公开(公告)号：US20230033598A1

公开(公告)日：2023-02-02

申请号：US17819188

申请日：2022-08-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhongding LEI ,  Lichun LI ,  Bo ZHANG ,  Fei LIU ,  Haiguang WANG ,  Xin KANG

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/40

Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.

公开(公告)号：US20220264304A1

公开(公告)日：2022-08-18

申请号：US17736693

申请日：2022-05-04

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding LEI ,  Gurbakshish Singh TOOR

IPC: H04W12/106 ,  H04W12/76 ,  H04W12/55 ,  H04W12/041 ,  H04W12/0471 ,  H04W12/03

Abstract: Provided are a group communication method and related products. In the method, a first user device acquires a group identifier (ID), where the group identifier is used for identifying a group including at least the first user device and a second user device the first user device determines a current destination ID according to the group ID, and transmits to the second user device a packet carrying the current destination ID. With the group communication method and apparatus provided in the present disclosure, the application layer group ID will be converted to the destination L2 ID, thus enabling the end to end group communication.

公开(公告)号：US20190342082A1

公开(公告)日：2019-11-07

申请号：US16517645

申请日：2019-07-21

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding LEI ,  Lichun LI ,  Bo ZHANG ,  Fei LIU ,  Haiguang WANG ,  Xin KANG

IPC: H04L9/08 ,  H04L9/14 ,  H04L29/06

Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.

公开(公告)号：US20190261180A1

公开(公告)日：2019-08-22

申请号：US16399985

申请日：2019-04-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding LEI ,  Haiguang WANG ,  Xin KANG

IPC: H04W12/06 ,  H04W12/08 ,  H04W12/00 ,  H04W8/04

Abstract: Embodiments provide a network authentication method, and a related device and system. In this method, an access request sent by user equipment is received by a network authentication network element. The received access request includes identification information of the user equipment. It is then verified, by the network authentication network element, whether the identification information is valid. If the identification information is valid, a slice authentication network element corresponding to the user equipment is determined based on the identification information. The identification information can be then sent to the slice authentication network element corresponding to the user equipment. The identification information is used by the slice authentication network element corresponding to the user equipment to generate authentication data for the user equipment and initiate a user authentication request to the user equipment by using the authentication data.

公开(公告)号：US20190238322A1

公开(公告)日：2019-08-01

申请号：US16382201

申请日：2019-04-12

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Haiguang WANG ,  Yanjiang YANG ,  Xin KANG ,  Zhongding LEI

IPC: H04L9/08 ,  H04L9/32 ,  H04W12/04

CPC classification number: H04L9/083 ,  H04L9/08 ,  H04L9/0827 ,  H04L9/32 ,  H04L9/3247 ,  H04L9/3263 ,  H04L29/06 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/0807 ,  H04L63/0823 ,  H04L63/126 ,  H04W4/40 ,  H04W12/04031

Abstract: A key distribution method is disclosed. In this method, a key request can be received by a key management system (KMS) from a mobile operator network element (MNO). The key request can carry a public key of UE. At least one PVT and one SSK can be allocated to the US based on an IBC ID. The at least one PVT and SSK can be encrypted based on the public key to generate ciphertext; and an object can be signed based on a preset digital signature private key (DSPK) to generate a digital signature. The object can include the public key and the ciphertext. Still, a signature validation public key associated with the DSPK can be determined and a key response can be returned to the MNO. The key response can carry the signature validation public key, the public key of the UE, the ciphertext, and the digital signature.

公开(公告)号：US20250063364A1

公开(公告)日：2025-02-20

申请号：US18939046

申请日：2024-11-06

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding LEI ,  Haiguang WANG ,  Xin KANG ,  Tieyan LI ,  Yizhuang WU

IPC: H04W12/106 ,  H04W12/122 ,  H04W12/61

Abstract: Embodiments of this application provide a communication method and a network element device. The method includes: A first network function network element obtains integrity-protected attestation information, where the attestation information includes an attestation result and range indication information associated with the attestation result; generates a service request message when determining that a service provided by a second network function network element is to be requested; and sends the service request message to the second network function network element, where the service request message includes the attestation information and an identifier of the first network function network element. The method disclosed in this application can prevent and mitigate a potential security risk faced by a network function in a mobile communication network, especially faced by a network function implemented in a software or virtualization manner.

公开(公告)号：US20240163119A1

公开(公告)日：2024-05-16

申请号：US18416938

申请日：2024-01-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Haiguang WANG ,  Xin KANG ,  Tieyan LI ,  Cheng Kang CHU ,  Zhongding LEI

IPC: H04L9/00 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L9/50 ,  H04L9/30 ,  H04L9/32

Abstract: This disclosure discloses a device management method, system, and apparatus. The method includes: A second device sends an identity file to a first access control node, to indicate the first access control node to store the identity file in a file system, where the identity file includes identity information of a first device and a public key of the second device. The second device receives a first identifier sent by the first access control node. The first identifier is used to read the identity file from the file system. After verification is performed on the second device and information about a device associated with the first device in association information and succeeds, the first access control node sends the identity file to the file system. The association information is stored in a database node and a blockchain.

公开(公告)号：US20240129843A1

公开(公告)日：2024-04-18

申请号：US18397099

申请日：2023-12-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding LEI

IPC: H04W48/18 ,  H04W48/02 ,  H04W60/04 ,  H04W76/30

CPC classification number: H04W48/18 ,  H04W48/02 ,  H04W60/04 ,  H04W76/30

Abstract: A slice admission control method and a communication apparatus. For each slice of each UE, a determination is made to release a quota in a slice and that is occupied by the UE by using a single slice as a granularity and based on whether a slice use status of the UE is idle, or by setting valid duration in which the UE is admitted to the slice. The determination to release a quota in a slice and that is occupied by the UE enables the UE to not occupy a slice quota for a long time even in response to the UE not using the slice, and reduces a probability of a denial of services to another UE.

公开(公告)号：US20230014494A1

公开(公告)日：2023-01-19

申请号：US17952879

申请日：2022-09-26

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding LEI ,  Haiguang WANG ,  Xin KANG

IPC: H04W12/71 ,  H04W12/06 ,  H04W12/75

Abstract: A communication method and apparatus are provided. The method includes: Second user equipment sends a second message, first user equipment sends a first message to a network device in response to the second message, to request to perform identity verification on the second user equipment, and the network device verifies whether an identity of the second user equipment is valid, and sends, to the first user equipment, a verification result indicating whether the identity of the second user equipment is valid. Alternatively, the first user equipment sends a third message for request the second user equipment to reply with information used for remote identification, and the second user equipment replies with a fourth message, where the fourth message includes the information used for remote identification on the second user equipment, and the third message and the fourth message are encrypted by using corresponding keys.

公开(公告)号：US20210320788A1

公开(公告)日：2021-10-14

申请号：US17304587

申请日：2021-06-23

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Xin KANG ,  Haiguang WANG ,  Zhongding LEI ,  Bo ZHANG

IPC: H04L9/08 ,  H04L9/32

Abstract: Example communication methods and apparatus are described. One example communication method includes that user equipment (UE) sends an N1 message to a security anchor function (SEAF), where the N1 message carries a Diffie-Hellman (DH) public parameter or a DH public parameter index, the N1 message further carries an encrypted identifier of the UE, and the encrypted identifier is obtained by encrypting a permanent identifier of the UE and a first DH public key. The UE receives an authentication request that carries a random number and that is sent by the SEAF. The UE sends, to the SEAF, an authentication response used to respond to the authentication request, where the authentication response carries an authentication result calculated based on a root key and the random number.