-
公开(公告)号:US11075752B2
公开(公告)日:2021-07-27
申请号:US16248778
申请日:2019-01-16
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
IPC: H04L9/08 , H04L9/32 , H04L9/14 , H04L29/06 , H04W4/70 , H04W12/041 , H04W12/069 , H04W12/69
Abstract: Embodiments of the present invention disclose a network system. The system includes user equipment, a network authentication device, and a service authentication device. The service authentication device is configured to obtain reference information and generate a second shared key with reference to the reference information and a first shared key, where the first shared key is a shared key pre-configured between the user equipment and the service authentication device; the user equipment is configured to obtain the reference information and generate the second shared key with reference to the reference information and the first shared key; the service authentication device is configured to send the second shared key to the network authentication device; and the network authentication device is configured to receive the second shared key, where the second shared key is used by the user equipment and the network authentication device to generate a target shared key.
-
公开(公告)号:US11025597B2
公开(公告)日:2021-06-01
申请号:US16521171
申请日:2019-07-24
Applicant: Huawei Technologies Co., Ltd.
IPC: H04L29/06 , H04L9/08 , H04L29/08 , H04W12/033 , H04W12/041 , H04W12/106
Abstract: A security implementation method includes obtaining, by a first device, a security policy of a session and at least one key, and sending, by the first device, protected data to a second device, where the protected data is obtained by protecting security of session data of the session using the at least one key based on the security policy of the session, and the second device is configured to restore the protected data using the at least one key based on the security policy to obtain the session data, where when the first device is a terminal device, the second device is an access network node or a user plane node, or when the first device is an access network node or a user plane node, the second device is a terminal device.
-
公开(公告)号:US10959091B2
公开(公告)日:2021-03-23
申请号:US16351254
申请日:2019-03-12
Applicant: Huawei Technologies Co., Ltd.
Abstract: A method includes: receiving, by a session management device, a path switching request used to request to hand over user equipment UE from a source network to a target network; obtaining a target security policy based on the path switching request, and obtaining a second shared key generated based on a first shared key and the target security policy, and sending the second shared key to a target gateway; and sending, by the session management device, the second shared key to the UE; or sending the target security policy to the UE, so that the UE generates the second shared key based on the first shared key and the target security policy, where the second shared key is used to perform end-to-end protection on secure data transmission between the UE and the target gateway.
-
公开(公告)号:US10856141B2
公开(公告)日:2020-12-01
申请号:US16520369
申请日:2019-07-24
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Abstract: A security protection negotiation method and a network element are disclosed, to implement, based on a 5G network architecture, negotiation between UE and a UPF to start user plane security protection for a current session. The method includes: determining, by an SMF, security protection information used on a user plane in a current session process; sending, by the SMF to UE, a first message including the security protection information used on the user plane; performing, by the UE, integrity protection authentication on the first message based on the security protection information used on the user plane; when the authentication performed by the UE on the first message succeeds, starting, by the UE, user plane security protection, and sending, to the SMF, a second message used to indicate that the authentication performed by the UE on the first message succeeds.
-
公开(公告)号:US20190274038A1
公开(公告)日:2019-09-05
申请号:US16409207
申请日:2019-05-10
Applicant: Huawei Technologies Co., Ltd.
Inventor: Rong Wu , Lu Gan , Bo Zhang , Shuaishuai Tan
Abstract: A security implementation method includes receiving, by a first network element, a request for handing over user equipment from a source access network device to a target access network device to perform communication. The method further includes obtaining, by the first network element, a security key, where the security key is used for protecting the communication between the user equipment and the target access network device after the user equipment is handed over from the source access network device to the target access network device, and sending, by the first network element, the security key to the target access network device.
-
Patent Agency Ranking
公开(公告)号:US11778459B2
公开(公告)日:2023-10-03
申请号:US17171397
申请日:2021-02-09
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Rong Wu , Bo Zhang , Shuaishuai Tan
IPC: H04W12/033 , H04W76/12 , H04W12/0433 , H04W12/10 , H04W88/16
CPC classification number: H04W12/033 , H04W12/0433 , H04W12/10 , H04W76/12 , H04W88/16
Abstract: This application provides an example secure session method and apparatus. The method includes receiving, by a user plane gateway, a service request message from user equipment UE, where the service request message is used to request to establish a connection between the UE and a service server in a data network. The user plane gateway and the UE separately generate an encryption key and an integrity protection key based on the service request message, and activate encryption protection and/or integrity protection based on the generated encryption key and integrity protection key.
