公开(公告)号：US20240244432A1

公开(公告)日：2024-07-18

申请号：US18621955

申请日：2024-03-29

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He LI ,  Rong WU

IPC: H04W12/06

CPC classification number: H04W12/06

Abstract: This application provides a primary authentication method and an apparatus. The method includes: An AMF receives, from a home network device, a first authentication request message for triggering a primary authentication procedure, the primary authentication procedure is used to perform primary authentication on a terminal device, and the home network device is a network device in a home network of the terminal device. The AMF sends a first authentication response message to the home network device when rejecting the triggering of the primary authentication procedure, where the first authentication response message includes first rejection cause information indicating a cause for rejecting the triggering of the primary authentication procedure.

公开(公告)号：US20230396602A1

公开(公告)日：2023-12-07

申请号：US18452003

申请日：2023-08-18

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Yizhuang WU ,  He LI ,  Rong WU

IPC: H04L9/40 ,  H04L67/56

CPC classification number: H04L63/0807 ,  H04L63/102 ,  H04L67/56

Abstract: Embodiments of this application disclose a service authorization method and system, and a communication apparatus. The method includes: A first network element obtains a first access token from a token generation network element, and sends a first service request for a specified service to a second network element. The first service request includes the first access token. The first access token indicates that an NF service consumer network element has permission to access a specified service provided by an NF service producer network element belonging to a specified service domain. The first access token includes an identifier of the NF service consumer network element, an identifier of the specified service, and first service domain information associated with the specified service domain. The first service domain information is carried in the first access token, so that service domain-based access control can be implemented, thereby helping improve security of service authorization.

公开(公告)号：US20230185910A1

公开(公告)日：2023-06-15

申请号：US18168228

申请日：2023-02-13

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He LI ,  Rong WU ,  Yizhuang WU ,  Ao LEI

IPC: G06F21/55

CPC classification number: G06F21/554 ,  G06F2221/034

Abstract: Embodiments of this application provide a communication method, apparatus, and system, to improve security of a V2X PC5 establishment procedure. The method includes: A first terminal device obtains a first security protection method, where the first security protection method is a security protection method determined in a discovery procedure between the first terminal device and a second terminal device; and the first terminal device determines a second security protection method according to the first security protection method, where the second security protection method is a security protection method for a PC5 connection between the first terminal device and the second terminal device. For example, a security level of the second security protection method is not lower than a security level of the first security protection method. The communication method is applicable to the V2X communication field.

公开(公告)号：US20230179400A1

公开(公告)日：2023-06-08

申请号：US18163980

申请日：2023-02-03

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Longhua GUO ,  He LI ,  Rong WU

IPC: H04L9/08 ,  H04W12/033

CPC classification number: H04L9/0819 ,  H04W12/033 ,  H04L9/0861 ,  H04W4/06

Abstract: Embodiments of this application provide a key management method and a communication apparatus, and relate to the field of communication technologies, to securely transmit multicast service data, and prevent an unauthorized terminal device from obtaining the multicast service data. The method includes: A terminal device obtains a target key, where the target key includes at least one of a target multimedia broadcast/multicast service service key MSK, a first sub-key corresponding to the target MSK, or a second sub-key corresponding to the target MSK, the first sub-key is for confidentiality protection calculation, and the second sub-key is for integrity protection calculation. The terminal device receives target data from a multicast user-plane processing network element, where the target data is data on which security protection is performed. Then, the terminal device processes the target data by using the target key.

公开(公告)号：US20210185524A1

公开(公告)日：2021-06-17

申请号：US17179820

申请日：2021-02-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong WU ,  Shuaishuai TAN

IPC: H04W12/033 ,  H04W12/0433 ,  H04W36/00 ,  H04W88/16

Abstract: This application provides a security context obtaining method and apparatus. The method includes: receiving, by a user plane gateway, a PDU session establishment request from UE, where the PDU session establishment request is used to request to establish a PDU session between the user plane gateway and the UE, and the PDU session is carried between the UE and a service server of a data network; and separately obtaining, by the user plane gateway and the UE, a security context used for the PDU session, and activating user plane security protection based on the security context. Therefore, during PDU session reestablishment, for example, PDU session reestablishment triggered by switching of the user plane gateway, a session management network element, and the like, the user plane gateway and the UE can obtain a new security context, thereby achieving end-to-end protection between the UE and the user plane gateway.

