Abstract: Provided are an entity identity validity verification method and device with multiple trusted third parties being involved. In the application, validity of identities of entities performing mutual identity validity verification can only be verified by different trusted third parties. During the verification process, the trusted third parties that are respectively trusted by the two entities interact with each other, and provide services for mutual identity validity verification between the entities, to complete the identity validity verification between the entities.

Abstract: Provided are an entity identity validity verification method and device with multiple trusted third parties being involved. In the application, validity of identities of entities performing mutual identity validity verification can only be verified by different trusted third parties. During the verification process, the trusted third parties that are respectively trusted by the two entities interact with each other, and provide identity validity verification services for mutual identity validity verification between the entities, to complete the identity validity verification between the entities.

Abstract: A method and a system for testing an authentication server. The method comprises: installing a certificate of an authentication server to be tested in a monitor console and installing a certificate of the monitor console in the authentication server to be tested; constructing and sending, by the monitor console, based on a configuration type of the authentication server to be tested, according to a roaming authentication protocol, roaming authentication protocol data to the authentication server to be tested; capturing response data sent by the authentication server to be tested, and performing comparative analysis to determine whether field information in the response data is consistent with locally stored respective information; and displaying that the authentication server to be tested is tested successfully in a case that the field information in the response data is completely consistent with the locally stored respective information; otherwise, displaying comparative analysis information.

Abstract: A method for a WLAN-enabled device to access to a network is provided, including the following steps. An intelligent terminal device acquires a key KEY1, encrypts, by using the KEY 1, access information of a wireless access device that is known by the intelligent terminal device, and then transmits the access information as well as the unique identification information. WLAN-enabled device sniffs and acquires the unique identification information and the encrypted access information, generates the KEY1 based on the unique identification information and a preset key material, and decrypts the encrypted access information by using the KEY1 to obtain the access information. The present invention further relates to a WLAN-enabled device for implementing the method and an intelligent terminal device.

Abstract: A communication protocol testing method, a tested device and a testing platform. The method includes: the tested device and the reference device execute a communication protocol, a message sent and/or received during execution of the communication protocol serving as a first message, and the first message being encapsulated in a data encapsulation format of the communication protocol; the tested device encapsulates a part of data or all the data in the first message and/or known data of the tested device according to a unified data encapsulation format to generate a second message; and the testing platform acquires the second message, parses the acquired second message according to the unified data encapsulation format to obtain a part of data or all the data in the second message, executes testing items, and outputs testing results, thereby completing the test.

Abstract: In a digital certificate automatic application method, device and system, a digital certificate applicant notifies a digital certificate issuer of supported digital certificate generation methods. If a digital certificate issued by the issuer is available, then the issuer is notified of the existing digital certificate information. Otherwise, the issuer is notified of the certificate information required to be contained in a newly applied digital certificate. The issuer selects a digital certificate generation method from the digital certificate generation methods supported by the applicant, and notifies the applicant. If the applicant must apply for a new digital certificate, then the new digital certificate information is generated and the applicant is notified. Otherwise, the applicant is notified of the invalid digital certificate information. The applicant determines the digital certificate to be used according to the notification from the issuer.

Abstract: A method and a system for testing an authentication server. The method comprises: installing a certificate of an authentication server to be tested in a monitor console and installing a certificate of the monitor console in the authentication server to be tested; constructing and sending, by the monitor console, based on a configuration type of the authentication server to be tested, according to a roaming authentication protocol, roaming authentication protocol data to the authentication server to be tested; capturing response data sent by the authentication server to be tested, and performing comparative analysis to determine whether field information in the response data is consistent with locally stored respective information; and displaying that the authentication server to be tested is tested successfully in a case that the field information in the response data is completely consistent with the locally stored respective information; otherwise, displaying comparative analysis information.

Abstract: In a digital certificate automatic application method, device and system, a digital certificate applicant notifies a digital certificate issuer of supported digital certificate generation methods. If a digital certificate issued by the issuer is available, then the issuer is notified of the existing digital certificate information. Otherwise, the issuer is notified of the certificate information required to be contained in a newly applied digital certificate. The issuer selects a digital certificate generation method from the digital certificate generation methods supported by the applicant, and notifies the applicant. If the applicant must apply for a new digital certificate, then the new digital certificate information is generated and the applicant is notified. Otherwise, the applicant is notified of the invalid digital certificate information. The applicant determines the digital certificate to be used according to the notification from the issuer.

Abstract: A wireless personal area network access method based on the primitive, includes: a coordinator broadcasts a beacon frame to the device which requests connecting to the wireless personal area network (WPAN), the beacon frame includes the authentication request information for the device and the authentication and a key management tool supported by the coordinator; the device authenticates the authentication request information, when the coordinator has an authentication request to the device, the coordinator and the device execute the authentication based on the primitive and obtains the conversation key.

