公开(公告)号：US20140078887A1

公开(公告)日：2014-03-20

申请号：US14089108

申请日：2013-11-25

Applicant: Huawei Technologies Co., LTD

Inventor： Qinghua Yu ,  Chi Zhang ,  Sihai Ye ,  Deming Yu

IPC: H04L12/24

CPC classification number: H04L41/0668 ,  H04L43/0811 ,  H04L43/10 ,  H04L45/04 ,  H04L45/28 ,  H04L45/586

Abstract: Embodiments of the present invention provide a method, a device, and a system for realizing disaster tolerance backup. The method includes the following steps: a device with an active-standby function determines a current state of the device with the active-standby function, after it is determined that the current state is an active state, the device with the active-standby function issues reachable route information to a connected routing device, where the device with the active-standby function and a device of which a current state is a standby state have a same IP address, the reachable route information includes route information relevant to the IP address, so that the IP address is reachable, and the device with the active-standby function and the device of which the current state is the standby state are backup devices for each other. The present invention can realize remote disaster tolerance backup and avoid service interruption.

Abstract translation: 本发明的实施例提供了一种用于实现容灾备份的方法，装置和系统。 该方法包括以下步骤：具有主备功能的设备在确定当前状态为活动状态后，确定具有主备功能的设备的当前状态，具有主备功能的设备 向连接的路由设备发布可达路由信息，其中具有主备功能的设备和当前状态为备用状态的设备具有相同的IP地址，可达路由信息包括与IP地址相关的路由信息​​， 使IP地址可达，具有active-standby功能的设备和当前状态为待机状态的设备相互备份设备。 本发明可以实现远程容灾备份，避免业务中断。

公开(公告)号：US09698988B2

公开(公告)日：2017-07-04

申请号：US14720245

申请日：2015-05-22

Applicant: Huawei Technologies Co., Ltd.

Inventor： Sihai Ye ,  Xun Shi

IPC: H04L9/32 ,  H04L12/24 ,  G06F9/455 ,  G06F21/31 ,  H04L9/30 ,  H04L29/06

CPC classification number: H04L9/321 ,  G06F9/45533 ,  G06F21/31 ,  G06F21/53 ,  G06F21/57 ,  H04L9/30 ,  H04L9/3234 ,  H04L41/0803 ,  H04L63/00 ,  H04L63/0442 ,  H04L63/08

Abstract: A security control platform receives a virtual machine starting request message that is from user equipment and forwarded by a management platform, where the virtual machine starting request message includes an identifier of a virtual machine that needs to be enabled and user information; invokes a third-party trusted platform to determine that the virtual machine starting request message is initiated by the user equipment according to an instruction of an authorized user; and performs authentication on the user information, and based on successful authentication, invokes the third-party trusted platform to decapsulate the virtual machine that needs to be enabled. It is ensured that other user equipment (including the management platform) cannot obtain a key of the third-party trusted platform, which enhances security of management control on the virtual machine, and thereby enhances security of a cloud computing platform.

公开(公告)号：US20160232027A1

公开(公告)日：2016-08-11

申请号：US15131758

申请日：2016-04-18

Applicant: Huawei Technologies Co., Ltd.

Inventor： Sihai Ye

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45562 ,  G06F2009/45579

Abstract: A cloud system data management method for alleviate a data leakage problem occurring when a user accessed by another user when a virtual data volume of the user is mounted to a virtual machine of another user includes creating a first virtual machine for a user and allocating a virtual data volume to the first virtual machine, setting an identifier of the virtual data volume as an identifier corresponding to a home identifier of the first virtual machine, determining, according to the identifier of the virtual data volume and a home identifier of a second virtual machine, whether the virtual data volume and the second virtual machine belong to a same user when the virtual data volume needs to be mounted to the second virtual machine, forbidding the virtual data volume to be mounted to the second virtual machine when they do not belong to the same user.

