公开(公告)号：US20160249209A1

公开(公告)日：2016-08-25

申请号：US15143095

申请日：2016-04-29

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Chengdong He ,  Lu Gan

IPC: H04W12/04 ,  H04L9/08

CPC classification number: H04W12/04 ,  H04L9/0816 ,  H04L63/205 ,  H04W76/14

Abstract: A negotiation processing method for a security algorithm, a control network element, and a control system where the negotiation processing method for a security algorithm includes selecting, by a control network element according to a security capability of first user equipment (UE) and a security capability of second UE, a security algorithm supported by both the first UE and the second UE, and notifying, by the control network element, the selected security algorithm to the first UE and the second UE, and hence, negotiation of a security algorithm between two UEs in proximity communication can be implemented under the control of a control network element.

Abstract translation: 一种用于安全算法的协商处理方法，控制网元和控制系统，其中安全算法的协商处理方法包括：根据第一用户设备（UE）的安全能力和安全性 第二UE的能力，由第一UE和第二UE支持的安全算法，以及由控制网元向所述第一UE和所述第二UE通知所选择的安全算法，并且因此在所述第一UE和所述第二UE之间进行安全算法的协商 接近通信中的两个UE可以在控制网元的控制下实现。

公开(公告)号：US20160248857A1

公开(公告)日：2016-08-25

申请号：US15146690

申请日：2016-05-04

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Chengdong He ,  Lu Gan

IPC: H04L29/08 ,  H04L9/08

CPC classification number: H04L67/141 ,  H04L9/0838 ,  H04L63/06 ,  H04L69/24 ,  H04L2209/80 ,  H04W12/04 ,  H04W76/14

Abstract: A method and apparatus of key negotiation processing, which includes acquiring, by a control network element, a first key negotiation parameter and a second key negotiation parameter, and sending, by the control network element, the first key negotiation parameter and/or the second key negotiation parameter to the first user equipment UE and a second UE such that the first UE and the second UE generate a key according to the first key negotiation parameter and the second key negotiation parameter. Key negotiation may be performed between two UEs that perform proximity communication.

Abstract translation: 一种密钥协商处理的方法和装置，包括由控制网元获取第一密钥协商参数和第二密钥协商参数，并由控制网元发送第一密钥协商参数和/或第二密钥协商参数 密钥协商参数给第一用户设备UE和第二UE，使得第一UE和第二UE根据第一密钥协商参数和第二密钥协商参数生成密钥。 可以在执行邻近通信的两个UE之间执行密钥协商。

公开(公告)号：US20130100876A1

公开(公告)日：2013-04-25

申请号：US13712483

申请日：2012-12-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Chengdong He

IPC: H04W88/04

CPC classification number: H04W88/04 ,  H04W12/08

Abstract: A method, a base station, a mobility management entity, and a system can be used for implementing service processing. The method includes acquiring the type of a subscribed user. If the type of the subscriber user is a UE, an S1-AP response message is sent to a Relay node and an access stratum AS security mechanism and/or a network domain security mechanism are used with the Relay node. If the type of the subscriber user is a relay base station Relay, radio resource control RRC reconfiguration process is initiated with the Relay node and an AS security mechanism is used with the Relay node.

Abstract translation: 可以使用方法，基站，移动性管理实体和系统来实现服务处理。 该方法包括获取订阅用户的类型。 如果用户用户的类型是UE，则向中继节点发送S1-AP响应消息，并且与中继节点一起使用接入层AS安全机制和/或网络域安全机制。 如果用户用户的类型是中继基站中继，则使用中继节点发起无线资源控制RRC重配置过程，并且与中继节点一起使用AS安全机制。

公开(公告)号：US11595817B2

公开(公告)日：2023-02-28

申请号：US16834185

申请日：2020-03-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chengdong He ,  Hua Li

IPC: G06F17/00 ,  H04L29/06 ,  H04W12/06 ,  H04W12/04 ,  H04W12/37

Abstract: Embodiments of this application provide an authentication method, device, and system, to resolve problems of wastage of performance and memory resources that may be caused by remaining n−1 unused authentication vectors (AVs). The method includes: receiving, by an authentication entity, n first authentication vectors from a unified data management entity, where n is a positive integer; generating, by the authentication entity, n second authentication vectors based on the n first authentication vectors; sending, by the authentication entity, one of the n second authentication vectors to a security anchor function entity; receiving, by the authentication entity, an authentication confirmation request from the security anchor function entity, and performing authentication confirmation on the terminal according to the authentication confirmation request; and sending, by the authentication entity, the other n−1 unused second authentication vectors in the n second authentication vectors to the security anchor function entity when the authentication confirmation succeeds.

