-
公开(公告)号:US11924629B2
公开(公告)日:2024-03-05
申请号:US17245991
申请日:2021-04-30
Applicant: Huawei Technologies Co., Ltd.
IPC: H04L9/00 , H04L9/08 , H04L9/40 , H04W8/08 , H04W12/04 , H04W12/041 , H04W12/043 , H04W12/0431 , H04W12/0433 , H04W76/11 , H04W76/25 , H04W80/10 , H04W88/02
CPC classification number: H04W12/041 , H04L9/08 , H04L63/0869 , H04W8/08 , H04W12/04 , H04W12/043 , H04W12/0431 , H04W12/0433 , H04W76/11 , H04W76/25 , H04W80/10 , H04W88/023
Abstract: An anchor key generation method, device, and system, where the method includes generating, by a unified data management network element (UDM), an intermediate key based on a cipher key (CK), an integrity key (IK), and indication information regarding an operator; sending, by the UDM, the intermediate key to an authentication server function (AUSF); receiving, by the AUSF, the intermediate key; generating, by the AUSF, an anchor key based on the intermediate key; sending, by the AUSF, the anchor key to a security anchor function (SEAF); and generating, by the SEAF, a key (Kamf) based on the anchor key, where the Kamf is used to derive a 3rd Generation Partnership Project (3GPP) key.
-
公开(公告)号:US10743368B2
公开(公告)日:2020-08-11
申请号:US16351772
申请日:2019-03-13
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Abstract: Embodiments of the present disclosure disclose a network roaming protection method and related device. The method includes: receiving, by a visited session management device, a first session establishment request that includes a first security requirement; obtaining, by the visited session management device, a target security policy, where the target security policy is obtained by processing the first security requirement set and a second security requirement set using a preset rule; and sending the target security policy to the UE instructing the UE to generate a target shared key based on a reference shared key and according to a rule defined by the target security policy, where the target shared key is used to protect secure end-to-end data transmission between the UE and the visited gateway.
-
公开(公告)号:US10588014B2
公开(公告)日:2020-03-10
申请号:US16409207
申请日:2019-05-10
Applicant: Huawei Technologies Co., Ltd.
Inventor: Rong Wu , Lu Gan , Bo Zhang , Shuaishuai Tan
Abstract: A security implementation method includes receiving, by a first network element, a request for handing over user equipment from a source access network device to a target access network device to perform communication. The method further includes obtaining, by the first network element, a security key, where the security key is used for protecting the communication between the user equipment and the target access network device after the user equipment is handed over from the source access network device to the target access network device, and sending, by the first network element, the security key to the target access network device.
-
公开(公告)号:US20190215903A1
公开(公告)日:2019-07-11
申请号:US16351254
申请日:2019-03-12
Applicant: Huawei Technologies Co., Ltd.
CPC classification number: H04W12/04 , H04W12/0401 , H04W12/08 , H04W36/00 , H04W36/0038
Abstract: A method includes: receiving, by a session management device, a path switching request used to request to hand over user equipment UE from a source network to a target network; obtaining a target security policy based on the path switching request, and obtaining a second shared key generated based on a first shared key and the target security policy, and sending the second shared key to a target gateway; and sending, by the session management device, the second shared key to the UE; or sending the target security policy to the UE, so that the UE generates the second shared key based on the first shared key and the target security policy, where the second shared key is used to perform end-to-end protection on secure data transmission between the UE and the target gateway.
-
公开(公告)号:US20190124502A1
公开(公告)日:2019-04-25
申请号:US16224999
申请日:2018-12-19
Applicant: HUAWEI TECHNOLOGIES CO.,LTD.
Abstract: This application provides a key configuration method. A session management network element receives a request for end-to-end communication and obtains a security policy, where the security policy is determined based on at least one of: a user security requirement that is of the user equipment and that is preconfigured on a home subscriber server, a service security requirement from the user equipment, a security capability requirement supported by the user equipment, a security capability requirement from a carrier network, and a security requirement of a device on the other end of the end-to-end communication. The session management network element obtains a protection key used for protecting the end-to-end communication. The session management network element sends the security policy to the devices on two ends of the end-to-end communication.
-
Patent Agency Ranking
公开(公告)号:US20170012997A1
公开(公告)日:2017-01-12
申请号:US15270722
申请日:2016-09-20
Applicant: Huawei Technologies Co., Ltd.
Inventor: Rong Wu , Chengdong He , Lu Gan
IPC: H04L29/06
CPC classification number: H04L63/14 , H04L63/12 , H04L63/1441 , H04W12/12
Abstract: A method and an apparatus for detecting a man-in-the-middle attack, where the method includes receiving, by a macro evolved Node B (MeNB), a first check request message sent by a secondary evolved Node B (SeNB), where the first check request message includes first identifier information and a first data packet count value, generating a second check request message according to the first identifier information, sending the second check request message to a user terminal, receiving a first check response message generated by the user terminal according to the second check request message, where the first check response message includes second identifier information and a second data packet count value, determining, by the MeNB, that the man-in-the-middle attack exists between the SeNB and the user terminal when the first data packet count value is different from the second data packet count value.
