Abstract: A method for trusted measurement of a cloud computing platform includes: generating, by a third-party management and audit system, an audit report based on a current running indicator, signed by using a digital certificate, of a software and a running security indicator of the software, where the audit report indicates trustworthiness of a cloud computing platform. In this way, a process of trusted measurement of the cloud computing platform is open and transparent, so that authenticity of trusted measurement of the cloud computing platform is improved, thereby increasing a user's trust in the cloud computing platform.

Abstract: A cloud system data management method for alleviate a data leakage problem occurring when a user accessed by another user when a virtual data volume of the user is mounted to a virtual machine of another user includes creating a first virtual machine for a user and allocating a virtual data volume to the first virtual machine, setting an identifier of the virtual data volume as an identifier corresponding to a home identifier of the first virtual machine, determining, according to the identifier of the virtual data volume and a home identifier of a second virtual machine, whether the virtual data volume and the second virtual machine belong to a same user when the virtual data volume needs to be mounted to the second virtual machine, forbidding the virtual data volume to be mounted to the second virtual machine when they do not belong to the same user.

Abstract: A method for trusted measurement of a cloud computing platform includes: generating, by a third-party management and audit system, an audit report based on a current running indicator, signed by using a digital certificate, of a software and a running security indicator of the software, where the audit report indicates trustworthiness of a cloud computing platform. In this way, a process of trusted measurement of the cloud computing platform is open and transparent, so that authenticity of trusted measurement of the cloud computing platform is improved, thereby increasing a user's trust in the cloud computing platform.

Abstract: The disclosure provides a method for realizing a Mobile Switch Center (MSC) pool, a system for realizing an MSC pool and a Media Gateway (MGW). The method for realizing an MSC pool includes: connecting with a Base Station Controllers (BSC)/Radio Network Controller (RNC), by a Media Gateway (MGW) through the use of a common signaling point; and upon receipt of a message whose destination signaling point is the common signaling point from the BSC/RNC, determining, by the MGW, a destination MSC server of the message according to ID information carried in the message, and sending the received message to the destination MSC server. According to the present invention, the networking scheme for an MSC pool may be implemented without upgrading any BSC/RNC. The flexibility of the networking scheme for mobile communication systems may be improved, and the traffic load of the subscribers may be shared.

Abstract: A method for implementing a session border controller (SBC) pool and a SBC device are provided. In the present invention, an SBC pool is formed by at least two SBCs, the at least two SBCs are mutually backed up for disaster recovery and use a same Internet Protocol (IP) address for a terminal device, and whether the terminal device is registered in the SBC pool is determined; and if the terminal device has been registered in the SBC pool, a service message is forwarded to an SBC with which the terminal device is registered. In this way, it is avoided that SBC device disaster recovery places a special requirement for the terminal device, and the terminal device does not need to be configured with two IP addresses. Furthermore, all devices in the SBC pool can process the service message of the terminal device, thereby increasing a resource utilization rate.

Abstract: A security control platform receives a virtual machine starting request message that is from user equipment and forwarded by a management platform, where the virtual machine starting request message includes an identifier of a virtual machine that needs to be enabled and user information; invokes a third-party trusted platform to determine that the virtual machine starting request message is initiated by the user equipment according to an instruction of an authorized user; and performs authentication on the user information, and based on successful authentication, invokes the third-party trusted platform to decapsulate the virtual machine that needs to be enabled. It is ensured that other user equipment (including the management platform) cannot obtain a key of the third-party trusted platform, which enhances security of management control on the virtual machine, and thereby enhances security of a cloud computing platform.

Abstract: A cloud system data management method for alleviate a data leakage problem occurring when a user accessed by another user when a virtual data volume of the user is mounted to a virtual machine of another user includes creating a first virtual machine for a user and allocating a virtual data volume to the first virtual machine, setting an identifier of the virtual data volume as an identifier corresponding to a home identifier of the first virtual machine, determining, according to the identifier of the virtual data volume and a home identifier of a second virtual machine, whether the virtual data volume and the second virtual machine belong to a same user when the virtual data volume needs to be mounted to the second virtual machine, forbidding the virtual data volume to be mounted to the second virtual machine when they do not belong to the same user.

