Patents by Inventor Zhengde Zhai
Zhengde Zhai has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11436155Abstract: A method and an apparatus for enhancing isolation of user space from kernel space, to divide an extended page table into a kernel-mode extended page table and a user-mode extended page table, such that user-mode code cannot access some or all content in the kernel space, and/or kernel-mode code cannot access some content in the user space, thereby enhancing isolation of the user space from the kernel space and preventing content leakage of the kernel space.Type: GrantFiled: September 30, 2020Date of Patent: September 6, 2022Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Yubin Xia, Zhichao Hua, Zhengde Zhai
-
Patent number: 11347542Abstract: The disclosure relates to the communications technologies field, and in particular, to a data migration method and apparatus, to implement data migration in an enclave page cache (EPC), to improve consistency between data of an application program before migration and that after migration. The method includes: obtaining, by a source host, a migration instruction, where the migration instruction is used to instruct to migrate a target application created with an enclave to a destination host; invoking, by the source host, a migration control thread preset in the enclave of the target application, to write running status data of the target application in an EPC into target memory of the source host, where the target memory is an area other than the EPC in memory of the source host; and sending, by the source host, the running status data of the target application in the target memory to the destination host.Type: GrantFiled: August 23, 2019Date of Patent: May 31, 2022Assignee: Huawei Technologies Co., Ltd.Inventors: Yubin Xia, Yu Shen, Haibo Chen, Zhengde Zhai
-
Publication number: 20210011856Abstract: A method and an apparatus for enhancing isolation of user space from kernel space, to divide an extended page table into a kernel-mode extended page table and a user-mode extended page table, such that user-mode code cannot access some or all content in the kernel space, and/or kernel-mode code cannot access some content in the user space, thereby enhancing isolation of the user space from the kernel space and preventing content leakage of the kernel space.Type: ApplicationFiled: September 30, 2020Publication date: January 14, 2021Inventors: Yubin Xia, Zhichao Hua, Zhengde Zhai
-
Publication number: 20190377598Abstract: The present invention relates to the field of communications technologies, and in particular, to a data migration method and apparatus, to implement data migration in an EPC, to improve consistency between data of an application program before migration and that after migration. The method includes: obtaining, by a source host, a migration instruction, where the migration instruction is used to instruct to migrate a target application created with an enclave to a destination host; invoking, by the source host, a migration control thread preset in the enclave of the target application, to write running status data of the target application in an EPC into target memory of the source host, where the target memory is an area other than the EPC in memory of the source host; and sending, by the source host, the running status data of the target application in the target memory to the destination host.Type: ApplicationFiled: August 23, 2019Publication date: December 12, 2019Inventors: Yubin XIA, Yu SHEN, Haibo CHEN, Zhengde ZHAI
-
Patent number: 10178548Abstract: A method for protecting intelligent terminal location information is provided, where the method includes: responding to a location query request from an APP, and acquiring current location coordinates of the intelligent terminal; acquiring a privacy sensitivity level of an area in which the current location coordinates are located; acquiring a location trust level of the APP; and obtaining, according to the location trust level of the APP and the privacy sensitivity level of the area in which the current location coordinates are located, a response manner corresponding to the location query request from the APP. In addition, some embodiments of the present application further disclose an intelligent terminal.Type: GrantFiled: April 19, 2017Date of Patent: January 8, 2019Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Zhengde Zhai, Yu Shen, He Wei
-
Patent number: 10089450Abstract: A user authentication method and a terminal. The method includes determining first-type authentication information and second-type authentication information that are of a terminal, wherein the first-type authentication information includes specific attribute information that is in specific attribute information of an interaction object corresponding to a specific interaction behavior of the terminal and whose occurrence frequency within a preset time falls in a preset range, and wherein the second-type authentication information is used to interfere with selection, by the user of the terminal, of the first-type authentication information; presenting an authentication challenge set to the user of the terminal; receiving an identification result; and determining an authentication result. According to the user authentication method, authentication information is dynamically generated using information about an interaction object to perform authentication on a user.Type: GrantFiled: October 16, 2015Date of Patent: October 2, 2018Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventor: Zhengde Zhai
-
Patent number: 10068105Abstract: A user authentication method and terminal, where the method includes acquiring an authentication interaction object and an interference interaction object where the authentication interaction object is a real interaction object stored in a terminal, the interference interaction object is a virtual interaction object constructed by the terminal, and the interference interaction object has a similar feature with the authentication interaction object to cause interference to a user when the user is selecting the authentication interaction object, displaying the authentication interaction object and the interference interaction object in an authentication interface for the user to select from, receiving a selection result and determining whether the selection result is the authentication interaction object, and determining, when the selection result is the authentication interaction object, that authentication succeeds.Type: GrantFiled: April 22, 2016Date of Patent: September 4, 2018Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventor: Zhengde Zhai
-
Patent number: 10003462Abstract: A key generating method and apparatus, where the method includes acquiring complete picture data of a complete picture; displaying a partial picture of the complete picture in a display window; capturing a first picture from the partial picture, and generating first picture data of the first picture; and generating a key according to the first picture data.Type: GrantFiled: September 28, 2015Date of Patent: June 19, 2018Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Lei Xu, Zhengde Zhai
-
