公开(公告)号：US20240040376A1

公开(公告)日：2024-02-01

申请号：US18448235

申请日：2023-08-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04W12/033 ,  H04L9/40 ,  H04W12/10 ,  H04W12/041

CPC classification number: H04W12/033 ,  H04L63/205 ,  H04W12/10 ,  H04W12/041

Abstract: A security negotiation method includes receiving, by a terminal, security negotiation information from a centralized unit control plane (CU-CP)/a centralized unit user plane (CU-UP), where the security negotiation information includes an integrity protection indication identifier of the CU-UP, and determining, by the terminal based on the integrity protection indication identifier, whether to enable user-plane integrity protection of the terminal.

公开(公告)号：US20230354013A1

公开(公告)日：2023-11-02

申请号：US18348473

申请日：2023-07-07

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Yizhuang Wu ,  Rong Wu

IPC: H04W12/02 ,  H04W12/72

CPC classification number: H04W12/02 ,  H04W12/72

Abstract: A method includes: User equipment determines whether confidentiality protection is activated for communication data between the user equipment and an application function device. The user equipment sends a user plane message to the application function device. The user plane message includes an identifier of the user equipment, and the identifier is an encrypted identifier in a case in which the confidentiality protection is inactivated.

公开(公告)号：US10743368B2

公开(公告)日：2020-08-11

申请号：US16351772

申请日：2019-03-13

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan

IPC: H04W8/12 ,  H04W80/10 ,  H04W12/06 ,  H04W12/04 ,  H04W12/02 ,  H04W88/16 ,  H04W84/04

Abstract: Embodiments of the present disclosure disclose a network roaming protection method and related device. The method includes: receiving, by a visited session management device, a first session establishment request that includes a first security requirement; obtaining, by the visited session management device, a target security policy, where the target security policy is obtained by processing the first security requirement set and a second security requirement set using a preset rule; and sending the target security policy to the UE instructing the UE to generate a target shared key based on a reference shared key and according to a rule defined by the target security policy, where the target shared key is used to protect secure end-to-end data transmission between the UE and the visited gateway.

公开(公告)号：US10588014B2

公开(公告)日：2020-03-10

申请号：US16409207

申请日：2019-05-10

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Lu Gan ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04L29/00 ,  H04W12/04 ,  H04W36/00 ,  H04W12/00 ,  H04W36/08

Abstract: A security implementation method includes receiving, by a first network element, a request for handing over user equipment from a source access network device to a target access network device to perform communication. The method further includes obtaining, by the first network element, a security key, where the security key is used for protecting the communication between the user equipment and the target access network device after the user equipment is handed over from the source access network device to the target access network device, and sending, by the first network element, the security key to the target access network device.

公开(公告)号：US20190215903A1

公开(公告)日：2019-07-11

申请号：US16351254

申请日：2019-03-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan

IPC: H04W80/10 ,  H04W12/06 ,  H04W12/04 ,  H04W36/14

CPC classification number: H04W12/04 ,  H04W12/0401 ,  H04W12/08 ,  H04W36/00 ,  H04W36/0038

Abstract: A method includes: receiving, by a session management device, a path switching request used to request to hand over user equipment UE from a source network to a target network; obtaining a target security policy based on the path switching request, and obtaining a second shared key generated based on a first shared key and the target security policy, and sending the second shared key to a target gateway; and sending, by the session management device, the second shared key to the UE; or sending the target security policy to the UE, so that the UE generates the second shared key based on the first shared key and the target security policy, where the second shared key is used to perform end-to-end protection on secure data transmission between the UE and the target gateway.

公开(公告)号：US20190124502A1

公开(公告)日：2019-04-25

申请号：US16224999

申请日：2018-12-19

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Bo Zhang ,  Rong Wu ,  Lu Gan

IPC: H04W12/00 ,  H04L29/06 ,  H04W12/04 ,  H04W12/10

Abstract: This application provides a key configuration method. A session management network element receives a request for end-to-end communication and obtains a security policy, where the security policy is determined based on at least one of: a user security requirement that is of the user equipment and that is preconfigured on a home subscriber server, a service security requirement from the user equipment, a security capability requirement supported by the user equipment, a security capability requirement from a carrier network, and a security requirement of a device on the other end of the end-to-end communication. The session management network element obtains a protection key used for protecting the end-to-end communication. The session management network element sends the security policy to the devices on two ends of the end-to-end communication.

