公开(公告)号：US20190222611A1

公开(公告)日：2019-07-18

申请号：US16359753

申请日：2019-03-20

Applicant: Huawei Technologies Co., Ltd.

Inventor： Qingchun LIN ,  Tao JIN ,  Jiangsheng WANG

IPC: H04L29/06 ,  H04L12/66 ,  G06F9/455

CPC classification number: H04L63/20 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L12/66 ,  H04L29/02

Abstract: A security policy deployment method and apparatus are provided, and the method includes: when a lifecycle state of a virtualized network function VNF changes, generating, by a management network element, a security policy of the VNF, where the security policy of the VNF is used to perform access control on the VNF; and sending, by the management network element, the security policy of the VNF to a control device. The management network element is a network element configured to perform lifecycle management on the VNF. By using the method or apparatus provided in embodiments of this application, the security policy of the VNF can be adjusted in time when the lifecycle state of the VNF changes, thereby greatly reducing a possibility that a bug occurs in the security policy of the VNF because the VNF changes.

公开(公告)号：US20190149326A1

公开(公告)日：2019-05-16

申请号：US16243349

申请日：2019-01-09

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He LI ,  Jing CHEN ,  Jiangsheng WANG

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/14

Abstract: Embodiments of the present disclosure provide example key obtaining methods and apparatus. One example method includes receiving, by a terminal, a selected key generation capability from a network element, where the selected key generation capability is used to indicate a key generation capability that is determined by the network element based on a first key generation capability combination, and where the first key generation capability combination includes at least one key generation capability of the terminal. The terminal can then generate a first key parameter and a first base key based on the selected key generation capability.

公开(公告)号：US20170302646A1

公开(公告)日：2017-10-19

申请号：US15639273

申请日：2017-06-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jiangsheng WANG ,  Qingchun Lin

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/08 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L9/3226 ,  H04L29/06 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/0869

Abstract: Embodiments of the present invention disclose an identity authentication method and apparatus. The NFV system includes a VNF including a first virtual network function component VNFC and a second VNFC. The method includes: generating a public key and a private key of the first VNFC and a public key and a private key of the second VNFC; writing or sending the private key of the first VNFC and the public key of the second VNFC to the first VNFC; and writing or sending the public key of the first VNFC and the private key of the second VNFC to the second VNFC, where the public key and the private key of the first VNFC and the public key and the private key of the second VNFC are used for identity authentication of the first VNFC and the second VNFC.

公开(公告)号：US20150326401A1

公开(公告)日：2015-11-12

申请号：US14804643

申请日：2015-07-21

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Wenjun JIN ,  Ying XIONG ,  Jiajia CHEN ,  Jiangsheng WANG

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3268 ,  H04L63/0823 ,  H04L63/123

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for increasing network security. The method for increasing network security includes: receiving, by a network management system, a certificate message reported by a network element; generating, by the network management system, a first list; when determining that a certificate corresponding to certificate information in the first list needs to be revoked, generating, by the network management system, a certificate revocation request file according to the certificate information, and removing the certificate information in the first list from the first list; and sending, by the network management system, the certificate revocation request file to a public key infrastructure (PKI) system.

Abstract translation: 本发明的实施例公开了一种用于增加网络安全性的方法，装置和系统。 增加网络安全性的方法包括：由网络管理系统接收由网元报告的证书消息; 由网络管理系统生成第一个列表; 当确定与第一列表中的证书信息相对应的证书需要被撤销时，由网络管理系统根据证书信息生成证书吊销请求文件，并从第一列表中删除第一列表中的证书信息 ; 并由网络管理系统将证书吊销请求文件发送到公钥基础设施（PKI）系统。

公开(公告)号：US20170054710A1

公开(公告)日：2017-02-23

申请号：US15346357

申请日：2016-11-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Ying XIONG ,  Jiangsheng WANG ,  Chengyan FENG

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L9/3268

Abstract: The embodiments of the present invention disclose a certificate acquiring method and device. A virtualized network function manager (VNFM) receives a certificate application proxy message sent by a virtualized network function (VNF) instance. The VNFM uses the authentication information to authenticate the VNF instance, and when the authentication succeeds, sends a certificate application message to a certificate authority (CA). Then the VNFM receives a certificate issued by the CA, and sends the certificate to the VNF instance. In this way, through a trusted link between the VNFM and the certificate authority, the instantiated VNF instance applies for a certificate issued by the certificate authority, thereby effectively ensuring security of a management channel between the VNF instance and the VNFM

Abstract translation: 本发明的实施例公开了一种证书获取方法和装置。 虚拟化网络功能管理器（VNFM）接收由虚拟化网络功能（VNF）实例发送的证书应用代理消息。 VNFM使用认证信息对VNF实例进行身份验证，当认证成功时，向证书颁发机构（CA）发送证书申请消息。 然后，VNFM收到由CA颁发的证书，并将证书发送到VNF实例。 以这种方式，通过VNFM和证书颁发机构之间的信任链接，实例化的VNF实例会申请证书颁发机构颁发的证书，从而有效地确保VNF实例和VNFM之间的管理通道的安全性