Abstract translation: 一种云系统数据管理方法，用于当用户的虚拟数据卷被安装到另一用户的虚拟机时，用于缓解由另一用户访问的用户时发生的数据泄漏问题，包括为用户创建第一虚拟机并分配虚拟 数据卷到第一虚拟机，将虚拟数据卷的标识符设置为对应于第一虚拟机的归属标识符的标识符，根据虚拟数据卷的标识符和第二虚拟机的归属标识 当需要将虚拟数据卷安装到第二虚拟机时，虚拟数据卷和第二虚拟机是否属于同一用户，如果虚拟数据卷不属于第二虚拟机则禁止将其安装到第二虚拟机 同一用户。

公开(公告)号：US09258183B2

公开(公告)日：2016-02-09

申请号：US14089108

申请日：2013-11-25

Applicant: Huawei Technologies Co., LTD

Inventor： Qinghua Yu ,  Chi Zhang ,  Sihai Ye ,  Deming Yu

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/715 ,  H04L12/713 ,  H04L12/703

CPC classification number: H04L41/0668 ,  H04L43/0811 ,  H04L43/10 ,  H04L45/04 ,  H04L45/28 ,  H04L45/586

Abstract: Embodiments of the present invention provide a method, a device, and a system for realizing disaster tolerance backup. The method includes the following steps: a device with an active-standby function determines a current state of the device with the active-standby function, after it is determined that the current state is an active state, the device with the active-standby function issues reachable route information to a connected routing device, where the device with the active-standby function and a device of which a current state is a standby state have a same IP address, the reachable route information includes route information relevant to the IP address, so that the IP address is reachable, and the device with the active-standby function and the device of which the current state is the standby state are backup devices for each other. The present invention can realize remote disaster tolerance backup and avoid service interruption.

Abstract translation: 本发明的实施例提供了一种用于实现容灾备份的方法，装置和系统。 该方法包括以下步骤：具有主备功能的设备在确定当前状态为活动状态后，确定具有主备功能的设备的当前状态，具有主备功能的设备 向连接的路由设备发布可达路由信息，其中具有主备功能的设备和当前状态为备用状态的设备具有相同的IP地址，可达路由信息包括与IP地址相关的路由信息​​， 使IP地址可达，具有active-standby功能的设备和当前状态为待机状态的设备相互备份设备。 本发明可以实现远程容灾备份，避免业务中断。

公开(公告)号：US10235197B2

公开(公告)日：2019-03-19

申请号：US15131758

申请日：2016-04-18

Applicant: Huawei Technologies Co., Ltd.

Inventor： Sihai Ye

IPC: G06F9/455

Abstract: A cloud system data management method for alleviate a data leakage problem occurring when a user accessed by another user when a virtual data volume of the user is mounted to a virtual machine of another user includes creating a first virtual machine for a user and allocating a virtual data volume to the first virtual machine, setting an identifier of the virtual data volume as an identifier corresponding to a home identifier of the first virtual machine, determining, according to the identifier of the virtual data volume and a home identifier of a second virtual machine, whether the virtual data volume and the second virtual machine belong to a same user when the virtual data volume needs to be mounted to the second virtual machine, forbidding the virtual data volume to be mounted to the second virtual machine when they do not belong to the same user.

公开(公告)号：US20140258551A1

公开(公告)日：2014-09-11

申请号：US14285946

申请日：2014-05-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Sihai Ye ,  Qinghua Yu

IPC: H04L29/08

CPC classification number: H04L67/142 ,  H04L65/1013 ,  H04L67/1002 ,  H04L67/14 ,  H04L69/40

Abstract: A method for implementing a session border controller (SBC) pool and a SBC device are provided. In the present invention, an SBC pool is formed by at least two SBCs, the at least two SBCs are mutually backed up for disaster recovery and use a same Internet Protocol (IP) address for a terminal device, and whether the terminal device is registered in the SBC pool is determined; and if the terminal device has been registered in the SBC pool, a service message is forwarded to an SBC with which the terminal device is registered. In this way, it is avoided that SBC device disaster recovery places a special requirement for the terminal device, and the terminal device does not need to be configured with two IP addresses. Furthermore, all devices in the SBC pool can process the service message of the terminal device, thereby increasing a resource utilization rate.

Abstract translation: 提供了一种用于实现会话边界控制器（SBC）池和SBC设备的方法。 在本发明中，SBC池由至少两个SBC形成，所述至少两个SBC相互备份用于灾难恢复，并且对于终端设备使用相同的因特网协议（IP）地址，以及终端设备是否被注册 在SBC池中确定; 并且如果终端设备已经登记在SBC池中，则服务消息被转发到终端设备所登记的SBC。 这样避免SBC设备灾难恢复对终端设备有特殊要求，终端设备不需要配置两个IP地址。 此外，SBC池中的所有设备都可以处理终端设备的业务消息，从而提高资源利用率。

公开(公告)号：US11017095B2

公开(公告)日：2021-05-25

申请号：US16111230

申请日：2018-08-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Sihai Ye ,  Xun Shi

IPC: G06F21/57 ,  H04L29/06 ,  G09F19/18 ,  G06F21/12 ,  H04L9/32

Abstract: A method for trusted measurement of a cloud computing platform includes: generating, by a third-party management and audit system, an audit report based on a current running indicator, signed by using a digital certificate, of a software and a running security indicator of the software, where the audit report indicates trustworthiness of a cloud computing platform. In this way, a process of trusted measurement of the cloud computing platform is open and transparent, so that authenticity of trusted measurement of the cloud computing platform is improved, thereby increasing a user's trust in the cloud computing platform.

