公开(公告)号：US10243933B2

公开(公告)日：2019-03-26

申请号：US15701148

申请日：2017-09-11

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhichao Hua ,  Yubin Xia ,  Haibo Chen

IPC: H04L29/06 ,  G06F21/33 ,  G06F21/42 ,  H04L9/32 ,  H04L9/08

Abstract: A data processing method and apparatus, where the method includes acquiring a first network data packet that is sent by a target application that runs in an untrusted execution domain, where the first network data packet includes a first identifier; acquiring, in a trusted execution domain, first data corresponding to the first identifier; generating, in the trusted execution domain, a second network data packet according to the first data and the first network data packet; performing, in the trusted execution domain, encryption on the second network data packet by using a first session key to acquire an encrypted second network data packet; and sending the encrypted second network data packet to the target server. The data processing method and apparatus in the embodiments of the present invention can effectively prevent an attacker from stealing data.

公开(公告)号：US09971623B2

公开(公告)日：2018-05-15

申请号：US14795225

申请日：2015-07-09

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bin Tu ,  Haibo Chen ,  Yubin Xia

IPC: G06F9/455 ,  G06F21/53

CPC classification number: G06F9/45558 ,  G06F21/53 ,  G06F2009/45575 ,  G06F2009/45587

Abstract: An isolation method for a management virtual machine and an apparatus, which resolves problems that performance of communication between service components is deteriorated, more resources are required for running a virtual machine, and security of the service components is relatively low. The method includes: acquiring a guest identifier; searching, according to the guest identifier, the management virtual machine for a kernel virtual machine; when the kernel virtual machine is not found in the management virtual machine, creating the kernel virtual machine in the management virtual machine; dividing a service provided for a guest virtual machine by the kernel virtual machine into multiple service components; and running the multiple service components in execution environments corresponding to permission of the service components, where the kernel virtual machine includes the multiple execution environments, and the multiple execution environment have different permission.

公开(公告)号：US20170164201A1

公开(公告)日：2017-06-08

申请号：US15435507

申请日：2017-02-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wenhao Li ,  Yubin Xia ,  Haibo Chen

IPC: H04W12/08 ,  G06F21/62 ,  G06F12/14 ,  G06F21/57 ,  G06F13/28 ,  G06F13/40

CPC classification number: H04W12/08 ,  G06F12/14 ,  G06F13/28 ,  G06F13/4022 ,  G06F21/57 ,  G06F21/606 ,  G06F21/62 ,  G06F21/74 ,  G06F21/84 ,  G06F2212/1052

Abstract: A secure interaction method includes receiving, by a processor, a secure processing request sent by an application program, where the application program operates in a normal mode, and the processor operates in the normal mode when receiving the secure processing request, switching, by the processor, from the normal mode to a secure mode according to the secure processing request, reading, by the processor operating in the secure mode, data information into a memory operating in the secure mode, where the data information is data that the processor operating in the secure mode generates after parsing the secure processing request, and controlling, by the processor operating in the secure mode, an accessed device to operate according to the data information stored in the memory operating in the secure mode.

公开(公告)号：US20150186643A1

公开(公告)日：2015-07-02

申请号：US14572515

申请日：2014-12-16

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Bin Tu ,  Haibo Chen ,  Yubin Xia

IPC: G06F21/55 ,  G06F9/455 ,  G06F21/56

CPC classification number: G06F21/554 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/54 ,  G06F21/568 ,  G06F2009/45587 ,  G06F2221/03

Abstract: The present invention discloses a method, an apparatus, and a system for triggering virtual machine introspection, so as to provide a timely and effective security check triggering mechanism. In the present invention, data that needs to be protected is determined; the data that needs to be protected is monitored; and when it is determined that the data that needs to be protected is modified, virtual machine introspection is triggered. The present invention avoids a performance loss and a security problem that are brought about by regularly starting a virtual machine introspection system to perform a security check, and therefore, the present invention is more applicable.

Abstract translation: 本发明公开了一种用于触发虚拟机内省的方法，装置和系统，以提供及时有效的安全检查触发机制。 在本发明中，确定需要保护的数据; 监控需要保护的数据; 并且当确定需要保护的数据被修改时，虚拟机内省被触发。 本发明避免了通过定期启动虚拟机内省系统进行安全检查而导致的性能损失和安全性问题，因此本发明更适用。