-
公开(公告)号:US20230396602A1
公开(公告)日:2023-12-07
申请号:US18452003
申请日:2023-08-18
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Yizhuang WU , He LI , Rong WU
CPC classification number: H04L63/0807 , H04L63/102 , H04L67/56
Abstract: Embodiments of this application disclose a service authorization method and system, and a communication apparatus. The method includes: A first network element obtains a first access token from a token generation network element, and sends a first service request for a specified service to a second network element. The first service request includes the first access token. The first access token indicates that an NF service consumer network element has permission to access a specified service provided by an NF service producer network element belonging to a specified service domain. The first access token includes an identifier of the NF service consumer network element, an identifier of the specified service, and first service domain information associated with the specified service domain. The first service domain information is carried in the first access token, so that service domain-based access control can be implemented, thereby helping improve security of service authorization.
-
公开(公告)号:US20230185910A1
公开(公告)日:2023-06-15
申请号:US18168228
申请日:2023-02-13
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: He LI , Rong WU , Yizhuang WU , Ao LEI
IPC: G06F21/55
CPC classification number: G06F21/554 , G06F2221/034
Abstract: Embodiments of this application provide a communication method, apparatus, and system, to improve security of a V2X PC5 establishment procedure. The method includes: A first terminal device obtains a first security protection method, where the first security protection method is a security protection method determined in a discovery procedure between the first terminal device and a second terminal device; and the first terminal device determines a second security protection method according to the first security protection method, where the second security protection method is a security protection method for a PC5 connection between the first terminal device and the second terminal device. For example, a security level of the second security protection method is not lower than a security level of the first security protection method. The communication method is applicable to the V2X communication field.
-
公开(公告)号:US20230179400A1
公开(公告)日:2023-06-08
申请号:US18163980
申请日:2023-02-03
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Longhua GUO , He LI , Rong WU
IPC: H04L9/08 , H04W12/033
CPC classification number: H04L9/0819 , H04W12/033 , H04L9/0861 , H04W4/06
Abstract: Embodiments of this application provide a key management method and a communication apparatus, and relate to the field of communication technologies, to securely transmit multicast service data, and prevent an unauthorized terminal device from obtaining the multicast service data. The method includes: A terminal device obtains a target key, where the target key includes at least one of a target multimedia broadcast/multicast service service key MSK, a first sub-key corresponding to the target MSK, or a second sub-key corresponding to the target MSK, the first sub-key is for confidentiality protection calculation, and the second sub-key is for integrity protection calculation. The terminal device receives target data from a multicast user-plane processing network element, where the target data is data on which security protection is performed. Then, the terminal device processes the target data by using the target key.
-
公开(公告)号:US20210136070A1
公开(公告)日:2021-05-06
申请号:US17148234
申请日:2021-01-13
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Li HU , Weisheng JIN , Jing CHEN , He LI
Abstract: Example subscription information configuration methods and a communications device are described. One example method includes receiving a first device identifier by a network device from a first terminal device in a first access mode and receiving a second device identifier from a second terminal device in a second access mode. The network device determines whether the first device identifier matches the second device identifier to identify legality of the first terminal device. If the first device identifier matches the second device identifier, it indicates that the first terminal device is a legal terminal device. The network device sends subscription information of the first terminal device to the first terminal device in the first access mode, so that the first terminal device successfully accesses a network by using the subscription information.
-
公开(公告)号:US20200228975A1
公开(公告)日:2020-07-16
申请号:US16834858
申请日:2020-03-30
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: He LI , Yizhuang WU , Jing CHEN
Abstract: A communication method includes receiving, by an access network (AN) node, indication information from a mobility management device. The indication information is indicative of a security policy of a quality of service (QoS) flow. The method also includes obtaining, by the access network node based on the indication information, security information of a radio bearer corresponding to the QoS flow. The security information is indicative of a security policy of the radio bearer. The method further includes sending, by the access network node, an identifier of the radio bearer and the security information of the radio bearer to a terminal.
