公开(公告)号：US20180278632A1

公开(公告)日：2018-09-27

申请号：US15993485

申请日：2018-05-30

Applicant: Huawei Technologies Co., Ltd.

Inventor： Tianfu Fu ,  Chong Zhou ,  Ziyi Liu

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L29/06 ,  H04L63/1425 ,  H04L63/1458

Abstract: This application relates to the field of network security technologies, and provides a method and a device for detecting a network attack. The method includes: collecting characteristic information of each of N sessions in a network, where N is an integer greater than 1; obtaining a statistical result, where the statistical result is a result obtained by collecting statistics on the characteristic information of the N sessions by using each of the N sessions as a sampling unit and by using the characteristic information as a sample value; and when a difference between the statistical result and a reference result exceeds a preset condition, determining the network is under a network attack. According to this application, a session-type network attack can be effectively detected because instead of a packet, a session is used as a sampling unit.

公开(公告)号：US12155755B2

公开(公告)日：2024-11-26

申请号：US17780902

申请日：2020-11-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lu Gan ,  Jianhao Huang ,  Xiaoshuang Ma ,  Chong Zhou

IPC: H04L9/08 ,  G16Y30/10 ,  H04L9/06

Abstract: A key negotiation method and an electronic device are provided, and relate to the field of communications technologies. Specifically, the method includes: An IoT control device multicasts, in a first local area network, a discovery message that carries a first public key, and sends a second ciphertext to a first IoT device after receiving a first ciphertext and a second public key. After receiving a third ciphertext from the first IoT device, the IoT control device decrypts the third ciphertext based on a first session key, to obtain a second signature and second session information; verifies the second signature based on a long-term public key of the first IoT device; and performs encrypted communication with the first IoT device based on the first session key after the second signature is successfully verified.

公开(公告)号：US20230082375A1

公开(公告)日：2023-03-16

申请号：US17802748

申请日：2020-11-02

Applicant: Huawei Technologies Co., Ltd.

Inventor： Chong Zhou ,  Zhewen Mao ,  Zhongju Yuan

IPC: G06F21/60 ,  G06F21/44

Abstract: A permission reuse method includes receiving, by a second device, control information from a first device, wherein the control information comprises a first device identifier of the first device, user equipment of a plurality of applications, and permission information of the plurality of applications, and wherein permission information of an application is used to indicate an object in the first device that the application has permission to access, and the object in the first device comprises a software or hardware resource in the first device; creating, by the second device, a virtual identity of the first device based on the control information, wherein the virtual identity comprises the first device identifier and the user identifiers; and storing, by the second device, the virtual identity, the permission information of the plurality of applications, and a correspondence between the virtual identity and the permission information of the plurality of applications.

公开(公告)号：US11095674B2

公开(公告)日：2021-08-17

申请号：US16455717

申请日：2019-06-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chong Zhou ,  Tienan Wang

IPC: H04L29/06

Abstract: This application discloses a distributed denial of service attack detection method. The method includes: obtaining a data stream sent to a protection object device in each detection period, obtaining total duration of each data stream; dividing each data stream into a long data stream or a short data stream based on the total duration of each data stream; adding, based on a detection period through which the long data stream goes, total data traffic of the long data stream to statistical traffic; adding data traffic of a short data stream in each detection period to the data traffic, of the long data stream, that is added to a corresponding detection period, to determine statistical traffic in each detection period; and if there is a detection period in which the statistical traffic exceeds a preset traffic threshold, determining that the protection object device undergoes a DDoS attack in the detection period.

公开(公告)号：US20190327224A1

公开(公告)日：2019-10-24

申请号：US16456706

申请日：2019-06-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dacheng Zhang ,  Tianfu Fu ,  Chong Zhou

IPC: H04L29/06

Abstract: This application provides a certificate obtaining method, an authentication method, and a network device, to improve control over operation permission of an APP on an API. The certificate is used for permission authentication when the APP accesses an API of a controller. The certificate includes one or more of (a) to (c): (a) information about operation permission of the APP on N application programming interfaces APIs of the controller, (b) identifiers of L APIs that are of the N APIs and that the APP has permission to operate, and (c) identifiers of R APIs that are of the N APIs and that the APP has no permission to operate.

公开(公告)号：US20170300595A1

公开(公告)日：2017-10-19

申请号：US15639180

申请日：2017-06-30

Applicant: Huawei Technologies Co., Ltd.

Inventor： Tianfu Fu ,  Chong Zhou ,  Yibo Zhang

IPC: G06F17/30 ,  H04L12/24 ,  H04L12/743 ,  H04L12/26 ,  H04L12/851 ,  H04L29/06 ,  H04L12/935 ,  H04L12/931 ,  H04L12/741

CPC classification number: G06F16/90344 ,  H04L29/06 ,  H04L41/142 ,  H04L41/50 ,  H04L41/5009 ,  H04L43/022 ,  H04L43/026 ,  H04L43/06 ,  H04L43/0817 ,  H04L43/0847 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/106 ,  H04L43/18 ,  H04L45/745 ,  H04L45/7453 ,  H04L47/2441 ,  H04L49/205 ,  H04L49/3009 ,  H04L69/16 ,  H04L69/161

Abstract: A data packet extraction method and apparatus is disclosed. Two hash values calculated based on quintuple information of different data packets of a same session are the same, that is, two calculated remainders are also the same at a same sampling ratio. When one remainder of the two calculated remainders is a preset sampling remainder, all the data packets in a network that belong to the session are extracted, so as to implement data packet extraction based on a session. When the quintuple information of the different data packets of the same session matches a first mapping table, either all the data packets of the same session can match the first mapping table, or none of the data packets of the same session can match the first mapping table, so as to implement data packet extraction based on a session.

公开(公告)号：US09407538B2

公开(公告)日：2016-08-02

申请号：US14187660

申请日：2014-02-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chong Zhou

IPC: H04L12/703 ,  H04L12/437 ,  H04L12/707 ,  H04L12/721

CPC classification number: H04L45/28 ,  H04L12/437 ,  H04L45/22 ,  H04L45/66

Abstract: A ring network failure switching method, includes: receiving first data traffic, where the first data traffic includes a destination MAC address; querying a forwarding entry stored in a local node according to the destination MAC address, to obtain a ring network identifier corresponding to the destination MAC address, where the ring network identifier is uniquely corresponding to the first node connected to the destination MAC address; and obtain path state information of a link corresponding to the ring network identifier; and transmitting the first data traffic to the first node in a direction that is opposite to that of the link when the path state information indicates that the link is in a failure state.

Abstract translation: 环网故障切换方法，包括：接收第一数据业务，其中第一数据业务包括目的MAC地址; 根据目的MAC地址查询本地节点存储的转发表项，获取与目的MAC地址对应的环网标识符，其中环网标识符唯一对应于连接到目的MAC地址的第一节点; 获取与所述环网标识符对应的链路的路径状态信息; 以及当所述路径状态信息指示所述链路处于故障状态时，以与所述链路的方向相反的方向将所述第一数据业务发送到所述第一节点。