Patents by Inventor Xueqiang Yan

Xueqiang Yan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10674416
    Abstract: Embodiments provide a user equipment (UE) device that includes a processor and a transceiver. The processor is configured to direct a handover request to an evolved packet core (EPC) access node via the transceiver. The access node may be, e.g. a wireless local area network (WLAN) access point or an E-UTRAN access point. The handover request may initiate a transfer of connectivity of the UE device from the WLAN access point to the E-UTRAN access point, or from the E-UTRAN access point to the WLAN access point. The processor is configured to receive a handover response from the current access node, wherein the response includes a cryptographic key identifier, and to derive a handover key from the key identifier. The processor may then operate the UE device to provide connectivity based on the handover key between the UE device and the other of the access nodes.
    Type: Grant
    Filed: November 18, 2015
    Date of Patent: June 2, 2020
    Assignee: Alcatel Lucent
    Inventors: Zhiyuan Hu, Zhigang Luo, Xueqiang Yan
  • Patent number: 10666689
    Abstract: At least one security policy is obtained from a policy creator at a controller in an SDN network. The security policy is implemented in the SDN network, via the controller, based on one or more attributes specifying a characteristic of the security policy, a role of the creator of the security policy, and a security privilege level of the role of the creator of the security policy.
    Type: Grant
    Filed: June 30, 2014
    Date of Patent: May 26, 2020
    Assignee: ALCATEL LUCENT
    Inventors: Zhiyuan Hu, Xueqiang Yan, Zhigang Luo
  • Publication number: 20200012507
    Abstract: Provided is a microkernel architecture control system of an industrial server and an industrial server, which relate to the technical field of industrial servers. According to the microkernel architecture control system, scheduling configuration information is customized on the basis of an architecture including a plurality of microkernels and a virtual machine monitor prior to startup of a system, each microkernel including industrial control middleware and a real-time operating system.
    Type: Application
    Filed: January 9, 2019
    Publication date: January 9, 2020
    Applicant: KYLAND TECHNOLOGY CO., LTD
    Inventors: Ping Li, Zhiwei Yan, Qiyun Jiang, Xueqiang Qiu, Xingpei Tang
  • Publication number: 20200012519
    Abstract: Provided is a method and apparatus for implementing microkernel architecture of industrial server. The method includes calculation of dependency of control programs according to a microkernel task type weight and a microkernel task priority weight and/or a control program running time weight prior to startup of a system, and determination of the number of the control programs running on each physical core and each control program running on multiple physical cores according to the dependency.
    Type: Application
    Filed: January 9, 2019
    Publication date: January 9, 2020
    Applicant: KYLAND TECHNOLOGY CO., LTD.
    Inventors: Ping Li, Zhiwei Yan, Qiyun Jiang, Xueqiang Qiu, Xingpei Tang
  • Publication number: 20190268384
    Abstract: A first security service function chain is generated that identifies at least a first service function path comprising an identified set of security service functions, with at least one of the identified set of security service functions comprising a virtualized network function in a software defined networking (SDN) network architecture. The first security service function chain is utilized to create classification policies associating packets of a given packet type with the first security service function chain, and the first service function path is utilized to create forwarding policies specifying handling of packets of the given packet type by respective ones of the identified set of security service functions. The classification policies are provided to one or more nodes in a communication network comprising the SDN network architecture, and the forwarding policies are provided to one or more of the identified set of security service functions in the communication network.
    Type: Application
    Filed: August 5, 2016
    Publication date: August 29, 2019
    Applicant: Alcatel Lucent
    Inventors: Zhiyuan HU, Xueqiang YAN, Zhigang LUO
  • Publication number: 20190261179
    Abstract: A security service function chain is created including a set of security service functions. The security service function chain is created in response to instantiation of a given network partition (e.g., network slice) in a communication network (5G or similar network). The communication network supports instantiation of a plurality of network partitions for providing a respective plurality of network services. The security service function chain is utilized to perform at least one security service (e.g., authentication) for an entity (e.g., a subscriber or a device) accessing or seeking access to a network service (e.g., one of eMBB, massive IoT, and mission-critical IoT) corresponding to the given network partition.
