公开(公告)号：US20170012968A1

公开(公告)日：2017-01-12

申请号：US15274220

申请日：2016-09-23

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chengyan FENG ,  Jing CHEN

IPC: H04L29/06 ,  G06F9/445 ,  H04L12/24

CPC classification number: H04L63/0823 ,  G06F8/63 ,  H04L12/6418 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/20 ,  H04L63/0272

Abstract: The invention discloses a network function virtualization-based certificate configuration method, apparatus, and system. A virtualized network management entity obtains initial credential information of a virtualized network function entity; and installs the initial credential information onto the virtualized network function entity during or after instantiation of the virtualized network function entity, so that the virtualized network function entity obtains, from a certificate authority by using the initial credential information, a formal certificate issued by a network operator of the virtualized network function entity. The invention not only can apply to a network function virtualization scenario, but also can resolve a problem of a security risk in network function virtualization.

Abstract translation: 本发明公开了一种基于网络功能的虚拟化证书配置方法，装置和系统。 虚拟化网络管理实体获取虚拟网络功能实体的初始凭证信息; 并在虚拟化网络功能实体实例化期间或之后将初始凭证信息安装到虚拟化网络功能实体上，使得虚拟化网络功能实体通过使用初始凭证信息从认证机构获得由网络发布的正式证书 虚拟化网络功能实体的运营商。 本发明不仅可以应用于网络功能虚拟化场景，而且可以解决网络功能虚拟化中的安全风险问题。

公开(公告)号：US20170054710A1

公开(公告)日：2017-02-23

申请号：US15346357

申请日：2016-11-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Ying XIONG ,  Jiangsheng WANG ,  Chengyan FENG

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L9/3268

Abstract: The embodiments of the present invention disclose a certificate acquiring method and device. A virtualized network function manager (VNFM) receives a certificate application proxy message sent by a virtualized network function (VNF) instance. The VNFM uses the authentication information to authenticate the VNF instance, and when the authentication succeeds, sends a certificate application message to a certificate authority (CA). Then the VNFM receives a certificate issued by the CA, and sends the certificate to the VNF instance. In this way, through a trusted link between the VNFM and the certificate authority, the instantiated VNF instance applies for a certificate issued by the certificate authority, thereby effectively ensuring security of a management channel between the VNF instance and the VNFM

Abstract translation: 本发明的实施例公开了一种证书获取方法和装置。 虚拟化网络功能管理器（VNFM）接收由虚拟化网络功能（VNF）实例发送的证书应用代理消息。 VNFM使用认证信息对VNF实例进行身份验证，当认证成功时，向证书颁发机构（CA）发送证书申请消息。 然后，VNFM收到由CA颁发的证书，并将证书发送到VNF实例。 以这种方式，通过VNFM和证书颁发机构之间的信任链接，实例化的VNF实例会申请证书颁发机构颁发的证书，从而有效地确保VNF实例和VNFM之间的管理通道的安全性

公开(公告)号：US20180063184A1

公开(公告)日：2018-03-01

申请号：US15795623

申请日：2017-10-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chengyan FENG ,  Jiangsheng Wang

IPC: H04L29/06 ,  H04L12/24

Abstract: The present invention discloses a software security verification method, a device, and a system, and relates to the communications field, so as to resolve a problem in the prior art that security verification on a VNF packet increases a VNF instantiation delay and reduces VNF instantiation performance. In a specific solution, after a first device receives an instantiation request of a VNF, the first device performs security verification on a stored VNF packet of the VNF when or after starting to instantiate the VNF according to the instantiation request of the VNF, and the first device sends first result information to a second device when security verification on the VNF packet of the VNF succeeds. The first result information includes information that security verification on the VNF packet of the VNF succeeds. The present invention is applied to software security verification.