公开(公告)号：US09673974B2

公开(公告)日：2017-06-06

申请号：US14460748

申请日：2014-08-15

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04W12/02 ,  H04W12/04

CPC classification number: H04L9/0816 ,  H04L9/083 ,  H04L9/0861 ,  H04L63/06 ,  H04L63/205 ,  H04L2209/24 ,  H04L2463/061 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W36/0038

Abstract: Embodiments of the present invention discloses a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption. The present invention mainly applies to SCC security protection.

公开(公告)号：US20150026787A1

公开(公告)日：2015-01-22

申请号：US14509882

申请日：2014-10-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dongmei Zhang ,  Chunshan Xiong ,  Jing Chen

IPC: H04W12/06 ,  H04W12/08 ,  H04W12/04

CPC classification number: H04W12/06 ,  H04L63/205 ,  H04W12/04 ,  H04W12/08

Abstract: Disclose are an authentication method, device and system for a user equipment. The method comprises: first, a user equipment receiving a random value RAND and a cognitive code AUTN in an evolved packet system (EPS) authentication vector sent by a network side device; when an operating mode of the user equipment is a long-term evolved node LTE Hi operating mode, the user equipment performing authentication based on the RAND and the AUTN. In the authentication process, the user equipment ignores a verification result of a separation bit of an authentication management field (AMF) in the AUTN; or, the user equipment does not verify the separation bit of the AMF. The present disclosure is applicable to the field of communication systems.

Abstract translation: Disclose是用户设备的认证方法，设备和系统。 该方法包括：首先，在由网络侧设备发送的演进分组系统（EPS）认证向量中接收随机值RAND和认知代码AUTN的用户设备; 当用户设备的操作模式是长期演进节点LTE Hi操作模式时，用户设备基于RAND和AUTN进行认证。 在认证处理中，用户设备忽略AUTN中认证管理字段（AMF）的分离位的验证结果; 或者，用户设备不验证AMF的分离位。 本公开适用于通信系统领域。

公开(公告)号：US11483705B2

公开(公告)日：2022-10-25

申请号：US17100093

申请日：2020-11-20

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen ,  Yang Cui

IPC: H04L9/08 ,  H04W12/041 ,  H04W88/06 ,  H04W88/10 ,  H04L9/40 ,  H04W76/15

Abstract: In one example method for generating an access stratum key in a communication system, a terminal device acquires an input parameter, where the terminal device is communicably coupled to a first network-side device through a first air interface and at the same time is communicably coupled to a second network-side device through a second air interface. The terminal device has access to a core network via the first network-side device, and has access to the core network via the second network-side device which has access to the core network through the first network-side device. The terminal device calculates an access stratum root key of the second air interface according to the input parameter and an access stratum root key of the first air interface, and generates an access stratum key of the second air interface according to the access stratum root key of the second air interface.

公开(公告)号：US20190363879A1

公开(公告)日：2019-11-28

申请号：US16537330

申请日：2019-08-09

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04L29/06 ,  H04W12/02 ,  H04W36/00 ,  H04W12/08 ,  H04W12/06 ,  H04W12/04

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

公开(公告)号：US10397775B2

公开(公告)日：2019-08-27

申请号：US15890900

申请日：2018-02-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04W12/04 ,  H04L29/06 ,  H04W76/14

Abstract: Embodiments of the present invention disclose a key exchange method and apparatus, which relate to the communications field, and can enable user equipments establishing a D2D link to share a set of keys, and further, information security can be achieved when a user equipment transmits service data or a signaling message through a Ud interface. A network device acquires a first key, and sends a message including the first key to a second user equipment, so that the second user equipment uses, when communicating with a first user equipment by using a D2D link, the first key to protect transmitted information. Embodiments of the present invention are applicable to an exchange process of keys for protecting data on a D2D link.

公开(公告)号：US10348703B2

公开(公告)日：2019-07-09

申请号：US15989890

申请日：2018-05-25

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen ,  Yang Cui

IPC: H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W88/06 ,  H04W88/10 ,  H04W76/15

Abstract: In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device.

