Patents by Inventor De SHENG

De SHENG has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12500745
    Abstract: A pre-shared key (PSK) updating method is disclosed. A first communication apparatus stores a first PSK for processing, within an aging periodicity of the first PSK, a packet exchanged between the first communication apparatus and a second communication apparatus. The first communication apparatus may receive, within the aging periodicity of the first PSK, a first protocol packet that is sent by the second communication apparatus and includes a first PSK key material for generating a second PSK. The second PSK is for processing, within an aging periodicity of the second PSK, a packet exchanged between the first communication apparatus and the second communication apparatus.
    Type: Grant
    Filed: January 24, 2023
    Date of Patent: December 16, 2025
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: De Sheng, Zhonghua Hu, Shu Zhang, Jingyi Wang, Hao Zhang
  • Patent number: 12328392
    Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, processing time, and power in the course of the IKE SA or the IPSec SA rekey.
    Type: Grant
    Filed: December 21, 2023
    Date of Patent: June 10, 2025
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Sandeep Kampati, De Sheng, Dharmanandana Reddy Pothula, Bharath Soma Satya Meduri
  • Patent number: 12212662
    Abstract: This application discloses a method for Internet key exchange protocol (IKE) authentication using a certificate. The method includes: A first device parses a certificate to obtain signature information in the certificate. The first device fills an AUTH payload field in an IKE identity authentication (AUTH) message based on the signature information in the certificate, where signature information indicated by the AUTH payload field matches the signature information in the certificate. The first device sends the IKE AUTH message to a second device. In the method for Internet key exchange protocol IKE authentication using a certificate provided in this application, the first device may automatically parse the signature information in the certificate, and fill the related field of the IKE AUTH message based on the signature information. Therefore, user configuration is simplified and product usability is improved.
    Type: Grant
    Filed: September 16, 2022
    Date of Patent: January 28, 2025
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: De Sheng, Hui Ye, Wenbin Shen
  • Publication number: 20240223364
    Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, processing time, and power in the course of the IKE SA or the IPSec SA rekey.
    Type: Application
    Filed: December 21, 2023
    Publication date: July 4, 2024
    Applicant: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Sandeep Kampati, De Sheng, Dharmanandana Reddy Pothula, Bharath Soma Satya Meduri
  • Patent number: 11943209
    Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.
    Type: Grant
    Filed: May 17, 2021
    Date of Patent: March 26, 2024
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Sandeep Kampati, Bharath Soma Satya Meduri, Dharmanandana Reddy Pothula, De Sheng
  • Patent number: 11888982
    Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.
    Type: Grant
    Filed: May 16, 2021
    Date of Patent: January 30, 2024
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Sandeep Kampati, De Sheng, Dharmanandana Reddy Pothula, Bharath Soma Satya Meduri
  • Publication number: 20230023846
    Abstract: This application discloses a method for Internet key exchange protocol (IKE) authentication using a certificate. The method includes: A first device parses a certificate to obtain signature information in the certificate. The first device fills an AUTH payload field in an IKE identity authentication (AUTH) message based on the signature information in the certificate, where signature information indicated by the AUTH payload field matches the signature information in the certificate. The first device sends the IKE AUTH message to a second device. In the method for Internet key exchange protocol IKE authentication using a certificate provided in this application, the first device may automatically parse the signature information in the certificate, and fill the related field of the IKE AUTH message based on the signature information. Therefore, user configuration is simplified and product usability is improved.
    Type: Application
    Filed: September 16, 2022
    Publication date: January 26, 2023
    Inventors: De SHENG, Hui YE, Wenbin SHEN
  • Patent number: 11146952
    Abstract: The method includes: receiving, by a first member device, a second EAPOL-MKA packet sent by a second member device; determining, by the first member device, a first cipher suite, and determining a first secure association key SAK corresponding to the first cipher suite; and sending, by the first member device, the first cipher suite and the first SAK to the second member device in CA. Based on the foregoing technical solution, a device in the CA may determine a cipher suite and a secure association key corresponding to the cipher suite that are used for MACsec secure data transmission. In addition, all devices in the CA support the determined cipher suite. In this way, a problem that the cipher suite needs to be re-determined because one or more devices do not support the cipher suite determined by the first device can be avoided.
    Type: Grant
    Filed: February 17, 2019
    Date of Patent: October 12, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: De Sheng, Yun Qin
  • Publication number: 20210273799
    Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.
