公开(公告)号：US10924268B2

公开(公告)日：2021-02-16

申请号：US16382201

申请日：2019-04-12

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Haiguang Wang ,  Yanjiang Yang ,  Xin Kang ,  Zhongding Lei

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04W12/04 ,  H04L9/00 ,  H04W4/40

Abstract: A key distribution method is disclosed. In this method, a key request can be received by a key management system (KMS) from a mobile operator network element (MNO). The key request can carry a public key of UE. At least one PVT and one SSK can be allocated to the US based on an IBC ID. The at least one PVT and SSK can be encrypted based on the public key to generate ciphertext; and an object can be signed based on a preset digital signature private key (DSPK) to generate a digital signature. The object can include the public key and the ciphertext. Still, a signature validation public key associated with the DSPK can be determined and a key response can be returned to the MNO. The key response can carry the signature validation public key, the public key of the UE, the ciphertext, and the digital signature.

公开(公告)号：US20190141533A1

公开(公告)日：2019-05-09

申请号：US16239409

申请日：2019-01-03

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xin Kang ,  Haiguang Wang ,  Yanjiang Yang

IPC: H04W12/06 ,  H04L9/32 ,  H04W8/04 ,  H04W12/00 ,  H04W12/04 ,  H04L29/06

Abstract: Embodiments of the present disclosure disclose a network authentication method, a relay node, and a related system. The system includes user equipment, a relay node, and a cellular network authentication network element. The user equipment is configured to send a first authentication message to the relay node; the relay node is configured to receive first authentication messages, and generate first encrypted information by using an aggregation algorithm based on first encrypted identifiers in the first authentication; the cellular network authentication network element is configured to receive a first aggregation message, and when verifying, by using the first encrypted information, that information in the first aggregation message is correct, send a first response message to the relay node; and the user equipment is configured to generate a session key between the user equipment and the cellular network authentication network element when verifying that information in the first response message is correct.

公开(公告)号：US11917054B2

公开(公告)日：2024-02-27

申请号：US17819188

申请日：2022-08-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhongding Lei ,  Lichun Li ,  Bo Zhang ,  Fei Liu ,  Haiguang Wang ,  Xin Kang

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/40

CPC classification number: H04L9/0819 ,  H04L9/085 ,  H04L9/14 ,  H04L63/0428

Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.

公开(公告)号：US11909869B2

公开(公告)日：2024-02-20

申请号：US17304587

申请日：2021-06-23

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Xin Kang ,  Haiguang Wang ,  Zhongding Lei ,  Bo Zhang

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0841 ,  H04L9/0825 ,  H04L9/0869 ,  H04L9/3242

Abstract: Communication methods and apparatus are described. One communication method includes that user equipment (UE) sends an N1 message to a security anchor function (SEAF), where the N1 message carries a Diffie-Hellman (DH) public parameter or a DH public parameter index, the N1 message further carries an encrypted identifier of the UE, and the encrypted identifier is obtained by encrypting a permanent identifier of the UE and a first DH public key. The UE receives an authentication request that carries a random number and that is sent by the SEAF. The UE sends, to the SEAF, an authentication response used to respond to the authentication request, where the authentication response carries an authentication result calculated based on a root key and the random number.

公开(公告)号：US20230044476A1

公开(公告)日：2023-02-09

申请号：US17957906

申请日：2022-09-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding Lei ,  Haiguang Wang ,  Xin Kang

IPC: H04W12/50 ,  H04W12/069 ,  H04W12/108 ,  H04L9/32 ,  H04L9/30

Abstract: A terminal device verification method and an apparatus are provided. The method includes: A first network device receives a first message from a first terminal device. Then, the first network device verifies a pairing relationship between the first terminal device and a second terminal device. After the verification on the pairing relationship between the first terminal device and the second terminal device succeeds, the first network device sends a second message to the first terminal device, where the second message include first indication information, and the first indication information is used to indicate a pairing result of the first terminal device and the second terminal device. The pairing relationship between the first terminal device and the second terminal device is verified, so that the first terminal device and the second terminal device can be securely paired, to improve use security of the first terminal device and the second terminal device.

公开(公告)号：US20220030429A1

公开(公告)日：2022-01-27

申请号：US17498175

申请日：2021-10-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhongding Lei ,  Xin Kang ,  Haiguang Wang

IPC: H04W12/06 ,  H04W60/04 ,  H04W12/03 ,  H04W4/12

Abstract: An authentication method, apparatus, and device. The method includes sending, by a core network device, an authentication request message of a user to a data network device, where the authentication request message requests that the data network device perform identity authentication on the user, and receiving, by the core network device, an authentication response message sent by the data network device, where the authentication response message comprises first information, and the first information indicates user identity information of the user.