公开(公告)号：US20170039393A1

公开(公告)日：2017-02-09

申请号：US15332421

申请日：2016-10-24

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dacheng Zhang

IPC: G06F21/64 ,  G06F17/30

CPC classification number: G06F21/64 ,  G06F16/1734 ,  H04L29/06

Abstract: Embodiments of the present application provide an NDM file protection method and apparatus. The method includes: a sending device generates integrity information of an NDM file, and sends the NDM file and the integrity information of the NDM file to a receiving device, so that the receiving device verifies, according to the integrity information, whether the NDM file is tampered with.

Abstract translation: 本申请的实施例提供了一种NDM文件保护方法和装置。 该方法包括：发送设备生成NDM文件的完整性信息，并将NDM文件和NDM文件的完整性信息发送给接收设备，使得接收设备根据完整性信息来验证NDM文件 被篡改。

公开(公告)号：US20130034112A1

公开(公告)日：2013-02-07

申请号：US13651085

申请日：2012-10-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dacheng Zhang

IPC: H04J3/24

CPC classification number: H04L63/0281 ,  H04J7/00 ,  H04J2203/0069 ,  H04L61/103 ,  H04L61/2084 ,  H04L63/0471

Abstract: Embodiments of the present invention relate to the field of security channel multiplexing, and disclose a method and an apparatus for multiplexing a HIP security channel. A method includes: receiving a message for requesting to transmit data; detecting whether a HIP security channel is established with the HIP host; if true, transmitting control signaling to the HIP host, where the control signaling is used to request to multiplex the HIP security channel to transmit data of the traditional host; if a response message returned from the HIP host is received, transmitting the data of the traditional host to the HIP host through the HIP security channel. With embodiments of the present invention, the quantity of HIP security channels established between the HIP proxy and the HIP host and the loads of maintaining the security channel can be reduced, and the utilization of the HIP security channel is increased.

Abstract translation: 本发明的实施例涉及安全信道复用领域，并且公开了用于复用HIP安全信道的方法和装置。 一种方法包括：接收请求发送数据的消息; 检测HIP主机是否建立HIP安全通道; 如果是真的，则向HIP主机发送控制信令，其中控制信令用于请求复用HIP安全信道以传输传统主机的数据; 如果接收到从HIP主机返回的响应消息，则通过HIP安全信道将传统主机的数据发送到HIP主机。 利用本发明的实施例，可以减少在HIP代理和HIP主机之间建立的HIP安全信道的数量和维护安全信道的负载，并且增加HIP安全信道的利用。

公开(公告)号：US20190327224A1

公开(公告)日：2019-10-24

申请号：US16456706

申请日：2019-06-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dacheng Zhang ,  Tianfu Fu ,  Chong Zhou

IPC: H04L29/06

Abstract: This application provides a certificate obtaining method, an authentication method, and a network device, to improve control over operation permission of an APP on an API. The certificate is used for permission authentication when the APP accesses an API of a controller. The certificate includes one or more of (a) to (c): (a) information about operation permission of the APP on N application programming interfaces APIs of the controller, (b) identifiers of L APIs that are of the N APIs and that the APP has permission to operate, and (c) identifiers of R APIs that are of the N APIs and that the APP has no permission to operate.

公开(公告)号：US10148568B2

公开(公告)日：2018-12-04

申请号：US15242087

申请日：2016-08-19

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaohu Xu ,  Dacheng Zhang

IPC: H04L12/28 ,  H04L12/741 ,  H04L12/713 ,  H04L12/721 ,  H04L12/749 ,  H04L12/705 ,  H04L12/715

Abstract: The present disclosure discloses a method for processing a host route in a virtual subnet, a related device and a communications system. The method includes: receiving, by a first provider edge device, a packet for address resolution, where a virtual subnet site in which the first provider edge device is located further includes at least one second provider edge device; determining, by the first provider edge device, whether a source MAC address carried in the packet is a virtual MAC address; and when it is determined that the source MAC address is a virtual MAC address, skipping performing at least one of the following operations: saving a local CE host routing table entry corresponding to a source IP address carried in the packet, or distributing, in the virtual subnet based on a routing protocol of a layer 3 VPN, a local CE host route corresponding to the IP address.

公开(公告)号：US20160205020A1

公开(公告)日：2016-07-14

申请号：US15078422

申请日：2016-03-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaohu Xu ,  Dacheng Zhang

IPC: H04L12/741 ,  H04L29/12 ,  H04L12/46

CPC classification number: H04L45/745 ,  H04L12/4641 ,  H04L12/4675 ,  H04L45/04 ,  H04L61/2007 ,  H04L61/6022

Abstract: This application provides a method for implementing a Layer 3 virtual private network (L3VPN) and an apparatus. The method includes receiving, by a first PE, an attachment notification packet sent by a first terminal device, a first site attaches to an L3VPN by using the first PE; a second site attaches to the L3VPN by using a second PE, and a first terminal device attaches to a second site before attaching to the first site. The method also includes obtaining, by the first PE, an IP address of a second terminal device, and the second terminal device attaches to the second Site; and sending, by the first PE, a binding update notification packet to the first terminal device, where the binding update notification packet carries a MAC address of the first PE and the IP address of the second terminal device.

Abstract translation: 该应用提供了实现第3层虚拟专用网（L3VPN）和装置的方法。 该方法包括由第一PE接收由第一终端设备发送的附件通知包，第一站点通过使用第一PE连接到L3VPN; 第二站点通过使用第二PE连接到L3VPN，并且第一终端设备在附接到第一站点之前连接到第二站点。 该方法还包括由第一PE获取第二终端设备的IP地址，并且第二终端设备连接到第二站点; 并且由所述第一PE向所述第一终端设备发送绑定更新通知分组，所述绑定更新通知分组携带所述第一PE的MAC地址和所述第二终端设备的IP地址。

公开(公告)号：US20150319036A1

公开(公告)日：2015-11-05

申请号：US14800507

申请日：2015-07-15

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dacheng Zhang ,  Yinben Xia

IPC: H04L12/24

CPC classification number: H04L41/0672 ,  H04L41/0686 ,  H04L41/0863

Abstract: The present invention discloses a network transaction control method. The network transaction control method includes: sending, by a network controller, according to a network transaction, an operation set package including at least one operation instruction to at least two forwarding devices, where: the operation set package includes an atomic operation identifier; receiving an execution status message fed back by each forwarding device; and if it is determined, according to each execution status message, that an operation result of any operation instruction executed by any forwarding device is: execution failed, separately sending a rollback control instruction including the atomic operation identifier to each forwarding device for which no execution failure is determined, so as to instruct each forwarding device to restore to a state that is prior to execution of each operation instruction.

Abstract translation: 本发明公开了一种网络事务控制方法。 网络事务控制方法包括：由网络控制器根据网络事务向至少两个转发设备发送包括至少一个操作指令的操作集包，其中：所述操作集包包括原子操作标识符; 接收每个转发设备反馈的执行状态消息; 并且如果根据每个执行状态消息确定由任何转发设备执行的任何操作指令的操作结果是：执行失败，分别向包括原子操作标识符的回滚控制指令发送到不执行的每个转发设备 确定故障，以指示每个转发设备恢复到执行每个操作指令之前的状态。