公开(公告)号：US20190387404A1

公开(公告)日：2019-12-19

申请号：US16552530

申请日：2019-08-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jing CHEN ,  Qi LI ,  Lin SHU

IPC: H04W12/10 ,  H04W12/06 ,  H04W12/04 ,  H04W8/24 ,  H04L29/06 ,  H04L9/32

Abstract: The present disclosure relates to mobile communications technologies, and in particular, to a mobile communication method, apparatus, and device. The method includes receiving, by user equipment (UE), a non-access stratum (NAS) security mode command message from a mobility management entity (MME), where the NAS security mode command message carries first verification matching information used to verify UE capability information received by the MME, determining, by the UE based on the first verification matching information, whether the UE capability information received by the MME is consistent with UE capability information sent by the UE to the MME, and, if the UE capability information received by the MME is consistent with the UE capability information sent by the UE to the MME, sending, by the UE, a NAS security mode complete message to the MME.

公开(公告)号：US20190150045A1

公开(公告)日：2019-05-16

申请号：US16247228

申请日：2019-01-14

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He LI ,  Jing CHEN

IPC: H04W36/08 ,  H04W36/00

Abstract: The present invention provides a handover method and apparatus. A source base station sends a handover request message to a target base station. After receiving the handover request message, the target base station determines, based on first indication information, that user equipment is using a first connection, and determines to instruct the source base station to maintain the first connection. Therefore, a handover request acknowledgment message is sent to the source base station, and the first connection is maintained, so as to reduce an impact on continuity of data transmission in a handover process.

公开(公告)号：US20180035288A1

公开(公告)日：2018-02-01

申请号：US15782584

申请日：2017-10-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing CHEN

IPC: H04W12/04 ,  H04L29/06 ,  H04W84/12 ,  H04W76/02 ,  H04W12/06

Abstract: The embodiments of the present invention provide a secure establishment method, system and device of a wireless local area network. The method includes: acquiring, by a UE, a first key; the first key is a shared key of the UE and a network element equipment in a mobile communication network accessed by the UE when implementing air interface security, or is derived according to the shared key; deriving, by the UE, according to the first key and a derivation parameter to acquire a derivation key; establishing, by the UE, according to the derivation key, a secure connection with a WLAN node acquiring a derivation key, wherein the derivation key acquired by the WLAN node is the same as the derivation key acquired by the UE.

公开(公告)号：US20150382189A1

公开(公告)日：2015-12-31

申请号：US14842945

申请日：2015-09-02

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei ZHANG ,  Jing CHEN

IPC: H04W12/04 ,  H04L29/06

CPC classification number: H04W12/04 ,  H04L9/0819 ,  H04L63/06 ,  H04L63/061 ,  H04L63/205 ,  H04W76/14

Abstract: Embodiments of the present invention disclose a key exchange method and apparatus, which relate to the communications field, and can enable user equipments establishing a D2D link to share a set of keys, and further, information security can be achieved when a user equipment transmits service data or a signaling message through a Ud interface. A specific solution is that: a network device acquires a first key, and sends a message including the first key to a second user equipment, so that the second user equipment uses, when communicating with a first user equipment by using a D2D link, the first key to protect transmitted information. The present invention is applicable to an exchange process of keys for protecting data on a D2D link.

Abstract translation: 本发明的实施例公开了一种与通信领域相关的密钥交换方法和装置，并且能够使建立D2D链路的用户设备共享一组密钥，此外，当用户设备发送服务时，可以实现信息安全 数据或信令消息通过Ud接口。 具体的解决方案是：网络设备获取第一密钥，并向第二用户设备发送包括第一密钥的消息，使得当第二用户设备通过使用D2D链路与第一用户设备进行通信时，使用第 保护传输信息的第一个关键。 本发明适用于用于保护D2D链路上的数据的密钥的交换过程。

公开(公告)号：US20140355762A1

公开(公告)日：2014-12-04

申请号：US14460748

申请日：2014-08-15

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei ZHANG ,  Jing CHEN

IPC: H04L9/08 ,  H04W12/04

CPC classification number: H04L9/0816 ,  H04L9/083 ,  H04L9/0861 ,  H04L63/06 ,  H04L63/205 ,  H04L2209/24 ,  H04L2463/061 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W36/0038

Abstract: Embodiments of the present invention discloses a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption. The present invention mainly applies to SCC security protection.

Abstract translation: 本发明的实施例公开了一种用于建立安全上下文的方法，装置和系统，涉及通信领域，以便全面保护UE数据。 该方法包括：获取接入节点的加密算法; 获取根密钥，并根据根密钥和加密算法得到接入节点的加密密钥; 向接入节点发送加密密钥和加密算法，使得接入节点开始下行加密和上行解密; 向UE发送接入节点的加密算法，以便与UE协商加密算法; 并指示接入节点开始下行加密和上行解密，并在算法协商过程中指示UE开始下行解密和上行加密。 本发明主要适用于SCC安全保护。

公开(公告)号：US20140317688A1

公开(公告)日：2014-10-23

申请号：US14304073

申请日：2014-06-13

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei ZHANG ,  Jing CHEN ,  Yang CUI

IPC: H04L29/06

CPC classification number: H04L63/0485 ,  H04L2463/061 ,  H04W12/04 ,  H04W76/15 ,  H04W88/06 ,  H04W88/10

Abstract: In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device.

