公开(公告)号：US20180167813A1

公开(公告)日：2018-06-14

申请号：US15890936

申请日：2018-02-07

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Youyang Yu ,  Jing Chen

IPC: H04W12/06 ,  H04W12/08 ,  H04W48/08 ,  H04W8/04 ,  H04W8/24

CPC classification number: H04W12/06 ,  H04L63/0823 ,  H04L63/126 ,  H04W8/04 ,  H04W8/24 ,  H04W12/08 ,  H04W48/02 ,  H04W48/08

Abstract: A processing method for terminal access to a 3GPP network is provided. A UE sends an access request message to a core network device on the 3GPP network, and the core network device sends an unauthorized access message to the UE after determining that the UE has no permission to access the 3GPP network. The unauthorized access message includes authentication information of the core network device. The UE performs authentication on the core network device according to the authentication information of the core network device, and executes a corresponding network access policy after authentication on the core network device by the UE succeeds, that is, after the UE determines that a source of the unauthorized access message is authorized.

公开(公告)号：US12185395B2

公开(公告)日：2024-12-31

申请号：US17674590

申请日：2022-02-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Longhua Guo ,  Li Hu ,  He Li

IPC: H04W76/12 ,  H04W12/033 ,  H04W12/106 ,  H04W88/14

Abstract: A communications method includes: an integrated access and backhaul (IAB) node receives an uplink data packet from a terminal; the IAB node determines a packet data convergence protocol (PDCP) layer security status of the uplink data packet; the IAB node determines a target secure tunnel from a plurality of secure tunnels between the IAB node and an IAB donor based on the PDCP layer security status of the uplink data packet; and the IAB node sends the uplink data packet to the IAB donor through the target secure tunnel. This application is applicable to a data transmission process.

公开(公告)号：US12127049B2

公开(公告)日：2024-10-22

申请号：US18171198

申请日：2023-02-17

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He Li ,  Jing Chen

IPC: H04W36/00 ,  H04L9/08 ,  H04W8/08 ,  H04W12/033 ,  H04W12/106 ,  H04W48/16 ,  H04W80/10

CPC classification number: H04W36/0038 ,  H04L9/08 ,  H04W8/08 ,  H04W12/033 ,  H04W12/106 ,  H04W48/16 ,  H04W80/10

Abstract: This application relates to the field of wireless communications technologies. Embodiments of this application provide a security protection method, an apparatus, and a system, to resolve a problem of low efficiency in handing over a terminal between serving base stations. The method in this application includes: receiving, by a target access network device, a correspondence between user plane information and a security policy from a source access network device; and determining, by the target access network device based on the correspondence between user plane information and a security policy, a first user plane protection algorithm corresponding to the user plane information, where the first user plane protection algorithm includes one or both of a user plane encryption algorithm and a user plane integrity protection algorithm. This application is applicable to a procedure in which the terminal is handed over between serving base stations.

公开(公告)号：US20240305983A1

公开(公告)日：2024-09-12

申请号：US18666841

申请日：2024-05-17

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Yizhuang Wu ,  Ao Lei ,  He Li

IPC: H04W12/06 ,  H04W12/047 ,  H04W12/72

CPC classification number: H04W12/06 ,  H04W12/047 ,  H04W12/72

Abstract: This application provides a communication method and apparatus, and relates to the communication field, to ensure proximity based service relay communication security. In the method, proximity based service authentication information #1 provided by a data management network element is used, so that a remote terminal and a network may authenticate each other and generate a proximity based service key used for communication between the remote terminal and a relay terminal. Further, the remote terminal device and the relay terminal device derive a communication protection key for a PC5 connection (namely, a connection between the remote terminal and the relay terminal) based on the proximity based service key, which may include at least one of an encryption key and an integrity protection key, so that proximity based service relay communication security is ensured, and a case such as user information leakage caused by an attack is avoided.

公开(公告)号：US20240244436A1

公开(公告)日：2024-07-18

申请号：US18620252

申请日：2024-03-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Li Hu ,  He Li ,  Rong Wu

IPC: H04W12/106 ,  H04W12/041 ,  H04W12/69

CPC classification number: H04W12/106 ,  H04W12/041 ,  H04W12/69

Abstract: This application provides a communication method and apparatus, to implement on-demand user plane integrity protection in a 4G network. The method includes: When a first condition is met, an access network device of a first network standard obtains user plane integrity protection indication information and an integrity protection algorithm identifier of a second network standard, sends a first message including the user plane integrity protection indication information and the integrity protection algorithm identifier to a terminal device, and activates user plane integrity protection for a first DRB based on a first key and the integrity protection algorithm. The first condition includes: determining to establish the first DRB between the access network device and the terminal device, and determining to enable the user plane integrity protection for the first DRB. The user plane integrity protection indication information indicates to enable the user plane integrity protection for the first DRB.

