公开(公告)号：US12170694B2

公开(公告)日：2024-12-17

申请号：US17414667

申请日：2018-12-29

Applicant: Nokia Technologies Oy

Inventor： Zhiyuan Hu ,  Duan Chen ,  Yueming Yin ,  Zhigang Luo

IPC: H04L29/06 ,  G06F21/62 ,  H04L9/40

Abstract: Embodiments of the present disclosure relate to devices, methods, apparatuses and computer readable storage media for data sharing. In example embodiments, a method for data sharing is provided. The method comprises, in response to receiving a first request to share data of a user from a data sharing agent, creating a data sharing smart contract for the user. The method further comprises publishing the data sharing smart contract to one or more data consumers. The method further comprises, in response to receiving a second request to access the data from a data consumer, generating, by executing the data sharing smart contract, an indication that the data consumer is authorized to access the data. In addition, the method further comprises sending the indication to the data consumer. In this way, end users are enabled to manage and share their personal data by themselves.

公开(公告)号：US20210211439A1

公开(公告)日：2021-07-08

申请号：US17057571

申请日：2018-05-22

Applicant: Nokia Technologies Oy

Inventor： Zhiyuan Hu ,  Jing Ping ,  Stephane Mahieu ,  Yueming Yin ,  Zhigang Luo

IPC: H04L29/06 ,  H04L12/725

Abstract: Embodiments of the present disclosure relate to methods, devices and computer readable storage medium for tracing an attack source in a service function chain overlay network. In example embodiments, a request for tracing an attack source of an attacking data is sent at the attack tracer to a first service function chain domain of a plurality of service function chain domains through which the attacking data flow passes subsequently. The request includes flow characteristics of the attacking data flow. Then, the attack tracer receives a first set of results of flow matching based on the flow characteristics from the first service function chain domain. The attack tracer identifies the attack source in the plurality of service function chain domains at least in part based on the first set of results. In this way, the attack source may be traced efficiently in the service function chain overlay network.

公开(公告)号：US11991186B2

公开(公告)日：2024-05-21

申请号：US17057571

申请日：2018-05-22

Applicant: Nokia Technologies Oy

Inventor： Zhiyuan Hu ,  Jing Ping ,  Stephane Mahieu ,  Yueming Yin ,  Zhigang Luo

IPC: G06F21/00 ,  H04L9/40 ,  H04L45/302

CPC classification number: H04L63/1416 ,  H04L45/306 ,  H04L63/1425 ,  H04L63/1441 ,  H04L2463/146

Abstract: Embodiments of the present disclosure relate to methods, devices and computer readable storage medium for tracing an attack source in a service function chain overlay network. In example embodiments, a request for tracing an attack source of an attacking data is sent at the attack tracer to a first service function chain domain of a plurality of service function chain domains through which the attacking data flow passes subsequently. The request includes flow characteristics of the attacking data flow. Then, the attack tracer receives a first set of results of flow matching based on the flow characteristics from the first service function chain domain. The attack tracer identifies the attack source in the plurality of service function chain domains at least in part based on the first set of results. In this way, the attack source may be traced efficiently in the service function chain overlay network.

公开(公告)号：US20220060514A1

公开(公告)日：2022-02-24

申请号：US17414667

申请日：2018-12-29

Applicant: Nokia Technologies Oy

Inventor： Zhiyuan Hu ,  Duan Chen ,  Yueming Yin ,  Zhigang Luo

IPC: H04L29/06 ,  G06F21/62

Abstract: Embodiments of the present disclosure relate to devices, methods, apparatuses and computer readable storage media for data sharing. In example embodiments, a method for data sharing is provided. The method comprises, in response to receiving a first request to share data of a user from a data sharing agent, creating a data sharing smart contract for the user. The method further comprises publishing the data sharing smart contract to one or more data consumers. The method further comprises, in response to receiving a second request to access the data from a data consumer, generating, by executing the data sharing smart contract, an indication that the data consumer is authorized to access the data. In addition, the method further comprises sending the indication to the data consumer. In this way, end users are enabled to manage and share their personal data by themselves.

公开(公告)号：US11877147B2

公开(公告)日：2024-01-16

申请号：US17255313

申请日：2018-06-29

Applicant: Nokia Technologies Oy

Inventor： Zhiyuan Hu ,  Wen Wei ,  Mingyu Zhao ,  Yueming Yin ,  Zhigang Luo

IPC: H04W12/02 ,  H04W76/10 ,  H04W12/06 ,  H04L61/5092 ,  H04W12/75 ,  H04W12/71 ,  H04L101/622

CPC classification number: H04W12/02 ,  H04L61/5092 ,  H04W12/06 ,  H04W76/10 ,  H04L2101/622 ,  H04W12/71 ,  H04W12/75

Abstract: Embodiments of the disclosure provide a method, device and computer readable medium for protecting MAC addresses. According to embodiments of the present disclosure, the terminal device may obtain a set of virtual MAC addressed from a network device and may connect with a further network device (for example, Wi-Fi AP or Bluetooth devices) using the virtual MAC addresses. In this way, tracking the terminal device with MAC address is prevented so that user privacy protection could be enhanced.

公开(公告)号：US11558353B2

公开(公告)日：2023-01-17

申请号：US16963946

申请日：2018-02-06

Applicant: Nokia Technologies Oy

Inventor： Zhiyuan Hu ,  Jing Ping ,  Stephane Mahieu ,  Yueming Yin

IPC: H04L29/06 ,  H04L9/40

Abstract: Embodiments of the present disclosure relate to a method, apparatus, and computer readable medium for providing a security service for a data center. According to the method, a packet terminating at or originating from the data center is received. At least one label is determined for the packet, each label indicating a security requirement for the packet. Based on the at least one label, a security service chain is selected for the packet, the security service chain including an ordered set of security functions deployed in the data center and to be applied to the packet. The packet is transmitted to the selected security service chain in association with the at least one label, the packet being processed by the ordered set of security functions in the security service chain.

公开(公告)号：US11616718B2

公开(公告)日：2023-03-28

申请号：US17259493

申请日：2018-07-11

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Zhiyuan Hu ,  Duan Chen ,  Zhigang Luo

IPC: H04L45/302 ,  H04L45/64 ,  H04L69/22 ,  H04L67/63 ,  H04L45/50 ,  H04L69/18

Abstract: Example embodiments of the present disclosure relate to enablement of a service function chain based on a software defined network. In some embodiments, there is provided a method implemented at a service function chain controller. The method comprises creating a service function chain for a packet, the service function chain comprising a set of ordered service functions that are to process the packet; and configuring respective forwarding rules associated with the service function chain directly or indirectly to a plurality of network nodes in a software defined network, the respective forwarding rules indicating how the plurality of network nodes forward the packet to the set of ordered service functions in the service function chain. In this way, it is possible to enable the service function chain in the software defined network.

公开(公告)号：US20210044567A1

公开(公告)日：2021-02-11

申请号：US16963946

申请日：2018-02-06

Applicant: Nokia Technologies Oy

Inventor： Zhiyuan Hu ,  Jing Ping ,  Stephane Mahieu ,  Yueming Yin

IPC: H04L29/06

Abstract: Embodiments of the present disclosure relate to a method, apparatus, and computer readable medium for providing a security service for a data center. According to the method, a packet terminating at or originating from the data center is received. At least one label is determined for the packet, each label indicating a security requirement for the packet. Based on the at least one label, a security service chain is selected for the packet, the security service chain including an ordered set of security functions deployed in the data center and to be applied to the packet. The packet is transmitted to the selected security service chain in association with the at least one label, the packet being processed by the ordered set of security functions in the security service chain.