Patents Assigned to China Iwncomm Co., Ltd.
-
Publication number: 20120159169Abstract: An entity bidirectional authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 1 to an entity A; 2) after receiving the message 1, the entity A sends a message 2 to a trusted third party TP; 3) after receiving the message 2, the trusted third party TP verifies the validities of the entity A and the entity B; 4) after verifying the validities of the entity A and the entity B, the trusted third party TP returns a message 3 to the entity A; 5) after receiving message 3, the entity A sends a message 4 to the entity B; 6) after receiving the message 4, the entity B performs the verification to complete the authentication for the entity A; 7) the entity B sends a message 5 to the entity A; 8) after receiving the message 5, the entity A performs the verification to complete the authentication for the entity B.Type: ApplicationFiled: December 29, 2009Publication date: June 21, 2012Applicant: CHINA IWNCOMM CO., LTD.Inventors: Xiaolong Lai, Jun Cao, Manxia Tie, Yuelei Xiao, Zhenhai Huang
-
Patent number: 8204218Abstract: An encrypting/decrypting processing method for implementing SMS4 algorithm in high efficiency is provided. After preparing constant array, input external data into register section, firstly make primary data conversion and then make secondary data conversion, finally repeat data conversion course until complete all specified data conversion courses and obtain processing result of circulating data encryption/decryption. And it solves the technical problems of data conversion in the background technique that number of circulating times is large and encrypting efficiency is low, simplifying the chip design, largely optimizing integrity of chip signal and being able to improve interference immunity of system and reduce system cost.Type: GrantFiled: July 19, 2007Date of Patent: June 19, 2012Assignee: China IWNCOMM Co., Ltd.Inventors: Jiayin Lu, Jun Cao, Zhenhai Huang, Xiang Yan
-
Publication number: 20120151554Abstract: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC).Type: ApplicationFiled: December 23, 2009Publication date: June 14, 2012Applicant: CHINA IWNCOMM CO., LTD.Inventors: Manxia Tie, Jun Cao, Li Ge, Xiaolong Lai, Zhenhai Huang, Qin Li, Zhiqiang Du
-
Patent number: 8195935Abstract: Exemplary embodiments of systems, methods and computer-accessible medium can be provided for obtaining and verifying a public key certificate status. In particular, it is possible to construct and send a certificate query request, construct and send a combined certificate query request, construct and send a combined certificate status response, deliver a certificate status response, perform a verification by the general access point, and/or perform a verification by the user equipment. The exemplary embodiments address some of the deficiencies of conventional methods which have a complicated implementation as well as likely inability of such conventional methods to be applied to the network architecture of user equipment, a general access point and a server.Type: GrantFiled: July 16, 2007Date of Patent: June 5, 2012Assignee: China Iwncomm Co., Ltd.Inventors: Haibo Tian, Jun Cao, Liaojun Pang, Manxia Tie, Zhenhai Huang, Bianling Zhang
-
Patent number: 8191113Abstract: A trusted network connect (TNC) system based on tri-element peer authentication (TePA) is provided. An network access requestor (NAR) of an access requestor (AR) is connected to a TNC client (TNCC), and the TNCC is connected to and integrity measurement collector (IMC1) through a integrity measurement collector interface (IF-IMC). An network access controller (NAC) of an access controller (AC) is connected to a TNC server (TNCS) in a data bearer manner. The TNCS is connected to an IMC2 through the IF-IMC. A user authentication service unit (UASU) of a policy manager (PM) is connected to a platform evaluation service unit (PESU) through an integrity measurement verifier interface (IF-IMV). Thus, the technical problems in the prior art of poor extensibility, complex key agreement process, and low security are solved.Type: GrantFiled: December 1, 2009Date of Patent: May 29, 2012Assignee: China Iwncomm Co., Ltd.Inventors: Yuelei Xiao, Jun Cao, Xiaolong Lai, Zhenhai Huang
-
Patent number: 8185091Abstract: A network access authentication and authorization method includes the steps of: constructing an access and authorization request packet; constructing a certificate authentication request packet, constructing a certificate authentication response packet; constructing an access and authorization response packet; constructing an access and authorization acknowledgement packet. And an authorization key updating method includes the steps of: constructing an access and authorization request packet; constructing an access and authorization response packet; constructing an access and authorization acknowledgement packet. The invention resolves the security problem that a mobile terminal accesses a base station in the wideband wireless multimedia network, and realizes both bi-directional identity authentication of a mobile terminal and a base station and unidirectional identity authentication from a base station to a mobile terminal.Type: GrantFiled: July 16, 2007Date of Patent: May 22, 2012Assignee: China IWNCOMM Co., Ltd.Inventors: Liaojun Pang, Jun Cao, Haibo Tian, Zhenhai Huang, Bianling Zhang
-
