-
公开(公告)号:EP3745639A1
公开(公告)日:2020-12-02
申请号:EP18905152.7
申请日:2018-08-15
发明人: ZHOU, Chong , FU, Tianfu , ZHANG, Dacheng , WEI, Jianxiong
IPC分类号: H04L9/08
摘要: This application provides a device identifier ID obtaining method, a terminal, and a network device. The method includes: sending, by a terminal to a network device, a first message used to obtain a device ID, where the device ID is used to globally identify the terminal uniquely; receiving, by the terminal, an encrypted key pair sent by the network device, where the key pair includes a first public key and a first private key; receiving, by the terminal, information sent by the network device, where the information is used to identify that the first public key is the device ID of the terminal; and determining, by the terminal, that the first public key is the device ID. The method can effectively avoid device ID repetition, simplify a configuration process, reduce system overheads, and improve security and availability of an overall device ID obtaining scheme.
-
公开(公告)号:EP2482502A2
公开(公告)日:2012-08-01
申请号:EP11782984.6
申请日:2011-05-24
发明人: MA, Yun , ZHAO, Zhiwang , FU, Tianfu , GAO, Hai , WANG, Xiaodong , YU, Zhouyi
IPC分类号: H04L12/56
CPC分类号: H04L12/4645 , H04L12/2885 , H04L12/2898 , H04L29/12028 , H04L29/12226 , H04L29/12575 , H04L29/12584 , H04L61/103 , H04L61/2015 , H04L61/2592 , H04L61/2596
摘要: The present invention provides a message processing method and device. The method includes: receiving a message from external equipment; encapsulating the message with a virtual local area network VLAN label, where the VLAN label corresponds to a user equipment that sends or receives the message; and determining a virtual home gateway that corresponds to the VLAN label, so that the virtual home gateway processes the message that is encapsulated with the VLAN label, where the virtual home gateway corresponds to the user equipment. The device includes: an interface board and a service board. With the method and device in the embodiments of the present invention, a received message is encapsulated with a VLAN label, where the VLAN label corresponds to a user equipment and a virtual home gateway, that is, through the VLAN label, identification and isolation of the virtual home gateway can be implemented, and therefore, a limited resource can be used to virtualize a large number of virtual home gateways that provide a home gateway function, and a requirement of high performance, miniaturization, and low power consumption can be satisfied.
-
公开(公告)号:EP3185166B1
公开(公告)日:2019-02-13
申请号:EP15841699.0
申请日:2015-08-06
发明人: ZHOU, Chong , FU, Tianfu
IPC分类号: G06F21/57
-
公开(公告)号:EP3361694A1
公开(公告)日:2018-08-15
申请号:EP16901226.7
申请日:2016-05-10
发明人: FU, Tianfu , ZHOU, Chong , LIU, Ziyi
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L29/06 , H04L63/1425 , H04L63/1458
摘要: Embodiments of this application relate to the field of network security technologies, and provide a method and a device for detecting a network attack. The method includes: collecting characteristic information of each of N sessions in a network, where N is an integer greater than 1; obtaining a statistical result, where the statistical result is a result obtained by collecting statistics on the characteristic information of the N sessions by using each of the N sessions as a sampling unit and by using the characteristic information as a sample value; and if a difference between the statistical result and a reference result exceeds a preset condition, determining that the network is under a network attack. According to this application, the following technical problem is resolved: because it is difficult to collect, by using a packet random sampling technology, sufficient network attack packets that occupy a relatively small proportion in data traffic, it is difficult to detect this type of network attack. In the embodiments of this application, a session-type network attack can be effectively detected because instead of a packet, a session is used as a sampling unit.
-
5.发明公开DISTRIBUTED CLUSTER PROCESSING SYSTEM AND MESSAGE PROCESSING METHOD THEREOF 有权VERTEILTES CLUSTER-VERARBEITUNGSSYSTEM UND NACHRICHTENVERARBEITUNGSVERFAHRENDAFÜR
公开(公告)号:EP2731313A1
公开(公告)日:2014-05-14
申请号:EP12822905.1
申请日:2012-07-27
发明人: FU, Tianfu
IPC分类号: H04L29/08
CPC分类号: H04L67/02 , H04L12/44 , H04L12/462 , H04L12/4633
摘要: The present invention provides a distributed cluster processing system and a packet processing method thereof. The distributed cluster processing system includes at least one external interface unit, multiple processing units, and a switching unit, where each of the at least one external interface unit is connected between a corresponding processing unit of the multiple processing units and an external network element, and is configured to receive a packet from the external network element, forward the packet to a corresponding processing unit of the multiple directly connected processing units, and send a processed packet to the external network element; and each of the multiple processing units performs specified service processing and is respectively connected to the switching unit, so that the multiple processing units and the switching unit form a star topology structure. According to the distributed cluster processing system and the packet processing method thereof of the present invention, through a logical combination between the processing units, end-to-end high performance may be achieved, thereby meeting a demand of an operator, cloud computing, and a large data center.
