公开(公告)号：US12218983B2

公开(公告)日：2025-02-04

申请号：US16990317

申请日：2020-08-11

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He Li ,  Jing Chen ,  Liwei Qiu ,  Chong Lou

IPC: H04L29/06 ,  H04L9/40 ,  H04W12/02 ,  H04W76/15 ,  H04W76/27

Abstract: Embodiments of this application provide security protection methods and apparatuses. One method includes: obtaining, by a master station, a user plane security policy, wherein the user plane security policy indicates whether to activate a user plane security protection, the master station communicates with a secondary station under a dual connectivity scenario; sending, by the master station, a message comprising the user plane security policy to the secondary station; receiving, by the secondary station, the message from the master station; and determining, by the secondary station, a user plane security algorithm based on the user plane security policy.

公开(公告)号：US11678187B2

公开(公告)日：2023-06-13

申请号：US17089216

申请日：2020-11-04

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li Hu ,  Jing Chen ,  Kai Pan

IPC: H04W12/08 ,  H04W12/71 ,  H04W48/02 ,  H04L9/06

CPC classification number: H04W12/08 ,  H04W12/71 ,  H04W48/02 ,  H04L9/0643

Abstract: This application provides a method for restricting access of a terminal device, and an apparatus. The method includes: receiving, by an access network device, a first identifier that is from a terminal device, where the first identifier is used to identify the terminal device; and if the first identifier matches a second identifier, restricting, by the access network device, access of the terminal device, where the second identifier is used to identify a terminal device having abnormal behavior. Based on the solution, the access network device pre-records the second identifier of the terminal device having the abnormal behavior.

公开(公告)号：US11659393B2

公开(公告)日：2023-05-23

申请号：US17030926

申请日：2020-09-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04W12/08 ,  H04L9/08 ,  H04L9/40 ,  H04W36/00 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/033 ,  H04W12/037 ,  H04W12/041 ,  H04W12/069 ,  H04W12/0433

CPC classification number: H04W12/08 ,  H04L9/083 ,  H04L9/0816 ,  H04L9/0861 ,  H04L63/06 ,  H04L63/205 ,  H04W12/02 ,  H04W12/033 ,  H04W12/037 ,  H04W12/04 ,  H04W12/041 ,  H04W12/0433 ,  H04W12/06 ,  H04W12/069 ,  H04W36/0038 ,  H04L2209/24 ,  H04L2463/061

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

公开(公告)号：US11627458B2

公开(公告)日：2023-04-11

申请号：US16821103

申请日：2020-03-17

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li Hu ,  Jing Chen

IPC: H04L29/06 ,  H04W12/041

Abstract: This application provides a key derivation algorithm negotiation method and an apparatus. The method includes: checking, by a terminal, a sent first key derivation algorithm and a received second key derivation algorithm; if the checking is correct and the first key derivation algorithm is the same as the second key derivation algorithm, determining that the first key derivation algorithm sent by the terminal is not tampered with by an attacker; and then using a negotiated third key derivation algorithm as a key derivation algorithm of the terminal, to ensure confidentiality of the negotiated key derivation algorithm, thereby improving communication security.

公开(公告)号：US20230091113A1

公开(公告)日：2023-03-23

申请号：US17994516

申请日：2022-11-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yong Wang ,  Jing Chen

IPC: H04W12/041 ,  H04W12/03 ,  H04W12/106

Abstract: A communications method includes receiving, from a second node, first algorithm negotiation request information used to indicate one or more algorithms and one or more key derivation functions, determining at least one first algorithm in the one or more algorithms and at least one first key derivation function in the one or more key derivation functions, and sending, to the second node, first information used to indicate the at least one first algorithm and the at least one first key derivation function.

