公开(公告)号：US20250063356A1

公开(公告)日：2025-02-20

申请号：US18937664

申请日：2024-11-05

Applicant: Huawei Technologies Co., Ltd.

Inventor： Longhua Guo ,  Rong Wu

IPC: H04W12/06 ,  H04W76/40

Abstract: This application provides a communication method and apparatus. The method may include: A terminal device obtains first indication information, where the first indication information indicates at least one multicast key transmission procedure, each multicast key transmission procedure is a communication procedure that is supported by a network side and that is used to transmit a multicast key to the terminal device, and the multicast key is a security transmission key of a multicast session between the terminal device and a first content delivery network element. The terminal device obtains service data from a core network based on a support case of the terminal device for the at least one multicast key transmission procedure.

公开(公告)号：US20240244436A1

公开(公告)日：2024-07-18

申请号：US18620252

申请日：2024-03-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Li Hu ,  He Li ,  Rong Wu

IPC: H04W12/106 ,  H04W12/041 ,  H04W12/69

CPC classification number: H04W12/106 ,  H04W12/041 ,  H04W12/69

Abstract: This application provides a communication method and apparatus, to implement on-demand user plane integrity protection in a 4G network. The method includes: When a first condition is met, an access network device of a first network standard obtains user plane integrity protection indication information and an integrity protection algorithm identifier of a second network standard, sends a first message including the user plane integrity protection indication information and the integrity protection algorithm identifier to a terminal device, and activates user plane integrity protection for a first DRB based on a first key and the integrity protection algorithm. The first condition includes: determining to establish the first DRB between the access network device and the terminal device, and determining to enable the user plane integrity protection for the first DRB. The user plane integrity protection indication information indicates to enable the user plane integrity protection for the first DRB.

公开(公告)号：US20240214365A1

公开(公告)日：2024-06-27

申请号：US18452575

申请日：2023-08-21

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He Li ,  Ao Lei ,  Rong Wu

IPC: H04L9/40

CPC classification number: H04L63/08

Abstract: This application provides a communication method and apparatus. The method includes: A first network element receives a first request message from a second network element, where the first request message is used to request to perform a first operation on a first terminal device. The first network element determines, based on the first request message, whether the second network element is authorized to request to perform the first operation on the first terminal device. Whether a network element that sends a request message is authorized to request to perform a related operation is verified, to determine whether the network element is an attacker. This reduces impact on a system service resulting from requests of an attacker and improves system security.

公开(公告)号：US20240171970A1

公开(公告)日：2024-05-23

申请号：US18427313

申请日：2024-01-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Longhua Guo ,  Yuanping Zhu ,  Rong Wu

IPC: H04W12/041 ,  H04W12/033 ,  H04W12/037 ,  H04W12/08

CPC classification number: H04W12/041 ,  H04W12/033 ,  H04W12/037 ,  H04W12/08

Abstract: This application provides a key determining method, and a communication apparatus. The method is applied to a donor node central unit which contains a control plane entity and a user plane entity, and the method includes: deriving a first key based on a root key, an internet protocol (IP) address of a distributed unit of an integrated access and backhaul node, and a first IP address of the user plane entity; and sending a first message to the user plane entity, wherein the first message comprises the first key. According to this application, a user plane secure transmission channel may be established between the user plane entity and the distributed unit based on the first key.

公开(公告)号：US11824981B2

公开(公告)日：2023-11-21

申请号：US17696093

申请日：2022-03-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan ,  Rong Wu ,  Shuaishuai Tan

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04W12/06 ,  H04W88/14 ,  H04W8/00 ,  H04L67/51

CPC classification number: H04L9/088 ,  H04L9/3247 ,  H04L63/0435 ,  H04W12/06

Abstract: A discovery method and apparatus based on a service-based architecture, where the method includes a control network element sending a discovery response to a first functional network element, where the discovery response includes a determined security parameter and an access address or an identifier of a second functional network element. The first functional network element receives the discovery response from the control network element, and sends an access request to the second functional network element based on the address or the identifier of the second functional network element, where the access request includes the received security parameter. The second functional network element receives the access request from the first functional network element, verifies correctness of the security parameter, and determines, based on the correctness of the security parameter, whether the access request is authorized by the first functional network element.

