公开(公告)号：US20160316368A1

公开(公告)日：2016-10-27

申请号：US15197343

申请日：2016-06-29

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lu GAN ,  Chengdong HE

IPC: H04W12/06

CPC classification number: H04W12/06 ,  H04L63/20

Abstract: Embodiments of the present disclosure provide a method for selecting an authentication algorithm, including: receiving, by a serving device, an authentication data request massage sent by a control device; selecting, by the serving device, an authentication algorithm according to the authentication data request message and information about an authentication algorithm supported by the serving device; determining, by the serving device, identification information of the authentication algorithm according to the selected authentication algorithm; and sending, by the serving device, the identification information of the authentication algorithm to the control device. The embodiments of the present disclosure further provide an apparatus and system for selecting an authentication algorithm. The embodiments of the present disclosure have advantages of improving diversity of methods for selecting an authentication algorithm, improving terminal utilization, and enhancing user experience of terminal authentication.

Abstract translation: 本公开的实施例提供了一种用于选择认证算法的方法，包括：由服务设备接收由控制设备发送的认证数据请求按摩; 由所述服务设备选择根据所述认证数据请求消息的认证算法和所述服务设备支持的认证算法的信息; 由所述服务设备根据所选择的认证算法确定所述认证算法的识别信息; 以及由所述服务设备将所述认证算法的识别信息发送到所述控制设备。 本公开的实施例还提供了一种用于选择认证算法的装置和系统。 本公开的实施例具有改善用于选择认证算法的方法的多样性，提高终端利用率和增强终端认证的用户体验的优点。

公开(公告)号：US20160309328A1

公开(公告)日：2016-10-20

申请号：US15197381

申请日：2016-06-29

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo ZHANG ,  Chengdong HE

IPC: H04W12/06

CPC classification number: H04W12/06 ,  H04W88/04

Abstract: Embodiments of the present invention disclose a terminal authenticating method, including: receiving, by a UE-to-network relay UE-R, a first request message sent by user equipment UE; sending, by the UE-R, a second request message to a control network element according to the first request message sent by the UE; receiving, by the UE-R, an authentication request message sent by the control network element, and determining whether the authentication request message is for authenticating on the UE; if the authentication request message is for authenticating on the UE, sending, by the UE-R, an authentication request message to the UE; and receiving, by the UE-R, an authentication response message sent by the UE according to the authentication request message, and sending the authentication response message to the control network element.

Abstract translation: 本发明的实施例公开了一种终端认证方法，包括：由UE到网络中继UE-R接收由用户设备UE发送的第一请求消息; 根据UE发送的第一请求消息，UE-R向控制网元发送第二请求消息; 由所述UE-R接收由所述控制网元发送的认证请求消息，并且确定所述认证请求消息是否在所述UE上进行认证; 如果认证请求消息用于在UE上认证，则由UE-R向UE发送认证请求消息; 以及由所述UE-R接收由所述UE根据所述认证请求消息发送的认证响应消息，并将所述认证响应消息发送到所述控制网元。

公开(公告)号：US20240430675A1

公开(公告)日：2024-12-26

申请号：US18820466

申请日：2024-08-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Fei LI ,  Chengdong HE

IPC: H04W12/06

Abstract: The technology of this application relates to the communication field, and provides an authentication method, an information sending method, a processing method, and a communication apparatus, to resolve a problem that authentication reliability is low because an authentication procedure can be triggered by only a mobility management function, and improve the authentication reliability. The method includes a first network function determining first information, where the first network function belongs to a home network of user equipment. The first network function selects a first mobility management function based on the first information, where the first mobility management function belongs to a first serving network with which the user equipment is registered, and, the first network function sends a first request to the first mobility management function, where the first request requests the first mobility management function to perform a first authentication procedure on the user equipment.

公开(公告)号：US20240022910A1

公开(公告)日：2024-01-18

申请号：US18475474

申请日：2023-09-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Fei LI ,  Chengdong HE

IPC: H04W12/08

CPC classification number: H04W12/08

Abstract: A signaling protection method, apparatus, and system prevents an NF from spoofing an NF of another PLMN under a shared SEPP to access a peer PLMN service, so that system security is improved. A first SEPP serving a first PLMN receives a third service request that is from an NF of the first PLMN and that is sent to an NF of a second PLMN. A second SEPP serves the second PLMN, and a connection that is between the first SEPP and the second SEPP and is for the first PLMN and the second PLMN includes first N32-f. The first SEPP determines a first PLMN identifier based on configuration information. The first SEPP determines a first N32-f context context identifier corresponding to the first PLMN identifier, where the first N32-f context identifier corresponds to the first N32-f.

