Patents by Inventor Nengyi Pan
Nengyi Pan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10084713Abstract: The present invention relates to a protocol type identification method and apparatus. The method includes: acquiring a data packet transmitted on a connection that is established between a user terminal and a server; if multidimensional user information corresponding to the user terminal exists in a multidimensional user information table, performing, according to information that is identified by the found multidimensional user information and about all connections that are currently established by the user terminal, multidimensional user information based protocol type identification on the connection; and if the multidimensional user information corresponding to the user terminal is not found, performing, according to a packet characteristic of the data packet, data flow based protocol type identification on the connection on which the data packet is transmitted.Type: GrantFiled: October 28, 2016Date of Patent: September 25, 2018Assignee: Huawei Technologies Co., Ltd.Inventor: Nengyi Pan
-
Patent number: 9948667Abstract: A signature rule processing method, a server, and an intrusion prevention system is provided. The method includes: performing, by a cloud server, correlation analysis on signature rule usage status information of each security device connected to the cloud server and a latest signature rule set published by the cloud server, to obtain a most active threat signature rule identification list, and sending, by the cloud server, update information to each security device to update a signature rule after generating the update information according to the most active threat signature rule identification list. The present invention is applicable to the field of network security systems.Type: GrantFiled: October 21, 2016Date of Patent: April 17, 2018Assignee: Huawei Technologies Co., Ltd.Inventors: Yungang Deng, Kun Li, Nengyi Pan
-
Publication number: 20170048155Abstract: The present invention relates to a protocol type identification method and apparatus. The method includes: acquiring a data packet transmitted on a connection that is established between a user terminal and a server; if multidimensional user information corresponding to the user terminal exists in a multidimensional user information table, performing, according to information that is identified by the found multidimensional user information and about all connections that are currently established by the user terminal, multidimensional user information based protocol type identification on the connection; and if the multidimensional user information corresponding to the user terminal is not found, performing, according to a packet characteristic of the data packet, data flow based protocol type identification on the connection on which the data packet is transmitted.Type: ApplicationFiled: October 28, 2016Publication date: February 16, 2017Inventor: Nengyi Pan
-
Publication number: 20170041336Abstract: A signature rule processing method, a server, and an intrusion prevention system is provided. The method includes: performing, by a cloud server, correlation analysis on signature rule usage status information of each security device connected to the cloud server and a latest signature rule set published by the cloud server, to obtain a most active threat signature rule identification list, and sending, by the cloud server, update information to each security device to update a signature rule after generating the update information according to the most active threat signature rule identification list. The present invention is applicable to the field of network security systems.Type: ApplicationFiled: October 21, 2016Publication date: February 9, 2017Inventors: Yungang Deng, Kun Li, Nengyi Pan
-
Patent number: 9479528Abstract: A signature rule processing method, a server, and an intrusion prevention system is provided. The method includes: performing, by a cloud server, correlation analysis on signature rule usage status information of each security device connected to the cloud server and a latest signature rule set published by the cloud server, to obtain a most active threat signature rule identification list, and sending, by the cloud server, update information to each security device to update a signature rule after generating the update information according to the most active threat signature rule identification list. The present invention is applicable to the field of network security systems.Type: GrantFiled: November 19, 2014Date of Patent: October 25, 2016Assignee: Huawei Technologies Co., Ltd.Inventors: Yungang Deng, Kun Li, Nengyi Pan
-
Publication number: 20150074756Abstract: A signature rule processing method, a server, and an intrusion prevention system is provided. The method includes: performing, by a cloud server, correlation analysis on signature rule usage status information of each security device connected to the cloud server and a latest signature rule set published by the cloud server, to obtain a most active threat signature rule identification list, and sending, by the cloud server, update information to each security device to update a signature rule after generating the update information according to the most active threat signature rule identification list. The present invention is applicable to the field of network security systems.Type: ApplicationFiled: November 19, 2014Publication date: March 12, 2015Inventors: Yungang Deng, Kun Li, Nengyi Pan
-
