公开(公告)号：US20230077391A1

公开(公告)日：2023-03-16

申请号：US17990963

申请日：2022-11-21

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Longhua GUO ,  He LI ,  Rong WU

IPC: H04L9/40

Abstract: Embodiments of this disclosure provide a communication protection method and apparatus, a device, and a computer-readable medium. The communication protection method includes: A terminal device sends an application session establishment request message to a first application function network element (AF), where the application session establishment request message includes an AKMA key identifier; and the terminal device receives an application session establishment response message from the first AF, where the application session establishment response message includes a security activation indication. The security activation indication indicates whether to activate security protection on communication between the terminal device and a second AF, the security protection includes confidentiality protection and/or integrity protection performed based on a security key, and the security key is generated based on an AKMA key corresponding to the AKMA key identifier.

公开(公告)号：US20210400490A1

公开(公告)日：2021-12-23

申请号：US17462260

申请日：2021-08-31

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong WU ,  He LI

IPC: H04W12/106 ,  H04W12/033 ,  H04W28/06

Abstract: Embodiments of this application relate to a communication method and device. The communication method includes the following steps: receiving, by a terminal device, a first message from an access network device, where the first message includes first information indicating whether to activate a user plane data integrity protection function or whether the access network device supports a user plane data integrity protection function; and if the terminal device cannot identify the first information, discarding or storing the first information.

公开(公告)号：US20240179525A1

公开(公告)日：2024-05-30

申请号：US18431440

申请日：2024-02-02

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He LI ,  Rong WU

IPC: H04W12/08

CPC classification number: H04W12/08

Abstract: The present disclosure relates to secure communication methods applicable to a scenario in which a terminal device accesses a network in a manner of non-seamless wireless local area network offloading (NSWO). In one example method, a unified data management entity receives indication information from an authentication server function entity, and the unified data management entity selects extensible authentication protocol-authentication and key agreement (EAP-AKA′), from at least two authentication manners based on the indication information, to perform authentication with the terminal device.

公开(公告)号：US20230362201A1

公开(公告)日：2023-11-09

申请号：US18348905

申请日：2023-07-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li HU ,  Rong WU

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/102

Abstract: Embodiments of this application provide a security policy processing method and a communication device. A target access network device receives, from a source access network device, a message that includes indication information. Then, when the indication information indicates that a terminal device supports on-demand user plane security protection between the terminal device and an access network device, the target access network device sends, to a mobility management entity, a path switch request that carries a user plane security policy 021, where the user plane security policy indicates whether to enable user plane integrity protection.

公开(公告)号：US20230024999A1

公开(公告)日：2023-01-26

申请号：US17956941

申请日：2022-09-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Yizhuang WU ,  He LI ,  Rong WU

IPC: H04L9/40 ,  H04L67/141

Abstract: This application provides a communication system, method, and apparatus, to resolve a prior-art problem that a terminal device does not know how to initiate a correct procedure to establish a communication connection to an application function AF to obtain a business service. A principle of the method is as follows: An AF sends a service mode supported by the AF to UE by using a core network. Therefore, before initiating a service to the AF, the UE can sense the service mode supported by the AF, and the UE initiates a correct connection establishment procedure to the AF based on the service mode supported by the AF.

公开(公告)号：US20230019089A1

公开(公告)日：2023-01-19

申请号：US17954167

申请日：2022-09-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He LI ,  Rong WU ,  Yizhuang WU

IPC: H04L9/32 ,  H04L9/08

Abstract: This application provides a communication system, method, and apparatus. The system is applied to implement AKMA service-based data transmission between a terminal device and an application function network element, and the system includes an AKMA anchor function network element and a network exposure function network element. The network exposure function network element obtains first identification information from a unified data management network element, where the first identification information is used to determine an authentication server function network element corresponding to the terminal device, and sends the first identification information to the AKMA anchor function network element. The AKMA anchor function network element obtains, from the unified data management network element based on the first identification information, identification information of the authentication server function network element corresponding to the terminal device.

公开(公告)号：US20220060896A1

公开(公告)日：2022-02-24

申请号：US17520186

申请日：2021-11-05

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong WU ,  Philip GINZBOORG ,  Valtteri NIEMI

IPC: H04W12/06 ,  H04W12/04

Abstract: The present disclosure relates to authentication methods, apparatus, and systems. In one example authentication method, user equipment (UE) sends a first request message to a first authentication node, where the first request message includes first indication information indicating whether the UE includes a universal subscriber identity module (USIM). The UE receives a second request message sent by the first authentication node, where the second request message includes a random number (RAND) and an authentication token (AUTN) in first authentication information or in second authentication information, where the first authentication information is for the USIM included in the UE, and the second authentication information is for mobile equipment included in the UE when the UE does not include the USIM. The UE determines a root key and a user response (RES) based on the second request message.

公开(公告)号：US20210344716A1

公开(公告)日：2021-11-04

申请号：US17377425

申请日：2021-07-16

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong WU

IPC: H04L29/06 ,  H04L29/08

Abstract: A session configuration method and a session configuration apparatus are disclosed. According to the session configuration method, a terminal device sends, to a session management network element, a session establishment request used to request to establish a first session. After receiving the session establishment request, the session management network element sends redundant transmission security information to an access network device. After receiving the redundant transmission security information, the access network device sends the redundant transmission security information to the terminal device. The redundant transmission security information is used to indicate security keys and security policies of the first session and a second session that need to be established by the terminal device. The second session is a redundant session of the first session.

公开(公告)号：US20210168594A1

公开(公告)日：2021-06-03

申请号：US17171397

申请日：2021-02-09

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong WU ,  Bo ZHANG ,  Shuaishuai TAN

IPC: H04W12/033 ,  H04W12/0433 ,  H04W76/12 ,  H04W88/16 ,  H04W12/10

Abstract: This application provides an example secure session method and apparatus. The method includes receiving, by a user plane gateway, a service request message from user equipment UE, where the service request message is used to request to establish a connection between the UE and a service server in a data network. The user plane gateway and the UE separately generate an encryption key and an integrity protection key based on the service request message, and activate encryption protection and/or integrity protection based on the generated encryption key and integrity protection key.

公开(公告)号：US20210058771A1

公开(公告)日：2021-02-25

申请号：US17031534

申请日：2020-09-24

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong WU ,  Bo ZHANG ,  Shuaishuai TAN

IPC: H04W12/00 ,  H04W12/10 ,  H04L9/08

Abstract: Embodiments of this application provide a key generation method, applied to a scenario in which a base station is divided into a centralized unit and a distributed unit and a control plane and a user plane of the centralized unit are separated. And the control plane entity of the centralized unit obtains a root key, generates a user plane security key based on the root key, and sends the first user plane security key to the user plane entity of the first centralized unit. According to this application, key isolation between different user plane entities is implemented. Further, in an actual operation, the control plane entity or the user plane entity of the centralized unit may be flexibly selected to generate the user plane security key.