Abstract translation: 一种用于检测中间人攻击的方法和装置,其中所述方法包括由宏演进节点B(MeNB)接收由次演进节点B(SeNB)发送的第一检查请求消息,其中 所述第一检查请求消息包括第一标识信息和第一数据包计数值,根据所述第一标识信息生成第二检查请求消息,向所述用户终端发送所述第二检查请求消息,接收所述第一检查请求消息, 用户终端根据第二检查请求消息,其中第一检查响应消息包括第二标识符信息和第二数据包计数值,由MeNB确定在SeNB和第二检查请求消息之间存在中间人攻击 当第一数据分组计数值与第二数据分组计数值不同时,用户终端。
-
47.发明申请公开(公告)号:US20160249209A1
公开(公告)日:2016-08-25
申请号:US15143095
申请日:2016-04-29
Applicant: Huawei Technologies Co., Ltd.
Inventor: Bo Zhang , Chengdong He , Lu Gan
CPC classification number: H04W12/04 , H04L9/0816 , H04L63/205 , H04W76/14
Abstract: A negotiation processing method for a security algorithm, a control network element, and a control system where the negotiation processing method for a security algorithm includes selecting, by a control network element according to a security capability of first user equipment (UE) and a security capability of second UE, a security algorithm supported by both the first UE and the second UE, and notifying, by the control network element, the selected security algorithm to the first UE and the second UE, and hence, negotiation of a security algorithm between two UEs in proximity communication can be implemented under the control of a control network element.
Abstract translation: 一种用于安全算法的协商处理方法,控制网元和控制系统,其中安全算法的协商处理方法包括:根据第一用户设备(UE)的安全能力和安全性 第二UE的能力,由第一UE和第二UE支持的安全算法,以及由控制网元向所述第一UE和所述第二UE通知所选择的安全算法,并且因此在所述第一UE和所述第二UE之间进行安全算法的协商 接近通信中的两个UE可以在控制网元的控制下实现。
-
公开(公告)号:US20160248857A1
公开(公告)日:2016-08-25
申请号:US15146690
申请日:2016-05-04
Applicant: Huawei Technologies Co., Ltd.
Inventor: Bo Zhang , Chengdong He , Lu Gan
CPC classification number: H04L67/141 , H04L9/0838 , H04L63/06 , H04L69/24 , H04L2209/80 , H04W12/04 , H04W76/14
Abstract: A method and apparatus of key negotiation processing, which includes acquiring, by a control network element, a first key negotiation parameter and a second key negotiation parameter, and sending, by the control network element, the first key negotiation parameter and/or the second key negotiation parameter to the first user equipment UE and a second UE such that the first UE and the second UE generate a key according to the first key negotiation parameter and the second key negotiation parameter. Key negotiation may be performed between two UEs that perform proximity communication.
Abstract translation: 一种密钥协商处理的方法和装置,包括由控制网元获取第一密钥协商参数和第二密钥协商参数,并由控制网元发送第一密钥协商参数和/或第二密钥协商参数 密钥协商参数给第一用户设备UE和第二UE,使得第一UE和第二UE根据第一密钥协商参数和第二密钥协商参数生成密钥。 可以在执行邻近通信的两个UE之间执行密钥协商。
-
公开(公告)号:US12284521B2
公开(公告)日:2025-04-22
申请号:US18043463
申请日:2021-07-26
Applicant: Huawei Technologies Co., Ltd.
Inventor: Lu Gan
IPC: H04W12/08 , H04W12/0431 , H04W12/40
Abstract: An Internet of Things (IoT) device authorization method includes an IoT device that wirelessly communicates with a first electronic device and a second electronic device. The IoT device includes a processor, a memory, a first antenna, and a second antenna. A transmit distance of the second antenna is less than a transmit distance of the first antenna. When instructions stored in the memory are executed by the processor, the IoT device is configured to receive a first message indicating to add a shared control device for the IoT device; send, through the second antenna, a second message including device information of the IoT device; receive, in response to the second message, a third message including device information of the second electronic device; and send, through the first antenna, a fourth message including the device information of the second electronic device to the first electronic device.
-
公开(公告)号:US11956361B2
公开(公告)日:2024-04-09
申请号:US17540664
申请日:2021-12-02
Applicant: Huawei Technologies Co., Ltd.
Inventor: Shuaishuai Tan , Lu Gan , Bo Zhang , Rong Wu
CPC classification number: H04L9/3213 , H04L9/3247 , H04L63/10
Abstract: A network function service invocation method includes sending, by a first network function network element, a first request message to an authorization network element, wherein the first request message is used to request permission to invoke a first network function service provided by a second network function network element, performing, by the authorization network element, identity authentication on the first network function network element, generating, by the authorization network element, a token when determining that the identity authentication succeeds, wherein the token is used to indicate that the first network function network element has the permission to invoke the first network function service of the second network function network element, and sending, by the authorization network element, a token to the first network function network element.
-
-
-
-
-
-
-
-
-
Search Results
63
records
(took 0.025 seconds)
