公开(公告)号：US20180324594A1

公开(公告)日：2018-11-08

申请号：US16026777

申请日：2018-07-03

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jing CHEN ,  Qi LI ,  Lin SHU

IPC: H04W12/10 ,  H04W8/24 ,  H04W12/04 ,  H04W12/06 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04W12/10 ,  H04L9/3242 ,  H04L63/1466 ,  H04L63/20 ,  H04W8/24 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W12/12

Abstract: The present disclosure relates to mobile communications technologies, and in particular, to a mobile communication method, apparatus, and device. The method includes receiving, by a user equipment UE, a non-access stratum NAS security mode command message from a mobility management entity MME, where the NAS security mode command message carries first verification matching information used to verify UE capability information received by the MME. Based on the first verification matching information, the UE determines whether the UE capability information received by the MME is consistent with UE capability information sent by the UE to the MME. In response to determining that the UE capability information received by the MME is consistent with the UE capability information sent by the UE to the MME, the UE sends a NAS security mode complete message to the MME.

公开(公告)号：US20170265108A1

公开(公告)日：2017-09-14

申请号：US15598142

申请日：2017-05-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing CHEN ,  Dongmei ZHANG ,  Xiaoying XU

IPC: H04W36/00 ,  H04W12/04 ,  H04W12/06 ,  H04W36/14

CPC classification number: H04W36/0038 ,  H04W12/04 ,  H04W12/06 ,  H04W36/14

Abstract: Embodiments of the present invention disclose a security processing method and system in a network handover process. The method includes: generating, by a network switching node, a target key after receiving a handover request; sending, by the network switching node, security information including the target key to a target network node, and receiving a handover response message sent by the target network node; and sending, by the network switching node, a handover command to a mobile terminal, so that the mobile terminal accesses a target network. By adopting the present invention, security processing in handover of a mobile terminal from a 3G network to an HSPA network or an LTE network may be completed in a case that the network switching node currently used in the network is not changed.

公开(公告)号：US20170245182A1

公开(公告)日：2017-08-24

申请号：US15589687

申请日：2017-05-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaoying XU ,  Jing CHEN

IPC: H04W36/00 ,  H04W12/08 ,  H04W12/04 ,  H04W12/10 ,  H04L29/06 ,  H04L9/14

CPC classification number: H04W12/04 ,  H04B1/406 ,  H04L9/14 ,  H04L63/06 ,  H04L63/10 ,  H04L2209/24 ,  H04W12/08 ,  H04W12/10 ,  H04W36/0022 ,  H04W36/0038 ,  H04W36/08 ,  H04W48/18 ,  H04W88/06 ,  H04W88/08

Abstract: Solution for security negotiation during handover of a user equipment (UE) between different radio access technologies are provided. In the solution, the UE receives NAS security information and AS security information which are selected by the target system and then performs security negotiation with the target system according to the received NAS security information and AS security information. As such, the UE may obtain the key parameter information of the NAS and AS selected by a LTE system and perform security negotiation with the LTE system when the UE hands over from a different system, such as a UTRAN, to the LTE system.

公开(公告)号：US20170012968A1

公开(公告)日：2017-01-12

申请号：US15274220

申请日：2016-09-23

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chengyan FENG ,  Jing CHEN

IPC: H04L29/06 ,  G06F9/445 ,  H04L12/24

CPC classification number: H04L63/0823 ,  G06F8/63 ,  H04L12/6418 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/20 ,  H04L63/0272

Abstract: The invention discloses a network function virtualization-based certificate configuration method, apparatus, and system. A virtualized network management entity obtains initial credential information of a virtualized network function entity; and installs the initial credential information onto the virtualized network function entity during or after instantiation of the virtualized network function entity, so that the virtualized network function entity obtains, from a certificate authority by using the initial credential information, a formal certificate issued by a network operator of the virtualized network function entity. The invention not only can apply to a network function virtualization scenario, but also can resolve a problem of a security risk in network function virtualization.

Abstract translation: 本发明公开了一种基于网络功能的虚拟化证书配置方法，装置和系统。 虚拟化网络管理实体获取虚拟网络功能实体的初始凭证信息; 并在虚拟化网络功能实体实例化期间或之后将初始凭证信息安装到虚拟化网络功能实体上，使得虚拟化网络功能实体通过使用初始凭证信息从认证机构获得由网络发布的正式证书 虚拟化网络功能实体的运营商。 本发明不仅可以应用于网络功能虚拟化场景，而且可以解决网络功能虚拟化中的安全风险问题。

公开(公告)号：US20130305386A1

公开(公告)日：2013-11-14

申请号：US13943469

申请日：2013-07-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lijia ZHANG ,  Yixian XU ,  Jing CHEN

IPC: G06F21/60

CPC classification number: G06F21/60 ,  H04L63/205 ,  H04W4/70 ,  H04W12/04 ,  H04W12/06

Abstract: The present invention relates to communication technologies and discloses a method and an apparatus for protecting security of data, so as to solve the problem of the prior art in which the security of data transmission between a communication terminal which has a characteristic of small data transmission and the network cannot be guaranteed. Information relevant to security context is stored if a communication terminal has a characteristic of small data transmission; current security context is obtained according to the information relevant to security context; and security protection of communication data is performed by employing the current security context. The embodiments of the present invention may be applied to a communication system having a characteristic of small data transmission, such as an MTC and the like.

