| CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD. Patent applications |
| Patent application number | Title | Published |
|---|
| 20120124660 | VIRTUAL PRIVATE NETWORK NODE INFORMATION PROCESSING METHOD, RELEVANT DEVICE AND SYSTEM - A Virtual Private Network (VPN) node information processing method and a VPN node information processing device are provided, in which the method comprises: receiving an access request message sent by a node, in which the access request message at least carries authentication information, a current real Internet Protocol (IP) address, a node name and information indicating whether to accept extranet connection of the node; allocating a virtual IP address for the node when the authentication information of the node is correct; and registering the current real IP address, the node name, the information indicating whether to accept the extranet connection, and the virtual IP address of the node as registration information. Through the method and the device, when a node is added into a VPN, configuration of other nodes does not need to be adjusted. | 05-17-2012 |
| 20120089799 | DATA BACKUP PROCESSING METHOD, DATA STORAGE NODE APPARATUS AND DATA STORAGE DEVICE - A data backup processing method is provided, which includes: numbering at least one data storage node in a data storage device, in which the data storage node includes a primary storage area and a backup storage area, and the primary storage area of the data storage node and a backup storage area of a next adjacently numbered data storage node are logically connected, so that a number of data storage nodes form a ring structure with sequential logical connection; and respectively backing up the data stored in a primary storage area of a random data storage node into a backup storage area of at least one next adjacently numbered data storage node of the data storage node in the ring structure. Therefore, data redundancy may be provided for users among a random number of disks, thereby effectively guaranteeing the security of user data and achieving high flexibility and practicability. | 04-12-2012 |
| 20120036394 | DATA RECOVERY METHOD, DATA NODE, AND DISTRIBUTED FILE SYSTEM - A data recovery method includes: by a first data node, obtaining a notification that a second data node fails; and storing specified data to a third data node, recording information of the specified data stored in the third data node in backup information stored in the first data node, and providing a metadata node and other data nodes storing the specified data with the information of the specified data stored in the third data node, where the specified data is data stored in the first and second data nodes. A data recovery method, two data nodes, and a distributed file system are also provided. In embodiments of the present invention, the data recovery is mainly performed among the data nodes, and the metadata node does not need to perform a lot of operations. Therefore, the load of the metadata node is reduced. | 02-09-2012 |
| 20120032508 | Method and Apparatus for Peak Shifting Adjustment - An apparatus and a method for peak shifting adjustment are disclosed. The apparatus includes a controlling unit that is configured to sequentially control different outputting units to output the Pulse-Width Modulation (PWM) signals according to a preset time sequence. The interval between two adjacent outputted PWM signals is T1, which is the time when the current required by an electric device is higher than the normal current in case of an increase of the duty cycle of the PWM signals. At least two outputting units are connected to corresponding electric devices and configured to output the PWM signals to the corresponding electric devices according to the control of the controlling unit. | 02-09-2012 |
| 20110320712 | METHOD AND APPARATUS FOR CONTROLLING STATE OF STORAGE DEVICE AND STORAGE DEVICE - The embodiments of the present invention provide a method and an apparatus for controlling a state of a storage device, and a storage device, and relate to the field of electronic technologies. State control information of logic disks in the storage device is obtained; it is judged whether the state control information of all the logic disks in the storage device includes sleep instructions; and the storage device is controlled to switch into a sleep state when the state control information of all the logic disks includes the sleep instructions. The technical solutions may effectively control the storage device to switch into the sleep state, overcome the inconvenience of the read and write operations when the storage device automatically switches into the sleep state, and save the power consumption of the storage device with convenient use. | 12-29-2011 |
| 20110320532 | Data operating method, system, client, and data server - A data operating method, system, client, and data server are provided. The method includes: sending a write request of a file to a data server, where the write request includes identifiers of sub-data blocks constituting the file; receiving mappings between the identifiers of the sub-data blocks and storage servers returned by the data server according to the write request; and writing the sub-data blocks to the corresponding storage servers according to the mappings. With the present invention, whether the identifiers of the sub-data blocks are saved may serve as a basis for determining whether the sub-data blocks are written, thus ensuring that no duplicate data is stored in the system and increasing the storage space of the system. | 12-29-2011 |
| 20110265181 | METHOD, SYSTEM AND GATEWAY FOR PROTECTION AGAINST NETWORK ATTACKS - A method, a system and a gateway for protection against network attacks are provided. The method includes: receiving source request information and destination request information that are sent by a client, where the destination request information is notified by a Domain Name System (DNS) to the client sending the source request information; checking the source request information and the destination request information; and discarding the source request information and the destination request information when the checking result is undesirable. Through the technical solution, the DNS selects the destination request information according to the source request information sent by the client, and establishes a corresponding relation between the client and a server according to a matching relation between the source request information and the destination request information, so as to prevent DDOS attacks. | 10-27-2011 |