公开(公告)号：US20190068591A1

公开(公告)日：2019-02-28

申请号：US16171235

申请日：2018-10-25

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Bo ZHANG ,  Rong WU ,  Lu GAN ,  Haiguang WANG

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: The present disclosure relates to example key distribution and authentication methods and devices. In one example method, a second-level key is received by a terminal device from a user management server. The terminal device performs mutual authentication with a network authentication server based on the second-level key, to obtain a communication key for communication between the terminal device and a functional network element.

公开(公告)号：US20240284174A1

公开(公告)日：2024-08-22

申请号：US18650700

申请日：2024-04-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He LI ,  Rong WU ,  Li HU

IPC: H04W12/06 ,  H04W8/22 ,  H04W12/041 ,  H04W12/72

CPC classification number: H04W12/06 ,  H04W8/22 ,  H04W12/041 ,  H04W12/72

Abstract: This application provides a communication method, apparatus, and system, to determine a mode for authenticating a terminal device. The communication system includes unified data management and an authentication server function. The unified data management determines, based on anonymous domain information and configuration information, an authentication mode for authenticating the terminal device, and send an authentication obtaining response message to the authentication server function. The anonymous domain information indicates an identifier of a network to which an authentication device capable of authenticating the terminal device belongs, and the authentication mode includes an external authentication mode or an internal authentication mode. The configuration information includes an identifier of one or more networks corresponding to the external authentication mode and/or an identifier of one or more networks corresponding to the internal authentication mode, and the authentication obtaining response message includes the authentication indication information indicating the authentication mode.

公开(公告)号：US20240244087A1

公开(公告)日：2024-07-18

申请号：US18621939

申请日：2024-03-29

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li HU ,  Rong WU

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/12

Abstract: This application provides a data invocation method and an apparatus. The method may include: An authorization verification network element receives a data invocation request message from a service consumer network element, where the data invocation request message includes an identifier of a terminal device, and the data invocation request message is used to request to invoke data of the terminal device. The authorization verification network element determines whether the service consumer network element has a capability of supporting stopping data processing. In response to the service consumer network element does not have the capability of supporting stopping data processing, the authorization verification network element rejects the data invocation request message of the service consumer network element. This solution can meet a requirement of a user for exercising a right of revocation on data use.

公开(公告)号：US20240089720A1

公开(公告)日：2024-03-14

申请号：US18513999

申请日：2023-11-20

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Longhua GUO ,  Vishnu PREMAN ,  Rong WU

IPC: H04W8/08 ,  H04W24/04 ,  H04W60/00

CPC classification number: H04W8/08 ,  H04W24/04 ,  H04W60/00

Abstract: Embodiments of a network selection method and a related apparatus are provided. In the method, an apparatus receives a broadcast message from a non-forbidden public land mobile network (PLMN) and a broadcast message from a forbidden PLMN. The broadcast message of the forbidden PLMN includes a disaster occurrence indication, and the disaster occurrence indication indicates that a disaster has occurred on the non-forbidden PLMN. The apparatus requests, based on the disaster occurrence indication, to register with the forbidden PLMN, when the apparatus fails to register with the non-forbidden PLMN. According to the foregoing method, the apparatus can select a network that ensures a normal service, and a service interruption to the apparatus caused by the disaster that occurs on the non-forbidden PLMN can be effectively reduced.

公开(公告)号：US20230362632A1

公开(公告)日：2023-11-09

申请号：US18348946

申请日：2023-07-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li HU ,  Rong WU

IPC: H04W12/033 ,  H04W36/00

CPC classification number: H04W12/033 ,  H04W36/0011

Abstract: Embodiments of this application disclose a security policy processing method, to implement a best-effort on-demand user plane security activation mechanism in a network in which there is a core network element that does not support on-demand user plane security protection. The security policy processing method in embodiments of this application includes: A target 1 receives a message #50-2 from a core network device #30-1, where the message #50-2 includes container information from a source access network device. The target access network device determines a user plane security activation status between the target access network device and a terminal device based on the message #50-2, where the user plane security activation status indicates whether user plane ciphering protection is activated and/or whether user plane integrity protection is activated.