公开(公告)号：US09729560B2

公开(公告)日：2017-08-08

申请号：US14482210

申请日：2014-09-10

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yuchen Wang ,  Dacheng Zhang ,  Jian Meng

IPC: G06F17/00 ,  H04L29/06 ,  H04L12/26 ,  G06F9/455

CPC classification number: H04L63/1416 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L43/026 ,  H04L43/04 ,  H04L63/08 ,  H04L63/20

Abstract: A method and a device for synchronizing network data flow detection status are provided. The method includes: a status synchronizing server receives a first request sent by a first security device node, where the first request carries a first flow entry of a first data flow that is currently detected by the first security device node; determines first network data flow detection status corresponding to the first flow entry; sends a first response to the first security device node, where the first response carries the first network data flow detection status. A security device node requests previous network data flow detection status of a data flow from a status synchronizing server so as to synchronize network data flow detection status, thereby allowing the security device node to detect a network attack in a more accurate way and improving network system security.

公开(公告)号：US20150249608A1

公开(公告)日：2015-09-03

申请号：US14711096

申请日：2015-05-13

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dacheng Zhang ,  Yuchen Wang ,  Jian Meng

IPC: H04L12/803 ,  H04L12/24

CPC classification number: H04L47/125 ,  H04L41/0893 ,  H04L43/026 ,  H04L43/12

Abstract: A control method, system and apparatus for flow detection, a controller and a detection device. The method includes the controller acquires a flow identifier of a flow to be detected by each flow detection module in a network; adjusts the flow to be detected by each flow detection module according to a set load balancing policy; and delivers a detection instruction to each flow detection module, where the detection instruction includes a flow identifier of a flow to be detected by each flow detection module after the adjustment. In the present invention, because multiple flow detection modules are deployed in a network in a distributed manner, when there are a large number of switching devices included in the network, load balancing can be performed for detection of flows transmitted between these switching devices.

Abstract translation: 用于流量检测的控制方法，系统和装置，控制器和检测装置。 该方法包括控制器获取由网络中的每个流量检测模块检测的流的流标识符; 根据设定的负载平衡策略调整每个流量检测模块检测的流量; 并向每个流量检测模块传送检测指令，其中检测指令包括在调整之后由每个流量检测模块检测的流量的流标识符。 在本发明中，由于多个流量检测模块以分布式方式部署在网络中，所以当网络中包含大量交换设备时，可以进行负载平衡以检测在这些交换设备之间传输的流量。

公开(公告)号：US08923272B2

公开(公告)日：2014-12-30

申请号：US13651085

申请日：2012-10-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dacheng Zhang

IPC: H04B7/212 ,  H04L29/06 ,  H04J7/00 ,  H04L29/12

CPC classification number: H04L63/0281 ,  H04J7/00 ,  H04J2203/0069 ,  H04L61/103 ,  H04L61/2084 ,  H04L63/0471

Abstract: Embodiments of the present invention relate to the field of security channel multiplexing, and disclose a method and an apparatus for multiplexing a HIP security channel. A method includes: receiving a message for requesting to transmit data; detecting whether a HIP security channel is established with the HIP host; if true, transmitting control signaling to the HIP host, where the control signaling is used to request to multiplex the HIP security channel to transmit data of the traditional host; if a response message returned from the HIP host is received, transmitting the data of the traditional host to the HIP host through the HIP security channel. With embodiments of the present invention, the quantity of HIP security channels established between the HIP proxy and the HIP host and the loads of maintaining the security channel can be reduced, and the utilization of the HIP security channel is increased.

Abstract translation: 本发明的实施例涉及安全信道复用领域，并且公开了用于复用HIP安全信道的方法和装置。 一种方法包括：接收请求发送数据的消息; 检测HIP主机是否建立HIP安全通道; 如果是真的，则向HIP主机发送控制信令，其中控制信令用于请求复用HIP安全信道以传输传统主机的数据; 如果接收到从HIP主机返回的响应消息，则通过HIP安全信道将传统主机的数据发送到HIP主机。 利用本发明的实施例，可以减少在HIP代理和HIP主机之间建立的HIP安全信道的数量和维护安全信道的负载，并且增加HIP安全信道的利用。

公开(公告)号：US20210006556A1

公开(公告)日：2021-01-07

申请号：US17031061

申请日：2020-09-24

Applicant: Huawei Technologies Co., Ltd.

Inventor： Danping He ,  Dacheng Zhang

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/12

Abstract: A forwarding method is applied to a constrained node and includes: receiving authentication information; determining whether the authentication information is received for the first time; and if the authentication information is received not for the first time, forwarding the authentication information; or if the authentication information is received for the first time, determining whether the authentication information is valid authentication information, and if the authentication information is not valid authentication information, discarding the authentication information, or if the authentication information is valid authentication information, verifying the valid authentication information, and forwarding the valid authentication information after the verification succeeds.

公开(公告)号：US11451531B2

公开(公告)日：2022-09-20

申请号：US16456706

申请日：2019-06-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dacheng Zhang ,  Tianfu Fu ,  Chong Zhou

IPC: H04L9/40 ,  H04L9/32

Abstract: A certificate obtaining method, an authentication method, and a network device, where a certificate is used for permission authentication when an application APP accesses an application programming interface (API) of a controller. The certificate includes one or more of: (a) information about operation permission of the APP on N application programming interfaces APIs of the controller, (b) identifiers of L APIs that are of the N APIs and that the APP has permission to operate, or (c) identifiers of R APIs that are of the N APIs and that the APP does not have permission to operate.