Patent number: 8626903Abstract: A method for identifying a Stream Control Transmission Protocol (SCTP) packet is provided, which includes: acquiring a feature tuple of a received SCTP packet, in which the feature tuple includes at least one piece of the following information: a source Internet Protocol (IP) address, a destination IP address, and a verification tag (V_tag); matching the acquired feature tuple of the SCTP packet with a SCTP tuple identification table, in which the SCTP tuple identification table includes a mapping relation between a feature set tuple and an SCTP association, and the feature set tuple includes at least one piece of the following information: a source IP address set, a destination IP address set, and the V_tag; and acquiring an SCTP association to which the SCTP packet belongs, if the acquired feature tuple of the SCTP packet matches one or more records of the SCTP tuple identification table.Type: GrantFiled: December 29, 2010Date of Patent: January 7, 2014Assignee: Huawei Technologies Co., Ltd.Inventors: Hua Liu, Weijun Zhou, Liang Duan, Nengyi Pan
-
Publication number: 20120096130Abstract: The embodiments of the present invention disclose a method, an apparatus and a system for bandwidth control, wherein the method comprises: acquiring and identifying a HTTP request message of a stream media-on-demand service, and forwarding the HTTP request message of the stream media-on-demand service to a media server; receiving a HTTP response message which is returned from the media server and corresponds to the HTTP request message of the stream media-on-demand service; parsing the HTTP response message, and obtaining a playback bit-rate of a stream media file to be transmitted; determining a transmission bandwidth allocated practically for the stream media-on-demand service according to comparison result between the playback bit-rate and a user subscription bandwidth allocated initially for the stream media-on-demand service; and controlling the transmission of the stream media file by adopting the determined transmission bandwidth.Type: ApplicationFiled: December 28, 2011Publication date: April 19, 2012Applicant: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Wei WEI, Nengyi PAN, Zongrong ZHOU
-
Publication number: 20110296007Abstract: A method for identifying a Stream Control Transmission Protocol (SCTP) packet is provided, which includes: acquiring a feature tuple of a received SCTP packet, in which the feature tuple includes at least one piece of the following information: a source Internet Protocol (IP) address, a destination IP address, and a verification tag (V_tag); matching the acquired feature tuple of the SCTP packet with a SCTP tuple identification table, in which the SCTP tuple identification table includes a mapping relation between a feature set tuple and an SCTP association, and the feature set tuple includes at least one piece of the following information: a source IP address set, a destination IP address set, and the V_tag; and acquiring an SCTP association to which the SCTP packet belongs, if the acquired feature tuple of the SCTP packet matches one or more records of the SCTP tuple identification table.Type: ApplicationFiled: December 29, 2010Publication date: December 1, 2011Inventors: Hua LIU, Weijun Zhou, Liang Duan, Nengyi Pan
-
Publication number: 20100157999Abstract: A network capable of M3UA-based networking, an apparatus, and a message transfer method are disclosed herein. The network includes: an IPSTP, configured to: perform signaling interworking with an IPSEP and/or other IPSTPs in the network, and maintain routes dynamically; and an IPSEP, configured to perform signaling interworking with the IPSTP.Type: ApplicationFiled: March 3, 2010Publication date: June 24, 2010Applicant: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Zhuohui LEI, Nengyi PAN
-
Patent number: 7711003Abstract: The invention discloses a method for reducing service loss in interworking between SS7 signaling network and M3UA. In the method, when state of an M3UA ASP-related signaling point changes, the SS7 signaling network may be notified by using messages defined in existing protocols or other messages. Thus, when performing service interworking with M3UA, the SS7 signaling network determines whether service interaction may be performed with M3UA in accordance with the state of current ASP-related signaling point. If the current ASP-related signaling point is unavailable, the SS7 signaling network will not perform service interaction. As a result, the service loss in interworking between SS7 signaling network and M3UA may be reduced without any affect on the normal service interworking between SS7 signaling network and M3UA. In addition, the method may conform to existing protocol standards, and implemented in a simple and easy way.Type: GrantFiled: September 19, 2007Date of Patent: May 4, 2010Assignee: Huawei Technologies Co., Ltd.Inventors: Zhuohui Lei, Miansheng Ma, Yuhong Liu, Nengyi Pan
-
Publication number: 20080063008Abstract: The invention discloses a method for reducing service loss in interworking between SS7 signaling network and M3UA. In the method, when state of an M3UA ASP-related signaling point changes, the SS7 signaling network may be notified by using messages defined in existing protocols or other messages. Thus, when performing service interworking with M3UA, the SS7 signaling network determines whether service interaction may be performed with M3UA in accordance with the state of current ASP-related signaling point. If the current ASP-related signaling point is unavailable, the SS7 signaling network will not perform service interaction. As a result, the service loss in interworking between SS7 signaling network and M3UA may be reduced without any affect on the normal service interworking between SS7 signaling network and M3UA. In addition, the method may conform to existing protocol standards, and implemented in a simple and easy way.Type: ApplicationFiled: September 19, 2007Publication date: March 13, 2008Inventors: Zhuohui Lei, Miansheng Ma, Yuhong Liu, Nengyi Pan