CN1976338A - Coordinate access control system of ternary structure - Google Patents

Coordinate access control system of ternary structure Download PDF

Info

Publication number
CN1976338A
CN1976338A CNA2006101052047A CN200610105204A CN1976338A CN 1976338 A CN1976338 A CN 1976338A CN A2006101052047 A CNA2006101052047 A CN A2006101052047A CN 200610105204 A CN200610105204 A CN 200610105204A CN 1976338 A CN1976338 A CN 1976338A
Authority
CN
China
Prior art keywords
authentication
layer
person
main body
authentication method
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2006101052047A
Other languages
Chinese (zh)
Other versions
CN100463462C (en
Inventor
赖晓龙
曹军
铁满霞
张变玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Iwncomm Co Ltd
Original Assignee
China Iwncomm Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Iwncomm Co Ltd filed Critical China Iwncomm Co Ltd
Priority to CNB2006101052047A priority Critical patent/CN100463462C/en
Publication of CN1976338A publication Critical patent/CN1976338A/en
Priority to PCT/CN2007/070173 priority patent/WO2008074234A1/en
Application granted granted Critical
Publication of CN100463462C publication Critical patent/CN100463462C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

A method for controlling P2P access of ternary structure includes setting certification method layer on access controller of existed binary three-entity structure and arranging function of carrying out certification according to evidence on certification method layer for forming ternary three-entity structure to make terminal, access controller and server all participate certification so as to directly set up trust relation in once time between terminal and access controller.