| 20110264908 | Method and device for preventing network attacks - A method for preventing network attacks is provided, which includes: obtaining a data packet, where a source address of the data packet is a cryptographically generated address (CGA); determining that the obtained data packet includes a CGA parameter and signature information; authenticating the CGA parameter; authenticating the signature information according to the authenticated CGA parameter; and sending the data packet to a destination address when the signature information is authenticated. Accordingly, a device for preventing network attacks is also provided. A CGA parameter used by a data packet is directly used to ensure authenticity of a source address of the data packet, thus preventing network attacks performed by counterfeiting the address. In addition, by authenticating signature information, authenticity of identification of a sender of the data packet and bound address of the sender of the data packet are further ensured. Therefore, illegal data packets are filtered to prevent network attacks on servers, thus improving network security. | 10-27-2011 |
| 20110264833 | STORAGE METHOD, STORAGE SYSTEM, AND CONTROLLER - A storage method, a storage system, and a controller are disclosed. The method is applicable to a system that includes at least one controller, at least two Peripheral Component Interconnection Express (PCIE) Input/Output (IO) modules, and at least two storage devices. The at least two storage devices are connected through a PCIE switch chip of the at least one controller, and the at least two PCIE IO modules are connected through a PCIE switch chip of the at least one controller. The method includes: receiving a request message from a server through the at least two PCIE IO modules; and accessing the at least two storage devices according to the request message. The at least two PCIE IO modules are shared between controllers, thereby saving resources; and the storage devices access the controllers without the need of a hard disk controller or a hard disk extension chip, thereby saving costs. | 10-27-2011 |
| 20110258389 | VIRTUAL STORAGE METHOD AND DEVICE - A virtual storage method and a device are disclosed. The virtual storage method includes: obtaining a volume management mode of a Logical Unit Number (LUN) from a storage array and recording the volume management mode into stitch data; and constructing a virtual LUN according to the LUN and the stitch data, and mapping the virtual LUN to a host to enable read/write access; and modifying a destination address of an Input/Output (I/O) data packet delivered by the host according to the stitch data after receiving the I/O data packet, delivering the I/O data packet to the virtual LUN, and delivering the I/O data packet which has been delivered to the virtual LUN to the storage array according to the stitch data, where an address of the storage array to which the I/O data packet is delivered is the same as the destination address of the I/O data packet before the destination address of the I/O data packet is modified. | 10-20-2011 |
| 20110258255 | Method and Apparatus for Accessing Network File System - A method and an apparatus for accessing a network file system (NFS) are disclosed. The method includes: receiving a first request message, which is sent by a user equipment (UE) to the NFS according to an available first file type; converting, according to a preset mapping relation, the first request message into a second request message capable of driving a second file type in the NFS, and sending the second request message to the NFS; receiving a first response message, which is based on the second file type and is sent by the NFS to the UE in response to the second request message; and converting, according to the preset mapping relation, the first response message into a second response message which is based on the first file type, and sending the second response message to the UE. With the present invention, the file system protocol can be converted, and the NFS is compatible with multiple operating systems. | 10-20-2011 |
| 20110246685 | METHOD, APPARATUS AND SYSTEM FOR IMPROVING RUNNING STABILITY OF SAS DOMAIN - A method, an apparatus and a system for improving running stability of a Serial Attached Small Computer System Interface (SAS) domain are disclosed. The method includes: monitoring and recording the number of state changes of each SAS physical channel in the SAS domain within a preset time; and isolating an SAS physical channel that fulfills a preset isolation condition according to the number of state changes. The method improves the running stability of the SAS domain. | 10-06-2011 |
| 20110231931 | METHOD AND DEVICE FOR PREVENTING DOMAIN NAME SYSTEM SPOOFING - A method for preventing Domain Name System (DNS) spoofing includes: performing uppercase/lowercase conversion for letters of a DNS question field in a DNS request packet according to a preset rule; sending the DNS request packet; receiving a DNS response packet; obtaining uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet; and forwarding the DNS response packet to a target DNS client if the uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet complies with the preset rule. Corresponding to the method, a device for preventing DNS spoofing is disclosed. The method and device reduce occupation of storage resources of the device. | 09-22-2011 |