Publication number: 20120114124Abstract: A method for combining authentication and secret keys management mechanism in a sensor network includes the following steps: 1) pre-distribution of the secret key, which includes 1.1) the pre-distribution of the communication secret key and 1.2) the pre-distribution of the initial broadcast message authentication secret key; 2) authentication, which includes 2.1) the authentication of the node identity and 2.2) the authentication of the broadcast message; and 3) negotiation of the session secret key by the nodes.Type: ApplicationFiled: December 29, 2009Publication date: May 10, 2012Applicant: CHINA IWNCOMM CO., LTD.Inventors: Zhiqiang Du, Jun Cao, Manxia Tie, Li Ge, Zhenhai Huang
-
Patent number: 8176325Abstract: A port based peer access control method, comprises the steps of: 1) enabling the authentication control entity; 2) two authentication control entities authenticating each other; 3) setting the status of the controlled port. The method may further comprise the steps of enabling the authentication server entity, two authentication subsystems negotiating the key. By modifying the asymmetry of background technique, the invention has advantages of peer control, distinguishable authentication control entity, good scalability, good security, simple key negotiation process, relatively complete system, high flexibility, thus the invention can satisfy the requirements of central management as well as resolve the technical issues of the prior network access control method, including complex process, poor security, poor scalability, so it provides essential guarantee for secure network access.Type: GrantFiled: February 21, 2006Date of Patent: May 8, 2012Assignee: China Iwncomm Co., Ltd.Inventors: Xiaolong Lai, Jun Cao, Bianling Zhang, Zhenhai Huang, Hong Guo
-
Patent number: 8175264Abstract: An encryption and decryption processing method, system and computer-accessible medium for achieving SMS4 cryptographic procedure/algorithm can be provided. First, constant arrays can prepared, the external data are input into a data registering unit and the first data conversion is addressed. Secondly, the second data conversion is addressed. Thirdly, the second data conversion is repeated until completing all the prescribed data conversion. Then, the results of repeating encryption and decryption processing are achieved.Type: GrantFiled: February 27, 2007Date of Patent: May 8, 2012Assignee: China Iwncomm Co., Ltd.Inventors: Jiayin Lu, Jun Cao, Xiang Yan, Zhenhai Huang
-
Publication number: 20120079561Abstract: An access control method for a TePA-based TNC architecture is provided, including: 1) performing encapsulation of user authentication protocol data and platform authentication protocol data in the TePA-based TNC architecture: 1.1) encapsulating the user authentication protocol data in a Data field of TAEP packets, and interacting with the TAEP packets between an access requestor and an access controller, and between the access controller and a policy manager, to perform mutual user authentication between the access requestor and the access controller, and establish a secure channel between the access requestor and the access controller; and 1.2) encapsulating the platform authentication protocol data in a Data field of TAEP packets, and, for platform authentication protocol data between the access requestor and the access controller, encapsulating a TAEP packet of the platform authentication protocol data in a Data field of another TAEP packet to form a nested encapsulation.Type: ApplicationFiled: December 9, 2009Publication date: March 29, 2012Applicant: CHINA IWNCOMM CO., LTD.Inventors: Yuelei Xiao, Jun Cao, Zhenhai Huang, Li Ge
-
Publication number: 20120060205Abstract: The invention involves a method and a system for station (STA) switching when a wireless terminal point (WTP) completes wireless local area network (WLAN) privacy infrastructure (WPI) in a convergent WLAN. The method includes steps as follows. The STA implements re-association rebinding process with a target access controller (AC) over a target WTP. A base key is requested by the target AC from an associated AC. An associated WTP is informed to delete the STA by the associated AC, and the target WTP is informed to add the STA by the target AC. A session key is negotiated based on the requested base key by the STA and the target AC, and is synchronized between the target AC and the target WTP. The method enables fast and safe switching of the STA between WTPs under the control of different controllers in the convergent WLAN based on WAPI protocol.Type: ApplicationFiled: December 14, 2009Publication date: March 8, 2012Applicant: CHINA IWNCOMM CO., LTD.Inventors: Manxia Tie, Jun Cao, Zhiqiang Du, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20120054831Abstract: The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.Type: ApplicationFiled: December 7, 2009Publication date: March 1, 2012Applicant: CHINA IWNCOMM CO., LTD.Inventors: Zhiqiang Du, Jun Cao, Manxia Tie, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20120047555Abstract: The invention discloses a platform authentication method suitable for trusted network connect (TNC) architecture based on tri-element peer authentication (TePA). The method relates to a platform authentication protocol of tri-element peer authentication, and the protocol improves network security as compared with prior platform authentication protocols; in the platform authentication protocol of the TNC architecture based on TePA, a policy manager plays a role as a trusted third party, which is convenient for concentrated management, thus enhancing manageability; the invention relates to the platform authentication protocol of the TNC architecture based on TePA, has different implementation methods and is beneficial for different dispositions and realizations.Type: ApplicationFiled: December 24, 2009Publication date: February 23, 2012Applicant: CHINA IWNCOMM CO., LTD.Inventors: Yuelei Xiao, Jun Cao, Li Ge, Zhenhai Huang
