公开(公告)号：US11546771B2

公开(公告)日：2023-01-03

申请号：US16834858

申请日：2020-03-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He Li ,  Yizhuang Wu ,  Jing Chen

IPC: H04W12/37 ,  H04W28/02 ,  H04W12/033 ,  H04W12/106

Abstract: A communication method includes receiving, by an access network (AN) node, indication information from a mobility management device. The indication information is indicative of a security policy of a quality of service (QoS) flow. The method also includes obtaining, by the access network node based on the indication information, security information of a radio bearer corresponding to the QoS flow. The security information is indicative of a security policy of the radio bearer. The method further includes sending, by the access network node, an identifier of the radio bearer and the security information of the radio bearer to a terminal.

公开(公告)号：US11445370B2

公开(公告)日：2022-09-13

申请号：US16453833

申请日：2019-06-26

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He Li ,  Jing Chen

IPC: H04W12/069 ,  H04L9/08 ,  H04L9/32 ,  H04W12/062

Abstract: A method and device for verifying a key requester are described. The method may include a security function entity receiving a request message sent by a user management function (UMF) entity. The method may also include decrypting information in the request message by using a private key of the security function entity, and obtaining the information carried in the request message after signature verification on decrypted information using a public key in a certificate of the UMF entity succeeds. Furthermore, the method may include determining to provide a key of a user equipment (UE) for the UMF entity, when determining that a first verification parameter carried in the request message is valid and determining that an identifier which is of the UMF entity and which is carried in the request message is the same as an identifier of a UMF entity to which the UE attaches.

公开(公告)号：US11265723B2

公开(公告)日：2022-03-01

申请号：US16783976

申请日：2020-02-06

Applicant: Huawei Technologies Co., Ltd.

Inventor： Ahmad Shawky Muhanna ,  He Li ,  Mazin Ali Al-Shalash

IPC: H04W12/00 ,  H04L29/06 ,  H04W12/60

Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.

公开(公告)号：US11140545B2

公开(公告)日：2021-10-05

申请号：US16522278

申请日：2019-07-25

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Kai Pan ,  He Li ,  Jing Chen ,  Li Hu

IPC: H04L29/06 ,  H04W12/03 ,  H04W8/20 ,  H04W12/10 ,  H04W12/041

Abstract: The present disclosure relates to methods, apparatus, and systems for protecting data in a communications system. One example method includes obtaining, by a core network node, information associated with a service of a terminal device, and determining, by the core network node and based on the information associated with the service, a network node that is to perform security protection on data of the service.

公开(公告)号：US11005899B2

公开(公告)日：2021-05-11

申请号：US16455749

申请日：2019-06-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jinzhou Ye ,  Ridong Xu ,  Biao Zhang ,  Shufeng Shi ,  Boqiang Luo

IPC: H04L29/06 ,  H04L12/24 ,  H04L29/14 ,  H04L12/14 ,  H04L12/26

Abstract: A method, a related apparatus, and a system for recovering a called service of a terminal are provided. The method includes: when a called request of a user terminal is received, querying an initial proxy-call session control function (P-CSCF) entity with which the user terminal currently registers; if it is detected that the initial P-CSCF is faulty, selecting an available P-CSCF and sending, to the available P-CSCF, a notification message that carries a redundancy identifier, where the redundancy identifier is used to instruct the available P-CSCF to trigger the user terminal to re-register with the P-CSCF; and when a registration complete message sent by the P-CSCF with which the user terminal re-registers is received, delivering the called request to the re-registered P-CSCF to bear a called service of the user terminal.

公开(公告)号：US20200275276A1

公开(公告)日：2020-08-27

申请号：US16874306

申请日：2020-05-14

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jing Chen

IPC: H04W12/10 ,  H04W12/04 ,  H04W12/12 ,  H04W12/00 ,  H04L29/06

Abstract: A security protection method and an apparatus to implement security protection for a plurality of non-access stratum (NAS) connection links. The method includes determining, by a terminal, a first parameter, where the first parameter is used to indicate an access technology used to transmit a non-access stratum NAS message. The terminal can support at least two access technologies, and can separately maintain a corresponding NAS COUNT for each of the at least two access technologies. The method further includes performing, by the terminal, security protection on the NAS message based on the first parameter, a NAS key, and a NAS COUNT corresponding to an access technology used to transmit the NAS message.