摘要翻译: 本发明提供一种分布式集群处理系统及其分组处理方法。 分布式集群处理系统包括至少一个外部接口单元,多个处理单元和交换单元,其中至少一个外部接口单元中的每一个连接在多个处理单元的相应处理单元和外部网络元件之间, 并且被配置为从外部网元接收分组,将分组转发到多个直接连接的处理单元的对应处理单元,并将处理的分组发送到外部网络单元; 并且所述多个处理单元中的每一个执行指定的服务处理,并且分别连接到所述切换单元,使得所述多个处理单元和所述切换单元形成星形拓扑结构。 根据本发明的分布式集群处理系统及其分组处理方法,通过处理单元之间的逻辑组合,可以实现端对端高性能,从而满足操作者,云计算和 一个大数据中心。
-
公开(公告)号:EP3550786A1
公开(公告)日:2019-10-09
申请号:EP17886998.8
申请日:2017-09-11
发明人: ZHANG, Dacheng , FU, Tianfu , ZHOU, Chong
IPC分类号: H04L29/06
摘要: This application provides a certificate obtaining method, an authentication method, and a network device, to improve control over operation permission of an APP on an API. According to the method, a network device sends certificate application information including an APP to a certificate generation device, and the certificate generation device generates a certificate according to the APP and sends the generated certificate to the network device. The certificate is used for permission authentication when the APP accesses an API of a controller. The certificate includes one or more of (a) to (c): (a) information about operation permission of the APP on N application programming interfaces APIs of the controller, (b) identifiers of L APIs that are of the N APIs and that the APP has permission to operate, and (c) identifiers of R APIs that are of the N APIs and that the APP has no permission to operate, where N is a natural number greater than or equal to 1, L is a natural number greater than or equal to 1, L is less than or equal to N, R is a natural number greater than or equal to 1, and R is less than or equal to N.
-
公开(公告)号:EP3185166A1
公开(公告)日:2017-06-28
申请号:EP15841699.0
申请日:2015-08-06
发明人: ZHOU, Chong , FU, Tianfu
IPC分类号: G06F21/57
CPC分类号: G06F21/52 , G06F21/552 , G06F21/57 , G06F21/575 , G06F2221/034
摘要: Disclosed are a method and an apparatus for trusted measurement, where the method includes: obtaining, when start-up of a system is completed, a first processing result by performing a first-manner processing on a code segment in a memory, and using a result obtained by performing a second-manner processing on the first processing result as a reference value (101); obtaining, at a first moment when the system is running, a second processing result by performing the first-manner processing on the code segment in the memory, and obtaining a first measurement value by performing the second-manner processing on the second processing result (102); and determining whether the first measurement value and the reference value are equal, and if the first measurement value and the reference value are equal, the system is trusted (103), where the code segment in the memory is a code segment that does not change with normal running of the system during one start-up and a running process of the system.
摘要翻译: 公开了一种可信测量的方法和装置,所述方法包括:在完成系统启动时,获取对存储器中的代码段进行第一类处理的第一处理结果,并使用 通过对所述第一处理结果执行第二处理获得的结果作为参考值(101); 在系统运行的第一时刻通过对存储器中的代码段执行第一处理结果来获得第二处理结果,并且通过对第二处理结果执行第二处理来获得第一测量值 102); 以及确定第一测量值和参考值是否相等,并且如果第一测量值和参考值相等,则系统是可信的(103),其中存储器中的代码段是不改变的代码段 在系统启动和运行过程中系统正常运行。
-
8.发明授权
公开(公告)号:EP2731313B1
公开(公告)日:2015-09-16
申请号:EP12822905.1
申请日:2012-07-27
发明人: FU, Tianfu
IPC分类号: H04L12/46
CPC分类号: H04L67/02 , H04L12/44 , H04L12/462 , H04L12/4633
-
公开(公告)号:EP2482502B1
公开(公告)日:2017-05-10
申请号:EP11782984.6
申请日:2011-05-24
发明人: MA, Yun , ZHAO, Zhiwang , FU, Tianfu , GAO, Hai , WANG, Xiaodong , YU, Zhouyi
CPC分类号: H04L12/4645 , H04L12/2885 , H04L12/2898 , H04L29/12028 , H04L29/12226 , H04L29/12575 , H04L29/12584 , H04L61/103 , H04L61/2015 , H04L61/2592 , H04L61/2596
-
公开(公告)号:EP2624519A1
公开(公告)日:2013-08-07
申请号:EP11872908.6
申请日:2011-09-30
发明人: YU, Zhouyi , FU, Tianfu , WANG, Xingrang
IPC分类号: H04L29/06
CPC分类号: H04L29/08585 , H04L12/2859 , H04L12/2865 , H04L67/141
摘要: The present invention discloses a network dial-up method and apparatus which relate to the field of Internet technologies for accessing mass user terminals in the condition of limited network resources. The method includes: when more than one dial-up request is received, performing a negotiation in a Point-to-Point Protocol (PPP) discovery stage for each dial-up request respectively; creating a virtual PPP interface for each dial-up request; configuring the virtual PPP interfaces; coupling the virtual PPP interfaces to a physical PPP interface, where the physical PPP interface is coupled to more than one of the virtual PPP interfaces, and the physical PPP interface performs round robin processing for the virtual PPP interfaces; and performing negotiations in a PPP session stage by way of the virtual PPP interfaces, thereby succeeding in dial-up after completing the negotiations in the PPP session stage. The present invention is mainly applied in the broadband access field.
摘要翻译: 本发明公开了一种网络拨号方法和装置,涉及在网络资源有限的情况下接入大量用户终端的互联网技术领域。 该方法包括:当接收到多个拨号请求时,分别在每个拨号请求的点对点协议(PPP)发现阶段进行协商; 为每个拨号请求创建一个虚拟PPP接口; 配置虚拟PPP接口; 将虚拟PPP接口耦合到物理PPP接口,其中物理PPP接口耦合到多个虚拟PPP接口,并且物理PPP接口对虚拟PPP接口执行循环处理; 并通过虚拟PPP接口在PPP会话阶段进行协商,在PPP会话阶段完成协商后成功拨号。 本发明主要应用于宽带接入领域。
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.018 秒)
