公开(公告)号：US20150046979A1

公开(公告)日：2015-02-12

申请号：US14523417

申请日：2014-10-24

Applicant: Huawei Technologies Co., Ltd.

Inventor： Hongzhong Wu ,  Tianfu Jin

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/10 ,  G06F21/6281 ,  G06F21/78 ,  G06F2221/2113 ,  H04L67/1097

Abstract: A storage detection apparatus is placed in an operating system in kernel mode; after file information is intercepted and a security level of file content is determined, file content of a high security level is redirected to a storage area of high storage security; the security level of the file content itself is determined and stored, which is transparent to a user, thereby implementing division of security levels for different documents generated by a same application.

Abstract translation: 将存储检测装置置于内核模式的操作系统中; 在文件信息被拦截并且确定文件内容的安全级别之后，高安全级别的文件内容被重定向到高存储安全性的存储区域; 确定并存储对用户透明的文件内容本身的安全级别，从而实现由相同应用生成的不同文档的安全级别划分。

公开(公告)号：US09959410B2

公开(公告)日：2018-05-01

申请号：US15637091

申请日：2017-06-29

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Wei He ,  Hongzhong Wu ,  Zhipeng Yang ,  Weifeng Ren

IPC: G06F15/173 ,  G06F21/57 ,  H04L29/06 ,  G06F9/455 ,  G06F21/62 ,  H04L12/24

CPC classification number: G06F21/57 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/62 ,  G06F21/6218 ,  G06F2009/45562 ,  G06F2009/45575 ,  G06F2009/45587 ,  H04L29/06 ,  H04L41/0803 ,  H04L63/08

Abstract: An encryption and decryption method in a virtualization system is disclosed. The virtualization system includes a VMM and an encryption and decryption virtual machine. The VMM includes a control module, the encryption and decryption virtual machine records a first association relationship between a hard disk image identifier and a key, the key includes an encryption key, and the virtualization system records a second association relationship between the hard disk image identifier and a hard disk image attribute. The control module in the VMM is configured to determine whether to-be-written data needs to be encrypted and forward the to-be-written data, which makes it easy to implement a function and reduces system complexity of the VMM. In addition, encryption or decryption is processed without occupying a resource in the VMM.

公开(公告)号：US10409990B2

公开(公告)日：2019-09-10

申请号：US15935744

申请日：2018-03-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wei He ,  Hongzhong Wu ,  Zhipeng Yang ,  Weifeng Ren

IPC: G06F15/173 ,  G06F21/57 ,  H04L29/06 ,  G06F9/455 ,  G06F21/62 ,  H04L12/24

Abstract: An encryption and decryption method in a virtualization system, where the virtualization system includes a virtual machine monitor (VMM) and an encryption and decryption virtual machine. The VMM includes a control module, the encryption and decryption virtual machine records a first association relationship between a hard disk image identifier and a key, the key includes an encryption key, and the virtualization system records a second association relationship between the hard disk image identifier and a hard disk image attribute. The control module in the VMM is configured to determine whether to-be-written data needs to be encrypted and forward the to-be-written data, which reduces system complexity of the VMM. In addition, encryption or decryption is processed without occupying a resource in the VMM.

公开(公告)号：US20180218156A1

公开(公告)日：2018-08-02

申请号：US15935744

申请日：2018-03-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wei He ,  Hongzhong Wu ,  Zhipeng Yang ,  Weifeng Ren

IPC: G06F21/57 ,  G06F9/455 ,  G06F21/62 ,  H04L29/06 ,  H04L12/24

CPC classification number: G06F21/57 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/62 ,  G06F21/6218 ,  G06F2009/45562 ,  G06F2009/45575 ,  G06F2009/45587 ,  H04L29/06 ,  H04L41/0803 ,  H04L63/08

Abstract: An encryption and decryption method in a virtualization system, where the virtualization system includes a virtual machine monitor (VMM) and an encryption and decryption virtual machine. The VMM includes a control module, the encryption and decryption virtual machine records a first association relationship between a hard disk image identifier and a key, the key includes an encryption key, and the virtualization system records a second association relationship between the hard disk image identifier and a hard disk image attribute. The control module in the VMM is configured to determine whether to-be-written data needs to be encrypted and forward the to-be-written data, which reduces system complexity of the VMM. In addition, encryption or decryption is processed without occupying a resource in the VMM.

公开(公告)号：US20170300695A1

公开(公告)日：2017-10-19

申请号：US15637091

申请日：2017-06-29

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Wei He ,  Hongzhong Wu ,  Zhipeng Yang ,  Weifeng Ren

IPC: G06F21/57 ,  H04L29/06 ,  G06F9/455 ,  G06F21/62 ,  H04L12/24

CPC classification number: G06F21/57 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/62 ,  G06F21/6218 ,  G06F2009/45562 ,  G06F2009/45575 ,  G06F2009/45587 ,  H04L29/06 ,  H04L41/0803 ,  H04L63/08

Abstract: An encryption and decryption method in a virtualization system is disclosed. The virtualization system includes a VMM and an encryption and decryption virtual machine. The VMM includes a control module, the encryption and decryption virtual machine records a first association relationship between a hard disk image identifier and a key, the key includes an encryption key, and the virtualization system records a second association relationship between the hard disk image identifier and a hard disk image attribute. The control module in the VMM is configured to determine whether to-be-written data needs to be encrypted and forward the to-be-written data, which makes it easy to implement a function and reduces system complexity of the VMM. In addition, encryption or decryption is processed without occupying a resource in the VMM.