公开(公告)号：US20240214365A1

公开(公告)日：2024-06-27

申请号：US18452575

申请日：2023-08-21

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He Li ,  Ao Lei ,  Rong Wu

IPC: H04L9/40

CPC classification number: H04L63/08

Abstract: This application provides a communication method and apparatus. The method includes: A first network element receives a first request message from a second network element, where the first request message is used to request to perform a first operation on a first terminal device. The first network element determines, based on the first request message, whether the second network element is authorized to request to perform the first operation on the first terminal device. Whether a network element that sends a request message is authorized to request to perform a related operation is verified, to determine whether the network element is an attacker. This reduces impact on a system service resulting from requests of an attacker and improves system security.

公开(公告)号：US11997491B2

公开(公告)日：2024-05-28

申请号：US17380455

申请日：2021-07-20

Applicant: Huawei Technologies Co., Ltd.

Inventor： Longhua Guo ,  He Li ,  Jing Chen

IPC: H04W12/104 ,  H04W4/029

CPC classification number: H04W12/104 ,  H04W4/029

Abstract: A data transmission method includes calculating, by a user equipment (UE), a first message authentication code of first location privacy setting data, sending, by the UE, the first message authentication code and the first location privacy setting data to a data management network element, receiving, by the UE, a second message authentication code from the data management network element, calculating, by the UE, a third message authentication code of the first location privacy setting data, determining, by the UE, that the first location privacy setting data is not tampered with when the second message authentication code is the same as the third message authentication code.

公开(公告)号：US20240155705A1

公开(公告)日：2024-05-09

申请号：US18415324

申请日：2024-01-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yishan Xu ,  Shiyong Tan ,  Hualin Zhu ,  Chuan Ma ,  He Li

IPC: H04W76/10 ,  H04L1/1607 ,  H04W8/20 ,  H04W8/22 ,  H04W48/18

CPC classification number: H04W76/10 ,  H04L1/1642 ,  H04W8/20 ,  H04W8/22 ,  H04W48/18

Abstract: An access network device obtains first information, where the access network device supports a 3rd generation partnership project 3GPP access technology; the access network device establishes a user plane connection to a first terminal device based on the first information; and the access network device obtains user plane data of the first terminal device via the user plane connection, and sends the user plane data to a first fixed network gateway device.

公开(公告)号：US11930008B2

公开(公告)日：2024-03-12

申请号：US17148234

申请日：2021-01-13

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li Hu ,  Weisheng Jin ,  Jing Chen ,  He Li

IPC: G06F7/04 ,  G06F7/58 ,  H04L9/40

CPC classification number: H04L63/0876 ,  G06F7/588 ,  H04L63/126

Abstract: Example subscription information configuration methods and a communications device are described. One example method includes receiving a first device identifier by a network device from a first terminal device in a first access mode and receiving a second device identifier from a second terminal device in a second access mode. The network device determines whether the first device identifier matches the second device identifier to identify legality of the first terminal device. If the first device identifier matches the second device identifier, it indicates that the first terminal device is a legal terminal device. The network device sends subscription information of the first terminal device to the first terminal device in the first access mode, so that the first terminal device successfully accesses a network by using the subscription information.

公开(公告)号：US20230362636A1

公开(公告)日：2023-11-09

申请号：US18348834

申请日：2023-07-07

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Rong Wu ,  Yizhuang Wu

IPC: H04W12/041 ,  H04W12/0433 ,  H04W12/06

CPC classification number: H04W12/041 ,  H04W12/0433 ,  H04W12/06

Abstract: An authentication management function AUSF receives an authentication request message from an access and mobility management function AMF, where the authentication request message carries a subscription concealed identifier SUCI. The AUSF sends an authentication vector get request message to a unified data management UDM function, where the authentication vector get request message carries the SUCI. The AUSF receives an authentication vector get response message from the UDM, where the authentication vector get response message includes authentication and key management for application AKMA indication information. The AUSF generates, based on the AKMA indication information, an authentication and key management for application-key identifier based on a routing indicator RID in the SUCI.