-
公开(公告)号:US20190208416A1
公开(公告)日:2019-07-04
申请号:US16298387
申请日:2019-03-11
Applicant: Huawei Technologies Co., Ltd.
Inventor: He Li , Jing Chen , Jiangsheng Wang
CPC classification number: H04W12/0401 , H04L9/08 , H04L9/0877 , H04L63/205 , H04W12/04 , H04W12/04033 , H04W12/04071 , H04W76/15
Abstract: Embodiments of the present invention provide a key negotiation method and apparatus. The method includes: obtaining, by a first base station, a selected key generation capability, and generating a first key parameter based on the selected key generation capability; sending, by the first base station, the first key parameter to a second base station, where the first key parameter is forwarded by the second base station to a terminal; and obtaining, by the first base station, a second key parameter generated by the terminal, and generating a first base key based on the first key parameter and the second key parameter. The first base station independently generates the base key, and the second base station plays only a role of parameter transfer.
-
公开(公告)号:US10581619B2
公开(公告)日:2020-03-03
申请号:US15673075
申请日:2017-08-09
Applicant: Huawei Technologies Co., Ltd.
Inventor: Chengyan Feng , Jiangsheng Wang
Abstract: A certificate management method, a device, and a system relate to the communications field and for certificate management are used to resolve a problem that communication security of a virtual network system is degraded because after a virtualized network function (VNF) instance is terminated in the virtual network system, a private key corresponding to a certificate of the VNF instance may be illegally obtained by an attacker to forge an identity of the VNF instance. A specific solution includes obtaining, by a first device, a certificate identifier of a first instance, and updating certificate status information of the first instance to a revocation state according to the certificate identifier of the first instance, or sending, by the first device, a first request message to a second device, where the first request message requests to revoke a certificate of the first instance.
-
公开(公告)号:US20170054565A1
公开(公告)日:2017-02-23
申请号:US15345829
申请日:2016-11-08
Applicant: Huawei Technologies Co., Ltd.
Inventor: Chengyan Feng , Jiangsheng Wang
CPC classification number: H04L9/3263 , H04L9/14 , H04L9/30 , H04L9/32 , H04L63/06 , H04L63/0823
Abstract: A certificate acquiring method and device, where the method includes receiving a certificate application representation message sent by a newly installed virtualized network function component (VNFC) instance, sending a certificate request message to a certification authority, and acquiring a certificate issued by the certification authority. In this way, the newly installed VNFC instance does not need to use a current manner for a virtualized network function (VNF) to acquire a certificate, which effectively avoids a problem of a cumbersome and more complex process caused when the newly installed VNFC instance acquires a certificate.
Abstract translation: 一种证书获取方法和装置,其中所述方法包括接收由新安装的虚拟网络功能组件(VNFC)实例发送的证书应用程序表示消息,向证书颁发机构发送证书请求消息,以及获取证书颁发机构颁发的证书 。 这样,新安装的VNFC实例就不需要使用虚拟化网络功能(VNF)来获取证书,这有效地避免了当新安装的VNFC实例获取时引起的繁琐复杂过程的问题 证书。
-
公开(公告)号:US10367647B2
公开(公告)日:2019-07-30
申请号:US15345829
申请日:2016-11-08
Applicant: Huawei Technologies Co., Ltd.
Inventor: Chengyan Feng , Jiangsheng Wang
Abstract: A certificate acquiring method and device, where the method includes receiving a certificate application representation message sent by a newly installed virtualized network function component (VNFC) instance, sending a certificate request message to a certification authority, and acquiring a certificate issued by the certification authority. In this way, the newly installed VNFC instance does not need to use a current manner for a virtualized network function (VNF) to acquire a certificate, which effectively avoids a problem of a cumbersome and more complex process caused when the newly installed VNFC instance acquires a certificate.
-
公开(公告)号:US09722802B2
公开(公告)日:2017-08-01
申请号:US14804643
申请日:2015-07-21
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Wenjun Jin , Ying Xiong , Jiajia Chen , Jiangsheng Wang
CPC classification number: H04L9/3268 , H04L63/0823 , H04L63/123
Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for increasing network security. The method for increasing network security includes: receiving, by a network management system, a certificate message reported by a network element; generating, by the network management system, a first list; when determining that a certificate corresponding to certificate information in the first list needs to be revoked, generating, by the network management system, a certificate revocation request file according to the certificate information, and removing the certificate information in the first list from the first list; and sending, by the network management system, the certificate revocation request file to a public key infrastructure (PKI) system.
