-
公开(公告)号:US20200162913A1
公开(公告)日:2020-05-21
申请号:US16748627
申请日:2020-01-21
Applicant: Huawei Technologies Co., Ltd.
Inventor: Bo ZHANG , Chengdong HE
IPC: H04W12/06
Abstract: Embodiments of the present invention disclose a terminal authenticating method, including: receiving, by a UE-to-network relay UE-R, a first request message sent by user equipment UE; sending, by the UE-R, a second request message to a control network element according to the first request message sent by the UE; receiving, by the UE-R, an authentication request message sent by the control network element, and determining whether the authentication request message is for authenticating on the UE; if the authentication request message is for authenticating on the UE, sending, by the UE-R, an authentication request message to the UE; and receiving, by the UE-R, an authentication response message sent by the UE according to the authentication request message, and sending the authentication response message to the control network element.
-
公开(公告)号:US20200068467A1
公开(公告)日:2020-02-27
申请号:US16538492
申请日:2019-08-12
Applicant: Huawei Technologies Co., Ltd.
Inventor: Chengdong HE
Abstract: A security capability negotiation method is provided that is applicable to perform security capability negotiation during a mobile network handover. Moreover, a security capability negotiation system is also provided. Consistent with the provided system and method, it may be unnecessary for the MME to know the security capability of the corresponding eNB in a certain manner during a handover from a 2G/3G network to an LTE network. Meanwhile, during the handover from the LTE network to the 3G network, the SGSN does not need to introduce new requirements.
-
13.发明申请公开(公告)号:US20170127284A1
公开(公告)日:2017-05-04
申请号:US15408684
申请日:2017-01-18
Applicant: HUAWEI TECHNOLOGIES CO.,LTD.
Inventor: Chengdong HE
Abstract: A method for negotiating security capabilities during movement of a User Equipment (UE) includes the following steps: a target network entity receives a Routing Area Update (RAU) Request from the UE; the entity obtains Authentication Vector (AV)-related keys deduced according to a root key, and sends the selected security algorithm to the UE; and the UE deduces the AV-related keys according to the root key of the UE. A system, SGSN, and MME for negotiating security capabilities during movement of a UE are also disclosed. The present invention is applicable to security capability negotiation between the UE and the network.
-
公开(公告)号:US20210185538A1
公开(公告)日:2021-06-17
申请号:US17180228
申请日:2021-02-19
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Bo ZHANG , Chengdong HE
IPC: H04W12/122 , H04W12/37 , H04W12/08 , H04W8/08
Abstract: Embodiments of this application provide a security protection method, a device, and a system, to improve data transmission security. The method includes: determining, by a terminal, a session management network element, or a mobility management network element, whether a security protection policy determined by an access network device is consistent with a user plane security policy delivered by the session management network element to the access network device; and if the security protection policy determined by the access network device is inconsistent with the user plane security policy delivered by the session management network element to the access network device, performing processing according to a preset policy.
-
公开(公告)号:US20200344604A1
公开(公告)日:2020-10-29
申请号:US16924412
申请日:2020-07-09
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Chengdong HE , Hua LI
Abstract: A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.
-
Patent Agency Ranking
公开(公告)号:US20180070275A1
公开(公告)日:2018-03-08
申请号:US15495607
申请日:2017-04-24
Applicant: Huawei Technologies Co., Ltd.
Inventor: Chengdong HE
CPC classification number: H04W36/14 , H04L63/205 , H04W12/02 , H04W12/10 , H04W36/0038
Abstract: A security capability negotiation method is applicable to perform security capability negotiation during a mobile network handover. Moreover, a security capability negotiation system is also provided. Consistent with the provided system and method, it may be unnecessary for the MME to know the security capability of the corresponding eNB in a certain manner during a handover from a 2G/3G network to an LTE network. Meanwhile, during the handover from the LTE network to the 3G network, the SGSN does not need to introduce new requirements.
-
公开(公告)号:US20160150449A1
公开(公告)日:2016-05-26
申请号:US14298341
申请日:2014-06-06
Applicant: Huawei Technologies Co., Ltd.