公开(公告)号：US20200374696A1

公开(公告)日：2020-11-26

申请号：US16990528

申请日：2020-08-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Chong Zhou ,  Tianfu Fu ,  Dacheng Zhang ,  Jianxiong Wei

IPC: H04W12/00 ,  H04W12/04 ,  H04L9/32 ,  H04L9/08 ,  H04W12/06

Abstract: A device identifier (ID) obtaining method, a terminal, and a network device, where the method includes sending, by a terminal to a network device, a first message used to obtain a device ID, where the device ID is used to globally identify the terminal uniquely, receiving, by the terminal, an encrypted key pair sent by the network device, where the key pair includes a first public key and a first private key, receiving, by the terminal, information sent by the network device, where the information is used to identify that the first public key is the device ID of the terminal, and determining, by the terminal, that the first public key is the device ID.

公开(公告)号：US10367740B2

公开(公告)日：2019-07-30

申请号：US14711096

申请日：2015-05-13

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dacheng Zhang ,  Yuchen Wang ,  Jian Meng

IPC: H04L12/803 ,  H04L12/26 ,  H04L12/24

Abstract: A control method, system and apparatus for flow detection, a controller and a detection device. The method includes the controller acquires a flow identifier of a flow to be detected by each flow detection module in a network; adjusts the flow to be detected by each flow detection module according to a set load balancing policy; and delivers a detection instruction to each flow detection module, where the detection instruction includes a flow identifier of a flow to be detected by each flow detection module after the adjustment. In the present invention, because multiple flow detection modules are deployed in a network in a distributed manner, when there are a large number of switching devices included in the network, load balancing can be performed for detection of flows transmitted between these switching devices.

公开(公告)号：US10091106B2

公开(公告)日：2018-10-02

申请号：US15078422

申请日：2016-03-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaohu Xu ,  Dacheng Zhang

IPC: H04L12/741 ,  H04L12/46 ,  H04L29/12 ,  H04L12/715

Abstract: This application provides a method for implementing a Layer 3 virtual private network (L3VPN) and an apparatus. The method includes receiving, by a first PE, an attachment notification packet sent by a first terminal device, a first site attaches to an L3VPN by using the first PE; a second site attaches to the L3VPN by using a second PE, and a first terminal device attaches to a second site before attaching to the first site. The method also includes obtaining, by the first PE, an IP address of a second terminal device, and the second terminal device attaches to the second Site; and sending, by the first PE, a binding update notification packet to the first terminal device, where the binding update notification packet carries a MAC address of the first PE and the IP address of the second terminal device.

公开(公告)号：US20140380415A1

公开(公告)日：2014-12-25

申请号：US14482210

申请日：2014-09-10

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yuchen Wang ,  Dacheng Zhang ,  Jian Meng

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/1416 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L43/026 ,  H04L43/04 ,  H04L63/08 ,  H04L63/20

Abstract: A method and a device for synchronizing network data flow detection status are provided. The method includes: a status synchronizing server receives a first request sent by a first security device node, where the first request carries a first flow entry of a first data flow that is currently detected by the first security device node; determines first network data flow detection status corresponding to the first flow entry; sends a first response to the first security device node, where the first response carries the first network data flow detection status. A security device node requests previous network data flow detection status of a data flow from a status synchronizing server so as to synchronize network data flow detection status, thereby allowing the security device node to detect a network attack in a more accurate way and improving network system security.

Abstract translation: 提供了一种用于同步网络数据流检测状态的方法和设备。 该方法包括：状态同步服务器接收由第一安全设备节点发送的第一请求，其中第一请求携带当前由第一安全设备节点检测到的第一数据流的第一流入口; 确定对应于第一流入口的第一网络数据流检测状态; 向第一安全设备节点发送第一响应，其中第一响应携带第一网络数据流检测状态。 安全设备节点从状态同步服务器请求数据流的先前网络数据流检测状态，以同步网络数据流检测状态，从而允许安全设备节点以更准确的方式检测网络攻击并改进网络系统 安全。

公开(公告)号：US11350286B2

公开(公告)日：2022-05-31

申请号：US16990528

申请日：2020-08-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Chong Zhou ,  Tianfu Fu ,  Dacheng Zhang ,  Jianxiong Wei

IPC: H04W12/71 ,  H04W12/03 ,  H04W12/06 ,  H04W12/04 ,  H04L9/08 ,  H04L9/32 ,  H04W12/033 ,  H04W12/069 ,  H04W12/0431

Abstract: A device identifier (ID) obtaining method, a terminal, and a network device, where the method includes sending, by a terminal to a network device, a first message used to obtain a device ID, where the device ID is used to globally identify the terminal uniquely, receiving, by the terminal, an encrypted key pair sent by the network device, where the key pair includes a first public key and a first private key, receiving, by the terminal, information sent by the network device, where the information is used to identify that the first public key is the device ID of the terminal, and determining, by the terminal, that the first public key is the device ID.