total number Ni of the type of S-box, and when Ni is larger than 1, determining that the type of S-box meets a multiplexing condition; and when data encryption and decryption are conducted using the symmetric cryptography algorithm, multiplexing at least one type of S-box which meets the multiplexing condition. The present application can reduce the occupation by the symmetric cryptography algorithm of hardware resources under the condition of comparative shortage of hardware resources.