Inventor: Chengdong HE
CPC classification number: H04W36/14 , H04L63/205 , H04W12/02 , H04W12/10 , H04W36/0038
Abstract: A security capability negotiation method is applicable to perform security capability negotiation during a mobile network handover. Moreover, a security capability negotiation system is also provided. Consistent with the provided system and method, it may be unnecessary for the MME to know the security capability of the corresponding eNB in a certain manner during a handover from a 2G/3G network to an LTE network. Meanwhile, during the handover from the LTE network to the 3G network, the SGSN does not need to introduce new requirements.
Abstract translation: 安全能力协商方法适用于在移动网络切换过程中执行安全能力协商。 此外,还提供了安全能力协商系统。 与所提供的系统和方法一致,在从2G / 3G网络到LTE网络的切换期间,MME可能不必以某种方式知道对应的eNB的安全能力。 同时,在从LTE网络切换到3G网络的过程中,SGSN不需要引入新的要求。
-
公开(公告)号:US20140126723A1
公开(公告)日:2014-05-08
申请号:US14141849
申请日:2013-12-27
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Jingbin ZHANG , Chengdong HE
IPC: H04L9/08
CPC classification number: H04L9/083 , H04L9/0822 , H04L9/0825 , H04L9/14 , H04L63/0471
Abstract: The present invention relates to a method, an apparatus, and a system for protecting cloud data security. A key management center encrypts original data M sent by a first terminal using a key K, and uploads encrypted data C1 to a cloud server. When the key management center receives a request from a second terminal for the data M, it generates encrypted data C2, which is generated by first encrypting C1 with a key Kb of the second terminal and then decrypted by the key K that was used to encrypt the original data M to generate C1. The key management center then sends the encrypted data C2 to the second terminal. The second terminal decrypts the encrypted data C2 using its own key Kb to obtain the original data M.
Abstract translation: 本发明涉及一种保护云数据安全性的方法,装置和系统。 密钥管理中心使用密钥K对由第一终端发送的原始数据M进行加密,并将加密数据C1上传到云服务器。 当密钥管理中心从数据M的第二终端接收到请求时,生成加密数据C2,该加密数据C2通过用第二终端的密钥Kb首先加密C1,然后由用于加密的密钥K进行解密 原始数据M生成C1。 密钥管理中心然后将加密数据C2发送到第二终端。 第二终端使用其自己的密钥Kb解密加密数据C2以获得原始数据M.
-
公开(公告)号:US20230019000A1
公开(公告)日:2023-01-19
申请号:US17950187
申请日:2022-09-22
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Fei LI , Chengdong HE
Abstract: Embodiments of this application relate to a service authorization method and system, and an apparatus. The method includes: A first NRF receives a first request requesting an access token for accessing service of a second NF in a second network from a first NF, where the first NF and the first NRF are located in a first network, and the first request includes SNPN information of the first network and/or the second network. The first NRF forwards the first request to a second NRF located in the second network. The second NRF generates an access token in response to the first request, where the access token includes the SNPN information of the first network and/or the second network. The second NRF sends the access token to the first NRF. The first NRF receives the access token and sends the access token to the first NF.
-
公开(公告)号:US20190200232A1
公开(公告)日:2019-06-27
申请号:US16288121
申请日:2019-02-28
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Chengdong HE
CPC classification number: H04W12/1204 , H04L63/1458 , H04L2463/142 , H04W8/04 , H04W8/08 , H04W76/11 , H04W84/042
Abstract: A signaling attack prevention method and apparatus is provided. The signaling attack prevention method can include receiving a Diameter request message sent by a mobility management entity (MME) or a serving general packet radio service (GPRS) support node (SGSN); and determining whether the Diameter request message is received through a roaming interface. When the Diameter request message is received from the roaming interface, the signaling attack prevention method can include determining whether a characteristic parameter of the Diameter request message is valid; and if the characteristic parameter of the Diameter request message is invalid, the method can include discarding Diameter request message or returning, to the MME or the SGSN, a Diameter response message carrying an error code. In this way, a hacker can be effectively prevented from attacking an HSS or an edge node by using each attack path, and communication security is improved.
-
-
-
-
-
-
-
-
-
Search Results
23
records
(took 0.027 seconds)