Publication number: 20170329963Abstract: Embodiments of the application provide a mobile device architecture having non-protected environment and one or more protected containers for isolating application programs and application data according to their sensitivity or privacy levels. Access policy and exception policy are defined for each protected container to limit access to application program and data associated with or stored in the protected container(s). A communication monitor module is provided to implement the access and exception policy, and manage communication in the mobile device, including intra-container communication, inter-container communication and communication to and from the non-protected environment.Type: ApplicationFiled: July 28, 2017Publication date: November 16, 2017Inventors: Zhengde ZHAI, Hai GAO, Xuejun WEN, Chengkang CHU, Tieyan LI
-
Patent number: 9781109Abstract: A method, a terminal device, and a network device are provided. The method of the present invention includes acquiring, by a terminal device, a key, an identity of the terminal device, and identification information of one or more applications on the terminal device, where identification information of different applications on the terminal device is different from each other, and the identity of the terminal device includes International Mobile Equipment Identity (IMEI) and/or International Mobile Subscriber Identity (IMSI); generating, for identification information of one application by using a preset encryption algorithm according to the identity of the terminal device and the key, an encryption result corresponding to the application; and when the application runs on the terminal device, accessing a network by using the encryption result corresponding to the application. The present invention is applicable to protecting information security of a terminal device accessing a network.Type: GrantFiled: September 29, 2015Date of Patent: October 3, 2017Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventor: Zhengde Zhai
-
Publication number: 20170223527Abstract: A method for protecting intelligent terminal location information is provided, where the method includes: responding to a location query request from an APP, and acquiring current location coordinates of the intelligent terminal; acquiring a privacy sensitivity level of an area in which the current location coordinates are located; acquiring a location trust level of the APP; and obtaining, according to the location trust level of the APP and the privacy sensitivity level of the area in which the current location coordinates are located, a response manner corresponding to the location query request from the APP. In addition, some embodiments of the present application further disclose an intelligent terminal.Type: ApplicationFiled: April 19, 2017Publication date: August 3, 2017Inventors: Zhengde Zhai, Yu Shen, He Wei
-
Publication number: 20170068812Abstract: A data access control method and apparatus, and a terminal, where the method includes: acquiring a request for accessing data on a second APP by a first APP, where the data on the second APP includes multiple data items, and each data item in the multiple data items has a respective privacy level, determining a reliability level of the first APP and the privacy level of each data item of the data, on the second APP, to be accessed by the first APP, and determining, for each data item in the multiple data items according to the reliability level of the first APP and the privacy level of each data item, a responding and processing manner of the request for the data on the second APP, where the responding and processing manner includes one or more manners of returning a data item that the first APP requests to access.Type: ApplicationFiled: November 18, 2016Publication date: March 9, 2017Inventors: Zhengde Zhai, Yu Shen
-
Publication number: 20160239676Abstract: A user authentication method and terminal, where the method includes acquiring an authentication interaction object and an interference interaction object where the authentication interaction object is a real interaction object stored in a terminal, the interference interaction object is a virtual interaction object constructed by the terminal, and the interference interaction object has a similar feature with the authentication interaction object to cause interference to a user when the user is selecting the authentication interaction object, displaying the authentication interaction object and the interference interaction object in an authentication interface for the user to select from, receiving a selection result and determining whether the selection result is the authentication interaction object, and determining, when the selection result is the authentication interaction object, that authentication succeeds.Type: ApplicationFiled: April 22, 2016Publication date: August 18, 2016Inventor: Zhengde Zhai
-
Publication number: 20160042163Abstract: A user authentication method and a terminal. The method includes determining first-type authentication information and second-type authentication information that are of a terminal, wherein the first-type authentication information includes specific attribute information that is in specific attribute information of an interaction object corresponding to a specific interaction behavior of the terminal and whose occurrence frequency within a preset time falls in a preset range, and wherein the second-type authentication information is used to interfere with selection, by the user of the terminal, of the first-type authentication information; presenting an authentication challenge set to the user of the terminal; receiving an identification result; and determining an authentication result. According to the user authentication method, authentication information is dynamically generated using information about an interaction object to perform authentication on a user.Type: ApplicationFiled: October 16, 2015Publication date: February 11, 2016Inventor: Zhengde Zhai
-
Publication number: 20160020902Abstract: A key generating method and apparatus, where the method includes acquiring complete picture data of a complete picture; displaying a partial picture of the complete picture in a display window; capturing a first picture from the partial picture, and generating first picture data of the first picture; and generating a key according to the first picture data.Type: ApplicationFiled: September 28, 2015Publication date: January 21, 2016Inventors: Lei Xu, Zhengde Zhai
-
Publication number: 20160021111Abstract: A method, a terminal device, and a network device are provided. The method of the present invention includes acquiring, by a terminal device, a key, an identity of the terminal device, and identification information of one or more applications on the terminal device, where identification information of different applications on the terminal device is different from each other, and the identity of the terminal device includes International Mobile Equipment Identity (IMEI) and/or International Mobile Subscriber Identity (IMSI); generating, for identification information of one application by using a preset encryption algorithm according to the identity of the terminal device and the key, an encryption result corresponding to the application; and when the application runs on the terminal device, accessing a network by using the encryption result corresponding to the application. The present invention is applicable to protecting information security of a terminal device accessing a network.Type: ApplicationFiled: September 29, 2015Publication date: January 21, 2016Inventor: Zhengde Zhai