Description

A kind of reciprocity access control system of ternary structural
Technical field
The present invention relates to a kind of network access control system, particularly a kind of reciprocity access control system of ternary structural.
Background technology
The basic function of network is to provide services on the Internet to various terminals, though what terminal can physics is connected on the network, but be connected to not necessarily the legal terminal on the network through authorizing, what terminal connected also might not be its needed network, therefore before terminal and network service, need to differentiate the legitimacy of differentiating the other side with authorization function mutually, promptly need to carry out terminal and internetwork two-way access control, to guarantee the safety of communication.
Fig. 1 is terminal and the internetwork two-way anti-control schematic diagram of asking, terminal 1 is brought into use in terminal 1 before the resource of network 4 by access controller 3 access networks 4, will finish access control 2 between terminal 1 and the access controller 3, that is:
1, access controller 3 checks that whether terminal 1 has the authority of accesses network 4, promptly authenticates terminal 1;
2, terminal 1 checks whether access controller 3 is legitimate device, prevents that data from being intercepted, and promptly network 4 is authenticated.
Need to use the notion of entity and unit in authentication, wherein entity is meant and finishes specific function in network configuration, can self-existent functive, and generally adopt separate equipment to realize; Unit is meant the functive that has authentication function in network access authentication.In network, if entity has authentication function, it is exactly a unit; Do not have authentication function as sporocarp, it is not a unit just.
According to the number difference of the entity that participates in authentication, realize that the two-way authentication of terminal and network has two kinds of network configuration forms, (RFC3748 Extensible Authentication Protocol has a detailed description in EAP) at extendible authentication protocol.
First kind of network configuration comprises terminal and access controller referring to binary shown in Figure 2 two entity structures, terminal correspondent entity one, access controller correspondent entity two.Wherein terminal has Service Ticket, authentication function and whether controls the function of access network, corresponding element one; The function that access controller has Service Ticket, authentication function and inserts according to the authentication result control terminal, corresponding element two.In this network configuration, terminal and access controller all have authentication function, support two-way authentication.
But there is not certificate server in binary two entity structures, and flexibility is very limited.And the quantity of terminal is all many usually, if the quantity of access controller is also many, the relation between terminal and the access controller is exactly a multi-to-multi so, extremely difficult management.Therefore this version generally only is used under the access controller quantity situation seldom, and its application has significant limitation.
Second kind of network configuration comprises terminal, access controller and server referring to binary shown in Figure 3 three entity structures, respectively correspondent entity one, entity two and entity three.Wherein terminal has Service Ticket, authentication function and whether controls the function of access network, corresponding element; Access controller has the function that inserts according to the authentication result control terminal, does not have authentication function; Server has Service Ticket and authentication function, corresponding element two.Binary three physical network structures also are transparent transmission (Pass-through) pattern, in this network configuration, terminal and server all have authentication function, and access controller does not have authentication function, so this version is by entity two is supported two-way authentication as the relaying of entity three.
The access controller virtualization of binary three entity structures only authenticates between terminal and server, and the relation of the corresponding a plurality of access controllers of a plurality of terminals is developed into the relation of the corresponding server of a plurality of terminals, and promptly breaking the wall of mistrust between them concerns A.Concern B but finally need between terminal and access controller, break the wall of mistrust, so trusting relationship must carry out safe transfer, promptly transfer to trusting relationship B from trusting relationship A.The transfer of trusting relationship is finished to access controller by sending a key from server.If but this key leakage will have a strong impact on network security, therefore for fear of this problem, must break the wall of mistrust between access controller and the server concerns C and escape way.And after access controller received key, terminal and access controller also must be confirmed trusting relationship B.So the foundation of trusting relationship need just can be finished through the transmission of three trusting relationships between terminal and the access controller.And trusting relationship transmission repeatedly not only causes complexity that authenticates but also the safety that may influence network, should avoid as far as possible.
Summary of the invention
The object of the invention provides the ternary structural equity access control system that a kind of safety realizes terminal and network bi-directional authentication, not only solved in the existing binary two entity structure access control systems technical problem that flexibility is restricted, access controller quantity should not be expanded of the form of access, and it is complicated and influence the technical problem of network security to have solved trusting relationship is set up in the existing binary three entity structure access control systems process.
Technical solution of the present invention is:
A kind of reciprocity access control system of ternary structural comprises main body, authentication person and certificate server,
Described main body comprises the bottom of main body, the encapsulated layer of main body, the peer-to-peer layer of main body and the authentication method layer of main body, the bottom of described main body has and transmits data and according to authentication result control main body access authentication person's function whether, the authentication method layer of described main body has the function that authenticates according to Service Ticket;
Described authentication person comprises authentication person's bottom, authentication person's transport layer, authentication person's encapsulated layer and authentication person's layer of authentication person, and described authentication person's bottom has the function whether control authentication person allows main body to insert;
Described certificate server comprises the transport layer of certificate server, the encapsulated layer of certificate server, the peer-to-peer layer of certificate server and the authentication method layer of certificate server, and the authentication method layer of described certificate server has the function that authenticates according to Service Ticket;
Its special character is:
Described authentication person also comprises authentication person's authentication method layer, and described authentication person's authentication method layer has the function that authenticates according to Service Ticket;
The authentication method layer of the authentication method layer of described main body, authentication person's authentication method layer and certificate server constitutes the authentication protocol layer jointly;
The authentication method layer of described main body authentication person's layer of bottom, the authentication person's of encapsulated layer, the main body of the peer-to-peer layer by main body, main body bottom, authentication person's encapsulated layer, authentication person successively carries out authentication protocol communication with authentication person's authentication method layer, and described authentication person's the authentication method layer peer-to-peer layer of encapsulated layer, the main body of bottom, the main body of the authentication person's layer by authentication person, authentication person's encapsulated layer, authentication person's bottom, main body successively carries out authentication protocol communication with the authentication method layer of main body;