-
Publication number: 20120036553Abstract: The present invention provides a method for establishing the trusted network connect framework of tri-element peer authentication. The method includes: the implement of trusted network transport interface (IF-TNT); the implement of authentication policy service interface (IF-APS); the implement of trusted network connect (TNC) client-TNC access point interface (IF-TNCCAP); the implement of evaluation policy service interface (IF-EPS); the implement of integrity measurement collector interface (IF-IMC); the implement of integrity measurement verifier interface (IF-IMV); and the implement of integrity measurement (IF-IM). The embodiments of the present invention can establish the trust of the terminals, implement the trusted network connect of the terminals, implement the trusted authentication among the terminals, implement the trusted management of the terminals, and establish the TNC framework based on tri-element peer authentication (TePA) by defining the interfaces.Type: ApplicationFiled: December 9, 2009Publication date: February 9, 2012Applicant: CHINA IWNCOMM CO., LTDInventors: Yuelei Xiao, Jun Cao, Li Ge, Zhenhai Huang
-
Publication number: 20120005718Abstract: Disclosed is a trusted network connect system for enhancing the security, the system including an access requester of the system network that connects to a policy enforcement point in the manner of authentication protocol, and network-connects to the access authorizer via a network authorization transport protocol interface, an integrity evaluation interface and an integrity measurement interface, a policy enforcement point network-connects to the access authorizer via a policy enforcement interface, an access authorizer network-connects to the policy manager via a user authentication authorization interface, a platform evaluation authorization interface and the integrity measurement interface, and an access requester network-connects to a policy manager via the integrity measurement interface.Type: ApplicationFiled: July 21, 2008Publication date: January 5, 2012Applicant: CHINA IWNCOMM CO, LTDInventors: Yuelei Xiao, Jun Cao, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20110310771Abstract: A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by a wireless terminal point is constructed through separating the MAC function and the WAPI function of the wireless access point apart to the wireless terminal point and an access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the wireless terminal point realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller iType: ApplicationFiled: December 14, 2009Publication date: December 22, 2011Applicant: CHINA IWNCOMM CO., LTD.Inventors: Manxia Tie, Jun Cao, Zhiqiang Du, Xiaolong Lai, Li Ge, Zhenhai Huang
-
Publication number: 20110314286Abstract: An access authentication method applying to IBSS network involves the following steps of: 1) performing authentication role configuration for network entities; 2) authenticating an authentication entity and a request entity that have been performed the authentication role configuration via an authentication protocol; and 3) after finishing the authentication, the authentication entity and the request entity perform the key negotiation, wherein, the message integrity check field and protocol synchronization lock-in field are added in a key negotiation message. The access authentication method applying to IBSS network provided by the invention has the advantages of the better safeness and the higher execution efficiency.Type: ApplicationFiled: October 30, 2008Publication date: December 22, 2011Applicant: CHINA IWNCOMM CO., LTD.Inventors: Manxia Tie, Jun Cao, Xiaolong Lai, Jiandong Li, Liaojun Pang, Zhenhai Huang
-
Publication number: 20110307943Abstract: A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by an access controller is constructed through splitting the MAC function and the WAPI function of the wireless access point apart to a wireless terminal point and the access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the access controller realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed;Type: ApplicationFiled: December 14, 2009Publication date: December 15, 2011Applicant: CHINA IWNCOMM CO., LTD.Inventors: Zhiqiang Du, Jun Cao, Manxia Tie, Xiaolong Lai, Zhenhai Huang
-
Publication number: 20110289562Abstract: A method for enhancing the security of the multicast or broadcast system comprises the following steps: after having established the system parameter, the base station receives the register request message transmitted by the terminal, and the register request message carries the device identity information of the terminal; the base station registers the terminal according to the register request message and transmits the authorization key to the terminal after successful registration. By the base station establishing the specific system parameter, generating and awarding the corresponding terminal's key based on the parameter, the embodiment of the present invention can construct a secure network system of multicast or broadcast effectively and solve the security problem of the multicast or broadcast from the base station to the terminal in the network system.Type: ApplicationFiled: August 20, 2009Publication date: November 24, 2011Applicant: China IWNCOMM Co., Ltd.Inventors: Liaojun Pang, Jun Cao, Manxia Tie
-
Publication number: 20110252239Abstract: The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.Type: ApplicationFiled: December 7, 2009Publication date: October 13, 2011Applicant: CHINA IWNCOMM CO., LTD.Inventors: Xiaolong Lai, Jun Cao, Yuelei Xiao, Manxia Tie, Zhenhai Huang, Bianlin Zhang, Yanan Hu