公开(公告)号：US09401928B2

公开(公告)日：2016-07-26

申请号：US14564963

申请日：2014-12-09

Applicant: Huawei Technologies Co., Ltd.

Inventor： Donghui Wang ,  Jinming Li

IPC: H04L9/32 ,  H04L29/06 ,  H04L12/715 ,  H04L12/721

CPC classification number: H04L63/16 ,  H04L45/12 ,  H04L45/123 ,  H04L45/64 ,  H04L63/105 ,  H04L63/164 ,  H04L65/60

Abstract: Embodiments of the present invention provide a data stream security processing method and apparatus. In the embodiments of the present invention, security levels of data streams are determined according to different feature information of the data streams, and forwarding paths corresponding to the data streams are determined according to the security levels, where a forwarding path may go through a security device to implement a corresponding security function of the forwarding path, thereby improving data stream forwarding security and lightening load of a central controller.

Abstract translation: 本发明的实施例提供了一种数据流安全处理方法和装置。 在本发明的实施例中，根据数据流的不同特征信息来确定数据流的安全级别，并且根据安全级别来确定与数据流相对应的转发路径，其中转发路径可以经过安全性 实现转发路径的相应安全功能，从而提高中央控制器的数据流转发安全性和减轻负载。

公开(公告)号：US20150058464A9

公开(公告)日：2015-02-26

申请号：US14227649

申请日：2014-03-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Donghui Wang ,  Xiaoxin Wu ,  Jiao Wang

IPC: H04L29/08

CPC classification number: H04L67/10 ,  H04L41/0816

Abstract: A method for resource matching in virtual private cloud (VPC) migration is provided, including: acquiring a node attribute, a link attribute and an adjacent matrix of a customized network requiring VPC migration according to a VPC migration request, where the node attribute includes a network security device attribute of the customized network; acquiring a node attribute, a link attribute and an adjacent matrix of a cloud network in which the VPC is located, where the adjacent matrices are used for indicating connection relations between any two nodes in the customized network and the cloud network, respectively; obtaining multiple matching resources in the cloud network according to a subgraph isomorphism algorithm, where each of the matching resources matches the node attribute, the link attribute and the adjacent matrix of the customized network; and selecting one of the multiple matching resources as a VPC into which the customized network migrates.

Abstract translation: 提供了一种虚拟私有云（VPC）迁移中资源匹配的方法，包括：根据VPC迁移请求获取需要VPC迁移的定制网络的节点属性，链路属性和相邻矩阵，其中节点属性包括 定制网络的网络安全设备属性; 获取VPC所在的云网络的节点属性，链路属性和相邻矩阵，其中相邻矩阵分别用于指示定制网络中的任意两个节点与云网络之间的连接关系; 根据子图同构算法在云网中获得多个匹配资源，其中每个匹配资源与定制网络的节点属性，链路属性和相邻矩阵匹配; 并且选择多个匹配资源之一作为自定义网络迁移到的VPC。

公开(公告)号：US20250071546A1

公开(公告)日：2025-02-27

申请号：US18941925

申请日：2024-11-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Weijun Xing ,  Shaoyun Wu ,  Donghui Wang ,  Yan Xi ,  Mingyu Zhao ,  Xueqiang Yan

IPC: H04W12/037

Abstract: A communication method includes: A terminal device determines a first identifier and first domain information, where the first identifier includes an encrypted identifier of the terminal device, and the first domain information indicates a domain in which a network element that manages data information of the terminal device is located. The terminal device sends the first identifier and the first domain information to a first network element. The method may be implemented with an apparatus.

公开(公告)号：US20240045867A1

公开(公告)日：2024-02-08

申请号：US18491549

申请日：2023-10-20

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Donghui Wang

IPC: G06F16/2455 ,  G06F16/22

CPC classification number: G06F16/2455 ,  G06F16/2255

Abstract: This application provides a blockchain data management method and apparatus. The method includes: obtaining, based on a storage location of first data in a blockchain, association information of the first data in the blockchain, to obtain a storage location of second data in the blockchain and obtain the second data. The second data is data obtained by changing the first data, or may be data that is changed to obtain the first data. In this way, the first data can be tracked and traced based on the association information of the first data, to improve blockchain management efficiency.

公开(公告)号：US10972357B2

公开(公告)日：2021-04-06

申请号：US16665773

申请日：2019-10-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Donghui Wang ,  Jinming Li

IPC: H04L12/24 ,  H04L12/46

Abstract: A software defined network (SDN) system, controller, and controlling method, where the SDN system includes at least one Nth level controller and at least two (N+1)th level controllers belonging to the Nth level controller, where the (N+1)th level controller is configured to receive a first message sent by a node belonging to the (N+1)th level controller, and when the first message is a cross-domain message according to status information of each node that is managed by the (N+1)th level controller, forward the first message to the Nth level controller to which the (N+1)th level controller belongs, and the Nth level controller receives the first message, and perform decision processing according to status information of the (N+1)th level controller that is managed by and belongs to the Nth level controller and status information of boundary nodes of the (N+1)th level controller belonging to the Nth level controller.

公开(公告)号：US10652205B2

公开(公告)日：2020-05-12

申请号：US16145099

申请日：2018-09-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Yibin Xu ,  Donghui Wang ,  Rong Yang

IPC: G06F15/16 ,  H04L29/12 ,  H04L12/741

Abstract: A NAT entry management method and a NAT device are disclosed. The method includes: receiving and storing, by a NAT device, a connection parameter, where the connection parameter includes an address of a controller; receiving a packet sent by a network device, where a source address of the packet is a private address of the network device and a destination address of the packet is the address of the controller; performing NAT on the packet, where an after-NAT source address of the packet is a public address; and when a static entry condition is met, generating a target static NAT entry, where the static entry condition includes that the destination address of the packet is the address of the controller. This can prevent aging of the NAT entry from affecting communication between the network device and the controller.