公开(公告)号：US09807179B2

公开(公告)日：2017-10-31

申请号：US14285946

申请日：2014-05-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Sihai Ye ,  Qinghua Yu

IPC: H04L29/08 ,  H04L29/14 ,  H04L29/06

CPC classification number: H04L67/142 ,  H04L65/1013 ,  H04L67/1002 ,  H04L67/14 ,  H04L69/40

Abstract: A method for implementing a session border controller (SBC) pool and a SBC device are provided. In the present invention, an SBC pool is formed by at least two SBCs, the at least two SBCs are mutually backed up for disaster recovery and use a same Internet Protocol (IP) address for a terminal device, and whether the terminal device is registered in the SBC pool is determined; and if the terminal device has been registered in the SBC pool, a service message is forwarded to an SBC with which the terminal device is registered. In this way, it is avoided that SBC device disaster recovery places a special requirement for the terminal device, and the terminal device does not need to be configured with two IP addresses. Furthermore, all devices in the SBC pool can process the service message of the terminal device, thereby increasing a resource utilization rate.

公开(公告)号：US20150256341A1

公开(公告)日：2015-09-10

申请号：US14720245

申请日：2015-05-22

Applicant: Huawei Technologies Co., Ltd.

Inventor： Sihai Ye ,  Xun Shi

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/31 ,  H04L9/30 ,  G06F9/455

CPC classification number: H04L9/321 ,  G06F9/45533 ,  G06F21/31 ,  G06F21/53 ,  G06F21/57 ,  H04L9/30 ,  H04L9/3234 ,  H04L41/0803 ,  H04L63/00 ,  H04L63/0442 ,  H04L63/08

Abstract: A security control platform receives a virtual machine starting request message that is from user equipment and forwarded by a management platform, where the virtual machine starting request message includes an identifier of a virtual machine that needs to be enabled and user information; invokes a third-party trusted platform to determine that the virtual machine starting request message is initiated by the user equipment according to an instruction of an authorized user; and performs authentication on the user information, and based on successful authentication, invokes the third-party trusted platform to decapsulate the virtual machine that needs to be enabled. It is ensured that other user equipment (including the management platform) cannot obtain a key of the third-party trusted platform, which enhances security of management control on the virtual machine, and thereby enhances security of a cloud computing platform.

Abstract translation: 安全控制平台从用户设备接收虚拟机启动请求消息并由管理平台转发，其中虚拟机启动请求消息包括需要启用的虚拟机的标识符和用户信息; 调用第三方可信平台，以确定虚拟机启动请求消息是由用户设备根据授权用户的指令发起的; 并对用户信息执行认证，并且基于成功认证，调用第三方可信平台来解封装需要启用的虚拟机。 确保其他用户设备（包括管理平台）无法获取第三方可信平台的密钥，从而增强了虚拟机管理控制的安全性，从而提高了云计算平台的安全性。

公开(公告)号：US20140380057A1

公开(公告)日：2014-12-25

申请号：US14484355

申请日：2014-09-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xun Shi ,  Sihai Ye

IPC: H04L29/06 ,  G06F21/31

CPC classification number: H04L63/062 ,  G06F21/57 ,  H04L9/0877 ,  H04L63/0428 ,  H04L63/083 ,  H04L2463/062

Abstract: A method, a server, a host, and a system for protecting data security. A server generates a cloud feature value that uniquely corresponds to the server, binds a data encryption key required by the host to generate data encryption key ciphertext, and then transmits the data encryption key ciphertext and the cloud feature value to the host; and the host decrypts the ciphertext using the cloud feature value to obtain a data encryption key to be allocated to a user, so that security protection on user data is performed based on the cloud feature value, thereby improving data security.

Abstract translation: 用于保护数据安全性的方法，服务器，主机和系统。 服务器生成与服务器唯一对应的云特征值，绑定主机所需的数据加密密钥，生成数据加密密钥密文，然后将数据加密密钥密文和云特征值发送给主机; 并且主机使用云特征值解密密文以获得要分配给用户的数据加密密钥，从而基于云特征值执行对用户数据的安全保护，从而提高数据安全性。