公开(公告)号：US12021982B2

公开(公告)日：2024-06-25

申请号：US18057717

申请日：2022-11-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Haiwu Chen ,  Mengnan Zhang ,  Bin Cao

IPC: H04L9/08 ,  G06F21/57

CPC classification number: H04L9/0891 ,  G06F21/575 ,  H04L9/0825 ,  G06F2221/034

Abstract: This application discloses a method for performing secure boot based on a redundant cryptographic algorithm and a device. The method includes: obtaining first indication information and second indication information, and updating first baseline information based on the first indication information and the second indication information. The first indication information uniquely identifies a first cryptographic algorithm, the second indication information is used to instruct a network device to update the first cryptographic resource baseline information stored in a secure storage entity, and the first cryptographic resource baseline information is used to perform integrity verification on a first cryptographic resource used by the network device in a secure boot process.

公开(公告)号：US20230297722A1

公开(公告)日：2023-09-21

申请号：US18321232

申请日：2023-05-22

Applicant: Huawei Technologies Co., Ltd.

Inventor： Di Wu ,  Bin Cao ,  Wei Pan

IPC: G06F21/64

CPC classification number: G06F21/64

Abstract: An integrity verification method includes: a first device that sends first data to a second device. The first device sends an integrity measurement baseline value corresponding to the first data to a verification server, and the second device sends an integrity measurement value corresponding to the first data to the verification server. The verification server performs integrity verification on the first data based on the integrity measurement value and the integrity measurement baseline value.

公开(公告)号：US20230269222A1

公开(公告)日：2023-08-24

申请号：US18305298

申请日：2023-04-21

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Di Wu ,  Yijiong Zhang ,  Zhicheng Yang ,  Bin Cao ,  Xiang Ji ,  Chenhe Ji

IPC: H04L61/5061

CPC classification number: H04L61/5061 ,  H04L2101/622

Abstract: A media access control (MAC) address allocation method and device are disclosed. The method includes: a wireless access point device sending a notification message on a wireless medium. The notification message includes at least one candidate virtual MAC address. The wireless access point device receiving, on the wireless medium, a request message from a terminal device. A source address of the request message is a first virtual MAC address. The first virtual MAC address is one of the at least one candidate virtual MAC address.

公开(公告)号：US20230095143A1

公开(公告)日：2023-03-30

申请号：US18057717

申请日：2022-11-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Haiwu Chen ,  Mengnan Zhang ,  Bin Cao

IPC: H04L9/08 ,  G06F21/57

Abstract: This application discloses a method for performing secure boot based on a redundant cryptographic algorithm and a device. The method includes: obtaining first indication information and second indication information, and updating first baseline information based on the first indication information and the second indication information. The first indication information uniquely identifies a first cryptographic algorithm, the second indication information is used to instruct a network device to update the first cryptographic resource baseline information stored in a secure storage entity, and the first cryptographic resource baseline information is used to perform integrity verification on a first cryptographic resource used by the network device in a secure boot process.

公开(公告)号：US12056260B2

公开(公告)日：2024-08-06

申请号：US17726605

申请日：2022-04-22

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Haiwu Chen ,  Bin Cao ,  Mengnan Zhang ,  Jianying Qian

IPC: G06F21/64 ,  H04L9/32

CPC classification number: G06F21/645 ,  H04L9/3247 ,  H04L9/3268

Abstract: A software verification method and apparatus are provided. The method includes: reading flag information, where the flag information is used to indicate a target digital certificate; selecting one of a plurality of digital certificates as a target digital certificate based on the flag information, where the plurality of digital certificates include a first digital certificate and a second digital certificate, and the target digital certificate includes a cryptographic resource; and verifying software deployed on a device based on the cryptographic resource. Using the foregoing technical solution can ensure continuity of the software verification service in the device.

公开(公告)号：US20220224546A1

公开(公告)日：2022-07-14

申请号：US17711879

申请日：2022-04-01

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Bin Cao ,  Haiwu Chen ,  Yan Chen ,  Bo Wang

IPC: H04L9/32 ,  H04L9/00

Abstract: Embodiments of this application disclose a software integrity protection method and apparatus. A first device obtains a first software package, where the first software package includes a first signature made by a first party for a second software package by using a first private key; and the first device performs a signing operation on the first software package by using a second private key, to obtain a third software package including a second signature, where the first private key is controlled by the first party, and the second private key is controlled by a second party. The first device sends the third software package to a second device. The second device verifies the first signature and the second signature in the third software package respectively based on a first public key and a second public key that are prestored, to obtain a verification result.

公开(公告)号：US20240378282A1

公开(公告)日：2024-11-14

申请号：US18782734

申请日：2024-07-24

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bin Cao ,  Xiaodong Lu ,  Tairan Zheng

IPC: G06F21/51 ,  G06F8/71

Abstract: This application discloses a software loading method, applied to a network device on which software is deployed. In the method, a software version identifier is indicated by using a version file, and when loading software, the network device compares a version identifier of to-be-loaded software with the version identifier in the version file, to determine whether a version of current to-be-loaded software is a secure version. This implements protection of a software loading process.

公开(公告)号：US20240265119A1

公开(公告)日：2024-08-08

申请号：US18640510

申请日：2024-04-19

Applicant: Huawei Technologies Co., Ltd.

Inventor： Weizhi Le ,  Bin Cao

IPC: G06F21/60 ,  G06F21/72 ,  G06F21/79

CPC classification number: G06F21/602 ,  G06F21/72 ,  G06F21/79

Abstract: In accordance with an embodiment, a network device includes a chip including a hardware encryption and decryption circuit and a one-time programmable (OTP) storage area; and a receiver configured to receive a to-be-decrypted file, where the to-be-decrypted file comprises a ciphertext. The hardware encryption and decryption circuit is configured to obtain a root key plaintext from the OTP storage area, and decrypt the ciphertext using the root key plaintext to obtain a plaintext