Described authentication person's authentication method layer passes through authentication person's layer of authentication person successively, authentication person's encapsulated layer, authentication person's transport layer, the transport layer of certificate server, the encapsulated layer of certificate server, the peer-to-peer layer of certificate server carries out authentication protocol communication with the authentication method layer of certificate server, and the authentication method layer of described certificate server passes through the peer-to-peer layer of certificate server successively, the encapsulated layer of certificate server, the transport layer of certificate server, authentication person's transport layer, authentication person's encapsulated layer, authentication person's layer of authentication person carries out authentication protocol communication with authentication person's authentication method layer.
The authentication method layer that the authentication method layer that the authentication protocol communication that the authentication method layer of aforementioned body carries out with authentication person's authentication method layer comprises authentication person sends to the request message of authentication method layer of main body and main body sends to the response message of authentication person's authentication method layer, comprise a type field in the above-mentioned request message, the type field is the field that is used to refer to request message type, comprise a type field in the above-mentioned response message, corresponding to the type field in the request message.
The authentication method layer that the authentication protocol communication that above-mentioned authentication person's authentication method layer carries out with the authentication method layer of certificate server comprises authentication person sends to the authentication method course authentication person's of the request message of authentication method layer of certificate server and certificate server authentication method layer response message, comprise a type field in the above-mentioned request message, the type field is the field that is used to refer to request message type, comprise a type field in the described response message, corresponding to the type field in the request message.
The specific constructive form of aforementioned body is a terminal; Above-mentioned authentication person's specific constructive form is an access controller; The specific constructive form of above-mentioned certificate server is a server.
Advantage of the present invention is:
1, security performance height.Under network configuration form of the present invention, terminal (main body) and access controller (authentication person) authenticate, and need to finish by the assistance of server (certificate server).Terminal can be communicated by letter with access controller, can not and server communication, access controller can and terminal communication, also can and server communication.Terminal, access controller and server all participate in authentication, and directly the disposable relation of breaking the wall of mistrust between terminal and access controller has fabulous fail safe.
2, need not to change existing network infrastructure.The present invention is a ternary structural, but energy and binary two entity structure compatibilities.Comparison diagram 2 and Fig. 4, under the non-existent situation of certificate server, the present invention is compatible with the network configuration of binary two entities fully as can be known.No matter therefore for binary two entity structures or ternary three entity structures, the present invention can be suitable for, and fully meets existing network configuration.
3, authentication protocol has relative independence.When realizing system according to the invention, the authentication method layer can use existing authentication protocol, also can design new authentication protocol.
Description of drawings
Fig. 1 is existing terminal and internetwork two-way access control schematic diagram;
Fig. 2 is the annexation figure of the network access control system of prior art binary two entity structures;
Fig. 3 is the annexation figure of the network access control system of prior art binary three entity structures;
Fig. 4 is the annexation figure of the network equity access control system of ternary three entity structures of the present invention;
Fig. 5 is the workflow diagram of the network equity access control system of ternary three entity structures of the present invention;
Fig. 6 is the flow chart of system applies of the present invention in a kind of concrete certificate discrimination process;
Wherein: 1-terminal, 2-access control, 3-access controller, 4-network.
Embodiment
The concrete structure of the present invention's equity access control system is seen Fig. 4, comprise terminal, access controller and server, terminal (corresponding to main body) comprises bottom (bottom of corresponding main body), encapsulated layer (encapsulated layer of corresponding main body), peer-to-peer layer (the peer-to-peer layer of corresponding main body) and authentication method layer (the authentication method layer of corresponding main body), access controller (corresponding to authentication person) comprises bottom (corresponding authentication person's bottom), transport layer (corresponding authentication person's transport layer), encapsulated layer (corresponding authentication person's encapsulated layer), authentication person's layer (authentication person's layer of corresponding authentication person) and authentication method layer (corresponding authentication person's authentication method layer), server comprises transport layer (transport layer of corresponding certificate server), encapsulated layer (encapsulated layer of corresponding certificate server), peer-to-peer layer (the peer-to-peer layer of corresponding certificate server) and authentication method layer (the authentication method layer of corresponding certificate server).
Terminal has the function whether Service Ticket, authentication function and control insert access controller, wherein the authentication method layer of terminal has the function that authenticates according to Service Ticket, and the bottom of terminal has the function that transmits data and whether insert access controller according to the authentication result control terminal;
Access controller has the function that Service Ticket, authentication function and control terminal insert, and wherein the bottom of access controller has the function whether control allows terminal access access controller; The authentication method layer of access controller has the function that authenticates according to Service Ticket;
Server has Service Ticket and authentication function, is to realize this function by the authentication method layer of server;
The authentication method layer of the authentication method layer of terminal, the authentication method layer of access controller and server constitutes the authentication protocol layer jointly.
The authentication method layer of terminal successively bottom, encapsulated layer, authentication person's layer of peer-to-peer layer, encapsulated layer, bottom and the access controller by terminal come and the authentication method layer of access controller between carry out authentication protocol communication; The authentication method layer of access controller successively bottom, encapsulated layer, the peer-to-peer layer of authentication person's layer, encapsulated layer, bottom and the terminal by access controller come and the authentication method layer of terminal between carry out authentication protocol communication.
The authentication method layer of access controller successively transport layer, encapsulated layer, the peer-to-peer layer of authentication person's layer, encapsulated layer, transport layer and the server by access controller come and the authentication method layer of server between carry out authentication protocol communication; The authentication method layer of server successively transport layer, encapsulated layer, authentication person's layer of peer-to-peer layer, encapsulated layer, transport layer and the access controller by server come and the authentication method layer of access controller between carry out authentication protocol communication.
The course of work of system of the present invention is seen Fig. 5, and is specific as follows:
1, realization body function in terminal realizes authentication person's function in access controller, realize authentication server functions in server;
2, in terminal, access controller and server, realize the respective protocol of authentication method;
3, access controller sends a request message and begins authentication to demanding terminal, and request message has the kind of a type field indication request, and type can be Identity, MD5-Chanllenge etc.;
4, terminal sends response message and responds effective request message to access controller, comprises a type field in the response message, corresponding to the type field in the request message;
5, access controller sends a request message to terminal, and terminal sends response message to access controller, and the sequence of request message and response message continues mutual as required; According to the difference of authentication method, access controller sends a request message to server in case of necessity, and server sends response message to access controller, and the sequence of this request message and response message can continue the length of needs; According to the difference of authentication method, the request message that terminal can not send access controller responds;
6, dialogue lasts till that always access controller can not authenticate terminal, access controller or stop to send a request message, and end is mutual, and access controller will send failed message to terminal, and access controller does not allow terminal access access controller; Perhaps access controller judges that successful authentication finishes, access controller or stop to send a request message, and end is mutual, or sends success message to terminal, and access controller allows terminal to insert access controller; Access control between terminal and the access controller is at this moment finished.
One of embodiments of the present invention are to use under the model of the authentication method that defines in GB GB15629.11-2003/XG1-2006, and the certificate discrimination process of describing in this standard is used step of the present invention and seen Fig. 6 for details, and is specific as follows:
ASUE among Fig. 6 is an identification requester entity, terminal just, realization body function; AE is the discriminator entity, and just access controller is realized authentication person's function; ASE is an asu (authentication service unit), and just server is realized authentication server functions.The authentication method of describing in the standard all will be realized in ASUE, AE and ASE, meets the model of the inventive method, can be applied in the system of the present invention:
1] AE sends a request message to ASUE;
2] ASUE sends response message to AE;
3] AE sends a request message to ASE;
4] ASE sends response message to AE;
5] AE sends a request message to ASUE;
6] ASUE receives request message, need not send response message;
7] AE stops to send message.
The concrete Field Definition that is comprised in the message is referring to the definition of GB GB15629.11-2003/XG1-2006.
Two of embodiments of the present invention are to use under the Otway-Rees agreement, referring to Otway, and D.andRess, O., " Efficient and timely mutual authentication " ACEOSR, Vol.21, No.1, pp.8-10, Jan.1987.This agreement is used for authentication, uses under the network configuration form that can not be former.System of the present invention combines with this agreement, and its concrete steps are as follows:
The participant is Alice, Bob and Trent.
1] Bob sends a request message and requires to begin authentication;
2] Alice generates a piece of news, comprising an index number, her identity, identity and random number of Bob, and this message is adopted the shared secret key encryption of she and Trent.Then, ciphertext is sent to Bob together with the identity of call number, Alice and Bob;
3] Bob generates a piece of news, comprising the identity of new random number, call number, Alice and a Bob, and this message is adopted the shared secret key encryption of he and Trent.Then, ciphertext is sent to Trent together with the identity of ciphertext, call number, Alice and the Bob of Alice;
4] Trent generates a session key at random.After this, generate two message.Article one, message is the random number of Alice and session key to be adopted the shared secret key encryption of he and Alice.Second message is the random number of Bob and session key to be adopted the shared secret key encryption of he and Bob.At last, Trent sends to Bob with these two message together with call number.
5] Bob that message that will belong to Alice sends to Alice together with call number.
6] if all random numbers are all mated, and call number is not changed in the communication process, so authentication success.
As can be seen, Alice, Bob and Trent be realization body, authentication person and authentication server functions respectively, and this authentication protocol can be used in system of the present invention.
The principle of the invention:
Authentication protocol is that two or more participants finish the series of steps that authentication is taked.The authentication method layer of main body, authentication person and certificate server is the realization of authentication protocol in each participant, and they constitute the authentication protocol layer jointly, finishes the authentication protocol function.
The present invention adjusts the function of terminal, access controller and server, makes access controller have Service Ticket and authentication function, and the network configuration form is become ternary three entities:
Entity one/unit one: terminal (entity one) has Service Ticket, authentication function and whether controls the function of access network (unit one).
Entity two/unit two: access controller (entity two), the function that has Service Ticket, authentication function and insert (unit two) according to the authentication result control terminal.
Entity three/unit three: server (entity three) has Service Ticket and authentication function (unit three).
Under this version, terminal (main body) and access controller (authentication person) authenticate, and need to finish by the assistance of server (certificate server).Terminal can be communicated by letter with access controller, can not and server communication, access controller can and terminal communication, also can and server communication.Terminal, access controller and server all participate in authentication, and directly the disposable relation of breaking the wall of mistrust between terminal and access controller has fabulous fail safe.
If authentication protocol only needs main body and authentication person to participate in, then the authentication method layer of main body and authentication person's authentication method layer constitutes the authentication protocol layer jointly, finishes the authentication protocol function jointly.If main body and authentication person authenticate the participation that needs server, then need the authentication method layer of main body, authentication person's authentication method layer and the authentication method layer of certificate server to constitute the authentication protocol layer jointly, finish the authentication protocol function jointly; Can move same authentication protocol between the three, also can move different authentication protocols between any two, but between any two message is related in essence, finishes a purpose jointly, promptly finishes the authentication between main body and the authentication person.
In the art, the notion of bottom, transport layer, encapsulated layer, peer-to-peer layer, authentication person's layer and authentication method layer is as follows:
Bottom: bottom and transport layer are responsible for transmitting between peer-to-peer and authentication person and receiving the TEAP frame, and this transport layer is a logical concept, represent that this layer and adjacent bottom can not be with a kind of technology.
Encapsulated layer: encapsulated layer transmits and receives packet by bottom, realizes that repeating frame detects and retransmits, transmits message between peer-to-peer layer and authentication person's layer.
Peer-to-peer layer and authentication person's layer: peer-to-peer layer and authentication person's layer are resolved the packet of receiving, are sent to peer-to-peer layer or authentication person's layer.
The authentication method layer: the authentication method layer has been realized identifying algorithm, transmits message by peer-to-peer layer and authentication person's layer.

