-
公开(公告)号:US20200029217A1
公开(公告)日:2020-01-23
申请号:US16588599
申请日:2019-09-30
Applicant: Huawei Technologies Co., Ltd.
Abstract: This application provides a user authentication method and an apparatus. Before establishing, for a terminal device, a session used to transmit service data, an SMF entity receives a session establishment request message; determines, based on the session establishment request message, to perform user authentication on a user using the terminal device; and sends a session establishment message to a UPF entity, where the session establishment message is used to establish a first session for the terminal device, and a session attribute of the first session is: a session used to transmit only a user authentication message. Subsequently, the terminal device and an AAA server transmit the user authentication message through the first session, to complete user authentication.
-
公开(公告)号:US20190274051A1
公开(公告)日:2019-09-05
申请号:US16404163
申请日:2019-05-06
Applicant: Huawei Technologies Co., Ltd.
Abstract: A security protection method and an apparatus to implement security protection for a plurality of non-access stratum (NAS) connection links. The method includes determining, by a terminal, a first parameter, where the first parameter is used to indicate an access technology used to transmit a non-access stratum NAS message. The terminal can support at least two access technologies, and can separately maintain a corresponding NAS COUNT for each of the at least two access technologies. The method further includes performing, by the terminal, security protection on the NAS message based on the first parameter, a NAS key, and a NAS COUNT corresponding to an access technology used to transmit the NAS message. This application is applicable to a process of performing security protection on a NAS message.
-
公开(公告)号:US12273344B2
公开(公告)日:2025-04-08
申请号:US17674607
申请日:2022-02-17
Applicant: Huawei Technologies Co., Ltd.
Abstract: A communication method, apparatus, and system are provided, to resolve problems in a conventional technology that an AKMA authentication procedure is complex and signaling overheads are large. Principles of the method are as follows: In a registration procedure of a terminal device, AKMA authentication is implicitly indicated based on primary authentication. For example, if primary authentication succeeds, it may be considered that AKMA authentication also succeeds. In addition, an AKMA temporary identifier is allocated to the terminal device after AKMA authentication succeeds. According to the method, apparatus, and system in this application, no additional AKMA authentication is required. This simplifies a procedure and reduces signaling overheads.
-
公开(公告)号:US12256005B2
公开(公告)日:2025-03-18
申请号:US17954167
申请日:2022-09-27
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: He Li , Rong Wu , Yizhuang Wu
Abstract: This application provides a communication system, method, and apparatus. The system is applied to implement authentication and key management for applications (AKMA) service-based data transmission between a terminal device and an application function network element. The system includes an AKMA anchor function network element and a network exposure function network element. The network exposure function network element obtains first identification information from a unified data management network element, where the first identification information is used to determine an authentication server function network element corresponding to the terminal device, and sends the first identification information to the AKMA anchor function network element. The AKMA anchor function network element obtains, from the unified data management network element based on the first identification information, identification information of the authentication server function network element corresponding to the terminal device.
-
公开(公告)号:US20250048076A1
公开(公告)日:2025-02-06
申请号:US18922273
申请日:2024-10-21
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: He Li , Rong Wu , Ao Lei , Yizhuang Wu
Abstract: A communication method and apparatus are provided. The method may include: A mobility management network element receives a transaction identifier of a remote terminal device and a name of a data network from a relay terminal device. The mobility management network element determines a subscription permanent identifier of the remote terminal device based on the transaction identifier, and then sends the subscription permanent identifier and the name of the data network to a session management network element. After receiving the subscription permanent identifier and the name of the data network, the session management network element determines, by using a data management network element based on the subscription permanent identifier and the name of the data network, whether to perform secondary authentication on the remote terminal device. Whether to perform secondary authentication on the remote terminal device can be determined by using the provided solution.
-
Patent Agency Ranking
公开(公告)号:US12218983B2
公开(公告)日:2025-02-04
申请号:US16990317
申请日:2020-08-11
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Abstract: Embodiments of this application provide security protection methods and apparatuses. One method includes: obtaining, by a master station, a user plane security policy, wherein the user plane security policy indicates whether to activate a user plane security protection, the master station communicates with a secondary station under a dual connectivity scenario; sending, by the master station, a message comprising the user plane security policy to the secondary station; receiving, by the secondary station, the message from the master station; and determining, by the secondary station, a user plane security algorithm based on the user plane security policy.
-
公开(公告)号:US20240357361A1
公开(公告)日:2024-10-24
申请号:US18759815
申请日:2024-06-29
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Ahmad Shawky Muhanna , He Li , Mazin Ali Al-Shalash
CPC classification number: H04W12/60 , H04L63/205
Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.
-
公开(公告)号:US12047781B2
公开(公告)日:2024-07-23
申请号:US17683022
申请日:2022-02-28
Applicant: Huawei Technologies Co., Ltd.
Inventor: Ahmad Shawky Muhanna , He Li , Mazin Ali Al-Shalash
CPC classification number: H04W12/60 , H04L63/205
Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.
-
公开(公告)号:US20240179519A1
公开(公告)日:2024-05-30
申请号:US18431568
申请日:2024-02-02
Applicant: Huawei Technologies Co., Ltd.
IPC: H04W12/06 , H04W12/041 , H04W12/0431
CPC classification number: H04W12/06 , H04W12/041 , H04W12/0431
Abstract: Embodiments of this application disclose a communication method and a related apparatus. The method includes: A UDM receives a plurality of authentication vector obtaining request messages from one or more AUSFs for same UE, where the plurality of authentication vector obtaining request messages are for obtaining authentication vectors corresponding to the UE; and the UDM sequentially processes the plurality of authentication vector obtaining request messages, to avoid a problem that subsequently an intermediate key Kausf stored on the UE and an intermediate key Kausf stored on a network device side are out of synchronization because the UE receives a plurality of NAS SMC messages or EAP-Success messages whose receiving time sequence is uncontrollable.
-
公开(公告)号:US20230354013A1
公开(公告)日:2023-11-02
申请号:US18348473
申请日:2023-07-07
Applicant: Huawei Technologies Co., Ltd.
Inventor: He Li , Yizhuang Wu , Rong Wu
Abstract: A method includes: User equipment determines whether confidentiality protection is activated for communication data between the user equipment and an application function device. The user equipment sends a user plane message to the application function device. The user plane message includes an identifier of the user equipment, and the identifier is an encrypted identifier in a case in which the confidentiality protection is inactivated.
-
-
-
-
-
-
-
-
-
Search Results
87
records
(took 0.037 seconds)
