公开(公告)号：US10856141B2

公开(公告)日：2020-12-01

申请号：US16520369

申请日：2019-07-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan

IPC: H04L29/06 ,  H04W12/00 ,  H04W76/18 ,  H04W12/04 ,  H04W12/10

Abstract: A security protection negotiation method and a network element are disclosed, to implement, based on a 5G network architecture, negotiation between UE and a UPF to start user plane security protection for a current session. The method includes: determining, by an SMF, security protection information used on a user plane in a current session process; sending, by the SMF to UE, a first message including the security protection information used on the user plane; performing, by the UE, integrity protection authentication on the first message based on the security protection information used on the user plane; when the authentication performed by the UE on the first message succeeds, starting, by the UE, user plane security protection, and sending, to the SMF, a second message used to indicate that the authentication performed by the UE on the first message succeeds.

公开(公告)号：US10826688B2

公开(公告)日：2020-11-03

申请号：US15905494

申请日：2018-02-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan ,  Philip Ginzboorg

IPC: H04W12/04 ,  H04L9/08 ,  H04L29/06 ,  H04L9/14 ,  H04L29/08 ,  H04W12/08

Abstract: A key distribution and receiving method includes obtaining, by a first key management center, NAF key information of the first network element and a NAF key of the first network element, wherein the NAF key information of the first network element is information required to obtain the NAF key of the first network element. A service key is obtained. Using the NAF key of the first network element to perform encryption and/or integrity protection on the service key, a first security protection parameter is generated. A first generic bootstrapping architecture GBA push message is sent to the first network element. The GBA push message carries the first security protection parameter and the NAF key information of the first network element.

公开(公告)号：US20190274038A1

公开(公告)日：2019-09-05

申请号：US16409207

申请日：2019-05-10

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Lu Gan ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04W12/04 ,  H04W36/00 ,  H04W36/08 ,  H04W12/00

Abstract: A security implementation method includes receiving, by a first network element, a request for handing over user equipment from a source access network device to a target access network device to perform communication. The method further includes obtaining, by the first network element, a security key, where the security key is used for protecting the communication between the user equipment and the target access network device after the user equipment is handed over from the source access network device to the target access network device, and sending, by the first network element, the security key to the target access network device.

公开(公告)号：US10320917B2

公开(公告)日：2019-06-11

申请号：US15146690

申请日：2016-05-04

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Chengdong He ,  Lu Gan

IPC: H04L29/08 ,  H04L9/08 ,  H04W12/04 ,  H04L29/06 ,  H04W76/14

Abstract: A method and apparatus of key negotiation processing, which includes acquiring, by a control network element, a first key negotiation parameter and a second key negotiation parameter, and sending, by the control network element, the first key negotiation parameter and/or the second key negotiation parameter to the first user equipment UE and a second UE such that the first UE and the second UE generate a key according to the first key negotiation parameter and the second key negotiation parameter. Key negotiation may be performed between two UEs that perform proximity communication.

公开(公告)号：US10028136B2

公开(公告)日：2018-07-17

申请号：US15143095

申请日：2016-04-29

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Chengdong He ,  Lu Gan

IPC: H04L29/06 ,  H04W12/04 ,  H04L9/08 ,  H04W76/14

CPC classification number: H04W12/04 ,  H04L9/0816 ,  H04L63/205 ,  H04W76/14

Abstract: A negotiation processing method for a security algorithm, a control network element, and a control system where the negotiation processing method for a security algorithm includes selecting, by a control network element according to a security capability of first user equipment (UE) and a security capability of second UE, a security algorithm supported by both the first UE and the second UE, and notifying, by the control network element, the selected security algorithm to the first UE and the second UE, and hence, negotiation of a security algorithm between two UEs in proximity communication can be implemented under the control of a control network element.

公开(公告)号：US20230344635A1

公开(公告)日：2023-10-26

申请号：US18341985

申请日：2023-06-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rui Shi ,  Lu Gan ,  Chao He

IPC: H04L9/32 ,  H04L9/08 ,  H04W12/06

CPC classification number: H04L9/3226 ,  H04L9/0869 ,  H04W12/06

Abstract: An identity authentication method and a mobile device. The mobile device performs receiving a first message of an electronic device within a second distance from the electronic device, where the first message includes a randomly generated session key, randomly generating first action information in response to the first message, and obtaining a second message by encrypting the first action information using the session key, sending the second message to the electronic device. displaying first confirmation information to determine whether the electronic device performs a first action indicated by the first action information, receiving first input used for confirmation, and prompting that identity authentication on the electronic device succeeds, where the second distance is less than or equal to a preset secure distance.