-
Patent Agency Ranking
公开(公告)号:US20190320320A1
公开(公告)日:2019-10-17
申请号:US16453833
申请日:2019-06-26
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Abstract: A method and device for verifying a key requester are described. The method may include a security function entity receiving a request message sent by a user management function (UMF) entity. The method may also include decrypting information in the request message by using a private key of the security function entity, and obtaining the information carried in the request message after signature verification on decrypted information using a public key in a certificate of the UMF entity succeeds. Furthermore, the method may include determining to provide a key of a user equipment (UE) for the UMF entity, when determining that a first verification parameter carried in the request message is valid and determining that an identifier which is of the UMF entity and which is carried in the request message is the same as an identifier of a UMF entity to which the UE attaches.
-
公开(公告)号:US20240284174A1
公开(公告)日:2024-08-22
申请号:US18650700
申请日:2024-04-30
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
IPC: H04W12/06 , H04W8/22 , H04W12/041 , H04W12/72
CPC classification number: H04W12/06 , H04W8/22 , H04W12/041 , H04W12/72
Abstract: This application provides a communication method, apparatus, and system, to determine a mode for authenticating a terminal device. The communication system includes unified data management and an authentication server function. The unified data management determines, based on anonymous domain information and configuration information, an authentication mode for authenticating the terminal device, and send an authentication obtaining response message to the authentication server function. The anonymous domain information indicates an identifier of a network to which an authentication device capable of authenticating the terminal device belongs, and the authentication mode includes an external authentication mode or an internal authentication mode. The configuration information includes an identifier of one or more networks corresponding to the external authentication mode and/or an identifier of one or more networks corresponding to the internal authentication mode, and the authentication obtaining response message includes the authentication indication information indicating the authentication mode.
-
公开(公告)号:US20230239686A1
公开(公告)日:2023-07-27
申请号:US18193007
申请日:2023-03-30
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
IPC: H04W12/033 , H04W12/08
CPC classification number: H04W12/033 , H04W12/08
Abstract: A secure communication method includes a second terminal device that receives a first request message about a first terminal device from a relay, the first request message includes a PC5 user plane security policy of the first terminal device and a PC5 user plane security policy of the relay; determines first information according to a PC5 user plane security policy of the second terminal device, the PC5 user plane security policy of the first terminal device, and the PC5 user plane security policy of the relay; and sends the first information to the relay, the first information indicates a user plane security protection method of a first PC5 link and a user plane security protection method of a second PC5 link, where the user plane security protection method of the first PC5 link is the same as the user plane security protection method of the second PC5 link.
-
公开(公告)号:US20220174761A1
公开(公告)日:2022-06-02
申请号:US17674590
申请日:2022-02-17
Applicant: Huawei Technologies Co., Ltd.
Inventor: Longhua GUO , Li HU , He LI
IPC: H04W76/12 , H04W12/106 , H04W12/033
Abstract: This application relates to the field of communications technologies, and provides a communications method and apparatus, to reduce a data transmission latency between an IAB node and an IAB donor. The method includes: An IAB node receives an uplink data packet from a terminal; the IAB node determines a PDCP layer security status of the uplink data packet; the IAB node determines a target secure tunnel from a plurality of secure tunnels between the IAB node and an IAB donor based on the PDCP layer security status of the uplink data packet; and the IAB node sends the uplink data packet to the IAB donor through the target secure tunnel. This application is applicable to a data transmission process.
-
公开(公告)号:US20220174063A1
公开(公告)日:2022-06-02
申请号:US17674607
申请日:2022-02-17
Applicant: Huawei Technologies Co., Ltd.
IPC: H04L9/40
Abstract: A communication method, apparatus, and system are provided, to resolve problems in a conventional technology that an AKMA authentication procedure is complex and signaling overheads are large. Principles of the method are as follows: In a registration procedure of a terminal device, AKMA authentication is implicitly indicated based on primary authentication. For example, if primary authentication succeeds, it may be considered that AKMA authentication also succeeds. In addition, an AKMA temporary identifier is allocated to the terminal device after AKMA authentication succeeds. According to the method, apparatus, and system in this application, no additional AKMA authentication is required. This simplifies a procedure and reduces signaling overheads.
-
-
-
-
-
-
-
-
-
Search Results
48
records
(took 0.023 seconds)
