-
公开(公告)号:US12294657B2
公开(公告)日:2025-05-06
申请号:US17711879
申请日:2022-04-01
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Bin Cao , Haiwu Chen , Yan Chen , Bo Wang
Abstract: Embodiments of this application disclose a software integrity protection method and apparatus. A first device obtains a first software package, where the first software package includes a first signature made by a first party for a second software package by using a first private key; and the first device performs a signing operation on the first software package by using a second private key, to obtain a third software package including a second signature, where the first private key is controlled by the first party, and the second private key is controlled by a second party. The first device sends the third software package to a second device. The second device verifies the first signature and the second signature in the third software package respectively based on a first public key and a second public key that are prestored, to obtain a verification result.
-
公开(公告)号:US20220150260A1
公开(公告)日:2022-05-12
申请号:US17581212
申请日:2022-01-21
Applicant: Huawei Technologies Co., Ltd.
Inventor: Mengnan Zhang , Lizhong Qiao , Haiwu Chen
Abstract: A hardware detection method a includes sending first verification data to a physical carrier, where the physical carrier carries a plurality of pieces of hardware; receiving a ciphertext and binding relationship information from the physical carrier, where the ciphertext is obtained after at least two of the f pieces of hardware respectively encrypt the first verification data using respective keys, and where the binding relationship information indicates a binding relationship between the at least two pieces of hardware; verifying the ciphertext and the binding relationship information; and determining security of the at least two pieces of hardware based on a verification result.
-
公开(公告)号:US12056260B2
公开(公告)日:2024-08-06
申请号:US17726605
申请日:2022-04-22
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Haiwu Chen , Bin Cao , Mengnan Zhang , Jianying Qian
CPC classification number: G06F21/645 , H04L9/3247 , H04L9/3268
Abstract: A software verification method and apparatus are provided. The method includes: reading flag information, where the flag information is used to indicate a target digital certificate; selecting one of a plurality of digital certificates as a target digital certificate based on the flag information, where the plurality of digital certificates include a first digital certificate and a second digital certificate, and the target digital certificate includes a cryptographic resource; and verifying software deployed on a device based on the cryptographic resource. Using the foregoing technical solution can ensure continuity of the software verification service in the device.
-
公开(公告)号:US20220224546A1
公开(公告)日:2022-07-14
申请号:US17711879
申请日:2022-04-01
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Bin Cao , Haiwu Chen , Yan Chen , Bo Wang
Abstract: Embodiments of this application disclose a software integrity protection method and apparatus. A first device obtains a first software package, where the first software package includes a first signature made by a first party for a second software package by using a first private key; and the first device performs a signing operation on the first software package by using a second private key, to obtain a third software package including a second signature, where the first private key is controlled by the first party, and the second private key is controlled by a second party. The first device sends the third software package to a second device. The second device verifies the first signature and the second signature in the third software package respectively based on a first public key and a second public key that are prestored, to obtain a verification result.
-
公开(公告)号:US12047388B2
公开(公告)日:2024-07-23
申请号:US17581212
申请日:2022-01-21
Applicant: Huawei Technologies Co., Ltd.
Inventor: Mengnan Zhang , Lizhong Qiao , Haiwu Chen
CPC classification number: H04L63/12 , H04L9/08 , H04L9/3247 , H04L9/3263 , H04L9/3278 , H04L63/0428 , H04L63/0876
Abstract: A hardware detection method includes sending first verification data to a physical carrier, where the physical carrier carries a plurality of pieces of hardware; receiving a ciphertext and binding relationship information from the physical carrier, where the ciphertext is obtained after at least two of the pieces of hardware respectively encrypt the first verification data using respective keys, and where the binding relationship information indicates a binding relationship between the at least two pieces of hardware; verifying the ciphertext and the binding relationship information; and determining security of the at least two pieces of hardware based on a verification result.
-
公开(公告)号:US12021982B2
公开(公告)日:2024-06-25
申请号:US18057717
申请日:2022-11-21
Applicant: Huawei Technologies Co., Ltd.
Inventor: Haiwu Chen , Mengnan Zhang , Bin Cao
CPC classification number: H04L9/0891 , G06F21/575 , H04L9/0825 , G06F2221/034
Abstract: This application discloses a method for performing secure boot based on a redundant cryptographic algorithm and a device. The method includes: obtaining first indication information and second indication information, and updating first baseline information based on the first indication information and the second indication information. The first indication information uniquely identifies a first cryptographic algorithm, the second indication information is used to instruct a network device to update the first cryptographic resource baseline information stored in a secure storage entity, and the first cryptographic resource baseline information is used to perform integrity verification on a first cryptographic resource used by the network device in a secure boot process.
-
公开(公告)号:US20230095143A1
公开(公告)日:2023-03-30
申请号:US18057717
申请日:2022-11-21
Applicant: Huawei Technologies Co., Ltd.
Inventor: Haiwu Chen , Mengnan Zhang , Bin Cao
Abstract: This application discloses a method for performing secure boot based on a redundant cryptographic algorithm and a device. The method includes: obtaining first indication information and second indication information, and updating first baseline information based on the first indication information and the second indication information. The first indication information uniquely identifies a first cryptographic algorithm, the second indication information is used to instruct a network device to update the first cryptographic resource baseline information stored in a secure storage entity, and the first cryptographic resource baseline information is used to perform integrity verification on a first cryptographic resource used by the network device in a secure boot process.
-
-
-
-
-
-