Patents by Inventor Yubin Xia

Yubin Xia has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20170374040
    Abstract: A data processing method and apparatus, where the method includes acquiring a first network data packet that is sent by a target application that runs in an untrusted execution domain, where the first network data packet includes a first identifier; acquiring, in a trusted execution domain, first data corresponding to the first identifier; generating, in the trusted execution domain, a second network data packet according to the first data and the first network data packet; performing, in the trusted execution domain, encryption on the second network data packet by using a first session key to acquire an encrypted second network data packet; and sending the encrypted second network data packet to the target server. The data processing method and apparatus in the embodiments of the present invention can effectively prevent an attacker from stealing data.
    Type: Application
    Filed: September 11, 2017
    Publication date: December 28, 2017
    Applicant: HUAWEI TECHNOLOGIES CO.,LTD.
    Inventors: Zhichao Hua, Yubin Xia, Haibo Chen
  • Patent number: 9832259
    Abstract: A method, an apparatus, a terminal, and a server for synchronizing a terminal mirror are provided. The method includes: obtaining, by a terminal, multiple input events during running of application software; aggregating the multiple input events to obtain an aggregate event; and transmitting the aggregate event to the server, so that after parsing the aggregate event to obtain the multiple input events, the server processes the multiple input events by using a virtual machine that is of the terminal and set on the server, so as to obtain user data generated during the running of the application software. In the present invention, the terminal transmits the input events to the server in an event-driven manner, so that the server obtains the user data that is the same as that on the terminal that runs the application software, thereby ensuring that the server can back up complete user data.
    Type: Grant
    Filed: June 30, 2014
    Date of Patent: November 28, 2017
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Cheng Tan, Xiaoxin Wu, Yubin Xia, Haibo Chen
  • Patent number: 9785770
    Abstract: The present invention discloses a method, an apparatus, and a system for triggering virtual machine introspection, so as to provide a timely and effective security check triggering mechanism. In the present invention, data that needs to be protected is determined; the data that needs to be protected is monitored; and when it is determined that the data that needs to be protected is modified, virtual machine introspection is triggered. The present invention avoids a performance loss and a security problem that are brought about by regularly starting a virtual machine introspection system to perform a security check, and therefore, the present invention is more applicable.
    Type: Grant
    Filed: December 16, 2014
    Date of Patent: October 10, 2017
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Bin Tu, Haibo Chen, Yubin Xia
  • Patent number: 9762555
    Abstract: A data processing method and apparatus, where the method includes acquiring a first network data packet that is sent by a target application that runs in an untrusted execution domain, where the first network data packet includes a first identifier; acquiring, in a trusted execution domain, first data corresponding to the first identifier; generating, in the trusted execution domain, a second network data packet according to the first data and the first network data packet; performing, in the trusted execution domain, encryption on the second network data packet by using a first session key to acquire an encrypted second network data packet; and sending the encrypted second network data packet to the target server. The data processing method and apparatus in the embodiments of the present invention can effectively prevent an attacker from stealing data.
    Type: Grant
    Filed: July 24, 2015
    Date of Patent: September 12, 2017
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Zhichao Hua, Yubin Xia, Haibo Chen
  • Publication number: 20170164201
    Abstract: A secure interaction method includes receiving, by a processor, a secure processing request sent by an application program, where the application program operates in a normal mode, and the processor operates in the normal mode when receiving the secure processing request, switching, by the processor, from the normal mode to a secure mode according to the secure processing request, reading, by the processor operating in the secure mode, data information into a memory operating in the secure mode, where the data information is data that the processor operating in the secure mode generates after parsing the secure processing request, and controlling, by the processor operating in the secure mode, an accessed device to operate according to the data information stored in the memory operating in the secure mode.