公开(公告)号：US20190246282A1

公开(公告)日：2019-08-08

申请号：US16386462

申请日：2019-04-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jing Chen ,  Li Hu

IPC: H04W12/10 ,  H04W12/04 ,  H04W76/27 ,  H04W80/10 ,  H04W8/08

Abstract: A communication method and a related apparatus are provided. A base station obtains a security policy, where the security policy includes integrity protection indication information, and the integrity protection indication information is used to indicate the base station whether to enable integrity protection for a terminal device; and when the integrity protection indication information indicates the base station to enable integrity protection for the terminal device, the base station sends a target user plane integrity protection algorithm to the terminal device.

公开(公告)号：US20190208416A1

公开(公告)日：2019-07-04

申请号：US16298387

申请日：2019-03-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jing Chen ,  Jiangsheng Wang

IPC: H04W12/04 ,  H04L9/08

CPC classification number: H04W12/0401 ,  H04L9/08 ,  H04L9/0877 ,  H04L63/205 ,  H04W12/04 ,  H04W12/04033 ,  H04W12/04071 ,  H04W76/15

Abstract: Embodiments of the present invention provide a key negotiation method and apparatus. The method includes: obtaining, by a first base station, a selected key generation capability, and generating a first key parameter based on the selected key generation capability; sending, by the first base station, the first key parameter to a second base station, where the first key parameter is forwarded by the second base station to a terminal; and obtaining, by the first base station, a second key parameter generated by the terminal, and generating a first base key based on the first key parameter and the second key parameter. The first base station independently generates the base key, and the second base station plays only a role of parameter transfer.

公开(公告)号：US20190110194A1

公开(公告)日：2019-04-11

申请号：US16206497

申请日：2018-11-30

Applicant: Huawei Technologies Co., Ltd.

Inventor： Hualin Zhu ,  He Li ,  Weisheng Jin

IPC: H04W12/04 ,  H04W12/00 ,  H04L9/08

Abstract: Embodiments of this application relate to the field of communications technologies, and provide a network connection method and an apparatus. The method carried out by a network control element includes: sending a first connection parameter to a terminal, and sending a second connection parameter to a security node, so that a network connection between the terminal and the security node is established by using the first connection parameter and the second connection parameter, where the first connection parameter is used for decrypting data encrypted by using the second connection parameter, correspondingly, the second connection parameter is used for decrypting data encrypted by using the first connection parameter, and the first connection parameter and the second connection parameter each include a security parameter used when the terminal and the security node establish the network connection.

公开(公告)号：US09894110B2

公开(公告)日：2018-02-13

申请号：US15015008

申请日：2016-02-03

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jinzhou Ye ,  Ridong Xu ,  Biao Zhang ,  Shufeng Shi ,  Boqiang Luo

IPC: H04L12/66 ,  H04L29/06 ,  H04L12/24 ,  H04L12/14 ,  H04L29/14 ,  H04L12/26

CPC classification number: H04L65/1069 ,  H04L12/1407 ,  H04L41/0668 ,  H04L41/0893 ,  H04L43/10 ,  H04L65/00 ,  H04L65/1016 ,  H04L65/1046 ,  H04L65/1073 ,  H04L69/40

Abstract: Embodiments of the present invention disclose a method, a related apparatus, and a system for recovering a called service of a terminal. The method includes: when a called request of a user terminal is received, querying an initial proxy-call session control function (P-CSCF) entity with which the user terminal currently registers; if it is detected that the initial P-CSCF is faulty, selecting an available P-CSCF and sending, to the available P-CSCF, a notification message that carries a redundancy identifier, where the redundancy identifier is used to instruct the available P-CSCF to trigger the user terminal to re-register with the P-CSCF; and when a registration complete message sent by the P-CSCF with which the user terminal re-registers is received, delivering the called request to the re-registered P-CSCF to bear a called service of the user terminal.