Abstract translation: 在通信系统中，用户设备UE通过使用第一空中接口经由第一网络侧设备访问核心网络，并且经由第二网络侧设备通过使用第二空中接口来访问第一网络侧设备 核心网络。 该方法包括：由网络侧设备获取输入参数; 由网络侧设备根据输入参数和第一空中接口上的接入层根密钥KeNB计算接入层根密钥KeNB *，或者由网络侧设备使用KeNB作为KeNB * ; 以及由所述第二网络侧设备根据所述KeNB *在所述第二空中接口上生成接入层密钥，或者由所述第一网络侧设备将所述KeNB *发送到所述第二网络侧设备。

公开(公告)号：US20140310523A1

公开(公告)日：2014-10-16

申请号：US14311898

申请日：2014-06-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lijia ZHANG ,  Jing CHEN

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L63/205 ,  H04W12/02 ,  H04W12/10 ,  H04W80/02 ,  H04W84/047

Abstract: Embodiments of the present invention provide a method for secure communication of a low-cost terminal, which solves a communication security problem in the low-cost terminal and on a network side. The method includes: selecting, by an access point, a ciphering algorithm and an integrity algorithm according to a security capability of the low-cost terminal after successful authentication and key negotiation between the low cost terminal and a mobility management entity, and acquiring a cipher key and an integrity key according to the ciphering algorithm and the integrity algorithm; sending, by the access point, a security mode command including the ciphering algorithm and the integrity algorithm to the low-cost terminal so that the low-cost terminal calculates the cipher key and the integrity key; and receiving, by the access point, a security mode complete response message sent by the low-cost terminal. Embodiments of the present invention apply to radio communication.

Abstract translation: 本发明的实施例提供了一种用于低成本终端的安全通信的方法，其解决了低成本终端和网络侧的通信安全问题。 该方法包括：在低成本终端与移动性管理实体成功认证和密钥协商之后，根据低成本终端的安全能力，由接入点选择加密算法和完整性算法，并获取密码 密钥和完整性密钥根据加密算法和完整性算法; 由接入点向低成本终端发送包括加密算法和完整性算法的安全模式命令，使得低成本终端计算密码密钥和完整性密钥; 以及由所述接入点接收由所述低成本终端发送的安全模式完整响应消息。 本发明的实施例适用于无线电通信。

公开(公告)号：US20140237559A1

公开(公告)日：2014-08-21

申请号：US14264566

申请日：2014-04-29

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Lijia ZHANG ,  Jing CHEN ,  Yixian XU

IPC: H04W12/04

CPC classification number: H04W12/04 ,  H04L9/0833 ,  H04L9/0869 ,  H04L63/062 ,  H04L63/065 ,  H04L2463/061 ,  H04W4/70 ,  H04W88/08

Abstract: A method and a related device for generating a group key are provided. A group ID of a group to which an MTC device belongs and a group communication root key related to a security key are received from an MME, where the security key is corresponding to the group ID; a group key corresponding to the group ID is generated according to the group communication root key; and a generating parameter used to generate the group key is sent to the MTC device, so that the MTC device generates the group key according to the group key generating parameter and a security key saved in the MTC device. Therefore, a base station only needs to maintain a same group key for a same group, thereby reducing the operation complexity of the base station.

Abstract translation: 提供了一种用于生成组密钥的方法和相关设备。 从MME接收MTC设备所属的组的组ID和与安全密钥相关的组通信根密钥，其中安全密钥对应于组ID; 根据组通信根密钥生成与组ID对应的组密钥; 并且将用于生成组密钥的生成参数发送到MTC设备，使得MTC设备根据组密钥生成参数和保存在MTC设备中的安全密钥生成组密钥。 因此，基站仅需要为同一组保持相同的组密钥，从而降低基站的操作复杂度。

公开(公告)号：US20130128866A1

公开(公告)日：2013-05-23

申请号：US13742006

申请日：2013-01-15

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dongmei ZHANG ,  Bin JIAO ,  Xiaohan LIU ,  Jing CHEN ,  Aiqin ZHANG

IPC: H04W36/00

CPC classification number: H04W36/0038 ,  H04L63/205 ,  H04W12/06 ,  H04W12/08 ,  H04W36/08 ,  H04W84/045 ,  H04W88/08 ,  H04W88/16

Abstract: A method, an apparatus, and a system for security processing in a handover process in the field of communication technologies are provided, including: in a handover preparation and handover execution processes performed by a user equipment UE and a source node and a target node on a network side, obtaining, by the target node, security capability information of the UE provided by the source node or a security verification entity, where the security verification entity includes a gateway in case of UE handover under a NodeB or a donor NodeB in case of UE handover under a relay node; and if the source node provides the security capability information of the UE.

Abstract translation: 提供了一种在通信技术领域的切换过程中的安全处理的方法，装置和系统，包括：在用户设备UE和源节点和目标节点上进行的切换准备和切换执行处理中， 网络侧，由目标节点获取由源节点或安全验证实体提供的UE提供的安全能力信息，其中安全验证实体包括网关在情况下在UEB在节点B或供体节点B的情况下进行切换 在中继节点下的UE切换; 并且源节点提供UE的安全能力信息。