公开(公告)号：US11582602B2

公开(公告)日：2023-02-14

申请号：US17014538

申请日：2020-09-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing Chen ,  Kai Pan ,  He Li

IPC: H04W12/041 ,  H04W76/25 ,  H04W76/11 ,  H04W8/08 ,  H04W12/06 ,  H04W60/00 ,  H04W12/0431 ,  H04W12/0433 ,  H04W12/0471

Abstract: A method for security handling in a mobility of a terminal device, where the method includes: a target access and mobility management function (AMF) entity receiving a first message for registering a terminal device; the target AMF entity sending a second message to a source AMF entity after receiving the first message; the source AMF entity deriving a first key based on a key between the source AMF entity and the terminal device; the source AMF entity sending the first key to the target AMF entity; the target AMF entity determining to use the first key based on security related information after receiving the first key; and the target AMF entity determining a communication key between the target AMF entity and the terminal device based on the first key after determining to use the first key.

公开(公告)号：US11576038B2

公开(公告)日：2023-02-07

申请号：US16856613

申请日：2020-04-23

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Kai Pan ,  Jing Chen

IPC: H04W12/041 ,  H04W4/70 ,  H04L9/08 ,  H04W8/02 ,  H04W36/00 ,  H04W12/106 ,  H04W12/0433

Abstract: A method includes receiving, by a mobility management entity (MME), a redirection request message from an access and mobility management function (AMF) node, where the redirection request message includes key-related information. The method also includes generating, by the MME, an encryption key and an integrity protection key based on the key-related information. The redirection request message is used to request to hand over a voice service from a packet switched (PS) domain to a circuit switched (CS) domain.

公开(公告)号：US11310266B2

公开(公告)日：2022-04-19

申请号：US17138498

申请日：2020-12-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jing Chen ,  Qi Li ,  Lin Shu

IPC: H04W12/08 ,  H04W12/106 ,  H04W12/125 ,  H04L9/32 ,  H04W8/24 ,  H04W12/04 ,  H04W12/06 ,  H04L29/06

Abstract: The present disclosure relates to mobile communications technologies, and in particular, to a mobile communication method, apparatus, and device. The method includes: receiving, by user equipment UE, a non-access stratum NAS security mode command message from a mobility management entity MME, where the NAS security mode command message carries first verification matching information used to verify UE capability information received by the MME; determining, by the UE based on the first verification matching information, whether the UE capability information received by the MME is consistent with UE capability information sent by the UE to the MME; and if the UE capability information received by the MME is consistent with the UE capability information sent by the UE to the MME, sending, by the UE, a NAS security mode complete message to the MME.

公开(公告)号：US11259219B2

公开(公告)日：2022-02-22

申请号：US16804293

申请日：2020-02-28

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Kai Pan ,  Jing Chen

IPC: H04W36/00 ,  H04W36/08 ,  H04W36/38

Abstract: Embodiments of the present invention provide a communication method. The communication method includes: performing, by a terminal, a handover from a source base station to a target base station via an interface between the source base station and the target base station, obtaining, by the target base station, a first security capability, and sending, by the target base station, the first security capability to another base station, to establish dual connections. The source base station does not support the first security capability, and the target base station, the another base station, and a core-network network element support the first security capability. The target base station obtains the first security capability, so that the terminal can establish the dual connections to the target base station and the another base station.

公开(公告)号：US11259185B2

公开(公告)日：2022-02-22

申请号：US17023748

申请日：2020-09-17

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li Hu ,  Jing Chen ,  He Li ,  Kai Pan

IPC: H04W8/20 ,  H04W12/40 ,  H04L29/06 ,  H04W12/06

Abstract: The present disclosure discloses a communication method performed by a management function entity, including: receiving a first request message sent by user equipment UE; sending a second request message to a storage function entity based on the first request message, where the second request message is used to request a security service identifier for the UE, and the security service identifier is used to indicate a security service procedure; receiving a response message including the security service identifier from the storage function entity; obtaining a target security service identifier based on the security service identifier, where the target security service identifier is used to indicate a security service procedure to be initiated by the management function entity; and initiating the security service procedure indicated by the target security service identifier. The present disclosure further discloses a communications device.