公开(公告)号：US11902325B2

公开(公告)日：2024-02-13

申请号：US17377425

申请日：2021-07-16

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong Wu

IPC: H04L29/06 ,  H04L9/40 ,  H04L67/141

CPC classification number: H04L63/166 ,  H04L63/0435 ,  H04L63/20 ,  H04L67/141

Abstract: A session configuration method and a session configuration apparatus are disclosed. According to the session configuration method, a terminal device sends, to a session management network element, a session establishment request used to request to establish a first session. After receiving the session establishment request, the session management network element sends redundant transmission security information to an access network device. After receiving the redundant transmission security information, the access network device sends the redundant transmission security information to the terminal device. The redundant transmission security information is used to indicate security keys and security policies of the first session and a second session that need to be established by the terminal device. The second session is a redundant session of the first session.

公开(公告)号：US11882433B2

公开(公告)日：2024-01-23

申请号：US17867939

申请日：2022-07-19

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Li Hu ,  Rong Wu

IPC: H04L29/06 ,  H04W12/033 ,  H04W76/19 ,  H04W12/0431 ,  H04W12/041 ,  H04W12/10

CPC classification number: H04W12/033 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/10 ,  H04W76/19

Abstract: A communication method and a communications apparatus, where the method includes: after receiving an RRC resume request message from a UE, determining, by a target access network device, a first user plane security protection method between the target access network device and the UE based on a context information obtaining response from a source access network device; determining a first user plane security key between the target access network device and the UE; when receiving first uplink user plane data from the UE, performing user plane security deprotection on the first uplink user plane data based on the first user plane security key and the first user plane security protection method, to obtain uplink user plane data; and sending the uplink user plane data.

公开(公告)号：US11765578B2

公开(公告)日：2023-09-19

申请号：US16937107

申请日：2020-07-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04W24/04 ,  H04W76/30 ,  H04W12/033 ,  H04L9/40 ,  H04W12/10 ,  H04W12/041

CPC classification number: H04W12/033 ,  H04L63/205 ,  H04W12/041 ,  H04W12/10

Abstract: A security negotiation method includes receiving, by a terminal, security negotiation information from a centralized unit control plane (CU-CP)/a centralized unit user plane (CU-UP), where the security negotiation information includes an integrity protection indication identifier of the CU-UP, and determining, by the terminal based on the integrity protection indication identifier, whether to enable user-plane integrity protection of the terminal.

公开(公告)号：US11695742B2

公开(公告)日：2023-07-04

申请号：US17321964

申请日：2021-05-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Rong Wu ,  Lu Gan

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/08 ,  H04L67/14 ,  H04W12/033 ,  H04W12/041 ,  H04W12/106

CPC classification number: H04L63/0428 ,  H04L9/0861 ,  H04L63/20 ,  H04L67/14 ,  H04W12/033 ,  H04W12/041 ,  H04W12/106 ,  H04L2209/80

Abstract: A security implementation method includes obtaining, by a first device, a security policy of a session and at least one key, and sending, by the first device, protected data to a second device, where the protected data is obtained by protecting security of session data of the session using the at least one key based on the security policy of the session, and the second device is configured to restore the protected data using the at least one key based on the security policy to obtain the session data, where when the first device is a terminal device, the second device is an access network node or a user plane node, or when the first device is an access network node or a user plane node, the second device is a terminal device.

公开(公告)号：US20230021215A1

公开(公告)日：2023-01-19

申请号：US17954759

申请日：2022-09-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Li Hu ,  Rong Wu

IPC: H04W12/06 ,  H04L9/40 ,  H04W8/18

Abstract: A communication method and apparatus are provided, to implement automatic onboarding when no network-side information is configured on a terminal device. The method includes: The terminal device obtains auxiliary authentication information that includes identification information of one or more networks; determines access information of a first network based on first temporary authentication information and identification information of the first network, where the first network is any one of the one or more networks; triggers mutual temporary authentication with the first network based on the access information of the first network; and receives configuration information of the first network from the first network when the mutual temporary authentication succeeds. The terminal device may trigger the mutual temporary authentication with the first network based on the access information of the first network.

