公开(公告)号：US10476897B2

公开(公告)日：2019-11-12

申请号：US15641841

申请日：2017-07-05

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaoxin Wu ,  Jinming Li

IPC: H04L29/00 ,  H04L29/06 ,  G06F21/55

Abstract: A method and an apparatus for improving network security. The method includes obtaining, by a control node, alarm information, where the alarm information includes address information of an attack source that attacks a subnet of at least two subnets and identification information of the attacked subnet of the at least two subnets, using, by the control node, the alarm information to sort the attack sources in descending order of threat levels, and using a sorting result as a blacklist, and sending, by the control node, the obtained blacklist to at least one subnet that is not attacked yet in the network system. The method and apparatus are applicable to collaborative defense among multiple subnets.

公开(公告)号：US09832259B2

公开(公告)日：2017-11-28

申请号：US14318900

申请日：2014-06-30

Applicant: Huawei Technologies Co., Ltd.

Inventor： Cheng Tan ,  Xiaoxin Wu ,  Yubin Xia ,  Haibo Chen

IPC: G06F15/16 ,  H04L29/08 ,  G06F11/14 ,  G06F21/64

CPC classification number: H04L67/1095 ,  G06F11/1464 ,  G06F11/1484 ,  G06F21/645

Abstract: A method, an apparatus, a terminal, and a server for synchronizing a terminal mirror are provided. The method includes: obtaining, by a terminal, multiple input events during running of application software; aggregating the multiple input events to obtain an aggregate event; and transmitting the aggregate event to the server, so that after parsing the aggregate event to obtain the multiple input events, the server processes the multiple input events by using a virtual machine that is of the terminal and set on the server, so as to obtain user data generated during the running of the application software. In the present invention, the terminal transmits the input events to the server in an event-driven manner, so that the server obtains the user data that is the same as that on the terminal that runs the application software, thereby ensuring that the server can back up complete user data.

公开(公告)号：US20150058464A9

公开(公告)日：2015-02-26

申请号：US14227649

申请日：2014-03-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Donghui Wang ,  Xiaoxin Wu ,  Jiao Wang

IPC: H04L29/08

CPC classification number: H04L67/10 ,  H04L41/0816

Abstract: A method for resource matching in virtual private cloud (VPC) migration is provided, including: acquiring a node attribute, a link attribute and an adjacent matrix of a customized network requiring VPC migration according to a VPC migration request, where the node attribute includes a network security device attribute of the customized network; acquiring a node attribute, a link attribute and an adjacent matrix of a cloud network in which the VPC is located, where the adjacent matrices are used for indicating connection relations between any two nodes in the customized network and the cloud network, respectively; obtaining multiple matching resources in the cloud network according to a subgraph isomorphism algorithm, where each of the matching resources matches the node attribute, the link attribute and the adjacent matrix of the customized network; and selecting one of the multiple matching resources as a VPC into which the customized network migrates.

Abstract translation: 提供了一种虚拟私有云（VPC）迁移中资源匹配的方法，包括：根据VPC迁移请求获取需要VPC迁移的定制网络的节点属性，链路属性和相邻矩阵，其中节点属性包括 定制网络的网络安全设备属性; 获取VPC所在的云网络的节点属性，链路属性和相邻矩阵，其中相邻矩阵分别用于指示定制网络中的任意两个节点与云网络之间的连接关系; 根据子图同构算法在云网中获得多个匹配资源，其中每个匹配资源与定制网络的节点属性，链路属性和相邻矩阵匹配; 并且选择多个匹配资源之一作为自定义网络迁移到的VPC。

公开(公告)号：US20130156188A1

公开(公告)日：2013-06-20

申请号：US13687968

申请日：2012-11-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lei Xu ,  Xiaoxin Wu

IPC: H04L9/08 ,  H04L9/28

CPC classification number: H04L9/0861 ,  H04L9/0827 ,  H04L9/3073 ,  H04L2209/76

Abstract: A proxy-based encryption method includes generating, according to a private key of a sending end and a public key of a receiving end, proxy keys that correspond to at least two proxy servers, respectively. The number of the proxy keys is equal to the number of the proxy servers. The method further includes sending encrypted ciphertexts and the proxy keys that correspond to the at least two proxy servers respectively to the at least two proxy servers, respectively, so that the at least two proxy servers re-encrypt the encrypted ciphertexts according to the corresponding proxy keys.