Abstract translation: 本发明涉及通信技术，并且公开了一种用于保护数据安全性的方法和装置，以解决现有技术的问题，其中具有小数据传输特性的通信终端与数据传输特性之间的数据传输安全性 网络无法保证。 如果通信终端具有小数据传输的特征，则存储与安全上下文相关的信息; 根据与安全环境相关的信息获取当前的安全上下文; 并且通过采用当前的安全上下文来执行通信数据的安全保护。 本发明的实施例可以应用于具有小数据传输特性的通信系统，例如MTC等。

公开(公告)号：US20130236016A1

公开(公告)日：2013-09-12

申请号：US13871900

申请日：2013-04-26

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei ZHANG ,  Jing CHEN ,  Lijia ZHANG ,  Zhuo CHEN

IPC: H04W12/08

CPC classification number: H04W12/10 ,  H04L9/14 ,  H04L63/205 ,  H04W12/02 ,  H04W12/08 ,  H04W84/047 ,  H04W92/20

Abstract: A method and an apparatus for protecting data carried on an Un interface between a eNB and a relay node are disclosed. Three types of radio bearers (RBs) are defined over the Un interface: signaling radio bearers (SRBs) for carrying control plane signaling data, signaling-data radio bearers (s-DRBs) for carrying control plane signaling date; and data-data radio bearers (d-DRBs) for carrying user plane data. An integrity protection algorithm and an encryption algorithm are negotiated for control plane signaling data on an SRB, control plane signaling data carried on an s-DRB, and user plane data carried on a d-DRB. With the respective integrity protection algorithm and encryption algorithm, the data over the Un interface can be protected respectively. Therefore, the security protection on the Un interface is more comprehensive, and the security protection requirements of data borne over different RBs can be met.

公开(公告)号：US20240396934A1

公开(公告)日：2024-11-28

申请号：US18668898

申请日：2024-05-20

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jing CHEN ,  Qi LI ,  Lin SHU

IPC: H04L9/40 ,  H04L9/32 ,  H04W8/24 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W12/106 ,  H04W12/125

Abstract: The present disclosure relates to mobile communications technologies, and in particular, to a mobile communication method, apparatus, and device. The method includes: receiving, by user equipment UE, a non-access stratum NAS security mode command message from a mobility management entity MME, where the NAS security mode command message carries first verification matching information used to verify UE capability information received by the MME; determining, by the UE based on the first verification matching information, whether the UE capability information received by the MME is consistent with UE capability information sent by the UE to the MME; and if the UE capability information received by the MME is consistent with the UE capability information sent by the UE to the MME, sending, by the UE, a NAS security mode complete message to the MME.

公开(公告)号：US20210266799A1

公开(公告)日：2021-08-26

申请号：US17190740

申请日：2021-03-03

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He LI ,  Jing CHEN

IPC: H04W36/00 ,  H04W8/08 ,  H04W48/16 ,  H04W80/10 ,  H04L9/08 ,  H04W12/033 ,  H04W12/106

Abstract: This application relates to the field of wireless communications technologies. Embodiments of this application provide a security protection method, an apparatus, and a system, to resolve a problem of low efficiency in handing over a terminal between serving base stations. The method in this application includes: receiving, by a target access network device, a correspondence between user plane information and a security policy from a source access network device; and determining, by the target access network device based on the correspondence between user plane information and a security policy, a first user plane protection algorithm corresponding to the user plane information, where the first user plane protection algorithm includes one or both of a user plane encryption algorithm and a user plane integrity protection algorithm. This application is applicable to a procedure in which the terminal is handed over between serving base stations.

公开(公告)号：US20200252795A1

公开(公告)日：2020-08-06

申请号：US16856613

申请日：2020-04-23

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Kai PAN ,  Jing CHEN

IPC: H04W12/04 ,  H04W8/02 ,  H04W4/70 ,  H04W36/00 ,  H04L9/08 ,  H04W12/10

Abstract: A method includes receiving, by a mobility management entity (MME), a redirection request message from an access and mobility management function (AMF) node, where the redirection request message includes key-related information. The method also includes generating, by the MME, an encryption key and an integrity protection key based on the key-related information. The redirection request message is used to request to hand over a voice service from a packet switched (PS) domain to a circuit switched (CS) domain.

公开(公告)号：US20200162906A1

公开(公告)日：2020-05-21

申请号：US16749911

申请日：2020-01-22

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li HU ,  Jing CHEN

IPC: H04W12/04 ,  H04W36/00 ,  H04W36/08

Abstract: The present disclosure discloses a communication method and a device. The method is performed by a target base station and includes: receiving a handover request from a source base station, where the handover request includes a first key and first indication information, and the first indication information is used to indicate whether the first key is an updated key; and sending second indication information to the source base station based on the handover request, where the second indication information is used to indicate whether an access layer key between the target base station and a terminal device is an updated key. Using the embodiments of the present disclosure helps resolve a problem that a potential security risk exists in data transmitted between the terminal device and the target base station, and helps resolve a problem that a key change of the terminal device is not controlled by the base station.