公开(公告)号：US11700245B2

公开(公告)日：2023-07-11

申请号：US17700064

申请日：2022-03-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lu Gan ,  Bo Zhang

IPC: H04L29/06 ,  G06F21/00 ,  H04L9/40 ,  H04W12/12 ,  H04W12/02 ,  H04W12/03 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/0433 ,  H04L9/08

CPC classification number: H04L63/061 ,  H04L9/0844 ,  H04L9/0869 ,  H04L63/0457 ,  H04L63/1475 ,  H04W12/02 ,  H04W12/03 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/0433 ,  H04W12/12 ,  H04L9/40 ,  H04L2209/80

Abstract: The present invention disclose a key distribution method. The method includes obtaining, by a first key management system, a shared key of a first network element, where the shared key of the first network element is generated according to a key parameter obtained after the first network element performs authentication or a root key of the first network element; obtaining a service key, where the service key is used to perform encryption and/or integrity protection on communication data in a first service between the first network element and a second network element; performing encryption and/or integrity protection on the service key by using the shared key of the first network element, to generate a first security protection parameter; and sending the first security protection parameter to the first network element. According to present invention, data can be protected against an eavesdropping attack in a sending process.

公开(公告)号：US20230017263A1

公开(公告)日：2023-01-19

申请号：US17780902

申请日：2020-11-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lu Gan ,  Jianhao Huang ,  Xiaoshuang Ma ,  Chong Zhou

IPC: H04L9/08 ,  H04L9/06 ,  G16Y30/10

Abstract: A key negotiation method and an electronic device are provided, and relate to the field of communications technologies. Specifically, the method includes: An IoT control device multicasts, in a first local area network, a discovery message that carries a first public key, and sends a second ciphertext to a first IoT device after receiving a first ciphertext and a second public key. After receiving a third ciphertext from the first IoT device, the IoT control device decrypts the third ciphertext based on a first session key, to obtain a second signature and second session information; verifies the second signature based on a long-term public key of the first IoT device; and performs encrypted communication with the first IoT device based on the first session key after the second signature is successfully verified.

公开(公告)号：US11496320B2

公开(公告)日：2022-11-08

申请号：US16803624

申请日：2020-02-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Bo Zhang ,  Lu Gan ,  Rong Wu ,  Shuaishuai Tan

IPC: H04L9/32 ,  H04L9/30

Abstract: Embodiments of this application provide a registration method and apparatus based on a service-based architecture. In this method, a management network element determines configuration information of a function network element, where the configuration information includes a security parameter; and the management network element sends the configuration information to the function network element. The function network element receives the configuration information sent by the management network element; and the function network element sends a registration request to a control network element based on the configuration information, where the registration request includes the security parameter. The control network element receives the registration request sent by the function network element, where the registration request includes the security parameter; and the control network element verifies correctness of the security parameter, and determines validity of the registration request based on the correctness of the security parameter.

公开(公告)号：US11431695B2

公开(公告)日：2022-08-30

申请号：US16814018

申请日：2020-03-10

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Shuaishuai Tan ,  Lu Gan ,  Bo Zhang ,  Rong Wu

IPC: H04L9/40 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32 ,  H04L47/70 ,  H04W8/18 ,  H04W12/06 ,  H04W12/08 ,  H04W12/0431

Abstract: An authorization method and a network element are disclosed, to implement a third-party authorization function based on a 5G service-based network architecture. The method is: receiving, by a resource control network element, a resource usage request message sent by a terminal device; replacing a first user identifier in the resource usage request message with a second user identifier; sending an authorization request message carrying the second user identifier to an authorization server by using an NEF; receiving, by using the NEF, an authorization response message sent by the authorization server, where the authorization response message includes an authorization result that is obtained by performing authorization based on the second user identifier and the resource usage request message; and allocating a network resource to the terminal device based on the authorization result, and sending a resource allocation response message to the terminal device.