Abstract translation: 基于代理的加密方法包括根据发送端的私钥和接收端的公开密钥分别生成与至少两个代理服务器对应的代理密钥。 代理密钥的号码等于代理服务器的号码。 该方法还包括分别向至少两个代理服务器发送加密的密文和对应于至少两个代理服务器的代理密钥，使得至少两个代理服务器根据相应的代理对加密的密文重新加密 钥匙

公开(公告)号：US20170302690A1

公开(公告)日：2017-10-19

申请号：US15641841

申请日：2017-07-05

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaoxin Wu ,  Jinming Li

IPC: H04L29/06 ,  G06F21/55

Abstract: A method and an apparatus for improving network security. The method includes obtaining, by a control node, alarm information, where the alarm information includes address information of an attack source that attacks a subnet of at least two subnets and identification information of the attacked subnet of the at least two subnets, using, by the control node, the alarm information to sort the attack sources in descending order of threat levels, and using a sorting result as a blacklist, and sending, by the control node, the obtained blacklist to at least one subnet that is not attacked yet in the network system. The method and apparatus are applicable to collaborative defense among multiple subnets.

公开(公告)号：US09762594B2

公开(公告)日：2017-09-12

申请号：US14583367

申请日：2014-12-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaoxin Wu ,  Jinming Li

IPC: H04L29/00 ,  H04L29/06 ,  G06F21/55

CPC classification number: H04L63/1416 ,  G06F21/554 ,  H04L63/101 ,  H04L2463/146

Abstract: A method and an apparatus for improving network security are provided. The method includes obtaining, by a control node, alarm information, where the alarm information includes address information of an attack source that attacks a subnet of at least two subnets and identification information of the attacked subnet of the at least two subnets, using, by the control node, the alarm information to sort the attack sources in descending order of threat levels, and using a sorting result as a blacklist, and sending, by the control node, the obtained blacklist to at least one subnet that is not attacked yet in the network system. The method and apparatus are applicable to collaborative defense among multiple subnets.

公开(公告)号：US09473471B2

公开(公告)日：2016-10-18

申请号：US14145046

申请日：2013-12-31

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Lei Xu ,  Xiaoxin Wu

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/30

CPC classification number: H04L63/0471 ,  H04L9/3073 ,  H04L63/0281 ,  H04L63/0428 ,  H04L67/06 ,  H04L67/2823 ,  H04L67/306 ,  H04L2209/76

Abstract: A method for performing proxy transformation between a user and a server includes: selecting a first proxy relationship between a target user and a first user from a proxy relationship library; selecting a random value, and generating a second proxy relationship according to the random value and the first proxy relationship; and encrypting original information according to the public key of the first user and the random value to obtain the encrypted information, and transmitting the encrypted information and the second proxy relationship to the server, so that the server performs proxy transformation on the encrypted information according to the second proxy relationship to obtain the transformed information. The method for performing proxy transformation thoroughly solves the security hazard that the server performs proxy transformation without user permission. The present invention further discloses a user terminal and a system for performing proxy transformation.