Claims (4)

1, a kind of reciprocity access control system of ternary structural comprises main body, authentication person and certificate server,
Described main body comprises the bottom of main body, the encapsulated layer of main body, the peer-to-peer layer of main body and the authentication method layer of main body, the bottom of described main body has and transmits data and according to authentication result control main body access authentication person's function whether, the authentication method layer of described main body has the function that authenticates according to Service Ticket;
Described authentication person comprises authentication person's bottom, authentication person's transport layer, authentication person's encapsulated layer and authentication person's layer of authentication person, and described authentication person's bottom has the function whether control allows main body access authentication person;
Described certificate server comprises the transport layer of certificate server, the encapsulated layer of certificate server, the peer-to-peer layer of certificate server and the authentication method layer of certificate server, and the authentication method layer of described certificate server has the function that authenticates according to Service Ticket;
It is characterized in that:
Described authentication person also comprises authentication person's authentication method layer, and described authentication person's authentication method layer has the function that authenticates according to Service Ticket;
The authentication method layer of the authentication method layer of described main body, authentication person's authentication method layer and certificate server constitutes the authentication protocol layer jointly;
The authentication method layer of described main body authentication person's layer of bottom, the authentication person's of encapsulated layer, the main body of the peer-to-peer layer by main body, main body bottom, authentication person's encapsulated layer, authentication person successively carries out authentication protocol communication with authentication person's authentication method layer, and described authentication person's the authentication method layer peer-to-peer layer of encapsulated layer, the main body of bottom, the main body of the authentication person's layer by authentication person, authentication person's encapsulated layer, authentication person's bottom, main body successively carries out authentication protocol communication with the authentication method layer of main body;
Described authentication person's authentication method layer passes through authentication person's layer of authentication person successively, authentication person's encapsulated layer, authentication person's transport layer, the transport layer of certificate server, the encapsulated layer of certificate server, the peer-to-peer layer of certificate server carries out authentication protocol communication with the authentication method layer of certificate server, and the authentication method layer of described certificate server passes through the peer-to-peer layer of certificate server successively, the encapsulated layer of certificate server, the transport layer of certificate server, authentication person's transport layer, authentication person's encapsulated layer, authentication person's layer of authentication person carries out authentication protocol communication with authentication person's authentication method layer.
2, the reciprocity access control system of ternary structural according to claim 1, it is characterized in that: the authentication method layer that the authentication method layer that the authentication protocol communication that the authentication method layer of described main body carries out with authentication person's authentication method layer comprises authentication person sends to the request message of authentication method layer of main body and main body sends to the response message of authentication person's authentication method layer, comprise a type field in the described request message, the type field is the field that is used to refer to request message type, comprise a type field in the described response message, corresponding to the type field in the request message.
3, the reciprocity access control system of ternary structural according to claim 1, it is characterized in that: the authentication method layer that the authentication method layer that the authentication protocol communication that described authentication person's authentication method layer carries out with the authentication method layer of certificate server comprises authentication person sends to the request message of authentication method layer of certificate server and certificate server sends to the response message of authentication person's authentication method layer, comprise a type field in the described request message, the type field is the field that is used to refer to request message type, comprise a type field in the described response message, corresponding to the type field in the request message.
4, according to the reciprocity access control system of claim 1 or 2 or 3 described ternary structurals, it is characterized in that: the specific constructive form of described main body is a terminal; Described authentication person's specific constructive form is an access controller; The specific constructive form of described certificate server is a server.
CNB2006101052047A 2006-12-18 2006-12-18 Coordinate access control system of ternary structure Active CN100463462C (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CNB2006101052047A CN100463462C (en) 2006-12-18 2006-12-18 Coordinate access control system of ternary structure
PCT/CN2007/070173 WO2008074234A1 (en) 2006-12-18 2007-06-25 A 3-element structure peer access control system and authorizer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2006101052047A CN100463462C (en) 2006-12-18 2006-12-18 Coordinate access control system of ternary structure