-
Patent Agency Ranking
公开(公告)号:US11489873B2
公开(公告)日:2022-11-01
申请号:US16359753
申请日:2019-03-20
Applicant: Huawei Technologies Co., Ltd.
Inventor: Qingchun Lin , Tao Jin , Jiangsheng Wang
Abstract: A security policy deployment method and apparatus are provided, and the method includes: when a lifecycle state of a virtualized network function VNF changes, generating, by a management network element, a security policy of the VNF, where the security policy of the VNF is used to perform access control on the VNF; and sending, by the management network element, the security policy of the VNF to a control device. The management network element is a network element configured to perform lifecycle management on the VNF. By using the method or apparatus provided in embodiments of this application, the security policy of the VNF can be adjusted in time when the lifecycle state of the VNF changes, thereby greatly reducing a possibility that a bug occurs in the security policy of the VNF because the VNF changes.
-
7.发明授权公开(公告)号:US11070541B2
公开(公告)日:2021-07-20
申请号:US15958465
申请日:2018-04-20
Applicant: Huawei Technologies Co., Ltd.
Inventor: Wenji Liu , Jiangsheng Wang
Abstract: Embodiments of the present application provide a certificate management method and apparatus in an NFV architecture. The certificate management method includes: determining, by an MANO, a storage network element, where the storage network element is configured to store a certificate of a VNFC, and the storage network element is different from the VNFC; creating, by the MANO, storage space in the storage network element, where the storage space is used to store the certificate of the VNFC; and sending, by the MANO, an address of the storage space to the VNFC, so that the VNFC accesses the address of the storage space, obtains the certificate of the VNFC, and directly communicates with another network element by using the certificate stored in the storage network element. The VNFC does not locally store the certificate.
-
公开(公告)号:US10757129B2
公开(公告)日:2020-08-25
申请号:US15795623
申请日:2017-10-27
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Chengyan Feng , Jiangsheng Wang
Abstract: The present invention discloses a software security verification method, a device, and a system, and relates to the communications field, so as to resolve a problem in the prior art that security verification on a VNF packet increases a VNF instantiation delay and reduces VNF instantiation performance. In a specific solution, after a first device receives an instantiation request of a VNF, the first device performs security verification on a stored VNF packet of the VNF when or after starting to instantiate the VNF according to the instantiation request of the VNF, and the first device sends first result information to a second device when security verification on the VNF packet of the VNF succeeds. The first result information includes information that security verification on the VNF packet of the VNF succeeds. The present invention is applied to software security verification.
-
公开(公告)号:US10601801B2
公开(公告)日:2020-03-24
申请号:US15639273
申请日:2017-06-30
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Jiangsheng Wang , Qingchun Lin
Abstract: Embodiments of the present invention disclose an identity authentication method and apparatus. The NFV system includes a VNF including a first virtual network function component VNFC and a second VNFC. The method includes: generating a public key and a private key of the first VNFC and a public key and a private key of the second VNFC; writing or sending the private key of the first VNFC and the public key of the second VNFC to the first VNFC; and writing or sending the public key of the first VNFC and the private key of the second VNFC to the second VNFC, where the public key and the private key of the first VNFC and the public key and the private key of the second VNFC are used for identity authentication of the first VNFC and the second VNFC.
-
公开(公告)号:US10225246B2
公开(公告)日:2019-03-05
申请号:US15346357
申请日:2016-11-08
Applicant: Huawei Technologies Co., Ltd.
Inventor: Ying Xiong , Jiangsheng Wang , Chengyan Feng
Abstract: The embodiments of the present invention disclose a certificate acquiring method and device. A virtualized network function manager (VNFM) receives a certificate application proxy message sent by a virtualized network function (VNF) instance. The VNFM uses the authentication information to authenticate the VNF instance, and when the authentication succeeds, sends a certificate application message to a certificate authority (CA). Then the VNFM receives a certificate issued by the CA, and sends the certificate to the VNF instance. In this way, through a trusted link between the VNFM and the certificate authority, the instantiated VNF instance applies for a certificate issued by the certificate authority, thereby effectively ensuring security of a management channel between the VNF instance and the VNFM.
-
-
-
-
-
-
-
-
-
Search Results
13
records
(took 0.016 seconds)