    Type: Application
    Filed: September 18, 2016
    Publication date: August 22, 2019
    Applicant: Alcatel Lucent
    Inventors: Zhiyuan HU, Zhigang LUO, Xueqiang YAN
  • Publication number: 20180352490
    Abstract: Embodiments provide a user equipment (UE) device that includes a processor and a transceiver. The processor is configured to direct a handover request to an evolved packet core (EPC) access node via the transceiver. The access node may be, e.g. a wireless local area network (WLAN) access point or an E-UTRAN access point. The handover request may initiate a transfer of connectivity of the UE device from the WLAN access point to the E-UTRAN access point, or from the E-UTRAN access point to the WLAN access point. The processor is configured to receive a handover response from the current access node, wherein the response includes a cryptographic key identifier, and to derive a handover key from the key identifier. The processor may then operate the UE device to provide connectivity based on the handover key between the UE device and the other of the access nodes.
    Type: Application
    Filed: November 18, 2015
    Publication date: December 6, 2018
    Applicant: Alcatel Lucent
    Inventors: Zhiyuan Hu, Zhigang Luo, Xueqiang Yan
  • Publication number: 20170324781
    Abstract: At least one security policy is obtained from a policy creator at a controller in an SDN network. The security policy is implemented in the SDN network, via the controller,based on one or more attributes specifying a characteristic of the security policy, a role of the creator of the security policy, and a security privilege level of the role of the creator of the security policy.
    Type: Application
    Filed: June 30, 2014
    Publication date: November 9, 2017
    Applicant: Alcatel Lucent
    Inventors: Zhiyuan HU, Xueqiang YAN, Zhigang LUO
  • Patent number: 9794831
    Abstract: The present invention provides a method for shortening signaling delay of ISC session transfer procedure, a network element for controlling ISC session transfer, a network element for anchoring a media path in ISC session transfer and a communication system including at least two terminals and the above two network elements. In the present invention, the SCC AS decides if a media path needs to be anchored in a media anchor point MRF, and if yes, then instructs a MRF to assign respective media endpoints for a local UE and a remote UE and connect the two media endpoints together, so as to divide the session between the local UE and the remote UE into two independent sub-sessions: a session between the local UE and the MRF, and a session between the remote UE and the MRF. For these two sub-sessions, the SIP signaling is terminated and sent out in the SCC AS. Thus, when a local UE or a remote UE triggers handover, only one sub-session needs to be updated/influenced.
    Type: Grant
    Filed: October 30, 2009
    Date of Patent: October 17, 2017
    Assignee: Alcatel Lucent
    Inventors: Zhengxiong Lei, Xueqiang Yan, Zhiyuan Hu, Yonggen Wan
  • Publication number: 20170249480
    Abstract: A set of raw data relating to activity of one or more users in accordance with a communication network is obtained. The communication network is managed by a network operator. The obtained set of raw data is processed in accordance with at least one data isolation policy maintained by the network operator to generate a first set of data comprising at least a portion of the set of raw data with sensitive data associated with the one or more users removed; a second set of data comprising the sensitive data removed from the set of raw data; and a third set of data comprising a mapping between portions of the set of raw data and the first set of data. The first set of data is exposed to a third party, while the second set of data and the third set of data are isolated from the third party.
    Type: Application
    Filed: September 26, 2014
    Publication date: August 31, 2017
    Applicant: Alcatel Lucent
    Inventors: Zhiyuan Hu, Wen Wei, Xueqiang Yan, Zhigang Luo
  • Publication number: 20170155639
    Abstract: A request is made by a client to be authenticated by a first cloud storage server that may be associated with a first service provider. An identity federation request is sent from the client to the first cloud storage server, wherein the identity federation request seeks to federate a user account of the client on the first cloud storage server with a user account of the client on a second cloud storage server that may be associated with a second service provider. The client is redirected from the first cloud storage server to the second cloud storage server. A request is made by the client to be authenticated by the second cloud storage server such that the second cloud storage server, once the client is authenticated, maps the user account on the first cloud storage server with the user account of the second cloud storage server and establishes identity federation there between.
    Type: Application
    Filed: June 10, 2014
    Publication date: June 1, 2017
    Applicant: Alcatel Lucent
    Inventors: Zhiyuan Hu, Lin Wu, Xueqiang Yan, Zhigang Luo
  • Patent number: 9332000
    Abstract: A one-pass authentication mechanism and system for heterogeneous networks are provided. The mechanism comprises authenticating a user based on an authentication key and an authentication algorithm in response to a request of the user to register a first network, wherein the authentication key and the authentication algorithm are associated with a first user identity for the first network and a second user identity for a second network; and if the authentication is successful, then comparing the first user identity retrieved from an authentication database through the second user identity provided by the user to the first user identity provided by the user in the authentication, in response to a request of the user to register the second network, and setting up security associations between the user and the second network if the retrieved first user identity matches the first user identity provided by the user.