Publications (2)

Publication Number Publication Date
CN1976338A true CN1976338A (en) 2007-06-06
CN100463462C CN100463462C (en) 2009-02-18

Family

ID=38126131

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006101052047A Active CN100463462C (en) 2006-12-18 2006-12-18 Coordinate access control system of ternary structure

Country Status (2)

Country Link
CN (1) CN100463462C (en)
WO (1) WO2008074234A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009018742A1 (en) * 2007-08-03 2009-02-12 China Iwncomm Co., Ltd. A trusted network connect system based on three-element peer authentication
WO2009065345A1 (en) * 2007-11-16 2009-05-28 China Iwncomm Co., Ltd A trusted network access controlling method based on tri-element peer authentication
WO2010118613A1 (en) * 2009-04-16 2010-10-21 西安西电捷通无线网络通信有限公司 Implementation method for a tri-element peer authentication tursted network connection framework
CN101145915B (en) * 2007-10-10 2011-08-10 中国科学院计算技术研究所 An authentication system and method of trustable router
US8255977B2 (en) 2007-08-01 2012-08-28 China Iwncomm Co., Ltd. Trusted network connect method based on tri-element peer authentication
US8336083B2 (en) 2007-11-16 2012-12-18 China Iwncomm Co., Ltd. Trusted network access control system based ternary equal identification
US8789134B2 (en) 2009-04-16 2014-07-22 China Iwncomm Co., Ltd. Method for establishing trusted network connect framework of tri-element peer authentication
US8826368B2 (en) 2009-04-28 2014-09-02 China Iwncomm Co., Ltd. Platform authentication method suitable for trusted network connect architecture based on tri-element peer authentication

