公开(公告)号：US10205719B2

公开(公告)日：2019-02-12

申请号：US15274220

申请日：2016-09-23

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chengyan Feng ,  Jing Chen

IPC: H04L29/06 ,  H04L12/64 ,  G06F8/61 ,  H04L12/24

Abstract: The invention discloses a network function virtualization-based certificate configuration method, apparatus, and system. A virtualized network management entity obtains initial credential information of a virtualized network function entity; and installs the initial credential information onto the virtualized network function entity during or after instantiation of the virtualized network function entity, so that the virtualized network function entity obtains, from a certificate authority by using the initial credential information, a formal certificate issued by a network operator of the virtualized network function entity. The invention not only can apply to a network function virtualization scenario, but also can resolve a problem of a security risk in network function virtualization.

公开(公告)号：US09826398B2

公开(公告)日：2017-11-21

申请号：US14550629

申请日：2014-11-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing Chen

IPC: G06F7/04 ,  H04W12/04 ,  H04W84/12 ,  H04L29/06 ,  H04W76/02 ,  H04W12/06

CPC classification number: H04W12/04 ,  H04L63/06 ,  H04L2463/061 ,  H04W12/06 ,  H04W76/10 ,  H04W84/12

Abstract: The embodiments of the present invention provide a secure establishment method, system and device of a wireless local area network. The method includes: acquiring, by a UE, a first key; the first key is a shared key of the UE and a network element equipment in a mobile communication network to which the UE is accessed when implementing air interface security, or is derived according to the shared key; deriving, by the UE, according to the first key and a derivation parameter to acquire a derivation key; establishing, by the UE, according to the derivation key, secure connection with a WLAN node acquiring a derivation key, wherein the derivation key acquired by the WLAN node is the same as the derivation key acquired by the UE.

公开(公告)号：US09729523B2

公开(公告)日：2017-08-08

申请号：US14550734

申请日：2014-11-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing Chen ,  Yongfeng Deng ,  Aiqin Zhang ,  Jun Qin

IPC: H04L9/00 ,  H04L29/06 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08

CPC classification number: H04L63/0457 ,  G06F21/34 ,  G06F21/602 ,  G06F2221/2103 ,  G06F2221/2107 ,  G06F2221/2111 ,  H04L9/12 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/205 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08

Abstract: A method, network element, and mobile station (MS) are disclosed. The method includes: obtaining information that a plug-in card of the MS does not support a first encryption algorithm; deleting the first encryption algorithm from an encryption algorithm list permitted by a core network element according to the information that the plug-in card of the MS does not support the first encryption algorithm; sending the encryption algorithm list excluding the first encryption algorithm to an access network element, so that the access network element selects an encryption algorithm according to the encryption algorithm list excluding the first encryption algorithm and the MS capability information sent from the MS and sends the selected encryption algorithm to the MS. By using the method, network element, and MS, errors due to the fact that the plug-in card of the MS does not support an encryption algorithm may be avoided during the encryption process.

公开(公告)号：US09301147B2

公开(公告)日：2016-03-29

申请号：US14625789

申请日：2015-02-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen ,  Lijia Zhang ,  Zhuo Chen

IPC: H04K1/00 ,  H04W12/10 ,  H04W12/02 ,  H04W12/08 ,  H04L29/06 ,  H04L9/14 ,  H04W84/04 ,  H04W92/20

CPC classification number: H04W12/10 ,  H04L9/14 ,  H04L63/205 ,  H04W12/02 ,  H04W12/08 ,  H04W84/047 ,  H04W92/20

Abstract: A method and an apparatus for protecting data carried on an Un interface between a eNB and a relay node are disclosed. Three types of radio bearers (RBs) are defined over the Un interface: signaling radio bearers (SRBs) for carrying control plane signaling data, signaling-data radio bearers (s-DRBs) for carrying control plane signaling date; and data-data radio bearers (d-DRBs) for carrying user plane data. An integrity protection algorithm and an encryption algorithm are negotiated for control plane signaling data on an SRB, control plane signaling data carried on an s-DRB, and user plane data carried on a d-DRB. With the respective integrity protection algorithm and encryption algorithm, the data over the Un interface can be protected respectively. Therefore, the security protection on the Un interface is more comprehensive, and the security protection requirements of data borne over different RBs can be met.