公开(公告)号：US10044759B2

公开(公告)日：2018-08-07

申请号：US14982363

申请日：2015-12-29

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jinming Li ,  Donghui Wang

IPC: H04L29/00 ,  H04L29/06 ,  H04L12/751

CPC classification number: H04L63/20 ,  H04L45/02 ,  H04L63/02 ,  H04L63/0236 ,  H04L63/0263

Abstract: Conflict detection and resolution methods and apparatuses relate to the field of communications technologies. The conflict detection method includes: acquiring, by a controller, a flow path of a data flow on a network, where the flow path is used to indicate a path along which the data flow reaches an address in a destination address range from an address in a source address range through at least two intermediate nodes on the network, a first flow table rule is added to or deleted from flow tables of the at least two intermediate nodes, and the first flow table rule is any flow table rule; and determining, by the controller, whether a conflict exists according to an address range of the flow path and an address range of a security policy.

公开(公告)号：US20170048113A1

公开(公告)日：2017-02-16

申请号：US15338712

申请日：2016-10-31

Applicant: Huawei Technologies Co., Ltd.

Inventor： Donghui Wang ,  Jinming Li

IPC: H04L12/24 ,  H04L12/46

CPC classification number: H04L41/12 ,  H04L12/4641 ,  H04L41/044

Abstract: A software defined network (SDN) system, controller, and controlling method, where the SDN system includes at least one Nth level controller and at least two (N+1)th level controllers belonging to the Nth level controller, where the (N+1)th level controller is configured to receive a first message sent by a node belonging to the (N+1)th level controller, and when the first message is a cross-domain message according to status information of each node that is managed by the (N+1)th level controller, forward the first message to the Nth level controller to which the (N+1)th level controller belongs, and the Nth level controller receives the first message, and perform decision processing according to status information of the (N+1)th level controller that is managed by and belongs to the Nth level controller and status information of boundary nodes of the (N+1)th level controller belonging to the Nth level controller.

Abstract translation: 一种软件定义网络（SDN）系统，控制器和控制方法，其中SDN系统包括至少一个第N级控制器和属于第N级控制器的至少两个（N + 1）级控制器，其中（N + 1）级控制器被配置为接收属于第（N + 1）级控制器的节点发送的第一消息，并且当第一消息是根据每个节点的状态信息是跨域消息时 第（N + 1）级控制器将第一消息转发到第（N + 1）级控制器所属的第N级控制器，第N级控制器接收第一消息，并根据状态信息执行判定处理 由第N级控制器管理并属于第N级控制器的第（N + 1）级控制器的状态信息和属于第N级控制器的第（N + 1）级控制器的边界节点的状态信息。

公开(公告)号：US20140215045A1

公开(公告)日：2014-07-31

申请号：US14227649

申请日：2014-03-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Donghui Wang ,  Xiaoxin Wu ,  Jiao Wang

IPC: H04L29/08

CPC classification number: H04L67/10 ,  H04L41/0816

Abstract: A method for resource matching in virtual private cloud (VPC) migration is provided, including: acquiring a node attribute, a link attribute and an adjacent matrix of a customized network requiring VPC migration according to a VPC migration request, where the node attribute includes a network security device attribute of the customized network; acquiring a node attribute, a link attribute and an adjacent matrix of a cloud network in which the VPC is located, where the adjacent matrices are used for indicating connection relations between any two nodes in the customized network and the cloud network, respectively; obtaining multiple matching resources in the cloud network according to a subgraph isomorphism algorithm, where each of the matching resources matches the node attribute, the link attribute and the adjacent matrix of the customized network; and selecting one of the multiple matching resources as a VPC into which the customized network migrates.

Abstract translation: 提供了一种虚拟私有云（VPC）迁移中资源匹配的方法，包括：根据VPC迁移请求获取需要VPC迁移的定制网络的节点属性，链路属性和相邻矩阵，其中节点属性包括 定制网络的网络安全设备属性; 获取VPC所在的云网络的节点属性，链路属性和相邻矩阵，其中相邻矩阵分别用于指示定制网络中的任意两个节点与云网络之间的连接关系; 根据子图同构算法在云网中获得多个匹配资源，其中每个匹配资源与定制网络的节点属性，链路属性和相邻矩阵匹配; 并且选择多个匹配资源之一作为自定义网络迁移到的VPC。

公开(公告)号：US11652910B2

公开(公告)日：2023-05-16

申请号：US17139581

申请日：2020-12-31

Applicant: Huawei Technologies Co., Ltd.

Inventor： Donghui Wang ,  Hongpei Li

IPC: H04L69/22 ,  H04W4/70 ,  H04L9/40

CPC classification number: H04L69/22 ,  H04L63/0485 ,  H04L63/12 ,  H04W4/70

Abstract: A data transmission method, device, and system are provided. The method includes: receiving a first data packet sent by an external network device; verifying an authentication header (AH) packet header of the first data packet by using a first security association (SA); and sending the first data packet to an internet of things (IoT) device if the verification succeeds. According to the embodiments of this application, storage overheads and computational overheads of the IoT device in internet of things can be reduced, to implement end-to-end secure communication between the IoT device and the external network device, and improve security of a communications system.