公开(公告)号：US20180198605A1

公开(公告)日：2018-07-12

申请号：US15905494

申请日：2018-02-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan ,  Philip Ginzboorg

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/14 ,  H04L29/08

CPC classification number: H04L9/0819 ,  H04L9/08 ,  H04L9/14 ,  H04L63/06 ,  H04L63/061 ,  H04L67/26 ,  H04W12/04031

Abstract: A key distribution and receiving method includes obtaining, by a first key management center, NAF key information of the first network element and a NAF key of the first network element, wherein the NAF key information of the first network element is information required to obtain the NAF key of the first network element. A service key is obtained. Using the NAF key of the first network element to perform encryption and/or integrity protection on the service key, a first security protection parameter is generated. A first generic bootstrapping architecture GBA push message is sent to the first network element. The GBA push message carries the first security protection parameter and the NAF key information of the first network element.

公开(公告)号：US20170005795A1

公开(公告)日：2017-01-05

申请号：US15268808

申请日：2016-09-19

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lu Gan ,  Rong Wu ,  Chengdong He

IPC: H04L9/08 ,  H04L29/06 ,  H04W76/02

CPC classification number: H04L9/0869 ,  H04L63/061 ,  H04L63/123 ,  H04L2463/061 ,  H04W12/04 ,  H04W76/11

Abstract: The present disclosure relates to a key generation method, a master eNodeB, a secondary eNodeB, and UE. The key generation method includes: determining a key parameter corresponding to a data radio bearer DRB; sending the key parameter to UE corresponding to the DRB, so that the UE generates a user plane key according to the key parameter and a basic key generated by the UE; receiving a basic key generated by a master eNodeB and sent by the master eNodeB; and generating the user plane key according to the key parameter and the basic key generated by the master eNodeB.

Abstract translation: 本公开涉及密钥生成方法，主eNodeB，辅助eNodeB和UE。 密钥生成方法包括：确定与数据无线承载DRB对应的密钥参数; 向与所述DRB相对应的UE发送所述密钥参数，使得所述UE根据所述密钥参数和所述UE生成的基本密钥生成用户平面密钥; 接收由主eNodeB产生并由主机eNodeB发送的基本密钥; 以及根据由主eNodeB产生的密钥参数和基本密钥生成用户平面密钥。

公开(公告)号：US11824981B2

公开(公告)日：2023-11-21

申请号：US17696093

申请日：2022-03-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan ,  Rong Wu ,  Shuaishuai Tan

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04W12/06 ,  H04W88/14 ,  H04W8/00 ,  H04L67/51

CPC classification number: H04L9/088 ,  H04L9/3247 ,  H04L63/0435 ,  H04W12/06

Abstract: A discovery method and apparatus based on a service-based architecture, where the method includes a control network element sending a discovery response to a first functional network element, where the discovery response includes a determined security parameter and an access address or an identifier of a second functional network element. The first functional network element receives the discovery response from the control network element, and sends an access request to the second functional network element based on the address or the identifier of the second functional network element, where the access request includes the received security parameter. The second functional network element receives the access request from the first functional network element, verifies correctness of the security parameter, and determines, based on the correctness of the security parameter, whether the access request is authorized by the first functional network element.

公开(公告)号：US20230336994A1

公开(公告)日：2023-10-19

申请号：US18043463

申请日：2021-07-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lu Gan

IPC: H04W12/08 ,  H04W12/0431 ,  H04W12/40

CPC classification number: H04W12/08 ,  H04W12/0431 ,  H04W12/40

Abstract: An Internet of Things (IoT) authorization method includes an IoT device that wirelessly communicates with a first electronic device and a second electronic device. A transmit distance of the second antenna is less than a transmit distance of the first antenna. When instructions stored in the memory are executed by the processor, the IoT device is configured to receive a first message indicating to add a shared control device for the IoT device; send, through the second antenna, a second message including device information of the IoT device; receive, in response to the second message, a third message including device information of the second electronic device; and send, through the first antenna, a fourth message including the device information of the second electronic device to the first electronic device.