公开(公告)号：US11503467B2

公开(公告)日：2022-11-15

申请号：US17185467

申请日：2021-02-25

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Hua Li ,  Chengdong He ,  Bo Zhang

IPC: H04W12/06 ,  H04W8/02 ,  H04W12/63 ,  H04L12/28

Abstract: Example authentication methods, devices, and systems are provided, where those example can be used to verify validity of access location information of a next generation-residential gateway (NG-RG) in a fixed-mobile convergence architecture. One example method includes a network device receiving first link information that is used to represent an access location of a residential gateway, and the network device obtaining second link information of the residential gateway. When the first link information matches partial or all information of the second link information, or when the first link information matches partial or all information of one link information of the second link information, the network device verifies validity of the access location of the residential gateway.

公开(公告)号：US11405780B2

公开(公告)日：2022-08-02

申请号：US16924412

申请日：2020-07-09

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chengdong He ,  Hua Li

IPC: H04L9/08 ,  H04L9/30 ,  H04W12/00 ,  H04W12/04 ,  H04W12/08 ,  H04W60/00 ,  H04W12/0433 ,  H04W12/037 ,  H04W12/40 ,  H04W84/04

Abstract: A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.

公开(公告)号：US11089479B2

公开(公告)日：2021-08-10

申请号：US16288121

申请日：2019-02-28

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chengdong He

IPC: H04W8/04 ,  H04W12/122 ,  H04L29/06 ,  H04W76/11 ,  H04W8/08 ,  H04W12/67 ,  H04W84/04

Abstract: A signaling attack prevention method and apparatus is provided. The signaling attack prevention method can include receiving a Diameter request message sent by a mobility management entity (MME) or a serving general packet radio service (GPRS) support node (SGSN); and determining whether the Diameter request message is received through a roaming interface. When the Diameter request message is received from the roaming interface, the signaling attack prevention method can include determining whether a characteristic parameter of the Diameter request message is valid; and if the characteristic parameter of the Diameter request message is invalid, the method can include discarding Diameter request message or returning, to the MME or the SGSN, a Diameter response message carrying an error code. In this way, a hacker can be effectively prevented from attacking an HSS or an edge node by using each attack path, and communication security is improved.

公开(公告)号：US10548012B2

公开(公告)日：2020-01-28

申请号：US15408684

申请日：2017-01-18

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Chengdong He

IPC: H04L29/00 ,  H04W12/08 ,  H04L29/06 ,  H04W60/04 ,  H04W12/04 ,  H04M1/66 ,  H04W8/02 ,  H04W8/22 ,  H04W12/06 ,  H04W80/02 ,  H04W88/12

Abstract: A method for negotiating security capabilities during movement of a User Equipment (UE) includes the following steps: a target network entity receives a Routing Area Update (RAU) Request from the UE; the entity obtains Authentication Vector (AV)-related keys deduced according to a root key, and sends the selected security algorithm to the UE; and the UE deduces the AV-related keys according to the root key of the UE. A system, SGSN, and MME for negotiating security capabilities during movement of a UE are also disclosed. The present invention is applicable to security capability negotiation between the UE and the network.

公开(公告)号：US10320917B2

公开(公告)日：2019-06-11

申请号：US15146690

申请日：2016-05-04

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Chengdong He ,  Lu Gan

IPC: H04L29/08 ,  H04L9/08 ,  H04W12/04 ,  H04L29/06 ,  H04W76/14

Abstract: A method and apparatus of key negotiation processing, which includes acquiring, by a control network element, a first key negotiation parameter and a second key negotiation parameter, and sending, by the control network element, the first key negotiation parameter and/or the second key negotiation parameter to the first user equipment UE and a second UE such that the first UE and the second UE generate a key according to the first key negotiation parameter and the second key negotiation parameter. Key negotiation may be performed between two UEs that perform proximity communication.

公开(公告)号：US20180310170A1

公开(公告)日：2018-10-25

申请号：US16023324

申请日：2018-06-29

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Chengdong He

IPC: H04W12/04 ,  H04W36/00 ,  H04L29/06 ,  H04L9/08 ,  H04W12/10 ,  H04W8/02 ,  H04W12/12

CPC classification number: H04W12/04 ,  H04L9/0844 ,  H04L9/088 ,  H04L63/0492 ,  H04L63/062 ,  H04L63/0876 ,  H04L63/1441 ,  H04L63/20 ,  H04L63/205 ,  H04L69/24 ,  H04L2463/061 ,  H04W8/02 ,  H04W12/10 ,  H04W12/12 ,  H04W36/0038

Abstract: A communication method includes receiving by a SGSN a context request message from a mobility management entity (MME), obtaining by the SGSN an authentication vector-related key, and calculating by the SGSN a root key according to the authentication vector-related key. In addition, the method further includes sending by the SGSN a context response message including the root key to the MME, wherein the MME derives a NAS protection key according to the root key.