公开(公告)号：US10944786B2

公开(公告)日：2021-03-09

申请号：US16552530

申请日：2019-08-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jing Chen ,  Qi Li ,  Lin Shu

IPC: H04W12/10 ,  H04L29/06 ,  H04W12/08 ,  H04W12/12 ,  H04L9/32 ,  H04W8/24 ,  H04W12/04 ,  H04W12/06

Abstract: The present disclosure relates to mobile communications technologies, and in particular, to a mobile communication method, apparatus, and device. The method includes receiving, by user equipment (UE), a non-access stratum (NAS) security mode command message from a mobility management entity (MME), where the NAS security mode command message carries first verification matching information used to verify UE capability information received by the MME, determining, by the UE based on the first verification matching information, whether the UE capability information received by the MME is consistent with UE capability information sent by the UE to the MME, and, if the UE capability information received by the MME is consistent with the UE capability information sent by the UE to the MME, sending, by the UE, a NAS security mode complete message to the MME.

公开(公告)号：US20210067954A1

公开(公告)日：2021-03-04

申请号：US17023748

申请日：2020-09-17

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li Hu ,  Jing Chen ,  He Li ,  Kai Pan

IPC: H04W12/00 ,  H04L29/06 ,  H04W8/20 ,  H04W12/06

Abstract: The present disclosure discloses a communication method performed by a management function entity, including: receiving a first request message sent by user equipment UE; sending a second request message to a storage function entity based on the first request message, where the second request message is used to request a security service identifier for the UE, and the security service identifier is used to indicate a security service procedure; receiving a response message including the security service identifier from the storage function entity; obtaining a target security service identifier based on the security service identifier, where the target security service identifier is used to indicate a security service procedure to be initiated by the management function entity; and initiating the security service procedure indicated by the target security service identifier. The present disclosure further discloses a communications device.

公开(公告)号：US10904764B2

公开(公告)日：2021-01-26

申请号：US16874306

申请日：2020-05-14

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jing Chen

IPC: H04W12/10 ,  H04W12/00 ,  H04L29/06 ,  H04W12/04 ,  H04W12/12

Abstract: A security protection method and an apparatus to implement security protection for a plurality of non-access stratum (NAS) connection links. The method includes determining, by a terminal, a first parameter, where the first parameter is used to indicate an access technology used to transmit a non-access stratum NAS message. The terminal can support at least two access technologies, and can separately maintain a corresponding NAS COUNT for each of the at least two access technologies. The method further includes performing, by the terminal, security protection on the NAS message based on the first parameter, a NAS key, and a NAS COUNT corresponding to an access technology used to transmit the NAS message.

公开(公告)号：US10904750B2

公开(公告)日：2021-01-26

申请号：US16383087

申请日：2019-04-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing Chen ,  Kai Pan ,  He Li

IPC: H04W8/08 ,  H04W12/04 ,  H04W76/25 ,  H04W12/06 ,  H04W60/00 ,  H04W76/11

Abstract: In a method for security handling in a mobility of a terminal device, a target access and mobility management function (AMF) entity receives a first message for registering a terminal device, sends a second message to a source AMF entity after receiving the first message. The source AMF entity derives a first key based on a key between the source AMF entity and the terminal device, sends the first key to the target AMF entity. The target AMF entity determines to use the first key based on security related information after receiving the first key and determines a communication key between the target AMF entity and the terminal device based on the first key after determining to use the first key.

公开(公告)号：US10805793B2

公开(公告)日：2020-10-13

申请号：US16585978

申请日：2019-09-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li Hu ,  Jing Chen ,  He Li ,  Kai Pan

IPC: H04W12/06 ,  H04W12/00 ,  H04L29/06 ,  H04W8/20

Abstract: The present disclosure discloses a communication method performed by a management function entity, including: receiving a first request message sent by user equipment UE; sending a second request message to a storage function entity based on the first request message, where the second request message is used to request a security service identifier for the UE, and the security service identifier is used to indicate a security service procedure; receiving a response message including the security service identifier from the storage function entity; obtaining a target security service identifier based on the security service identifier, where the target security service identifier is used to indicate a security service procedure to be initiated by the management function entity; and initiating the security service procedure indicated by the target security service identifier. The present disclosure further discloses a communications device.

公开(公告)号：US10798579B2

公开(公告)日：2020-10-06

申请号：US16728764

申请日：2019-12-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jing Chen ,  Li Hu

IPC: H04W8/08 ,  H04W12/10 ,  H04W76/27 ,  H04W80/10 ,  H04W12/04 ,  H04L29/06 ,  H04W92/10 ,  H04W12/08 ,  H04W12/00 ,  H04W12/02

Abstract: A communication method and a related apparatus, where a base station obtains a security policy, where the security policy includes integrity protection indication information, and where the integrity protection indication information is used to instruct the base station whether to enable integrity protection for a terminal device. When the integrity protection indication information instructs the base station to enable integrity protection for the terminal device, the base station sends a target user plane integrity protection indication information to the terminal device.

公开(公告)号：US20200314140A1

公开(公告)日：2020-10-01

申请号：US16901176

申请日：2020-06-15

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yong Wang ,  Li Hu ,  Jing Chen

IPC: H04L29/06 ,  H04W24/08 ,  H04W12/12 ,  H04W60/06

Abstract: This disclosure provides a device monitoring method and apparatus and a deregistration method and apparatus. The device monitoring apparatus has a capability of obtaining signaling plane data exchanged between a core network element and a terminal device, and after obtaining the signaling plane data, the device monitoring apparatus can determine, by analyzing attribute information of the signaling plane data, a device that may initiate a DoS attack.

公开(公告)号：US20190306706A1

公开(公告)日：2019-10-03

申请号：US16443723

申请日：2019-06-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04W12/04 ,  H04L9/08 ,  H04L29/06

Abstract: Embodiments of the present invention disclose a key exchange method and apparatus. A network device acquires a first key, and sends a message including the first key to a second user equipment, so that the second user equipment uses, when communicating with a first user equipment by using a D2D link, the first key to protect transmitted information.

公开(公告)号：US20190268753A1

公开(公告)日：2019-08-29

申请号：US16383087

申请日：2019-04-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing Chen ,  Kai Pan ,  He Li

IPC: H04W8/08 ,  H04W60/00 ,  H04W76/11 ,  H04W12/04 ,  H04W76/25 ,  H04W12/06

Abstract: In a method for security handling in a mobility of a terminal device; a target access and mobility management function (AMF) entity receives a first message for registering a terminal device, sends a second message to a source AMF entity after receiving the first message. The source AMF entity derives a first key based on a key between the source AMF entity and the terminal device, sends the first key to the target AMF entity. The target AMF entity determines to use the first key based on security related information after receiving the first key and determines a communication key between the target AMF entity and the terminal device based on the first key after determining to use the first key.

公开(公告)号：US20190253403A1

公开(公告)日：2019-08-15

申请号：US16388326

申请日：2019-04-18

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jing Chen ,  Huan Li ,  Yizhuang Wu

IPC: H04L29/06 ,  H04L9/30

Abstract: This application relates to the field of communications technologies, and discloses a network authentication triggering system, method and a related device. The method includes: receiving a first message from a terminal, where the first message carries first identity information and identifier information, the first identity information is encrypted identity information, and the identifier information is used to identify an encryption manner of the first identity information; and sending a second message to a first security function entity, where the second message is used to trigger authentication for the terminal, and the second message carries the identifier information. This application provides a solution of triggering an authentication process when identity information is encrypted.