-
公开(公告)号:US11722888B2
公开(公告)日:2023-08-08
申请号:US17179820
申请日:2021-02-19
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Rong Wu , Shuaishuai Tan
IPC: H04W12/03 , H04W12/033 , H04W12/0433 , H04W36/00 , H04W88/16
CPC classification number: H04W12/033 , H04W12/0433 , H04W36/0038 , H04W88/16
Abstract: This application provides a security context obtaining method and apparatus. The method includes: receiving, by a user plane gateway, a PDU session establishment request from UE, where the PDU session establishment request is used to request to establish a PDU session between the user plane gateway and the UE, and the PDU session is carried between the UE and a service server of a data network; and separately obtaining, by the user plane gateway and the UE, a security context used for the PDU session, and activating user plane security protection based on the security context. Therefore, during PDU session reestablishment, for example, PDU session reestablishment triggered by switching of the user plane gateway, a session management network element, and the like, the user plane gateway and the UE can obtain a new security context, thereby achieving end-to-end protection between the UE and the user plane gateway.
-
公开(公告)号:US11689934B2
公开(公告)日:2023-06-27
申请号:US17336650
申请日:2021-06-02
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
CPC classification number: H04W12/37 , H04L9/08 , H04L63/0428 , H04L63/062 , H04L63/105 , H04L63/20 , H04L63/205 , H04W12/0431 , H04W12/10
Abstract: This application provides a key configuration method. A session management network element receives a request for end-to-end communication and obtains a security policy, where the security policy is determined based on at least one of: a user security requirement that is of the user equipment and that is preconfigured on a home subscriber server, a service security requirement from the user equipment, a security capability requirement supported by the user equipment, a security capability requirement from a carrier network, and a security requirement of a device on the other end of the end-to-end communication. The session management network element obtains a protection key used for protecting the end-to-end communication. The session management network element sends the security policy to the devices on two ends of the end-to-end communication.
-
公开(公告)号:US20230007472A1
公开(公告)日:2023-01-05
申请号:US17867939
申请日:2022-07-19
Applicant: Huawei Technologies Co., Ltd.
IPC: H04W12/033 , H04W76/19 , H04W12/0431 , H04W12/041 , H04W12/10
Abstract: A communication method and a communications apparatus, where the method includes: after receiving an RRC resume request message from a UE, determining, by a target access network device, a first user plane security protection method between the target access network device and the UE based on a context information obtaining response from a source access network device; determining a first user plane security key between the target access network device and the UE; when receiving first uplink user plane data from the UE, performing user plane security deprotection on the first uplink user plane data based on the first user plane security key and the first user plane security protection method, to obtain uplink user plane data; and sending the uplink user plane data.
-
公开(公告)号:US20220295271A9
公开(公告)日:2022-09-15
申请号:US17245991
申请日:2021-04-30
Applicant: Huawei Technologies Co., Ltd.
IPC: H04W12/041 , H04W80/10 , H04W88/02 , H04W76/11 , H04W76/25 , H04W8/08 , H04L9/08 , H04L29/06 , H04W12/04 , H04W12/043
Abstract: An anchor key generation method, device, and system, where the method includes generating, by a unified data management network element (UDM), an intermediate key based on a cipher key (CK), an integrity key (IK), and indication information regarding an operator; sending, by the UDM, the intermediate key to an authentication server function (AUSF); receiving, by the AUSF, the intermediate key; generating, by the AUSF, an anchor key based on the intermediate key; sending, by the AUSF, the anchor key to a security anchor function (SEAF); and generating, by the SEAF, a key (Kamf) based on the anchor key, where the Kamf is used to derive a 3rd Generation Partnership Project (3GPP) key.
-
-
-
-
-
-
-
-
-
Search Results
77
records
(took 0.019 seconds)