Abstract: Embodiments of the present invention provide a method, a device, and a system for realizing disaster tolerance backup. The method includes the following steps: a device with an active-standby function determines a current state of the device with the active-standby function, after it is determined that the current state is an active state, the device with the active-standby function issues reachable route information to a connected routing device, where the device with the active-standby function and a device of which a current state is a standby state have a same IP address, the reachable route information includes route information relevant to the IP address, so that the IP address is reachable, and the device with the active-standby function and the device of which the current state is the standby state are backup devices for each other. The present invention can realize remote disaster tolerance backup and avoid service interruption.

Abstract: A security control platform receives a virtual machine starting request message that is from user equipment and forwarded by a management platform, where the virtual machine starting request message includes an identifier of a virtual machine that needs to be enabled and user information; invokes a third-party trusted platform to determine that the virtual machine starting request message is initiated by the user equipment according to an instruction of an authorized user; and performs authentication on the user information, and based on successful authentication, invokes the third-party trusted platform to decapsulate the virtual machine that needs to be enabled. It is ensured that other user equipment (including the management platform) cannot obtain a key of the third-party trusted platform, which enhances security of management control on the virtual machine, and thereby enhances security of a cloud computing platform.

Abstract: A method, a server, a host, and a system for protecting data security. A server generates a cloud feature value that uniquely corresponds to the server, binds a data encryption key required by the host to generate data encryption key ciphertext, and then transmits the data encryption key ciphertext and the cloud feature value to the host; and the host decrypts the ciphertext using the cloud feature value to obtain a data encryption key to be allocated to a user, so that security protection on user data is performed based on the cloud feature value, thereby improving data security.

Abstract: A method for implementing a session border controller (SBC) pool and a SBC device are provided. In the present invention, an SBC pool is formed by at least two SBCs, the at least two SBCs are mutually backed up for disaster recovery and use a same Internet Protocol (IP) address for a terminal device, and whether the terminal device is registered in the SBC pool is determined; and if the terminal device has been registered in the SBC pool, a service message is forwarded to an SBC with which the terminal device is registered. In this way, it is avoided that SBC device disaster recovery places a special requirement for the terminal device, and the terminal device does not need to be configured with two IP addresses. Furthermore, all devices in the SBC pool can process the service message of the terminal device, thereby increasing a resource utilization rate.

Abstract: Embodiments of the present invention provide a method, a device, and a system for realizing disaster tolerance backup. The method includes the following steps: a device with an active-standby function determines a current state of the device with the active-standby function, after it is determined that the current state is an active state, the device with the active-standby function issues reachable route information to a connected routing device, where the device with the active-standby function and a device of which a current state is a standby state have a same IP address, the reachable route information includes route information relevant to the IP address, so that the IP address is reachable, and the device with the active-standby function and the device of which the current state is the standby state are backup devices for each other. The present invention can realize remote disaster tolerance backup and avoid service interruption.

Abstract: Embodiments of the present invention provide a method and a system for implementing smoothing of signaling traffic, and a home location register. The method includes: when a link between an HLR and an exchange device is congested or the HLR is overloaded, receiving, by the HLR, a location update request message of a user equipment UE sent by the exchange device, and returning a location update response message to the exchange device, so as to inform the exchange device that the location update of the UE is successful, where the HLR does not send user data corresponding to the UE to the exchange device; and when the link between the HLR and the exchange device is normal, the load of the HLR is normal, or the UE performs a service, sending, by the HLR, the user data corresponding to the UE to the exchange device.

