公开(公告)号：US10856141B2

公开(公告)日：2020-12-01

申请号：US16520369

申请日：2019-07-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan

IPC: H04L29/06 ,  H04W12/00 ,  H04W76/18 ,  H04W12/04 ,  H04W12/10

Abstract: A security protection negotiation method and a network element are disclosed, to implement, based on a 5G network architecture, negotiation between UE and a UPF to start user plane security protection for a current session. The method includes: determining, by an SMF, security protection information used on a user plane in a current session process; sending, by the SMF to UE, a first message including the security protection information used on the user plane; performing, by the UE, integrity protection authentication on the first message based on the security protection information used on the user plane; when the authentication performed by the UE on the first message succeeds, starting, by the UE, user plane security protection, and sending, to the SMF, a second message used to indicate that the authentication performed by the UE on the first message succeeds.

公开(公告)号：US10826688B2

公开(公告)日：2020-11-03

申请号：US15905494

申请日：2018-02-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan ,  Philip Ginzboorg

IPC: H04W12/04 ,  H04L9/08 ,  H04L29/06 ,  H04L9/14 ,  H04L29/08 ,  H04W12/08

Abstract: A key distribution and receiving method includes obtaining, by a first key management center, NAF key information of the first network element and a NAF key of the first network element, wherein the NAF key information of the first network element is information required to obtain the NAF key of the first network element. A service key is obtained. Using the NAF key of the first network element to perform encryption and/or integrity protection on the service key, a first security protection parameter is generated. A first generic bootstrapping architecture GBA push message is sent to the first network element. The GBA push message carries the first security protection parameter and the NAF key information of the first network element.

公开(公告)号：US20190274038A1

公开(公告)日：2019-09-05

申请号：US16409207

申请日：2019-05-10

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Lu Gan ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04W12/04 ,  H04W36/00 ,  H04W36/08 ,  H04W12/00

Abstract: A security implementation method includes receiving, by a first network element, a request for handing over user equipment from a source access network device to a target access network device to perform communication. The method further includes obtaining, by the first network element, a security key, where the security key is used for protecting the communication between the user equipment and the target access network device after the user equipment is handed over from the source access network device to the target access network device, and sending, by the first network element, the security key to the target access network device.

公开(公告)号：US10320917B2

公开(公告)日：2019-06-11

申请号：US15146690

申请日：2016-05-04

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Chengdong He ,  Lu Gan

IPC: H04L29/08 ,  H04L9/08 ,  H04W12/04 ,  H04L29/06 ,  H04W76/14

Abstract: A method and apparatus of key negotiation processing, which includes acquiring, by a control network element, a first key negotiation parameter and a second key negotiation parameter, and sending, by the control network element, the first key negotiation parameter and/or the second key negotiation parameter to the first user equipment UE and a second UE such that the first UE and the second UE generate a key according to the first key negotiation parameter and the second key negotiation parameter. Key negotiation may be performed between two UEs that perform proximity communication.

公开(公告)号：US10277513B2

公开(公告)日：2019-04-30

申请号：US15277820

申请日：2016-09-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Xing Tong

IPC: H04L12/803 ,  H04L12/891 ,  H04L12/64 ,  H04L12/751

Abstract: A packet forwarding method, system, and apparatus are provided. The method includes: determining that a total number of links is an integral power of 2, wherein the total number of links is a sum of a number of added virtual link and a number of actual links for forwarding a data packet; calculating a hash value of the data packet, and calculating a remainder of the hash value divided by the total number of links; and if the remainder corresponds to a virtual link, calculating another hash value of the data packet, returning back to the step of calculating a remainder, performing the above operations cyclically until the remainder corresponds to an actual link, and forwarding the data packet on the actual link.

公开(公告)号：US10028136B2

公开(公告)日：2018-07-17

申请号：US15143095

申请日：2016-04-29

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Chengdong He ,  Lu Gan

IPC: H04L29/06 ,  H04W12/04 ,  H04L9/08 ,  H04W76/14

CPC classification number: H04W12/04 ,  H04L9/0816 ,  H04L63/205 ,  H04W76/14

Abstract: A negotiation processing method for a security algorithm, a control network element, and a control system where the negotiation processing method for a security algorithm includes selecting, by a control network element according to a security capability of first user equipment (UE) and a security capability of second UE, a security algorithm supported by both the first UE and the second UE, and notifying, by the control network element, the selected security algorithm to the first UE and the second UE, and hence, negotiation of a security algorithm between two UEs in proximity communication can be implemented under the control of a control network element.

公开(公告)号：US20140153442A1

公开(公告)日：2014-06-05

申请号：US14173415

申请日：2014-02-05

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Nan Jiang ,  Wenbo Guo ,  Yong Luo ,  Xinglin Huang

IPC: H04L12/24 ,  H04L12/931

CPC classification number: H04L41/0853 ,  H04L12/4675 ,  H04L12/4679 ,  H04L41/0813 ,  H04L41/12 ,  H04L41/26 ,  H04L45/66 ,  H04L49/70

Abstract: The present disclosure provides a method, a device, and a system for packet processing, where the method includes: receiving a protocol packet from a downstream device, where the protocol packet carries uplink port information of the downstream device and the user VLAN of the downstream device; learning port types of the present device based on the uplink port information and classifying the user VLAN of the present device and the user VLAN of the downstream device based on the user VLAN of the downstream device; and forwarding the received packet based on configuration information stored on the present device, where the port type or types to which each VLAN type can be added are specified in the configuration information.

Abstract translation: 本公开提供了一种用于分组处理的方法，设备和系统，其中所述方法包括：从下游设备接收协议分组，其中所述协议分组携带所述下游设备的下行端口信息和所述下游设备的用户VLAN 设备; 基于上行端口信息，根据下游设备的用户VLAN对当前设备的用户VLAN和下游设备的用户VLAN进行分类; 并且根据存储在本设备上的配置信息转发接收到的分组，其中在配置信息中指定可以添加每种VLAN类型的端口类型。