Abstract: A switch equipment and data processing method for supporting link layer security transmission are provided. The switch equipment for supporting link layer security transmission comprises a switch module and multiple port modules, each port module is electrically connected with the switch module respectively; the port module supports a link layer key management capability, and is used for establishing a share key for encrypting and decrypting data frames between the switch equipment and other network nodes.

Abstract: The present invention discloses a method for anonymous entity identification, which comprises the following steps: an entity A transmits an RA and an IGA to an entity B; the entity B returns an RB, an IGB and a TokenBA to the entity A; the entity A sends an RA?, the RB, the IGA and the IGB to a credible third-party TP; the credible third-party TP checks the validity of a first group and a second group according to the IGA and the IGB; the credible third-party TP returns an RESGA, an RESGB, and a TokenTA to the entity A, or returns the RESGA, the RESGA, a TokenTA1 and a TokenTA2 to the entity A; and the entity A performs a verification after receiving them; the entity A sends a TokenAB to the entity B; and the entity B performs the verification after receiving it. In the present invention, there is no need to send the identity information of the entity to be identified to an opposite terminal, so that anonymous identity identification is realized.

Abstract: A method and a system for entity authentication in a resource-limited network are provided by the present invention. Said method comprises the following steps: 1) entity A sends an authentication request message to entity B; 2) after receiving the authentication request message, entity B sends an authentication response message to entity A; and 3) entity A determines the validity of entity B according to the received authentication response message. The authentication between entities in a resource-limited network can be implemented by the application of the present invention.

Abstract: A method and a system for network access control are provided, which are based on cipher code mechanism. After a visitor has raised an access request, an access controller in the destination network processes the access request and initiates an authentication request on the visitor identity to an authentication server through the visitor. The access controller in the destination network accomplishes the authentication on the visitor identity according to the public authentication result of the authentication server transferred by the visitor, and performs according to the authorization policy the authorization management on the successfully authenticated visitor. The present invention solves the problem of incapableness of performing the access control when the access controller can not directly use the authentication service provided by the authentication server. The present invention can sufficiently satisfy the real application requirements of access control on visitor.

Abstract: The present invention relates to the field of identity authentication. Provided are a method, device, and system for authentication, solving the problem that existing identity authentication technologies are incapable of protecting personal privacy, and that authentication technologies comprising personal privacy must provide a traceability feature.

Abstract: The present invention relates to the field of identity authentication. Provided are a method, device, and system for identity authentication, solving the technical problem that existing identity authentication technologies are incapable of protecting personal privacy, and that authentication technologies comprising personal privacy must provide a traceability feature.

Abstract: A method for implementing a convergent Wireless Local Area Network (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture in a local Medium Access Control (MAC) mode is provided and includes the following steps: the MAC function and WAPI function of Access Point (AP) are divided between Wireless Terminal Point (WTP) and Access Controller (AC) to construct a local MAC mode; the convergence of WAPI protocol and the convergent WLAN network architecture is implemented in the local MAC mode; the process of association and connection between Station (STA), WTP and AC is performed; the process of notification of the beginning of the execution of the WLAN Authentication Infrastructure (WAI) protocol between AC and WTP is performed; the process of the execution of the WAI protocol between STA and AC is performed; the process of notification of the end of the execution of the WAI protocol between AC and WTP is performed; the process of encrypted communication between WTP and STA is performed by us

Abstract: A method for identity authentication comprises: 1) a first authenticator transmitting to a second authenticator a first identity authentication message; 2) the second authenticator transmitting to the first authenticator a second identity authentication message; 3) the first authenticator transmitting to an authentication server a third identity authentication message; 4) the authentication server verifying the validity of a secure domain for the second authenticator on the basis of the third identity authentication message; 5) the authentication server transmitting to the first authenticator a fourth identity authentication message; and, 6) the first authenticator authenticating when the fourth identity authentication message is received. The identity authentication system mainly comprises: the first authenticator, the second authenticator, the secure domain for the second authenticator, and the authentication server.

Abstract: Provided is an air interface security method. In the process of protocol transmission, the method executes: 1) a short-range coupling device sending a security parameter request message to a short-range card; 2) after receiving the security parameter request message, the short-range card conduct security parameter feedback on the short-range coupling device; and 3) the short-range coupling device and the short-range card establish a security link according to a security parameter. Provided are a short-range coupling device, a short-range card, etc. for achieving the method. By introducing a security mechanism, the present invention provides a security protection capability for an air interface, can provide identity authentication for a short-range coupling device and a short-range card to ensure the validity and authenticity of the identities of both sides in the communications, and at the same time, will not bring additional hardware overhead to the short-range coupling device and the short-range card.