| 20110211685 | METHOD, APPARATUS, PROXY SERVER AND TERMINAL FOR FILTERING OUT SPAM CALL - A method for filtering out a spam call includes: transmitting test information to a calling terminal when receiving a call request from the calling terminal; determining whether feedback information corresponding to the test information and generated by the calling terminal in a one-key reply manner is correct; if the feedback information is incorrect, determining the call request as a spam call request, and filtering out the call request. An apparatus, a proxy server and a terminal are further provided, so as to effectively determine whether a call request from a calling terminal is a spam call request initiated by a machine or software, therefore improving the security and accuracy of a test, and reducing the cost as there is no need to install a speech recognition system. | 09-01-2011 |
| 20110208923 | STORAGE METHOD AND SYSTEM, TERMINAL SERVICE BOARD, CONTROL BOARD AND STORAGE CHANNEL BOARD - A storage method and system, a terminal service board, a control board, and a storage channel board are provided. The system includes a terminal service board, a control board, and a storage channel board, where the terminal service board is configured to be connected with a terminal and the control board, process a request from the terminal, and send a processing result to the control board; the control board is configured to encapsulate data required to be stored onto a storage apparatus into a command according to the processing result, and submit the command to the storage channel board; the storage channel board is configured to be connected with the storage apparatus and the control board, and according to the command, store onto the storage apparatus the data required to be stored onto the storage apparatus. The control board becomes more focused on the storage processing, so that the efficiency of use for the control board is improved. Furthermore, as the influence of the interface card protocol to the control board is reduced significantly, the design of the control board is simplified. | 08-25-2011 |
| 20110202972 | NETWORK AUTHENTICATION METHOD, METHOD FOR CLIENT TO REQUEST AUTHENTICATION, CLIENT, AND DEVICE - A network authentication method, a method for a client to request authentication, a client, and a device are provided. The method includes: receiving synchronize (SYN) data sent by a client, where the SYN data includes a sequence number SEQ | 08-18-2011 |
| 20110179267 | METHOD, SYSTEM AND SERVER FOR IMPLEMENTING SECURITY ACCESS CONTROL - A method for implementing network security access control is provided, including: receiving and decrypting terminal identity information that is encrypted in a bi-directional encryption mode and forwarded by a switch, and authenticating the decrypted terminal identity information; returning an authentication result to the switch so that the switch controls access of a terminal to a network according to the authentication result; encrypting the decrypted terminal identity information in a solo-directional encryption mode and authenticating the encrypted terminal identity information; returning an authentication result to a security access control gateway so that the security access control gateway controls access of the terminal to network resources according to the authentication result; delivering a security policy to a security control module on the terminal so that the security control module controls the terminal according to the security policy. A server is provided, including a first authentication module and a second authentication module. A system for implementing network security access control is provided, including a server, a switch, a security access control gateway and a terminal. | 07-21-2011 |
| 20110040968 | METHOD AND SYSTEM FOR FORWARDING DATA BETWEEN PRIVATE NETWORKS - In the field of communications technology, a method and a system for forwarding data between private networks are provided, which can enable terminals in different private networks to securely communicate with each other by using private network addresses. The method includes the following steps. A Secure Socket Layer (SSL) tunnel to an SSL Virtual Private Network (VPN) device in another private network is established. Address allocation information of the another private network is received through the SSL tunnel. The address allocation information and a mapping relation between the address allocation information and a public network IP address of the SSL VPN device transmitting the address allocation information and a session ID of the SSL tunnel transmitting the address allocation information are saved. A data packet whose destination address belongs to the another private network is forwarded to the SSL VPN device of the private network to which the destination address belongs, according to the address allocation information and the mapping relation. Through the method, the SSL VPN device can resolve private network addresses of other private networks. | 02-17-2011 |
| 20100121992 | METHOD, DEVICE AND SYSTEM FOR STORING DATA IN CACHE IN CASE OF POWER FAILURE - A method, device and system for storing data in a cache in case of power failure are disclosed. The method includes: in case of power failure of a storage system, receiving configuration information from a central processing unit (CPU); establishing a mapping relationship between an address of data in the cache and an address in a storage device according to the configuration information; sending a signaling message that carries the mapping relationship to the cache, so that the cache migrates the data to the storage device according to the signaling message. | 05-13-2010 |
| 20100049932 | METHOD AND APPARATUS FOR AUTOMATIC SNAPSHOT - A method for automatic snapshot includes obtaining the amount of data written into a source Logical Unit Number (LUN) and performing increment accumulation; and taking a snapshot when a value of the increment accumulation exceeds the upper limit value. An apparatus for automatic snapshot is disclosed. In one embodiment of the invention, snapshots are taken according to the size of a data variable, only two characterizing parameters, an upper limit value and an increment value need to be added, and the determination logic is clear and concise. Thus, system efficiency or resource overload is not affected, the pertinence is strengthened, the resource usage is increased, and the adaptability is strengthened. Furthermore, stored data may be automatically protected with snapshot, and data safety and reliability are greatly improved. | 02-25-2010 |