    Type: Application
    Filed: February 17, 2017
    Publication date: June 8, 2017
    Inventors: Wenhao Li, Yubin Xia, Haibo Chen
  • Publication number: 20160314297
    Abstract: The present disclosure relates to the field of information technologies and discloses a method and an apparatus for implementing virtual machine introspection. The method provided in the present disclosure may further include: determining to-be-checked data in a virtual machine; starting to read the to-be-checked data, saving a copy of the read to-be-checked data, and storing a storage address of the read to-be-checked data in a hardware transactional memory, so that the hardware transactional memory is capable of monitoring the read to-be-checked data according to the storage address; when the read to-be-checked data is modified, stop reading the to-be-checked data, and delete the copy; and when reading the to-be-checked data is completed and it is not detected that the read to-be-checked data is modified, performing security check on the copy. The method can be applied to virtual machine introspection.
    Type: Application
    Filed: June 30, 2016
    Publication date: October 27, 2016
    Inventors: Bin Tu, Haibo Chen, Yubin Xia
  • Publication number: 20160028701
    Abstract: A data processing method and apparatus, where the method includes acquiring a first network data packet that is sent by a target application that runs in an untrusted execution domain, where the first network data packet includes a first identifier; acquiring, in a trusted execution domain, first data corresponding to the first identifier; generating, in the trusted execution domain, a second network data packet according to the first data and the first network data packet; performing, in the trusted execution domain, encryption on the second network data packet by using a first session key to acquire an encrypted second network data packet; and sending the encrypted second network data packet to the target server. The data processing method and apparatus in the embodiments of the present invention can effectively prevent an attacker from stealing data.
    Type: Application
    Filed: July 24, 2015
    Publication date: January 28, 2016
    Inventors: Zhichao Hua, Yubin Xia, Haibo Chen
  • Publication number: 20150309832
    Abstract: An isolation method for a management virtual machine and an apparatus, which resolves problems that performance of communication between service components is deteriorated, more resources are required for running a virtual machine, and security of the service components is relatively low. The method includes: acquiring a guest identifier; searching, according to the guest identifier, the management virtual machine for a kernel virtual machine; when the kernel virtual machine is not found in the management virtual machine, creating the kernel virtual machine in the management virtual machine; dividing a service provided for a guest virtual machine by the kernel virtual machine into multiple service components; and running the multiple service components in execution environments corresponding to permission of the service components, where the kernel virtual machine includes the multiple execution environments, and the multiple execution environment have different permission.
    Type: Application
    Filed: July 9, 2015
    Publication date: October 29, 2015
    Inventors: Bin Tu, Haibo Chen, Yubin Xia
  • Publication number: 20150186643
    Abstract: The present invention discloses a method, an apparatus, and a system for triggering virtual machine introspection, so as to provide a timely and effective security check triggering mechanism. In the present invention, data that needs to be protected is determined; the data that needs to be protected is monitored; and when it is determined that the data that needs to be protected is modified, virtual machine introspection is triggered. The present invention avoids a performance loss and a security problem that are brought about by regularly starting a virtual machine introspection system to perform a security check, and therefore, the present invention is more applicable.
    Type: Application
    Filed: December 16, 2014
    Publication date: July 2, 2015
    Inventors: Bin Tu, Haibo Chen, Yubin Xia
  • Publication number: 20150026293
    Abstract: A method, an apparatus, a terminal, and a server for synchronizing a terminal mirror are provided. The method includes: obtaining, by a terminal, multiple input events during running of application software; aggregating the multiple input events to obtain an aggregate event; and transmitting the aggregate event to the server, so that after parsing the aggregate event to obtain the multiple input events, the server processes the multiple input events by using a virtual machine that is of the terminal and set on the server, so as to obtain user data generated during the running of the application software. In the present invention, the terminal transmits the input events to the server in an event-driven manner, so that the server obtains the user data that is the same as that on the terminal that runs the application software, thereby ensuring that the server can back up complete user data.
    Type: Application
    Filed: June 30, 2014
    Publication date: January 22, 2015
    Inventors: Cheng Tan, Xiaoxin Wu, Yubin Xia, Haibo Chen