公开(公告)号：US20220278831A1

公开(公告)日：2022-09-01

申请号：US17696093

申请日：2022-03-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan ,  Rong Wu ,  Shuaishuai Tan

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04W12/06

Abstract: A discovery method and apparatus based on a service-based architecture, where the method includes a control network element sending a discovery response to a first functional network element, where the discovery response includes a determined security parameter and an access address or an identifier of a second functional network element. The first functional network element receives the discovery response from the control network element, and sends an access request to the second functional network element based on the address or the identifier of the second functional network element, where the access request includes the received security parameter. The second functional network element receives the access request from the first functional network element, verifies correctness of the security parameter, and determines, based on the correctness of the security parameter, whether the access request is authorized by the first functional network element.

公开(公告)号：US20220272077A1

公开(公告)日：2022-08-25

申请号：US17684820

申请日：2022-03-02

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lu Gan ,  Xiaoshuang Ma ,  Jianhao Huang ,  Chao He

IPC: H04L9/40 ,  G06F21/53

Abstract: A first device and a home hub have a same TEE platform, and a second device and the home hub have different TEE platforms. A control method includes the home hub receiving an identity credential of the second device and public key information of the first device from the second device. The home hub controls an IoT device based on the identity credential of the second device. The home hub receives private key information that is of the first device and that is from the first device. The home hub forms an identity credential of the first device based on the public key information of the first device and the private key information of the first device to control the IoT device.

公开(公告)号：US11228908B2

公开(公告)日：2022-01-18

申请号：US16400032

申请日：2019-04-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Bo Zhang ,  Lu Gan ,  Rong Wu

IPC: H04W12/00 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10 ,  H04L29/06 ,  H04W28/06 ,  H04W12/08 ,  H04W12/033 ,  H04W12/041 ,  H04W12/069 ,  H04W12/106 ,  H04L9/32

Abstract: Embodiments of the present invention disclose a data transmission method and a related device and system. The system includes an access network device AN and user equipment UE. The AN is configured to receive a base key sent by a key management device in a core network, where the base key is a key generated from two-way authentication between the UE and the core; the AN and the UE are configured to process the base key according to a preset rule to generate an air interface protection key; the UE is configured to: protect a target field in an uplink protocol data unit PDU by using the air interface protection key; and the AN is configured to parse the target field in the uplink protocol data unit by using the air interface protection key.

公开(公告)号：US11075752B2

公开(公告)日：2021-07-27

申请号：US16248778

申请日：2019-01-16

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/14 ,  H04L29/06 ,  H04W4/70 ,  H04W12/041 ,  H04W12/069 ,  H04W12/69

Abstract: Embodiments of the present invention disclose a network system. The system includes user equipment, a network authentication device, and a service authentication device. The service authentication device is configured to obtain reference information and generate a second shared key with reference to the reference information and a first shared key, where the first shared key is a shared key pre-configured between the user equipment and the service authentication device; the user equipment is configured to obtain the reference information and generate the second shared key with reference to the reference information and the first shared key; the service authentication device is configured to send the second shared key to the network authentication device; and the network authentication device is configured to receive the second shared key, where the second shared key is used by the user equipment and the network authentication device to generate a target shared key.

公开(公告)号：US11025597B2

公开(公告)日：2021-06-01

申请号：US16521171

申请日：2019-07-24

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Rong Wu ,  Lu Gan

IPC: H04L29/06 ,  H04L9/08 ,  H04L29/08 ,  H04W12/033 ,  H04W12/041 ,  H04W12/106

Abstract: A security implementation method includes obtaining, by a first device, a security policy of a session and at least one key, and sending, by the first device, protected data to a second device, where the protected data is obtained by protecting security of session data of the session using the at least one key based on the security policy of the session, and the second device is configured to restore the protected data using the at least one key based on the security policy to obtain the session data, where when the first device is a terminal device, the second device is an access network node or a user plane node, or when the first device is an access network node or a user plane node, the second device is a terminal device.

公开(公告)号：US10959091B2

公开(公告)日：2021-03-23

申请号：US16351254

申请日：2019-03-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan

IPC: H04W80/10 ,  H04W12/04 ,  H04W36/00 ,  H04W12/08 ,  H04W36/14

Abstract: A method includes: receiving, by a session management device, a path switching request used to request to hand over user equipment UE from a source network to a target network; obtaining a target security policy based on the path switching request, and obtaining a second shared key generated based on a first shared key and the target security policy, and sending the second shared key to a target gateway; and sending, by the session management device, the second shared key to the UE; or sending the target security policy to the UE, so that the UE generates the second shared key based on the first shared key and the target security policy, where the second shared key is used to perform end-to-end protection on secure data transmission between the UE and the target gateway.