公开(公告)号：US20190281029A1

公开(公告)日：2019-09-12

申请号：US16426082

申请日：2019-05-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen ,  Yang Cui

IPC: H04L29/06 ,  H04W88/06 ,  H04W12/04 ,  H04W88/10

Abstract: In one embodiment, a system for generating an access stratum key comprises: a first network-side device that has access to a core network (CN) and is communicably coupled to a user equipment device (UE) through a first air interface, and a second network-side device that has access to the CN through the first network-side device and is communicably coupled to the UE through a second air interface. The first network-side device is configured to calculate an access stratum root key of the second network-side device according to an access stratum root key of the first network-side device and an input parameter; and send the access stratum root key of the second network-side device to the second network-side device. The second network-side device is configured to receive the access stratum root key of the second network-side device from the first network-side device; and generate an access stratum key according to the access stratum root key of the second network-side device.

公开(公告)号：US10334492B2

公开(公告)日：2019-06-25

申请号：US15601398

申请日：2017-05-22

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Min Huang ,  Jing Chen ,  Aiqin Zhang ,  Xiaohan Liu

IPC: H04L29/06 ,  H04W36/08 ,  H04W36/00 ,  H04W12/04 ,  H04W76/27

Abstract: Method, apparatus and systems are provided for key derivation. A target base station receives multiple keys derived by a source base station, where the keys correspond to cells of the target base station. The target base station selects a key corresponding to the target cell after obtaining information regarding a target cell that a user equipment (UE) is to access. An apparatus for key derivation and a communications system are also provided.

公开(公告)号：US20190028268A1

公开(公告)日：2019-01-24

申请号：US16140338

申请日：2018-09-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04W36/00 ,  H04W12/08 ,  H04W12/06 ,  H04L29/06 ,  H04W12/04 ,  H04W12/02

Abstract: Embodiments disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

公开(公告)号：US20180249330A1

公开(公告)日：2018-08-30

申请号：US15965854

申请日：2018-04-28

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Lijia Zhang ,  Jing Chen

IPC: H04W12/04 ,  H04W12/02 ,  H04L29/06 ,  H04L9/06 ,  H04L9/12 ,  H04W4/70

Abstract: In order to provide confidentiality protection, an encryption method, a decryption method, and related apparatuses are provided. An encryption device generates a first initial layer-3 message. The first initial layer-3 message includes a first part and a second part. The device generates a keystream for encrypting the first initial layer-3 message. The device performs an exclusive OR operation on the keystream and the first initial layer-3 message to generate a second initial layer-3 message. The second initial layer-3 message includes an encrypted first part of the first initial layer-3 message, an unencrypted second part of the first initial layer-3 message, and an encryption indication indicating that the first part of the first initial layer-3 message is encrypted. The device transmits the second initial layer-3 message to a network device. Small data comprised in the second initial layer-3 message is protected by the encryption.

公开(公告)号：US20180167813A1

公开(公告)日：2018-06-14

申请号：US15890936

申请日：2018-02-07

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Youyang Yu ,  Jing Chen

IPC: H04W12/06 ,  H04W12/08 ,  H04W48/08 ,  H04W8/04 ,  H04W8/24

CPC classification number: H04W12/06 ,  H04L63/0823 ,  H04L63/126 ,  H04W8/04 ,  H04W8/24 ,  H04W12/08 ,  H04W48/02 ,  H04W48/08

Abstract: A processing method for terminal access to a 3GPP network is provided. A UE sends an access request message to a core network device on the 3GPP network, and the core network device sends an unauthorized access message to the UE after determining that the UE has no permission to access the 3GPP network. The unauthorized access message includes authentication information of the core network device. The UE performs authentication on the core network device according to the authentication information of the core network device, and executes a corresponding network access policy after authentication on the core network device by the UE succeeds, that is, after the UE determines that a source of the unauthorized access message is authorized.

公开(公告)号：US09848359B2

公开(公告)日：2017-12-19

申请号：US14562548

申请日：2014-12-05

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing Chen

IPC: H04W8/04 ,  H04W36/18 ,  H04W36/00 ,  H04W48/14 ,  H04W8/02 ,  H04L29/12 ,  H04W8/06

CPC classification number: H04W36/0055 ,  H04L61/1511 ,  H04L61/305 ,  H04L61/3075 ,  H04L61/609 ,  H04W8/02 ,  H04W8/065 ,  H04W48/14

Abstract: The present invention provides a method for obtaining a serving gateway, a mobility management node, a data gateway, and a system. A method for obtaining a serving gateway according to an embodiment of the present invention includes: when a UE is switched from an old-side mobility management node to a new-side mobility management node, sending, by the new-side mobility management node, a domain name resolution request to a domain name system DNS server according to access information of the UE; receiving a hostname of a device returned, according to the domain name resolution request, by the DNS server; obtaining a hostname of a new-side available S-GW; and selecting the new-side available S-GW closest to the device on geographic topology as a new-side S-GW. User service data transmission time delay can be reduced through the method.

