公开(公告)号：US11296877B2

公开(公告)日：2022-04-05

申请号：US16716044

申请日：2019-12-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan ,  Rong Wu ,  Shuaishuai Tan

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  H04W8/00 ,  H04L29/08 ,  H04W12/06

Abstract: A discovery method and apparatus based on a service-based architecture, where the method includes a control network element sending a discovery response to a first functional network element, where the discovery response includes a determined security parameter and an access address or an identifier of a second functional network element. The first functional network element receives the discovery response from the control network element, and sends an access request to the second functional network element based on the address or the identifier of the second functional network element, where the access request includes the received security parameter. The second functional network element receives the access request from the first functional network element, verifies correctness of the security parameter, and determines, based on the correctness of the security parameter, whether the access request is authorized by the first functional network element.

公开(公告)号：US11228905B2

公开(公告)日：2022-01-18

申请号：US16720673

申请日：2019-12-19

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Lu Gan ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04L29/06 ,  H04W12/041 ,  H04W36/00 ,  H04W36/08 ,  H04W12/04 ,  H04W12/08 ,  H04W12/06 ,  H04W12/033 ,  H04W12/0431

Abstract: A security implementation method, a related apparatus, and a system, where the method includes receiving, by a first network element, a request for handing over a user equipment from a source access network device to a target access network device to perform communication. The method further includes: obtaining, by the first network element, a security key, where the security key is used for protecting the communication between the user equipment and the target access network device after the user equipment is handed over from the source access network device to the target access network device; and sending, by the first network element, the security key to the target access network device.

公开(公告)号：US11218314B2

公开(公告)日：2022-01-04

申请号：US16566018

申请日：2019-09-10

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shuaishuai Tan ,  Lu Gan ,  Bo Zhang ,  Rong Wu

IPC: H04L29/06 ,  H04L9/32

Abstract: A network function service invocation method includes sending, by a first network function network element, a first request message to an authorization network element, wherein the first request message is used to request permission to invoke a first network function service provided by a second network function network element, performing, by the authorization network element, identity authentication on the first network function network element; generating, by the authorization network element, a token when determining that the identity authentication succeeds, wherein the token is used to indicate that the first network function network element has the permission to invoke the first network function service of the second network function network element, and sending, by the authorization network element, a token to the first network function network element.

公开(公告)号：US10903987B2

公开(公告)日：2021-01-26

申请号：US15978794

申请日：2018-05-14

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan

IPC: H04L9/08 ,  H04W12/04 ,  H04L9/06 ,  H04L9/32 ,  H04L29/06

Abstract: This application provides a key configuration method and an apparatus. A key management center obtains a service key, and performs encryption and/or integrity protection on the service key to obtain a token. The key management center sends the token to a first network element, the first network element forwards the token to a second network element, and the second network element obtains the service key based on the token. The service key is used to perform encryption and/or integrity protection on data transmitted between the first network element and the second network element. Therefore, security key configuration can be implemented through interaction between the key management center and the network elements, thereby laying a foundation for end-to-end security communication between the first network element and the second network element.

公开(公告)号：US20210007018A1

公开(公告)日：2021-01-07

申请号：US17029542

申请日：2020-09-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lu Gan

IPC: H04W36/00 ,  H04L29/08

Abstract: A source mobile edge computing (MEC) platform sends first indication information to an application server (AS) when determining that a target application is to stop processing service data of user equipment (UE), wherein the first indication information indicates that the service data of the UE is to be processed in the AS. The target application is deployed on the source MEC platform to process the service data of the UE. The AS is configured to respond to the first indication information and send a first response message to the source MEC platform, wherein the first response message indicates that the AS is ready to process the service data of the UE.