公开(公告)号：US20170012997A1

公开(公告)日：2017-01-12

申请号：US15270722

申请日：2016-09-20

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Chengdong He ,  Lu Gan

IPC: H04L29/06

CPC classification number: H04L63/14 ,  H04L63/12 ,  H04L63/1441 ,  H04W12/12

Abstract: A method and an apparatus for detecting a man-in-the-middle attack, where the method includes receiving, by a macro evolved Node B (MeNB), a first check request message sent by a secondary evolved Node B (SeNB), where the first check request message includes first identifier information and a first data packet count value, generating a second check request message according to the first identifier information, sending the second check request message to a user terminal, receiving a first check response message generated by the user terminal according to the second check request message, where the first check response message includes second identifier information and a second data packet count value, determining, by the MeNB, that the man-in-the-middle attack exists between the SeNB and the user terminal when the first data packet count value is different from the second data packet count value.

Abstract translation: 一种用于检测中间人攻击的方法和装置，其中所述方法包括由宏演进节点B（MeNB）接收由次演进节点B（SeNB）发送的第一检查请求消息，其中 所述第一检查请求消息包括第一标识信息和第一数据包计数值，根据所述第一标识信息生成第二检查请求消息，向所述用户终端发送所述第二检查请求消息，接收所述第一检查请求消息， 用户终端根据第二检查请求消息，其中第一检查响应消息包括第二标识符信息和第二数据包计数值，由MeNB确定在SeNB和第二检查请求消息之间存在中间人攻击 当第一数据分组计数值与第二数据分组计数值不同时，用户终端。

公开(公告)号：US20250124166A1

公开(公告)日：2025-04-17

申请号：US19001848

申请日：2024-12-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Li Hu ,  Rong Wu

IPC: G06F21/62

Abstract: This application provides a communication method and apparatus. The method includes: An access network device obtains a data processing requirement indicating a requirement for processing data associated with a user for a specified purpose. The access network device; determines, based on user consent information and the data processing requirement, whether to process the data associated with the user for the specified purpose, where the user consent information indicates whether the user consents to process the data associated with the user for a plurality of data processing purposes, and any one of the plurality of data processing purposes indicates a purpose of processing the data associated with the user. In the solutions, the access network device determines, based on the user consent information and the data processing requirement, whether to process the data associated with the user for the specified purpose.

公开(公告)号：US11956715B2

公开(公告)日：2024-04-09

申请号：US17452185

申请日：2021-10-25

Applicant: Huawei Technologies Co., Ltd.

Inventor： Hao Hu ,  Zhongding Lei ,  Rong Wu ,  Bo Zhang

IPC: H04W4/00 ,  H04W8/12 ,  H04W12/041 ,  H04W12/0431 ,  H04W48/18 ,  H04W60/04

CPC classification number: H04W48/18 ,  H04W8/12 ,  H04W12/041 ,  H04W12/0431 ,  H04W60/04

Abstract: A terminal device obtains first slice selection assistance information, where the first slice selection assistance information is obtained by encrypting second slice selection assistance information, and the second slice selection assistance information is selection assistance information of a slice to which the terminal device is allowed to access. The terminal device sends a registration request message to an access network device, where the registration request message includes the first slice selection assistance information.

公开(公告)号：US11956361B2

公开(公告)日：2024-04-09

申请号：US17540664

申请日：2021-12-02

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shuaishuai Tan ,  Lu Gan ,  Bo Zhang ,  Rong Wu

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L9/3213 ,  H04L9/3247 ,  H04L63/10

Abstract: A network function service invocation method includes sending, by a first network function network element, a first request message to an authorization network element, wherein the first request message is used to request permission to invoke a first network function service provided by a second network function network element, performing, by the authorization network element, identity authentication on the first network function network element, generating, by the authorization network element, a token when determining that the identity authentication succeeds, wherein the token is used to indicate that the first network function network element has the permission to invoke the first network function service of the second network function network element, and sending, by the authorization network element, a token to the first network function network element.