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US1765082A (en) * 1929-07-09 1930-06-17 James L Sparks Harrow tooth
US7900242B2 (en) * 2001-07-12 2011-03-01 Nokia Corporation Modular authentication and authorization scheme for internet protocol
KR100454680B1 (en) * 2002-11-07 2004-11-03 한국전자통신연구원 A Method for Batch Processing of Accounting in AAA System
CN1175626C (en) * 2002-12-16 2004-11-10 北京朗通环球科技有限公司 Method for realizing access controller function on radio access point
US7434044B2 (en) * 2003-02-26 2008-10-07 Cisco Technology, Inc. Fast re-authentication with dynamic credentials
CN1319337C (en) * 2003-07-02 2007-05-30 华为技术有限公司 Authentication method based on Ethernet authentication system
EP1708447A1 (en) * 2005-03-31 2006-10-04 BRITISH TELECOMMUNICATIONS public limited company Method and apparatus for communicating information between devices

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8255977B2 (en) 2007-08-01 2012-08-28 China Iwncomm Co., Ltd. Trusted network connect method based on tri-element peer authentication
WO2009018742A1 (en) * 2007-08-03 2009-02-12 China Iwncomm Co., Ltd. A trusted network connect system based on three-element peer authentication
US8191113B2 (en) 2007-08-03 2012-05-29 China Iwncomm Co., Ltd. Trusted network connect system based on tri-element peer authentication
CN101145915B (en) * 2007-10-10 2011-08-10 中国科学院计算技术研究所 An authentication system and method of trustable router
WO2009065345A1 (en) * 2007-11-16 2009-05-28 China Iwncomm Co., Ltd A trusted network access controlling method based on tri-element peer authentication
RU2444156C1 (en) * 2007-11-16 2012-02-27 Чайна Ивнкомм Ко., Лтд. Method to control access to secured network based on three-element authentication of peer-to-peer objects
KR101125326B1 (en) * 2007-11-16 2012-03-27 차이나 아이더블유엔콤 씨오., 엘티디 A trusted network access controlling method based on tri-element peer authentication
US8336083B2 (en) 2007-11-16 2012-12-18 China Iwncomm Co., Ltd. Trusted network access control system based ternary equal identification
US8424060B2 (en) 2007-11-16 2013-04-16 China Iwncomm Co., Ltd. Trusted network access controlling method based on tri-element peer authentication
WO2010118613A1 (en) * 2009-04-16 2010-10-21 西安西电捷通无线网络通信有限公司 Implementation method for a tri-element peer authentication tursted network connection framework
US8789134B2 (en) 2009-04-16 2014-07-22 China Iwncomm Co., Ltd. Method for establishing trusted network connect framework of tri-element peer authentication
US8826368B2 (en) 2009-04-28 2014-09-02 China Iwncomm Co., Ltd. Platform authentication method suitable for trusted network connect architecture based on tri-element peer authentication

Also Published As

Publication number Publication date
WO2008074234A1 (en) 2008-06-26
CN100463462C (en) 2009-02-18

Similar Documents

Publication Publication Date Title
CN1976337A (en) Ternary structural coordinate access control method
US10841784B2 (en) Authentication and key agreement in communication network
CN1976338A (en) Coordinate access control system of ternary structure
CN108512862B (en) Internet of things terminal security authentication management and control platform based on certificate-free identification authentication technology
Byun et al. Password-authenticated key exchange between clients with different passwords
CN1324502C (en) Method for discriminating invited latent member to take part in group
CN101631113B (en) Security access control method of wired LAN and system thereof
CN1124759C (en) Safe access method of mobile terminal to radio local area network
CN101064695A (en) P2P(Peer to Peer) safe connection method
CN1918885A (en) System and method for user authorization access management at the local administrative domain during the connection of a user to an ip network
WO2011006341A1 (en) Method for combining authentication and secret keys management mechanism in a sensor network
CN1805341A (en) Network authentication and key allocation method across secure domains
CN1941700A (en) Granting privileges and sharing resources in a telecommunications system
CN1756148A (en) Mobile authentication for network access
CN101030859A (en) Method and system for verifying distributed network
CN1864384A (en) System and method for protecting network management frames
CN1905436A (en) Method for ensuring data exchange safety
CA2546790A1 (en) Systems and methods for added authentication in distributed network delivered half-duplex communications
CN1426200A (en) Sefe access of movable terminal in radio local area network and secrete data communication method in radio link
CN1859096A (en) Safety verifying system and method
CN1902853A (en) Method and apparatus for verifiable generation of public keys
CN1726483A (en) Authentication in a communication system
CN100350816C (en) Method for implementing wireless authentication and data safety transmission based on GSM network
CN1897518A (en) Distributed identity-card signature method
CN1655504A (en) Port-based homologue access controlling method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C56 Change in the name or address of the patentee

Owner name: XI'AN IWNCOMM CO., LTD.