公开(公告)号：US20200008041A1

公开(公告)日：2020-01-02

申请号：US16569415

申请日：2019-09-12

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Bo ZHANG ,  Rong Wu ,  Lu Gan ,  Lichun Li

IPC: H04W8/02 ,  H04W12/10 ,  H04W8/26 ,  H04W36/08

Abstract: Embodiments of the present invention disclose a communication method, a related device, and a system. The system may include a terminal, a first access network node (AN), and a second AN. The first AN is configured to determine that the terminal meets a condition of being handed over from the first AN to the second AN, where a value of a target parameter used for encryption and/or integrity protection when the terminal and the first AN communicate with each other before the terminal is handed over to the second AN is equal to a first reference value. In the system, the first AN may further be configured to send a target message to the second AN to instruct the second AN to obtain a second reference value. The second AN may be configured to obtain the second reference value based on the target message. Furthermore, the terminal may be configured to obtain the second reference value, where the second reference value is used as a value of the target parameter used for encryption and/or integrity protection when the second AN and the terminal communicate with each other. According to the embodiments of the present invention, security performance of the terminal can be improved.

公开(公告)号：US20190281070A1

公开(公告)日：2019-09-12

申请号：US16422051

申请日：2019-05-24

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Chengdong He ,  Lu Gan

IPC: H04L29/06 ,  H04W12/12

Abstract: A system and method for detecting a man-in-the-middle attack, where the includes sending, by a secondary base station, a first check request message to a master base station, wherein the first check request message comprises first identifier information of an evolved random access bearer (ERAB) and a first data packet count value corresponding to the first identifier information; receiving, by the master base station, the first check request message; obtaining second identifier information that matches the first identifier information, wherein the second identifier information is an identifier of a data radio bearer (DRB) corresponding to the ERAB; sending a second check request message to a user terminal, wherein the second check request message comprises the first data packet count value and the second identifier information; and receiving, by the master base station, a check response message from the user terminal.

公开(公告)号：US20190253889A1

公开(公告)日：2019-08-15

申请号：US16388606

申请日：2019-04-18

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan

IPC: H04W12/04 ,  H04W80/10 ,  H04W8/08 ,  H04W76/11 ,  H04W76/25 ,  H04W88/02

CPC classification number: H04W12/0401 ,  H04L9/08 ,  H04W8/08 ,  H04W12/04 ,  H04W12/0403 ,  H04W76/11 ,  H04W76/25 ,  H04W80/10 ,  H04W88/023

Abstract: Embodiments of this application provide an anchor key generation method, device, and system. The method includes generating, by a user equipment, an intermediate key based on a cipher key (CK), an integrity key (IK), and an indication information regarding an operator; generating, by the user equipment, an anchor key based on the intermediate key; generating, by the user equipment, a key (Kamf) based on the anchor key; and deriving, by the user equipment, a 3rd Generation Partnership Project (3GPP) key based on the Kamf.

公开(公告)号：US12155755B2

公开(公告)日：2024-11-26

申请号：US17780902

申请日：2020-11-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lu Gan ,  Jianhao Huang ,  Xiaoshuang Ma ,  Chong Zhou

IPC: H04L9/08 ,  G16Y30/10 ,  H04L9/06

Abstract: A key negotiation method and an electronic device are provided, and relate to the field of communications technologies. Specifically, the method includes: An IoT control device multicasts, in a first local area network, a discovery message that carries a first public key, and sends a second ciphertext to a first IoT device after receiving a first ciphertext and a second public key. After receiving a third ciphertext from the first IoT device, the IoT control device decrypts the third ciphertext based on a first session key, to obtain a second signature and second session information; verifies the second signature based on a long-term public key of the first IoT device; and performs encrypted communication with the first IoT device based on the first session key after the second signature is successfully verified.

公开(公告)号：US12010105B2

公开(公告)日：2024-06-11

申请号：US17684820

申请日：2022-03-02

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lu Gan ,  Xiaoshuang Ma ,  Jianhao Huang ,  Chao He

IPC: H04L9/40 ,  G06F21/53

CPC classification number: H04L63/0442 ,  G06F21/53 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/18

Abstract: A first device and a home hub have a same TEE platform, and a second device and the home hub have different TEE platforms. A control method includes the home hub receiving an identity credential of the second device and public key information of the first device from the second device. The home hub controls an IoT device based on the identity credential of the second device. The home hub receives private key information that is of the first device and that is from the first device. The home hub forms an identity credential of the first device based on the public key information of the first device and the private key information of the first device to control the IoT device.