Abstract: The present invention relates to a method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link, which, combining the common key encryption technology and the symmetry encryption technology, has resolved the failure in WLAN to provide effective control on secure MT access, and overcome the limitation on the confidentiality of the data communication via wireless link. When MT logs on AP, both parts must perform the certificate authentication through AS. Only the MT holding the legitimate certificate can access to AP holing the legitimate certificate; MT and AP perform the negotiation of common key for conversation, complete the dynamic revision of the secret key in each authentication, each secret key and in the process of conversation to achieve confidential data communication.

Abstract: A wireless personal area network accessing method is provided, the method includes that: a coordinator broadcasts a beacon frame, the beacon frame includes the information about whether the coordinator sends an authentication requirement, the beacon frame also includes the authentication supported by the coordinator and key management package when a device receipts the authentication requirement, the device receives the beacon frame, the authentication between the coordinator and the device is made by using a authentication method corresponding to the authentication supported by the coordinator and key management package, when the device determines that the coordinator and the device is directly made according to the authentication result, or the association between the coordinator and the device is made after making session key negotiation.

Abstract: The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.

Abstract: This invention relates to a peer-to-peer access control method of a triple-unit structure for safely implementing bidirectional authentication between the terminal and the network. According to the method, on the basis of the access control method of the existing double-unit triple-entity structure, the authenticator function is implemented in the access controller, and the authentication protocol function is implemented in the terminal and the access controller, so that the terminal, the access controller and the server all participate in the authentication, and the trust relationship is established between the terminal and the access controller directly, which renders security very reliable.

Abstract: A roaming authentication method based on WAPI. The present invention includes the steps of adopting a terminal and a wireless access point to initiate a WAPI security mechanism, relating the terminal to the wireless access point, and initiating a WAPI authentication process and so on. And a highly safe and convenient roaming authentication method based on WAPI is provided, so as to solve the technical problem that how the specific method of certificate roaming authentication is realized, the certificate of external network authentication server can not be obtained to establish a trustful relationship, and the terminal perhaps can not realize roaming authentication.

Abstract: A method for managing network key and updating session key is provided. The step of the key management includes: constructing key request group, constructing key negotiation response group, and constructing key negotiation acknowledgement group. The step of multicasting key management method includes multicasting main key negotiation protocol and multicasting session key distribution protocol. The multicasting main key negotiation protocol comprises key updating informs group, constructing encryption key negotiation request group, constructing key negotiation response group and constructing key negotiation acknowledgement group. The multicasting session key distribution protocol comprises multicasting session key request and multicasting session key distribution.

Abstract: An access authentication method includes pre-establishing a security channel between the authentication server of the access point and the authentication server of the user terminal and performing the authentication process at user terminal and access point. The authentication process includes 1) the access point sending the authentication_activating message; 2) the user terminal sending the authentication server of user terminal request message; 3) the authentication server of the user terminal sending to the user terminal response message; and 4) completing the authentication.

Abstract: Exemplary embodiments of systems, methods and computer-accessible medium can be provided for obtaining and verifying a public key certificate status. In particular, it is possible to construct and send a certificate query request, construct and send a combined certificate query request, construct and send a combined certificate status response, deliver a certificate status response, perform a verification by the general access point, and/or perform a verification by the user equipment. The exemplary embodiments address some of the deficiencies of conventional methods which have a complicated implementation as well as likely inability of such conventional methods to be applied to the network architecture of user equipment, a general access point and a server.

Abstract: A network access authentication and authorization method includes the steps of: constructing an access and authorization request packet; constructing a certificate authentication request packet, constructing a certificate authentication response packet; constructing an access and authorization response packet; constructing an access and authorization acknowledgement packet. And an authorization key updating method includes the steps of: constructing an access and authorization request packet; constructing an access and authorization response packet; constructing an access and authorization acknowledgement packet. The invention resolves the security problem that a mobile terminal accesses a base station in the wideband wireless multimedia network, and realizes both bi-directional identity authentication of a mobile terminal and a base station and unidirectional identity authentication from a base station to a mobile terminal.

Abstract: A port based peer access control method, comprises the steps of: 1) enabling the authentication control entity; 2) two authentication control entities authenticating each other; 3) setting the status of the controlled port. The method may further comprise the steps of enabling the authentication server entity, two authentication subsystems negotiating the key. By modifying the asymmetry of background technique, the invention has advantages of peer control, distinguishable authentication control entity, good scalability, good security, simple key negotiation process, relatively complete system, high flexibility, thus the invention can satisfy the requirements of central management as well as resolve the technical issues of the prior network access control method, including complex process, poor security, poor scalability, so it provides essential guarantee for secure network access.

Abstract: A wireless personal area network accessing method is provided, the method includes that: a coordinator broadcasts a beacon frame, the beacon frame includes the information about whether the coordinator sends an authentication requirement, the beacon frame also includes the authentication supported by the coordinator and key management package when a device receipts the authentication requirement, the device receives the beacon frame, the authentication between the coordinator and the device is made by using a authentication method corresponding to the authentication supported by the coordinator and key management package, when the device determines that the coordinator and the device is directly made according to the authentication result, or the association between the coordinator and the device is made after making session key negotiation.