公开(公告)号：US20160044002A1

公开(公告)日：2016-02-11

申请号：US14885235

申请日：2015-10-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jiangwei Ying ,  Jing Chen ,  LingIi Pang ,  Xiaoxiao Zheng

IPC: H04L29/06 ,  H04L12/06 ,  H04W12/04 ,  H04L9/14 ,  H04W76/04 ,  H04W76/02

CPC classification number: H04L63/0428 ,  H04L9/14 ,  H04L12/06 ,  H04L67/1097 ,  H04W4/70 ,  H04W12/02 ,  H04W12/04 ,  H04W12/10 ,  H04W88/02 ,  H04W88/12

Abstract: The present invention provides a data transmission method and apparatus, where the method includes: performing, by UE, security processing on a NAS PDU by using a security parameter and a security algorithm, where data to be transmitted is encapsulated in the NAS PDU; and sending, by the UE, the NAS PDU to a serving SGSN by using an RNC. The present invention can improve efficiency of transmitting a small data packet, and further provide a security mechanism to ensure security of transmitting the small data packet.

Abstract translation: 本发明提供一种数据传输方法和装置，其特征在于，该方法包括：通过使用安全参数和安全算法，通过UE对NAS PDU进行安全处理，其中要发送的数据被封装在NAS PDU中; 以及通过使用RNC将所述NAS PDU发送到服务SGSN。 本发明可以提高传输小数据分组的效率，并且还提供一种安全机制，以确保传输小数据分组的安全性。

公开(公告)号：US20150104020A1

公开(公告)日：2015-04-16

申请号：US14550734

申请日：2014-11-21

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jing Chen ,  Yongfeng Deng ,  Aiqin Zhang ,  Jun Qin

IPC: H04L29/06 ,  H04W12/04

CPC classification number: H04L63/0457 ,  G06F21/34 ,  G06F21/602 ,  G06F2221/2103 ,  G06F2221/2107 ,  G06F2221/2111 ,  H04L9/12 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/205 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08

Abstract: A method, network element, and mobile station (MS) are disclosed. The method includes: obtaining information that a plug-in card of the MS does not support a first encryption algorithm; deleting the first encryption algorithm from an encryption algorithm list permitted by a core network element according to the information that the plug-in card of the MS does not support the first encryption algorithm; sending the encryption algorithm list excluding the first encryption algorithm to an access network element, so that the access network element selects an encryption algorithm according to the encryption algorithm list excluding the first encryption algorithm and the MS capability information sent from the MS and sends the selected encryption algorithm to the MS. By using the method, network element, and MS, errors due to the fact that the plug-in card of the MS does not support an encryption algorithm may be avoided during the encryption process.

Abstract translation: 公开了一种方法，网元和移动台（MS）。 该方法包括：获得MS的插件卡不支持第一加密算法的信息; 根据MS的插件卡不支持第一加密算法的信息，从核心网元允许的加密算法列表中删除第一加密算法; 将不包括第一加密算法的加密算法列表发送到接入网元，使得接入网元根据除了第一加密算法之外的加密算法列表和从MS发送的MS能力信息选择加密算法，并发送所选择的 加密算法到MS。 通过使用该方法，网元和MS，由于MS的插件卡不支持加密算法的事实可能在加密处理期间被避免。

公开(公告)号：US20130258907A1

公开(公告)日：2013-10-03

申请号：US13898153

申请日：2013-05-20

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing Chen ,  Xiaobing Ye

IPC: H04W28/24

CPC classification number: H04W28/24

Abstract: Embodiments of the present invention pertain to the communications field and disclose a method, device, and system for managing quality of service. The method includes: receiving a service request; determining, according to configuration information, devices participating in negotiation on quality of service; and determining, according to a negotiation result of the devices participating in negotiation on quality of service, quality of service corresponding to the service request. The device includes: a receiving module, a first determining module and a second determining module. In the embodiments of the present invention, devices participating in negotiation on quality of service are determined according to configuration information, and the corresponding quality of service is determined according to the negotiation result of the devices participating in negotiation on quality of service, thereby not being limited to the subscription result of the HLR, and implementing flexible management for quality of service.