公开(公告)号：US11533610B2

公开(公告)日：2022-12-20

申请号：US17031534

申请日：2020-09-24

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04W12/033 ,  H04L9/08 ,  H04W12/10

Abstract: Embodiments of this application provide a key generation method, applied to a scenario in which a base station is divided into a centralized unit and a distributed unit and a control plane and a user plane of the centralized unit are separated. And the control plane entity of the centralized unit obtains a root key, generates a user plane security key based on the root key, and sends the first user plane security key to the user plane entity of the first centralized unit. According to this application, key isolation between different user plane entities is implemented. Further, in an actual operation, the control plane entity or the user plane entity of the centralized unit may be flexibly selected to generate the user plane security key.

公开(公告)号：US11445365B2

公开(公告)日：2022-09-13

申请号：US17513021

申请日：2021-10-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Li Hu ,  Rong Wu

IPC: H04L29/06 ,  H04W12/033 ,  H04W76/19 ,  H04W12/0431 ,  H04W12/041 ,  H04W12/10

Abstract: A communication method and a communications apparatus, where the method includes: after receiving an RRC resume request message from a UE, determining, by a target access network device, a first user plane security protection method between the target access network device and the UE based on a context information obtaining response from a source access network device; determining a first user plane security key between the target access network device and the UE; when receiving first uplink user plane data from the UE, performing user plane security deprotection on the first uplink user plane data based on the first user plane security key and the first user plane security protection method, to obtain uplink user plane data; and sending the uplink user plane data.

公开(公告)号：US20220166622A1

公开(公告)日：2022-05-26

申请号：US17540664

申请日：2021-12-02

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shuaishuai Tan ,  Lu Gan ,  Bo Zhang ,  Rong Wu

IPC: H04L9/32 ,  H04L9/40

Abstract: A network function service invocation method includes sending, by a first network function network element, a first request message to an authorization network element, wherein the first request message is used to request permission to invoke a first network function service provided by a second network function network element, performing, by the authorization network element, identity authentication on the first network function network element, generating, by the authorization network element, a token when determining that the identity authentication succeeds, wherein the token is used to indicate that the first network function network element has the permission to invoke the first network function service of the second network function network element, and sending, by the authorization network element, a token to the first network function network element.

公开(公告)号：US20210273923A1

公开(公告)日：2021-09-02

申请号：US17321964

申请日：2021-05-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Rong Wu ,  Lu Gan

IPC: H04L29/06 ,  H04L9/08 ,  H04L29/08 ,  H04W12/033 ,  H04W12/041 ,  H04W12/106

Abstract: A security implementation method includes obtaining, by a first device, a security policy of a session and at least one key, and sending, by the first device, protected data to a second device, where the protected data is obtained by protecting security of session data of the session using the at least one key based on the security policy of the session, and the second device is configured to restore the protected data using the at least one key based on the security policy to obtain the session data, where when the first device is a terminal device, the second device is an access network node or a user plane node, or when the first device is an access network node or a user plane node, the second device is a terminal device.

公开(公告)号：US11057775B2

公开(公告)日：2021-07-06

申请号：US16224999

申请日：2018-12-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Bo Zhang ,  Rong Wu ,  Lu Gan

IPC: H04W12/00 ,  H04W12/37 ,  H04L29/06 ,  H04L9/08 ,  H04W12/0431 ,  H04W12/10

Abstract: This application provides a key configuration method. A session management network element receives a request for end-to-end communication and obtains a security policy, where the security policy is determined based on at least one of: a user security requirement that is of the user equipment and that is preconfigured on a home subscriber server, a service security requirement from the user equipment, a security capability requirement supported by the user equipment, a security capability requirement from a carrier network, and a security requirement of a device on the other end of the end-to-end communication. The session management network element obtains a protection key used for protecting the end-to-end communication. The session management network element sends the security policy to the devices on two ends of the end-to-end communication.