    Type: Application
    Filed: May 16, 2021
    Publication date: September 2, 2021
    Applicant: HUAWEI TECHNOLOGIES CO.,LTD.
    Inventors: Sandeep Kampati, De Sheng, Dharmanandana Reddy Pothula, Bharath Soma Satya Meduri
  • Publication number: 20210273928
    Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.
    Type: Application
    Filed: May 17, 2021
    Publication date: September 2, 2021
    Applicant: HUAWEI TECHNOLOGIES CO.,LTD.
    Inventors: Sandeep Kampati, Bharath Soma Satya Meduri, Dharmanandana Reddy Pothula, De Sheng
  • Publication number: 20210105348
    Abstract: Disclosed are a system, method and devices for simultaneous MACsec key agreement (MKA) negotiation between the devices. The present application controls a basic TLV message exchange between supplicant and authenticator in case of race condition to establish the secure association key (SAK) channel. The present application by controlling a basic TLV message exchange enables to establish a secure channel in race condition and achieves a high reliability of the product as this makes product launch MACsec services quickly and available for the service. Accordingly, when both sides (two supplicants) exchange hello with basic TLV at the same time, triggering the race condition, drops first message from the authenticator at supplicant and update the peer MN and the supplicant will not send reply. The authenticator when send next message (basic+potential peer TLV) with peer MN incremented by 1, the supplicant will respond with incremental message with live peer TLV.
    Type: Application
    Filed: December 16, 2020
    Publication date: April 8, 2021
    Inventors: Dharmanandana Reddy Pothula, Chandra Mohan Padamati, Antony Paul, Yun Qin, De Sheng
  • Patent number: 10904368
    Abstract: Disclosed are a system, method and devices for simultaneous MACsec key agreement (MKA) negotiation between the devices. The present application controls a basic TLV message exchange between supplicant and authenticator in case of race condition to establish the secure association key (SAK) channel. The present application by controlling a basic TLV message exchange enables to establish a secure channel in race condition and achieves a high reliability of the product as this makes product launch MACsec services quickly and available for the service. Accordingly, when both sides (two supplicants) exchange hello with basic TLV at the same time, triggering the race condition, drops first message from the authenticator at supplicant and update the peer MN and the supplicant will not send reply. The authenticator when send next message (basic+potential peer TLV) with peer MN incremented by 1, the supplicant will respond with incremental message with live peer TLV.
    Type: Grant
    Filed: May 23, 2019
    Date of Patent: January 26, 2021
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Dharmanandana Reddy Pothula, Chandra Mohan Padamati, Antony Paul, Yun Qin, De Sheng
  • Publication number: 20190281031
    Abstract: Disclosed are a system, method and devices for simultaneous MACsec key agreement (MKA) negotiation between the devices. The present application controls a basic TLV message exchange between supplicant and authenticator in case of race condition to establish the secure association key (SAK) channel. The present application by controlling a basic TLV message exchange enables to establish a secure channel in race condition and achieves a high reliability of the product as this makes product launch MACsec services quickly and available for the service. Accordingly, when both sides (two supplicants) exchange hello with basic TLV at the same time, triggering the race condition, drops first message from the authenticator at supplicant and update the peer MN and the supplicant will not send reply. The authenticator when send next message (basic+potential peer TLV) with peer MN incremented by 1, the supplicant will respond with incremental message with live peer TLV.
    Type: Application
    Filed: May 23, 2019
    Publication date: September 12, 2019
    Inventors: Dharmanandana Reddy Pothula, Chandra Mohan Padamati, Antony Paul, Yun Qin, De Sheng
  • Publication number: 20190191307
    Abstract: The method includes: receiving, by a first member device, a second EAPOL-MKA packet sent by a second member device; determining, by the first member device, a first cipher suite, and determining a first secure association key SAK corresponding to the first cipher suite; and sending, by the first member device, the first cipher suite and the first SAK to the second member device in CA. Based on the foregoing technical solution, a device in the CA may determine a cipher suite and a secure association key corresponding to the cipher suite that are used for MACsec secure data transmission. In addition, all devices in the CA support the determined cipher suite. In this way, a problem that the cipher suite needs to be re-determined because one or more devices do not support the cipher suite determined by the first device can be avoided.
    Type: Application
    Filed: February 17, 2019
    Publication date: June 20, 2019
    Inventors: De SHENG, Yun QIN