Abstract translation: 用于在用户和服务器之间执行代理变换的方法包括：从代理关系库中选择目标用户和第一用户之间的第一代理关系; 选择随机值，并根据随机值和第一代理关系产生第二代理关系; 根据第一用户的公开密钥和随机值加密原始信息，获得加密信息，并将加密信息和第二代理关系发送给服务器，使得服务器根据加密信息执行代理转换 第二个代理关系来获取转换的信息。 执行代理转换的方法彻底解决了服务器在没有用户许可的情况下执行代理转换的安全隐患。 本发明还公开了一种用于执行代理变换的用户终端和系统。

公开(公告)号：US20140359273A1

公开(公告)日：2014-12-04

申请号：US14294700

申请日：2014-06-03

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaoxin Wu ,  Bin Tu

IPC: H04L29/06 ,  G06F9/455

CPC classification number: G06F21/606 ,  G06F9/455 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/602 ,  G06F21/62 ,  G06F21/83 ,  G06F2009/45587 ,  G06F2221/031 ,  G06F2221/2105 ,  H04L63/0428

Abstract: Embodiments of the present invention provide a method and an apparatus for inputting data. The present invention relates to the communications field and aims to improve security of input information. The method includes: acquiring, by a virtual machine manager, input data; performing, by the virtual machine manager, encryption processing on the input data according to an encryption rule of a security connection to obtain encrypted data, where the security connection refers to a connection that is established between an application interface and a server and used for data transmission; and sending, by the virtual machine manager, the encrypted data to the server. The present invention is applicable to a data input scenario.

Abstract translation: 本发明的实施例提供一种用于输入数据的方法和装置。 本发明涉及通信领域，旨在提高输入信息的安全性。 该方法包括：由虚拟机管理器获取输入数据; 由虚拟机管理器根据安全连接的加密规则执行对输入数据的加密处理以获得加密数据，其中安全连接是指在应用接口和服务器之间建立并用于数据的连接 传输; 并由虚拟机管理器将加密数据发送到服务器。 本发明可应用于数据输入场景。

公开(公告)号：US20150254466A1

公开(公告)日：2015-09-10

申请号：US14721911

申请日：2015-05-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaoxin Wu ,  Bin Tu

IPC: G06F21/60 ,  G06F9/455 ,  H04L29/06

CPC classification number: G06F21/606 ,  G06F9/455 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/602 ,  G06F21/62 ,  G06F21/83 ,  G06F2009/45587 ,  G06F2221/031 ,  G06F2221/2105 ,  H04L63/0428

Abstract: Embodiments of the present invention provide a method and an apparatus for inputting data. The present invention relates to the communications field and aims to improve security of input information. The method includes: acquiring, by a virtual machine manager, input data; performing, by the virtual machine manager, encryption processing on the input data according to an encryption rule of a security connection to obtain encrypted data; and sending, by the virtual machine manager, the encrypted data to the server. The present invention is applicable to a data input scenario.

Abstract translation: 本发明的实施例提供一种用于输入数据的方法和装置。 本发明涉及通信领域，旨在提高输入信息的安全性。 该方法包括：由虚拟机管理器获取输入数据; 由虚拟机管理者根据安全连接的加密规则执行对输入数据的加密处理，以获得加密的数据; 并由虚拟机管理器将加密数据发送到服务器。 本发明可应用于数据输入场景。

公开(公告)号：US20150188937A1

公开(公告)日：2015-07-02

申请号：US14583367

申请日：2014-12-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaoxin Wu ,  Jinming Li

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/554 ,  H04L63/101 ,  H04L2463/146

Abstract: A method and an apparatus for improving network security are provided. The method includes obtaining, by a control node, alarm information, where the alarm information includes address information of an attack source that attacks a subnet of at least two subnets and identification information of the attacked subnet of the at least two subnets, using, by the control node, the alarm information to sort the attack sources in descending order of threat levels, and using a sorting result as a blacklist, and sending, by the control node, the obtained blacklist to at least one subnet that is not attacked yet in the network system. The method and apparatus are applicable to collaborative defense among multiple subnets.

Abstract translation: 提供了一种用于提高网络安全性的方法和装置。 该方法包括：通过控制节点获取报警信息，其中报警信息包括攻击至少两个子网的子网的攻击源的地址信息和至少两个子网的被攻击子网的标识信息，使用 控制节点，以威胁级别降序对攻击源进行排序的报警信息，并使用排序结果作为黑名单，并由控制节点将获得的黑名单发送到至少一个未被攻击的子网 网络系统。 该方法和装置适用于多个子网之间的协同防御。