公开(公告)号：US20170310649A1

公开(公告)日：2017-10-26

申请号：US15644196

申请日：2017-07-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen ,  Yang Cui

IPC: H04L29/06 ,  H04W88/10 ,  H04W12/04 ,  H04W88/06 ,  H04W76/02

CPC classification number: H04L63/0485 ,  H04L2463/061 ,  H04W12/04 ,  H04W76/15 ,  H04W88/06 ,  H04W88/10

Abstract: In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side devic.

公开(公告)号：US09686678B2

公开(公告)日：2017-06-20

申请号：US14667099

申请日：2015-03-24

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaoying Xu ,  Jing Chen

IPC: H04L29/06 ,  H04W12/04 ,  H04W36/00 ,  H04B1/403 ,  H04W88/06 ,  H04W12/08 ,  H04L9/14 ,  H04W36/08 ,  H04W48/18 ,  H04W88/08

CPC classification number: H04W12/04 ,  H04B1/406 ,  H04L9/14 ,  H04L63/06 ,  H04L63/10 ,  H04L2209/24 ,  H04W12/08 ,  H04W12/10 ,  H04W36/0022 ,  H04W36/0038 ,  H04W36/08 ,  H04W48/18 ,  H04W88/06 ,  H04W88/08

Abstract: Solution for security negotiation during handover of a user equipment (UE) between different radio access technologies is provided. In the solution, the UE receives non-access stratum (NAS) security information and access stratum (AS) security information which are selected by the target system and then performs security negotiation with the target system according to the received NAS security information and AS security information. As such, the UE may obtain the key parameter information of the NAS and AS selected by a long term evolution (LTE) system and perform security negotiation with the LTE system when the UE hands over from a different system, such as a universal terrestrial radio access network (UTRAN), to the LTE system.

公开(公告)号：US09578496B2

公开(公告)日：2017-02-21

申请号：US14079350

申请日：2013-11-13

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaoying Xu ,  Jing Chen

IPC: H04M3/42 ,  H04W12/04 ,  H04W36/00 ,  H04B1/403 ,  H04W88/06 ,  H04W12/08 ,  H04L9/14 ,  H04W36/08 ,  H04W48/18 ,  H04W88/08

CPC classification number: H04W12/04 ,  H04B1/406 ,  H04L9/14 ,  H04L63/06 ,  H04L63/10 ,  H04L2209/24 ,  H04W12/08 ,  H04W12/10 ,  H04W36/0022 ,  H04W36/0038 ,  H04W36/08 ,  H04W48/18 ,  H04W88/06 ,  H04W88/08

Abstract: Solution for security negotiation during handover of a user equipment (UE) between different radio access technologies are provided. In the solution, the UE receives NAS security information and AS security information which are selected by the target system and then performs security negotiation with the target system according to the received NAS security information and AS security information. As such, the UE may obtain the key parameter information of the NAS and AS selected by a LTE system and perform security negotiation with the LTE system when the UE hands over from a different system, such as a UTRAN, to the LTE system.

Abstract translation: 提供了用于在不同无线电接入技术之间的用户设备（UE）切换期间的安全协商的解决方案。 在该解决方案中，UE接收目标系统选择的NAS安全信息和AS安全信息，然后根据接收的NAS安全信息和AS安全信息，与目标系统进行安全协商。 因此，UE可以获取LTE系统选择的NAS和AS的密钥参数信息，并且当UE从诸如UTRAN的不同系统切换到LTE系统时，与LTE系统进行安全协商。

公开(公告)号：US20160360388A1

公开(公告)日：2016-12-08

申请号：US15243333

申请日：2016-08-22

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lijia Zhang ,  Jing Chen ,  Yixian Xu ,  Yali Guo

IPC: H04W4/14 ,  H04L12/58 ,  H04W12/08 ,  H04W4/00

CPC classification number: H04W4/14 ,  H04L51/30 ,  H04W4/70 ,  H04W12/08 ,  H04W12/12 ,  H04W48/14

Abstract: Embodiments provide an MTC device communication method, device, and system. A second network element receives, a query message sent by a first network element after the first network element identifies that a type of a received short message is a preset-type short message. The query message comprises an identifier of a receiver of the short message and an identifier of a sender of the short message. The second network element checks whether the sender is authorized to send the preset-type short message to the receiver. The second network element sends a message to the first network element indicating whether or not to send the short message to the receiver.

Abstract translation: 实施例提供MTC设备通信方法，设备和系统。 第二网元在第一网元识别出所接收的短消息的类型是预设类型的短消息之后接收由第一网元发送的查询消息。 查询消息包括短消息的接收者的标识符和短消息的发送者的标识符。 第二网络元件检查发送者是否被授权向接收者发送预设类型的短消息。 第二网元向第一网元发送消息，指示是否向接收者发送短消息。