| 20100005514 | METHOD, SYSTEM AND SERVER FOR FILE RIGHTS CONTROL - A file rights control method, a file rights control system, and a server are described. The file rights control method includes: monitoring identity information of a file author; determining at least one authorization object of the file according to identity information of the file author; determining rights corresponding to different authorization objects of the file according to the identity information of the file author and the at least one authorization object of the file; and authorizing the at least one authorization object of the file according to the determined rights corresponding to different authorization objects of the file. A file rights control system and a server are further described. By using the embodiments of the present invention, the complexity of file authorization control operation is reduced, thus improving the working efficiency of users. Moreover, the authorization of a fine granularity and a higher security are ensured. | 01-07-2010 |
| 20100005181 | METHOD AND SYSTEM FOR CONTROLLING A TERMINAL ACCESS AND TERMINAL FOR CONTROLLING AN ACCESS - A method and a system for controlling terminal access, and a terminal for controlling access are provided. The method includes: receiving a policy configuration sent by a server on a network side; modifying local setting according to the policy configuration; and controlling an access authority of the terminal according to the modified local setting. Thus, when terminal access control is needed for a terminal connected to the network, the policy configuration can be delivered to the agent of the terminal, so that the agent controls an access authority of the terminal according to the policy configuration. Thereby, the convenient and flexible separation of the pre-authentication domain and the post-authentication domain is realized for different terminals, so as to meet the requirements for access control of multiple terminals. | 01-07-2010 |
| 20090327688 | METHOD AND SYSTEM FOR DETECTING A MALICIOUS CODE - Embodiments of the present invention provide a method and a system for detecting a malicious code. The method includes obtaining first system information and second system information, and detecting the malicious code by identifying difference between the first system information and the second system information, which thus can detect an unknown malicious code, improve the system security, and can be easily implemented. | 12-31-2009 |
| 20090323536 | METHOD, DEVICE AND SYSTEM FOR NETWORK INTERCEPTION - A method, a device, and a system for network interception are provided. The method for network interception includes the following steps. A matching rule obtained by parsing an interception policy. Received data are selected by adopting a deep packet inspection (DPI) according to the matching rule so as to obtain an interception result, in which the received data are obtained by adopting data preprocessing to filter packet data according to a service customizing rule obtained by parsing the interception policy. The system for network interception includes a service probe server (SPS) and a service analyze server (SAS). Thus, various packet data services transmitted over an Internet protocol (IP) network can be intercepted. | 12-31-2009 |
| 20090319985 | METHOD, SYSTEM AND APPARATUS FOR ACQUIRING INTERFACE - A method, system and apparatus for acquiring an interface are provided. The method includes: acquiring, by an interface requester, an interface identification and an interface generation parameter in response to a request from a client, transmitting the interface identification and the interface generation parameter to an interface arranger, the interface identification being used to identify an interface generator that may generate an interface; generating, by an interface arranger, an interface instance at the interface generator based on the received interface identification and interface generation parameter; and delivering, by the interface arranger, the interface instance to the client through a communication mechanism between the interface requester and the interface arranger. According to the disclosure, the software extensibility may be improved, the software development cycle may be shortened, and the software maintainability may be enhanced. | 12-24-2009 |
| 20090316572 | METHOD AND SYSTEM FOR MANAGING PORT STATUSES OF A NETWORK DEVICE AND RELAY DEVICE - A method, a system for managing port status of a network device, and a relay device are provided in the field of network management. The method includes the following steps. A relay device detects working status of ports in a logic group, and the ports are mounted on the relay device and connected to an upstream/downstream device. When it is detected that the working status of a port in the logic group is Down, the relay device sets the working status of the other ports in the logic group as Down, so that the upstream/downstream device of the relay device switches a terminal service to a standby link according to the ports' Down status in the logic group being detected. The relay device includes a detecting module and a setting module. The system includes a relay device and an upstream/downstream device of the relay device. The technical solution provided in the embodiments of the present disclosure guarantees that the terminal service is transmitted uninterruptedly. | 12-24-2009 |
| 20090296706 | METHOD, SYSTEM AND PROCESSOR FOR PROCESSING NETWORK ADDRESS TRANSLATION SERVICE - A method, a system, and a processor for processing a network address translation (NAT) service are provided. The method includes: performing NAT service identification of a received message, and selecting a corresponding NAT service processor for processing a NAT service of a message that needs a NAT service processing from at least two NAT service processors. Through embodiments of the disclosure, a demand for the system to process a lot of NAT services within a short time is fulfilled, so as to increase the capacity of processing NAT services of the system. | 12-03-2009 |
