公开(公告)号：US20220295271A9

公开(公告)日：2022-09-15

申请号：US17245991

申请日：2021-04-30

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan

IPC: H04W12/041 ,  H04W80/10 ,  H04W88/02 ,  H04W76/11 ,  H04W76/25 ,  H04W8/08 ,  H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W12/043

Abstract: An anchor key generation method, device, and system, where the method includes generating, by a unified data management network element (UDM), an intermediate key based on a cipher key (CK), an integrity key (IK), and indication information regarding an operator; sending, by the UDM, the intermediate key to an authentication server function (AUSF); receiving, by the AUSF, the intermediate key; generating, by the AUSF, an anchor key based on the intermediate key; sending, by the AUSF, the anchor key to a security anchor function (SEAF); and generating, by the SEAF, a key (Kamf) based on the anchor key, where the Kamf is used to derive a 3rd Generation Partnership Project (3GPP) key.

公开(公告)号：US20220286442A1

公开(公告)日：2022-09-08

申请号：US17700064

申请日：2022-03-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lu Gan ,  Bo Zhang

IPC: H04L9/40 ,  H04W12/12 ,  H04W12/02 ,  H04W12/03 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/0433 ,  H04L9/08

Abstract: The present invention disclose a key distribution method. The method includes obtaining, by a first key management system, a shared key of a first network element, where the shared key of the first network element is generated according to a key parameter obtained after the first network element performs authentication or a root key of the first network element; obtaining a service key, where the service key is used to perform encryption and/or integrity protection on communication data in a first service between the first network element and a second network element; performing encryption and/or integrity protection on the service key by using the shared key of the first network element, to generate a first security protection parameter; and sending the first security protection parameter to the first network element. According to present invention, data can be protected against an eavesdropping attack in a sending process.

公开(公告)号：US11431479B2

公开(公告)日：2022-08-30

申请号：US16517645

申请日：2019-07-21

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding Lei ,  Lichun Li ,  Bo Zhang ,  Fei Liu ,  Haiguang Wang ,  Xin Kang

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/40

Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.

公开(公告)号：US20220255734A1

公开(公告)日：2022-08-11

申请号：US17706877

申请日：2022-03-29

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang

IPC: H04L9/08 ,  H04L9/32

Abstract: A communication authentication method and a related device, the method including sending, by a user terminal, a generic bootstrapping architecture (GBA) authentication request carrying a user terminal identifier, receiving, by the user terminal, an authentication request carrying an authentication token (AUTN) and a random number (RAND), and deriving, by the user terminal, a first authentication vector based on the AUTN and the RAND, where the first authentication vector is different from a second authentication vector of the user terminal, the first authentication vector is a 5th generation (5G) GBA authentication vector, and the second authentication vector includes at least one of a 3rd generation/4th generation (3G/4G) GBA authentication vector or a 5G authentication vector.

公开(公告)号：US11303622B2

公开(公告)日：2022-04-12

申请号：US15977787

申请日：2018-05-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lu Gan ,  Bo Zhang

IPC: H04L29/04 ,  G06F21/00 ,  H04L29/06 ,  H04W12/12 ,  H04W12/02 ,  H04W12/03 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/0433 ,  H04L9/08 ,  H04L9/40

Abstract: An embodiment method includes: obtaining, by a first key management system, a shared key of a first network element, where the shared key of the first network element is generated according to a key parameter obtained after the first network element performs authentication or a root key of the first network element; obtaining a service key, where the service key is used to perform encryption and/or integrity protection on communication data in a first service between the first network element and a second network element; performing encryption and/or integrity protection on the service key by using the shared key of the first network element, to generate a first security protection parameter; and sending the first security protection parameter to the first network element.

公开(公告)号：US11240218B2

公开(公告)日：2022-02-01

申请号：US16169416

申请日：2018-10-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan ,  Haiguang Wang

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: This application provides a key distribution and authentication method, system, and an apparatus. The method includes: a service center server distributes different keys to terminal devices, and then the terminal devices perform mutual authentication with the network authentication server based on respective keys and finally obtain communication keys for communication between the terminal devices and a functional network element. This provides a method for establishing a secure communication channel for the terminal device, having a broad application range.

公开(公告)号：US11223954B2

公开(公告)日：2022-01-11

申请号：US16598981

申请日：2019-10-10

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Philip Ginzboorg ,  Valtteri Niemi ,  Bo Zhang

IPC: H04W12/122 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  H04W12/40

Abstract: A network authentication system comprises user equipment (UE), a service network (SN) and a home network (HN). The HN generates an expected user response (XRES) based on an identifier of the UE and generate an indicator, and sends the part of XRES and the indicator to the SN. The SN receives the part of XRES and indicator, and receives a user response (RES) from the UE. The SN then compares the RES with the XRES base on the indicator, and sends a confirmation message to the HN when the comparison succeeds.

公开(公告)号：US11109230B2

公开(公告)日：2021-08-31

申请号：US16909601

申请日：2020-06-23

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan

IPC: H04W12/06 ,  H04W8/12 ,  H04W12/02 ,  H04W12/04 ,  H04W12/041 ,  H04W12/069 ,  H04W80/10 ,  H04W88/16 ,  H04W84/04

Abstract: Embodiments of the present disclosure disclose a network roaming protection method and related device. The method includes: receiving, by a visited session management device, a first session establishment request that includes a first security requirement; obtaining, by the visited session management device, a target security policy, where the target security policy is obtained by processing the first security requirement set and a second security requirement set using a preset rule; and sending the target security policy to the UE instructing the UE to generate a target shared key based on a reference shared key and according to a rule defined by the target security policy, where the target shared key is used to protect secure end-to-end data transmission between the UE and the visited gateway.

公开(公告)号：US20210258780A1

公开(公告)日：2021-08-19

申请号：US17245991

申请日：2021-04-30

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan

IPC: H04W12/041 ,  H04W80/10 ,  H04W88/02 ,  H04W76/11 ,  H04W76/25 ,  H04W8/08 ,  H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W12/043

Abstract: An anchor key generation method, device, and system, where the method includes generating, by a unified data management network element (UDM), an intermediate key based on a cipher key (CK), an integrity key (IK), and indication information regarding an operator; sending, by the UDM, the intermediate key to an authentication server function (AUSF); receiving, by the AUSF, the intermediate key; generating, by the AUSF, an anchor key based on the intermediate key; sending, by the AUSF, the anchor key to a security anchor function (SEAF); and generating, by the SEAF, a key (Kamf) based on the anchor key, where the Kamf is used to derive a 3rd Generation Partnership Project (3GPP) key.

公开(公告)号：US11012855B2

公开(公告)日：2021-05-18

申请号：US16388606

申请日：2019-04-18

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan

IPC: H04L9/00 ,  H04W12/041 ,  H04W80/10 ,  H04W88/02 ,  H04W76/11 ,  H04W76/25 ,  H04W8/08 ,  H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W12/043

Abstract: An anchor key generation method, device, and system, where the method includes generating, by a user equipment, an intermediate key based on a cipher key (CK), an integrity key (IK), and indication information regarding an operator; generating, by the user equipment, an anchor key based on the intermediate key; generating, by the user equipment, a key (Kamf) based on the anchor key; and deriving, by the user equipment, a 3rd Generation Partnership Project (3GPP) key based on the Kamf.