公开(公告)号：US20230156042A1

公开(公告)日：2023-05-18

申请号：US18154073

申请日：2023-01-13

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Yan ZHOU ,  Chengdong HE ,  Qingchun LIN

IPC: H04L9/40

CPC classification number: H04L63/20

Abstract: Embodiments of this application disclose a trusted communication method. A core network device may detect, based on trusted policy information, whether a non-access stratum NAS message or user data that passes through the core network device is abnormal. When it is detected that the NAS message or the user data is abnormal, the NAS message or a service corresponding to the user data may be notified or blocked, and exception information notification signaling may be reported to a trusted control node (an independent network function entity, an existing control network element, or an existing management network element). In this way, the trusted control node can update the trusted policy information in a timely manner, or notify each network element to take a trusted protection operation. This effectively improves security of a communication system.

公开(公告)号：US20230007475A1

公开(公告)日：2023-01-05

申请号：US17867511

申请日：2022-07-18

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chengdong HE ,  Hua LI

IPC: H04W12/0433 ,  H04L9/08 ,  H04L9/30 ,  H04W12/08 ,  H04W60/00 ,  H04W12/037 ,  H04W12/40

Abstract: A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.

公开(公告)号：US20200228982A1

公开(公告)日：2020-07-16

申请号：US16834185

申请日：2020-03-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chengdong HE ,  Hua LI

IPC: H04W12/06 ,  H04W12/00 ,  H04W12/04

Abstract: Embodiments of this application provide an authentication method, device, and system, to resolve problems of wastage of performance and memory resources that may be caused by remaining n−1 unused authentication vectors (AVs). The method includes: receiving, by an authentication entity, n first authentication vectors from a unified data management entity, where n is a positive integer; generating, by the authentication entity, n second authentication vectors based on the n first authentication vectors; sending, by the authentication entity, one of the n second authentication vectors to a security anchor function entity; receiving, by the authentication entity, an authentication confirmation request from the security anchor function entity, and performing authentication confirmation on the terminal according to the authentication confirmation request; and sending, by the authentication entity, the other n−1 unused second authentication vectors in the n second authentication vectors to the security anchor function entity when the authentication confirmation succeeds.

公开(公告)号：US20140295800A1

公开(公告)日：2014-10-02

申请号：US14303146

申请日：2014-06-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Chengdong HE

IPC: H04W12/06 ,  H04W12/04

CPC classification number: H04W12/04 ,  H04L9/0844 ,  H04L9/088 ,  H04L63/0492 ,  H04L63/062 ,  H04L63/0876 ,  H04L63/1441 ,  H04L63/20 ,  H04L63/205 ,  H04L69/24 ,  H04L2463/061 ,  H04W8/02 ,  H04W12/10 ,  H04W12/12 ,  H04W36/0038

Abstract: An MME negotiates security in case of idle state mobility for a UE from a first network to a LTE network. The UE sends its security capabilities including non-access stratum (NAS) security capabilities supported by the UE to the LTE network. The MME selects a NAS security algorithm, in accordance with the NAS security capabilities of the UE, and sends the selected NAS security algorithm to the UE, sharing the NAS security algorithm between the UE and the LTE network when the UE moves from the first network to the LTE network. The MME also derives, in accordance with the selected NAS security algorithm, a NAS protection key from an authentication vector-related key so as to security communication between the UE and the LTE network.

Abstract translation: 在UE从第一网络到LTE网络的空闲状态移动性的情况下，MME协商安全性。 UE向LTE网络发送其安全能力，包括UE支持的非接入层（NAS）安全功能。 MME根据UE的NAS安全能力选择NAS安全算法，并将所选择的NAS安全算法发送给UE，当UE从第一个网络移动时，在UE和LTE网络之间共享NAS安全算法 到LTE网络。 MME还根据所选择的NAS安全算法从认证向量相关的密钥导出NAS保护密钥，以便UE和LTE网络之间的安全通信。

公开(公告)号：US20210351925A1

公开(公告)日：2021-11-11

申请号：US17380961

申请日：2021-07-20

Applicant: Huawei Technologies Co., Ltd.

Inventor： Juan DENG ,  Chengdong HE

IPC: H04L9/08 ,  H04W60/00 ,  H04W12/0433 ,  H04W12/041

Abstract: A communication method and a related product are provided. The communication method includes: When UE switches from a source slice to a target slice mutually exclusive with the source slice, both the UE and a target AMF serving the target slice can obtain a first AMF key Kamf_new. The first AMF key Kamf_new is different from a second AMF key Kamf, and the second AMF key Kamf is a key of a source AMF serving the source slice. According to the application communication security and effectiveness are significantly improved_in a mutually exclusive slice switching scenario.

公开(公告)号：US20210185527A1

公开(公告)日：2021-06-17

申请号：US17185467

申请日：2021-02-25

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Hua LI ,  Chengdong HE ,  Bo ZHANG

IPC: H04W12/06 ,  H04L12/28 ,  H04W12/63 ,  H04W8/02

Abstract: Example authentication methods, devices, and systems are provided, where those example can be used to verify validity of access location information of a next generation-residential gateway (NG-RG) in a fixed-mobile convergence architecture. One example method includes a network device receiving first link information that is used to represent an access location of a residential gateway, and the network device obtaining second link information of the residential gateway. When the first link information matches partial or all information of the second link information, or when the first link information matches partial or all information of one link information of the second link information, the network device verifies validity of the access location of the residential gateway.