公开(公告)号：EP2942900B1

公开(公告)日：2020-03-04

申请号：EP13872254.1

申请日：2013-01-21

申请人： Huawei Technologies Co., Ltd.

发明人： JIN, Wenjun ,  XIONG, Ying ,  CHEN, Jiajia ,  WANG, Jiangsheng

IPC分类号： H04L9/32 ,  H04L29/06

公开(公告)号：EP3979683A1

公开(公告)日：2022-04-06

申请号：EP20827869.7

申请日：2020-06-15

申请人： Huawei Technologies Co., Ltd.

发明人： GUO, Longhua ,  HU, Li ,  JIN, Yinghao ,  JIN, Wenjun

IPC分类号： H04W12/12

摘要： This application relates to the field of communications technologies, and discloses a false base station determining method, apparatus, and system, to provide a false base station determining manner. The method includes: A real base station receives a first uplink NAS message and an identifier of a first device. The real base station obtains a first hash value of first system information of a cell corresponding to the identifier of the first device. The real base station sends an N2 message to a core network device, where the N2 message includes the first uplink NAS message and the first hash value of the first system information. The core network device receives the N2 message sent by the real base station, and sends a first downlink NAS message that is integrity protected to a terminal, where the first downlink NAS message is forwarded by the real base station to the terminal, and the first downlink NAS message includes the first hash value of the first system information. The first hash value is transferred by using the first downlink NAS message that is integrity protected, so that the terminal may determine whether the terminal accesses a false base station.

公开(公告)号：EP3817421A1

公开(公告)日：2021-05-05

申请号：EP19808078.0

申请日：2019-05-23

申请人： HUAWEI TECHNOLOGIES CO., LTD.

发明人： LI, Hong ,  SHU, Lin ,  LIU, Tao ,  JIN, Wenjun ,  ZHUO, Chao ,  CHEN, Hongqiang

IPC分类号： H04W12/02

摘要： This application provides a paging processing method and apparatus, to resolve a prior-art problem that a terminal device is vulnerable to a paging attack from a false network. The method includes: performing, by a mobility management network element, security protection on a paging identity of a terminal device by using a security context obtained by negotiating with the terminal device by the mobility management network element, to obtain a first paging identity, and sending a first paging message to a base station; sending, by the base station, a second paging message to the terminal device, where the second paging message carries the first paging identity and first indication information, and the first indication information is used to indicate that the first paging identity is a security-protected paging identity; and performing, by the terminal device, security verification on the first paging identity by using the security context based on the first indication information, to obtain a second paging identity, and processing the second paging message based on the second paging identity and an identity of the terminal device.

公开(公告)号：EP3826352A1

公开(公告)日：2021-05-26

申请号：EP19848585.6

申请日：2019-08-06

申请人： HUAWEI TECHNOLOGIES CO., LTD.

发明人： JIN, Wenjun ,  XIONG, Xiaochun

IPC分类号： H04W24/08

摘要： A cell handover method, an apparatus, and a system are disclosed, to resolve a problem that, in the prior art, a terminal device easily accesses a fake base station when performing a cell handover. In this application, a first base station may send a measurement control message to a terminal device, where the measurement control message includes information about a pilot signal allocated by a second base station to the terminal device. After the first base station receives a measurement response message from the terminal device, where the measurement response message includes signal quality of the pilot signal, and determines that the signal quality of the pilot signal satisfies a handover condition, the first base station performs a cell handover process for the terminal device. The first base station first determines that the signal quality, reported by the terminal device, of the pilot signal satisfies the handover condition, so that the terminal device is effectively prevented from directly accessing a fake base station, and it is also ensured that the terminal device can successfully access the second base station without a call drop.

公开(公告)号：EP2942900A1

公开(公告)日：2015-11-11

申请号：EP13872254.1

申请日：2013-01-21

申请人： Huawei Technologies Co., Ltd.

发明人： JIN, Wenjun ,  XIONG, Ying ,  CHEN, Jiajia ,  WANG, Jiangsheng

IPC分类号： H04L9/32

CPC分类号： H04L9/3268 ,  H04L63/0823 ,  H04L63/123

摘要： Embodiments of the present invention disclose a method, an apparatus, and a system for increasing network security. The method for increasing network security includes: receiving, by a network management system, a certificate message reported by a network element; generating, by the network management system, a first list; when determining that a certificate corresponding to certificate information in the first list needs to be revoked, generating, by the network management system, a certificate revocation request file according to the certificate information, and removing the certificate information in the first list from the first list; and sending, by the network management system, the certificate revocation request file to a public key infrastructure (PKI) system. According to the method in this embodiment, automatic revocation of a certificate of a device on a network can be performed, thereby reducing a risk of manual revocation error and increasing network security. The embodiments of the present invention further disclose an apparatus and a system for increasing network security.

摘要翻译： 本发明的实施例公开了一种用于增加网络安全性的方法，装置和系统。 增加网络安全的方法包括：由网络管理系统接收由网元报告的证书消息; 由网络管理系统生成第一个列表; 当确定与第一列表中的证书信息相对应的证书需要被撤销时，由网络管理系统根据证书信息生成证书吊销请求文件，并从第一列表中删除第一列表中的证书信息 ; 并且由网络管理系统将证书吊销请求文件发送到公钥基础设施（PKI）系统。 根据本实施例的方法，可以执行网络上的设备的证书的自动撤销，从而降低手动撤销错误的风险并增加网络安全性。 本发明的实施例还公开了一种用于增加网络安全性的装置和系统。