公开(公告)号：US20230362636A1

公开(公告)日：2023-11-09

申请号：US18348834

申请日：2023-07-07

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Rong Wu ,  Yizhuang Wu

IPC: H04W12/041 ,  H04W12/0433 ,  H04W12/06

CPC classification number: H04W12/041 ,  H04W12/0433 ,  H04W12/06

Abstract: An authentication management function AUSF receives an authentication request message from an access and mobility management function AMF, where the authentication request message carries a subscription concealed identifier SUCI. The AUSF sends an authentication vector get request message to a unified data management UDM function, where the authentication vector get request message carries the SUCI. The AUSF receives an authentication vector get response message from the UDM, where the authentication vector get response message includes authentication and key management for application AKMA indication information. The AUSF generates, based on the AKMA indication information, an authentication and key management for application-key identifier based on a routing indicator RID in the SUCI.

公开(公告)号：US20220353680A1

公开(公告)日：2022-11-03

申请号：US17852858

申请日：2022-06-29

Applicant: Huawei Technologies Co., Ltd.

Inventor： Li Hu ,  Rong Wu

IPC: H04W12/06 ,  H04W76/10 ,  H04L9/40

Abstract: This application provides a communication method and apparatus. The method includes: a terminal sending first network information of a second network to a first network, where the first network information includes first indication information of the second network, and the first indication information indicating that the terminal requests to access the second network. The terminal performs onboarding delivery authentication of the second network through the first network. After onboarding delivery authentication of the second network succeeds, the terminal receives configuration information of the first network through the first network, and obtains a credential of the second network through the first network from an online sign-up server in the second network.

公开(公告)号：US20220278831A1

公开(公告)日：2022-09-01

申请号：US17696093

申请日：2022-03-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan ,  Rong Wu ,  Shuaishuai Tan

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04W12/06

Abstract: A discovery method and apparatus based on a service-based architecture, where the method includes a control network element sending a discovery response to a first functional network element, where the discovery response includes a determined security parameter and an access address or an identifier of a second functional network element. The first functional network element receives the discovery response from the control network element, and sends an access request to the second functional network element based on the address or the identifier of the second functional network element, where the access request includes the received security parameter. The second functional network element receives the access request from the first functional network element, verifies correctness of the security parameter, and determines, based on the correctness of the security parameter, whether the access request is authorized by the first functional network element.

公开(公告)号：US20220264305A1

公开(公告)日：2022-08-18

申请号：US17738785

申请日：2022-05-06

Applicant: Huawei Technologies Co., Ltd.

Inventor： Li Hu ,  Zhenglei Huang ,  Rong Wu

IPC: H04W12/106 ,  H04W12/037 ,  H04W60/04 ,  H04W76/19 ,  H04W76/20

Abstract: This application provides a method for protecting a truncated parameter and an apparatus, and relates to the field of communications technologies, to ensure security of a truncated parameter in a transmission process. The method includes the following steps: A mobility management network element determines whether a terminal that accesses a network meets a preset condition, where the preset condition includes that the terminal uses a control plane CIoT 5GS optimization function. The mobility management network element sends, to the terminal when the terminal meets the preset condition, a downlink NAS message on which NAS security protection is performed by using a NAS security context, where the downlink NAS message includes a truncated parameter. This application is applicable to a truncated parameter transmission process.

公开(公告)号：US11228908B2

公开(公告)日：2022-01-18

申请号：US16400032

申请日：2019-04-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Bo Zhang ,  Lu Gan ,  Rong Wu

IPC: H04W12/00 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10 ,  H04L29/06 ,  H04W28/06 ,  H04W12/08 ,  H04W12/033 ,  H04W12/041 ,  H04W12/069 ,  H04W12/106 ,  H04L9/32

Abstract: Embodiments of the present invention disclose a data transmission method and a related device and system. The system includes an access network device AN and user equipment UE. The AN is configured to receive a base key sent by a key management device in a core network, where the base key is a key generated from two-way authentication between the UE and the core; the AN and the UE are configured to process the base key according to a preset rule to generate an air interface protection key; the UE is configured to: protect a target field in an uplink protocol data unit PDU by using the air interface protection key; and the AN is configured to parse the target field in the uplink protocol data unit by using the air interface protection key.