Free format text: FORMER NAME: XIDIAN JIETONG WIRELESS NETWORK COMMUNICATION CO LTD, XI'AN

CP01 Change in the name or title of a patent holder

Address after: High tech Zone technology two road 710075 Shaanxi city of Xi'an Province, No. 68 Xi'an Software Park A201

Patentee after: CHINA IWNCOMM Co.,Ltd.

Address before: High tech Zone technology two road 710075 Shaanxi city of Xi'an Province, No. 68 Xi'an Software Park A201

Patentee before: CHINA IWNCOMM Co.,Ltd.

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: BEIJING ZHIXIANG TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2016610000049

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20161117

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: BEIJING FENGHUO LIANTUO TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000001

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20170106

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: SHANGHAI YU FLY MILKY WAY SCIENCE AND TECHNOLOGY CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000005

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20170317

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: Beijing next Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000014

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20170601

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: HYTERA COMMUNICATIONS Corp.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000015

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20170602

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: Beijing Hua Xinaotian network technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000028

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20171122

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: ALPINE ELECTRONICS, Inc.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017990000497

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20171222

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: SHENZHEN RAKWIRELESS TECHNOLOGY CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000006

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20180226

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: SHENZHEN M&W SMART CARD CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000008

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20180319

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: SHENZHEN M&W SMART CARD CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000009

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20180320

Application publication date: 20070606

Assignee: SHENZHEN M&W SMART CARD CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000010

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20180322

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: BLACKSHARK TECHNOLOGIES (NANCHANG) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000012

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20180404

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: Sony Mobile Communications AB

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018990000306

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20181123

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: SHENZHEN UCLOUDLINK NEW TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2019610000002

Denomination of invention: Coordinate access control system of ternary structure

Granted publication date: 20090218

License type: Common License

Record date: 20191010

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: HANGZHOU STRONG EDUCATION TECHNOLOGY Co.,Ltd.

Assignor: China IWNCOMM Co.,Ltd.

Contract record no.: X2021610000001

Denomination of invention: A ternary peer to peer access control system

Granted publication date: 20090218

License type: Common License

Record date: 20210125

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: EKC communication technology (Shenzhen) Co.,Ltd.

Assignor: China IWNCOMM Co.,Ltd.

Contract record no.: X2021610000008

Denomination of invention: A ternary peer to peer access control system

Granted publication date: 20090218

License type: Common License

Record date: 20210705

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: Guangzhou nengchuang Information Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2021610000011

Denomination of invention: A ternary peer-to-peer access control system

Granted publication date: 20090218

License type: Common License

Record date: 20211104

Application publication date: 20070606

Assignee: Xinruiya Technology (Beijing) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2021610000012

Denomination of invention: A ternary peer-to-peer access control system

Granted publication date: 20090218

License type: Common License

Record date: 20211104

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: SHENZHEN ZHIKAI TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2022610000005

Denomination of invention: A ternary peer-to-peer access control system

Granted publication date: 20090218

License type: Common License

Record date: 20220531

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: HISCENE INFORMATION TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000003

Denomination of invention: A Peer-to-Peer Access Control System with Ternary Structure

Granted publication date: 20090218

License type: Common License

Record date: 20230207

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: Beijing baicaibang Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000005

Denomination of invention: A Triple Structured Peer to Peer Access Control System

Granted publication date: 20090218

License type: Common License

Record date: 20230329

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: Shenzhen wisky Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000008

Denomination of invention: A Triple Structured Peer to Peer Access Control System

Granted publication date: 20090218

License type: Common License

Record date: 20230522

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: Beijing Digital Technology (Shanghai) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000012

Denomination of invention: A Triple Structure Peer to Peer Access Control System

Granted publication date: 20090218

License type: Common License

Record date: 20231114

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20070606

Assignee: SHENZHEN JINGYI SMART TECHNOLOGY CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2024610000002

Denomination of invention: A Triple Structure Peer to Peer Access Control System

Granted publication date: 20090218

License type: Common License

Record date: 20240520