Abstract translation: 本发明的实施例涉及通信领域并且公开了一种用于管理服务质量的方法，设备和系统。 该方法包括：接收服务请求; 根据配置信息确定参与服务质量协商的设备; 以及根据参与服务质量协商的设备的协商结果确定与服务请求对应的服务质量。 该装置包括：接收模块，第一确定模块和第二确定模块。 在本发明的实施例中，根据配置信息确定参与服务质量的设备，根据参与服务质量的设备的协商结果来确定相应的服务质量，从而不 限于HLR的订阅结果，并实施灵活的服务质量管理。

公开(公告)号：US12058239B2

公开(公告)日：2024-08-06

申请号：US18453662

申请日：2023-08-22

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lijia Zhang ,  Jing Chen

IPC: G06F21/00 ,  H04L9/06 ,  H04L9/12 ,  H04L9/40 ,  H04W12/02 ,  H04W12/033 ,  H04W12/04 ,  H04W4/70

CPC classification number: H04L9/0656 ,  H04L9/12 ,  H04L63/10 ,  H04L63/104 ,  H04W12/02 ,  H04W12/033 ,  H04W12/04 ,  H04L2209/80 ,  H04W4/70

Abstract: A method, and related apparatuses are provided. The method comprises receiving an initial layer-3 message, wherein the initial layer-3 message comprises an indication indicating that a part of the initial layer-3 message is encrypted, and generating a keystream, wherein the keystream is used to decrypt the encrypted part of the initial layer-3 message.

公开(公告)号：US12003533B2

公开(公告)日：2024-06-04

申请号：US18355671

申请日：2023-07-20

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jing Chen ,  Qi Li ,  Lin Shu

IPC: H04L9/40 ,  H04L9/32 ,  H04W8/24 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W12/106 ,  H04W12/125

CPC classification number: H04L63/1466 ,  H04L9/3242 ,  H04L63/20 ,  H04W8/24 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W12/106 ,  H04W12/125

Abstract: The present disclosure relates to mobile communications technologies, and in particular, to a mobile communication method, apparatus, and device. The method includes: receiving, by user equipment UE, a non-access stratum NAS security mode command message from a mobility management entity MME, where the NAS security mode command message carries first verification matching information used to verify UE capability information received by the MIME; determining, by the UE based on the first verification matching information, whether the UE capability information received by the MME is consistent with UE capability information sent by the UE to the MIME; and if the UE capability information received by the MME is consistent with the UE capability information sent by the UE to the MME, sending, by the UE, a NAS security mode complete message to the MME.

公开(公告)号：US11989284B2

公开(公告)日：2024-05-21

申请号：US17066902

申请日：2020-10-09

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yong Wang ,  Kai Pan ,  Cuili Ge ,  Jing Chen

IPC: G06F21/54 ,  G06F9/54 ,  G06F21/51 ,  H04L67/133

CPC classification number: G06F21/54 ,  G06F9/547 ,  G06F21/51 ,  H04L67/133

Abstract: A service application programming interface (API) invoking method where a security method applied to an API exposing function entity is updated from an original security method to a new security method, and where the security method of the API exposing function entity is used for communication between the API exposing function entity and an invoker. The method includes: obtaining, by the invoker, a new security method of the API exposing function entity; and sending, by the invoker, a first invoking request to the API exposing function entity using the new security method, where the first invoking request includes a name of a service API, and where the first invoking request is used to invoke the service API.