    Type: Grant
    Filed: February 21, 2008
    Date of Patent: May 3, 2016
    Assignee: Alcatel Lucent
    Inventors: Zhengxiong Lei, Xueqiang Yan
  • Patent number: 8446899
    Abstract: In the present invention, it is provided a method and means for selecting a route for a session requested by a calling user equipment in a session manager, and correspondingly, it is provided a method and means for selecting a route for a session requested by a calling user equipment in a media gateway control function, it is characterized as selecting an MGW having relative lighter load to bear the session on a basis of load related information of MGWs. By applying the methods and means of the present invention, load of every MGW is balanced; performance degradation, caused by heavy load, of a certain MGW is avoided; MGW having stopped working is bypassed; a success ratio of session setup is increased; session performance is improved; and benefit is brought to multi-network integration, such as inter-working between a packet switching network and a circuit switching network in an IMS network.
    Type: Grant
    Filed: March 26, 2008
    Date of Patent: May 21, 2013
    Assignee: Alcatel Lucent
    Inventors: Zhengxiong Lei, Xueqiang Yan
  • Publication number: 20120275432
    Abstract: The present invention provides a method for shortening signaling delay of ISC session transfer procedure, a network element for controlling ISC session transfer, a network element for anchoring a media path in ISC session transfer and a communication system including at least two terminals and the above two network elements. In the present invention, the SCC AS decides if a media path needs to be anchored in a media anchor point MRF, and if yes, then instructs a MRF to assign respective media endpoints for a local UE and a remote UE and connect the two media endpoints together, so as to divide the session between the local UE and the remote UE into two independent sub-sessions: a session between the local UE and the MRF, and a session between the remote UE and the MRF. For these two sub-sessions, the SIP signaling is terminated and sent out in the SCC AS. Thus, when a local UE or a remote UE triggers handover, only one sub-session needs to be updated/influenced.
    Type: Application
    Filed: October 30, 2009
    Publication date: November 1, 2012
    Inventors: Zhengxiong Lei, Xueqiang Yan, Zhiyuan Hu, Yonggen Wan
  • Publication number: 20110010764
    Abstract: A one-pass authentication mechanism and system for heterogeneous networks are provided. The mechanism comprises authenticating a user based on an authentication key and an authentication algorithm in response to a request of the user to register a first network, wherein the authentication key and the authentication algorithm are associated with a first user identity for the first network and a second user identity for a second network; and if the authentication is successful, then comparing the first user identity retrieved from an authentication database through the second user identity provided by the user to the first user identity provided by the user in the authentication, in response to a request of the user to register the second network, and setting up security associations between the user and the second network if the retrieved first user identity matches the first user identity provided by the user.
    Type: Application
    Filed: February 21, 2008
    Publication date: January 13, 2011
    Inventors: Zhengxiong Lei, Xueqiang Yan
  • Publication number: 20100046502
    Abstract: In the present invention, it is provided a method and means for selecting a route for a session requested by a calling user equipment in a session manager, and correspondingly, it is provided a method and means for selecting a route for a session requested by a calling user equipment in a media gateway control function, it is characterized as selecting an MGW having relative lighter load to bear the session on a basis of load related information of MGWs. By applying the methods and means of the present invention, load of every MGW is balanced; performance degradation, caused by heavy load, of a certain MGW is avoided; MGW having stopped working is bypassed; a success ratio of session setup is increased; session performance is improved; and benefit is brought to multi-network integration, such as inter-working between a packet switching network and a circuit switching network in an IMS network.
    Type: Application
    Filed: March 26, 2008
    Publication date: February 25, 2010
    Applicant: ALCATEL LUCENT
    Inventors: Zhengxiong Lei, Xueqiang Yan
  • Publication number: 20080198994
    Abstract: The present invention relates to a general intellectual click-to-dial method and a software architecture thereof. The software architecture, which is installed on the PC end of a user, comprises: a configuration module for configuring a locally-configured telephone number and a default format of telephone number; a number acquisition module for monitoring and deciding whether the user has selected a text content; a number analysis module for deciding telephone number validity of the text content selected by the user based on the default format of telephone number provided by said configuration module, and for providing an interface for user click-to-dial where the selected text content is a valid telephone number; and a dialing module for forming a click-to-dial message and sending it to a click-to-dial server.
    Type: Application
    Filed: June 5, 2006
    Publication date: August 21, 2008
    Applicant: Alcatel Lucent
    Inventor: Xueqiang Yan Yan