Abstract: A method of a device for managing interface circuits between an access network and a core network that relate to a telecommunication technology field includes: sending, by a resource management entity, a circuit management message to a control function entity, converting in format and sending, by the control function entity, the circuit management message to a resource coordination entity, wherein the circuit management message is configured to instruct the resource coordination entity to implement a circuit management operation; or receiving, by the resource management entity, a circuit management message sent by the resource coordination entity, converted in format and forwarded by the control function entity, and implementing, by the resource management entity, the circuit management operation according to the resource management message.

Abstract: A method for realizing paging in a mobile switching center (MSC) pool includes the following steps. An MSC server selects a media gateway (MGW) from more than one MGW connected to a base station controller (BSC)/radio network controller (RNC), delivers a paging message of an international mobile station identity (IMSI) paging type to the selected MGW, and stores a corresponding relation between an IMSI carried in the paging message and the MSC server in the MGW which is connected to the BSC/RNC and does not receive the paging message. The MGW that does not receive the paging message receives a paging response message sent by the BSC/RNC, determines an MSC server corresponding to an IMSI carried in the paging response message by looking up the corresponding relation between the IMSI and the MSC server stored therein, and routes the received paging response message to the corresponding MSC server. Several other methods and devices for realizing paging are also provided.

Abstract: Embodiments of the present invention provide a method and a system for implementing smoothing of signaling traffic, and a home location register. The method includes: when a link between an HLR and an exchange device is congested or the HLR is overloaded, receiving, by the HLR, a location update request message of a user equipment UE sent by the exchange device, and returning a location update response message to the exchange device, so as to inform the exchange device that the location update of the UE is successful, where the HLR does not send user data corresponding to the UE to the exchange device; and when the link between the HLR and the exchange device is normal, the load of the HLR is normal, or the UE performs a service, sending, by the HLR, the user data corresponding to the UE to the exchange device.

Abstract: A method for called party recovery in an MSC Pool, applied in a system that comprises an HLR and an MSC Pool including multiple MSC/VLRs, includes configuring a backup server for each MSC/VLR in the MSC Pool; if an MSC/VLR serving a user is down, the user has not initiated any calling service or location update and the user is called, further includes: the HLR sending a call signaling to the backup server of the MSC/VLR that is down; the backup server of the MSC/VLR initiating a paging request to the user and initiating a location update for the user to the HLR; the HLR registering user data of the user at the backup server and switching the MSC/VLR serving the user to the backup server. The present invention also discloses other methods, systems and devices, which can solve the problem of called party recovery in the MSC Pool.

Abstract: A method for service migration is disclosed. A first Serving-Call Session Control Function (S-CSCF) receives a service migration command; the first S-CSCF receives a user's register message sent by an Interrogating-Call Session Control Function (I-CSCF), and decides, according to a preset configuration policy, whether to migrate the user's service. An apparatus and a system for service migration are also disclosed. By using the method, apparatus and system disclosed herein, the user's service can be migrated flexibly.

Abstract: A method of a device for managing interface circuits between an access network and a core network that relate to a telecommunication technology field includes: sending, by a resource management entity, a circuit management message to a control function entity, converting in format and sending, by the control function entity, the circuit management message to a resource coordination entity, wherein the circuit management message is configured to instruct the resource coordination entity to implement a circuit management operation; or receiving, by the resource management entity, a circuit management message sent by the resource coordination entity, converted in format and forwarded by the control function entity, and implementing, by the resource management entity, the circuit management operation according to the resource management message.

Abstract: A cloud system data management method for alleviate a data leakage problem occurring when a user accessed by another user when a virtual data volume of the user is mounted to a virtual machine of another user includes creating a first virtual machine for a user and allocating a virtual data volume to the first virtual machine, setting an identifier of the virtual data volume as an identifier corresponding to a home identifier of the first virtual machine, determining, according to the identifier of the virtual data volume and a home identifier of a second virtual machine, whether the virtual data volume and the second virtual machine belong to a same user when the virtual data volume needs to be mounted to the second virtual machine, forbidding the virtual data volume to be mounted to the second virtual machine when they do not belong to the same user.