Abstract: A key management and node authentication method for a sensor network is disclosed. The method comprises the following steps of: 1) keys pre-distribution: before deploying the network, communication keys for establishing security connection between nodes are pre-distributed to all of nodes by a deployment server. 2) Keys establishment: after deploying the network, a pair key for the security connection is established between nodes, which includes the following steps of: 2.1) establishment of shared keys: the pair key is established between neighbor nodes in which the shared keys are existed; 2.2) path keys establishment: the pair key is established between the nodes in which there is no shared keys but there is a multi-hop security connection. 3) Node identity (ID) authentication: before formally communicating between nodes, the identity is authenticated so as to determine the legality and the validity of the identity of the other.

Abstract: A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by a wireless terminal point is constructed through separating the MAC function and the WAPI function of the wireless access point apart to the wireless terminal point and an access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the wireless terminal point realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller i

Abstract: The present invention provides a secret communication method, apparatus and system. The method comprises: 1) determining a neighboring encryption switching equipment shared by a first user terminal and a second user terminal, wherein the first user terminal and the second user terminal are neighboring user terminals (1); 2) establishing, by the neighboring encryption switching equipment, an inter-station key for communication between the first user terminal and the second terminal (2); 3) performing data secret communication between the first user terminal and the second terminal by using the inter-station key (3). With the present invention, the neighboring user terminals needing to perform the secret communication can establish the inter-station key without performing identity authentication with each other, and can perform the secret communication with the inter-station key, and thereby the network load is reduced.

Abstract: The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.

Abstract: A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by an access controller is constructed through splitting the MAC function and the WAPI function of the wireless access point apart to a wireless terminal point and the access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the access controller realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed;

Abstract: The invention involves a method and a system for station (STA) switching when a wireless terminal point (WTP) completes wireless local area network (WLAN) privacy infrastructure (WPI) in a convergent WLAN. The method includes steps as follows. The STA implements re-association rebinding process with a target access controller (AC) over a target WTP. A base key is requested by the target AC from an associated AC. An associated WTP is informed to delete the STA by the associated AC, and the target WTP is informed to add the STA by the target AC. A session key is negotiated based on the requested base key by the STA and the target AC, and is synchronized between the target AC and the target WTP. The method enables fast and safe switching of the STA between WTPs under the control of different controllers in the convergent WLAN based on WAPI protocol.

Abstract: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC).

Abstract: A method and a system for entity authentication in a resource-limited network are provided by the present invention. Said method comprises the following steps: 1) entity A sends an authentication request message to entity B; 2) after receiving the authentication request message, entity B sends an authentication response message to entity A; and 3) entity A determines the validity of entity B according to the received authentication response message. The authentication between entities in a resource-limited network can be implemented by the application of the present invention.

Abstract: A method for combining authentication and secret keys management mechanism in a sensor network includes the following steps: 1) pre-distribution of the secret key, which includes 1.1) the pre-distribution of the communication secret key and 1.2) the pre-distribution of the initial broadcast message authentication secret key; 2) authentication, which includes 2.1) the authentication of the node identity and 2.2) the authentication of the broadcast message; and 3) negotiation of the session secret key by the nodes.

Abstract: A switch equipment and data processing method for supporting link layer security transmission are provided. The switch equipment for supporting link layer security transmission comprises a switch module and multiple port modules, each port module is electrically connected with the switch module respectively; the port module supports a link layer key management capability, and is used for establishing a share key for encrypting and decrypting data frames between the switch equipment and other network nodes.

Abstract: The present invention discloses a method for anonymous entity identification, which comprises the following steps: an entity A transmits an RA and an IGA to an entity B; the entity B returns an RB, an IGB and a TokenBA to the entity A; the entity A sends an RA?, the RB, the IGA and the IGB to a credible third-party TP; the credible third-party TP checks the validity of a first group and a second group according to the IGA and the IGB; the credible third-party TP returns an RESGA, an RESGB, and a TokenTA to the entity A, or returns the RESGA, the RESGA, a TokenTA1 and a TokenTA2 to the entity A; and the entity A performs a verification after receiving them; the entity A sends a TokenAB to the entity B; and the entity B performs the verification after receiving it. In the present invention, there is no need to send the identity information of the entity to be identified to an opposite terminal, so that anonymous identity identification is realized.