公开(公告)号：US09736738B2

公开(公告)日：2017-08-15

申请号：US14197660

申请日：2014-03-05

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Lijia Zhang ,  Ke Wang

IPC: H04W36/00 ,  H04W36/12

CPC classification number: H04W36/0033 ,  H04W36/0038 ,  H04W36/12

Abstract: The present invention discloses a method for transferring a context and a mobility management entity. When S1 handover occurs on an RN, the method includes: acquiring, by a source MME to which a UE is attached, an indicator for transferring a context of the UE, where the UE is a UE served by the RN when the S1 handover occurs; and transferring, by the source MME to which the UE is attached, the context of the UE to a target MME according to the indicator for transferring the context of the UE, so that the target MME acquires security information of the UE according to the context of the UE, where the target MME is an MME to which the UE needs to be attached in the handover process.

公开(公告)号：US09301147B2

公开(公告)日：2016-03-29

申请号：US14625789

申请日：2015-02-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen ,  Lijia Zhang ,  Zhuo Chen

IPC: H04K1/00 ,  H04W12/10 ,  H04W12/02 ,  H04W12/08 ,  H04L29/06 ,  H04L9/14 ,  H04W84/04 ,  H04W92/20

CPC classification number: H04W12/10 ,  H04L9/14 ,  H04L63/205 ,  H04W12/02 ,  H04W12/08 ,  H04W84/047 ,  H04W92/20

Abstract: A method and an apparatus for protecting data carried on an Un interface between a eNB and a relay node are disclosed. Three types of radio bearers (RBs) are defined over the Un interface: signaling radio bearers (SRBs) for carrying control plane signaling data, signaling-data radio bearers (s-DRBs) for carrying control plane signaling date; and data-data radio bearers (d-DRBs) for carrying user plane data. An integrity protection algorithm and an encryption algorithm are negotiated for control plane signaling data on an SRB, control plane signaling data carried on an s-DRB, and user plane data carried on a d-DRB. With the respective integrity protection algorithm and encryption algorithm, the data over the Un interface can be protected respectively. Therefore, the security protection on the Un interface is more comprehensive, and the security protection requirements of data borne over different RBs can be met.

公开(公告)号：US20150133135A1

公开(公告)日：2015-05-14

申请号：US14603068

申请日：2015-01-22

Applicant: Huawei Technologies Co., Ltd.

Inventor： Tao Zhang ,  Bo Lin ,  Dongmei Zhang

IPC: H04W72/04

CPC classification number: H04L63/062 ,  H04L9/3226 ,  H04L41/0813 ,  H04L63/1441 ,  H04L63/1466 ,  H04L63/205 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10 ,  H04W12/12 ,  H04W24/02 ,  H04W72/0406 ,  H04W92/10

Abstract: The present invention relates to a counter check and reconfiguration method, apparatus, and system. The method includes: sending a second identity information and a second count information to a terminal, so that the terminal compares, according to the second identity information, the second count information with third count information maintained by the terminal itself to obtain first comparison result information or second comparison result information; receiving the first comparison result information sent by the terminal, or the second identity information and second comparison result information sent by the terminal; and determining counter check result information according to the received first comparison result information, or the received second identity information and second comparison result information. Thereby, the present invention implements a counter check process and a reconfiguration process in a network architecture in which a primary base station is separated from a secondary base station.

Abstract translation: 本发明涉及一种计数器检查和重新配置方法，装置和系统。 该方法包括：向终端发送第二身份信息和第二计数信息，使得终端根据第二身份信息将第二计数信息与由终端本身维护的第三计数信息进行比较，以获得第一比较结果信息 或第二比较结果信息; 接收由终端发送的第一比较结果信息，或者由终端发送的第二身份信息和第二比较结果信息; 以及根据接收到的第一比较结果信息或所接收的第二身份信息和第二比较结果信息来确定计数器检查结果信息。 因此，本发明在主基站与二次基站分离的网络架构中实现计数器检查处理和重新配置处理。

公开(公告)号：US11777716B2

公开(公告)日：2023-10-03

申请号：US17243081

申请日：2021-04-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04W12/041 ,  H04W12/0431 ,  H04L9/40 ,  H04W76/14

CPC classification number: H04L9/0819 ,  H04L63/061 ,  H04W12/041 ,  H04W12/0431 ,  H04L63/06 ,  H04L63/205 ,  H04W76/14

Abstract: Embodiments of the present invention disclose a key exchange method and apparatus. A network device acquires a first key, and sends a message including the first key to a second user equipment, so that the second user equipment uses, when communicating with a first user equipment by using a D2D link, the first key to protect transmitted information.