公开(公告)号：US20180278592A1

公开(公告)日：2018-09-27

申请号：US15989890

申请日：2018-05-25

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei ZHANG ,  Jing Chen ,  Yang Cui

IPC: H04L29/06 ,  H04W88/10 ,  H04W88/06 ,  H04W12/04 ,  H04W76/15

CPC classification number: H04L63/0485 ,  H04L2463/061 ,  H04W12/04 ,  H04W76/15 ,  H04W88/06 ,  H04W88/10

Abstract: In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device.

公开(公告)号：US10009326B2

公开(公告)日：2018-06-26

申请号：US15644196

申请日：2017-07-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen ,  Yang Cui

IPC: H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W88/06 ,  H04W88/10 ,  H04W76/02 ,  H04W76/15

CPC classification number: H04L63/0485 ,  H04L2463/061 ,  H04W12/04 ,  H04W76/15 ,  H04W88/06 ,  H04W88/10

Abstract: In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device.

公开(公告)号：US20170164276A1

公开(公告)日：2017-06-08

申请号：US15437905

申请日：2017-02-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yingsheng Shi ,  Jing Chen

IPC: H04W48/18 ,  H04W28/10

CPC classification number: H04W48/18 ,  H04W28/10 ,  H04W76/11 ,  H04W76/12

Abstract: The present invention provides a PDP/PDN context activation method, a device, and a system. A method for selecting subscription information used to activate a PDP/PDN context is improved to use subscription information that includes different APNs when the PDP/PDN context is activated for multiple times, so as to resolve a problem that a service type applied by a user is excessively undiversified due to repeat use of an APN, thereby expanding a scope of a service type available to the user, and improving an activation success rate and user satisfaction.

公开(公告)号：US09673974B2

公开(公告)日：2017-06-06

申请号：US14460748

申请日：2014-08-15

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04W12/02 ,  H04W12/04

CPC classification number: H04L9/0816 ,  H04L9/083 ,  H04L9/0861 ,  H04L63/06 ,  H04L63/205 ,  H04L2209/24 ,  H04L2463/061 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W36/0038

Abstract: Embodiments of the present invention discloses a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption. The present invention mainly applies to SCC security protection.

公开(公告)号：US09189632B2

公开(公告)日：2015-11-17

申请号：US13943469

申请日：2013-07-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lijia Zhang ,  Yixian Xu ,  Jing Chen

IPC: H04L29/06 ,  G06F21/60 ,  H04W12/04 ,  H04W12/06 ,  H04W4/00

CPC classification number: G06F21/60 ,  H04L63/205 ,  H04W4/70 ,  H04W12/04 ,  H04W12/06

Abstract: The present invention relates to communication technologies and discloses a method and an apparatus for protecting security of data, so as to solve the problem of the prior art in which the security of data transmission between a communication terminal which has a characteristic of small data transmission and the network cannot be guaranteed. Information relevant to security context is stored if a communication terminal has a characteristic of small data transmission; current security context is obtained according to the information relevant to security context; and security protection of communication data is performed by employing the current security context. The embodiments of the present invention may be applied to a communication system having a characteristic of small data transmission, such as an MTC and the like.

Abstract translation: 本发明涉及通信技术，并且公开了一种用于保护数据安全性的方法和装置，以解决现有技术的问题，其中具有小数据传输特性的通信终端与数据传输特性之间的数据传输安全性 网络无法保证。 如果通信终端具有小数据传输的特征，则存储与安全上下文相关的信息; 根据与安全环境相关的信息获取当前的安全上下文; 并且通过采用当前的安全上下文来执行通信数据的安全保护。 本发明的实施例可以应用于具有小数据传输特性的通信系统，例如MTC等。

公开(公告)号：US20150085828A1

公开(公告)日：2015-03-26

申请号：US14562548

申请日：2014-12-05

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing Chen

IPC: H04W36/00 ,  H04W8/02

CPC classification number: H04W36/0055 ,  H04L61/1511 ,  H04L61/305 ,  H04L61/3075 ,  H04L61/609 ,  H04W8/02 ,  H04W8/065 ,  H04W48/14

Abstract: The present invention provides a method for obtaining a serving gateway, a mobility management node, a data gateway, and a system. A method for obtaining a serving gateway according to an embodiment of the present invention includes: when a UE is switched from an old-side mobility management node to a new-side mobility management node, sending, by the new-side mobility management node, a domain name resolution request to a domain name system DNS server according to access information of the UE; receiving a hostname of a device returned, according to the domain name resolution request, by the DNS server; obtaining a hostname of a new-side available S-GW; and selecting the new-side available S-GW closest to the device on geographic topology as a new-side S-GW. User service data transmission time delay can be reduced through the method.

Abstract translation: 本发明提供一种获取服务网关，移动性管理节点，数据网关和系统的方法。 根据本发明实施例的用于获取服务网关的方法包括：当UE从旧侧移动性管理节点切换到新侧移动性管理节点时，由新侧移动性管理节点发送， 根据UE的接入信息对域名系统DNS服务器进行域名解析请求; 根据域名解析请求，由DNS服务器接收返回的设备的主机名; 获取新一侧可用S-GW的主机名; 并选择最接近地理拓扑上的设备的新一侧可用S-GW作为新一侧的S-GW。 可以通过该方法减少用户服务数据传输的时延。

公开(公告)号：US20150026787A1

公开(公告)日：2015-01-22

申请号：US14509882

申请日：2014-10-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dongmei Zhang ,  Chunshan Xiong ,  Jing Chen

IPC: H04W12/06 ,  H04W12/08 ,  H04W12/04

CPC classification number: H04W12/06 ,  H04L63/205 ,  H04W12/04 ,  H04W12/08

Abstract: Disclose are an authentication method, device and system for a user equipment. The method comprises: first, a user equipment receiving a random value RAND and a cognitive code AUTN in an evolved packet system (EPS) authentication vector sent by a network side device; when an operating mode of the user equipment is a long-term evolved node LTE Hi operating mode, the user equipment performing authentication based on the RAND and the AUTN. In the authentication process, the user equipment ignores a verification result of a separation bit of an authentication management field (AMF) in the AUTN; or, the user equipment does not verify the separation bit of the AMF. The present disclosure is applicable to the field of communication systems.

Abstract translation: Disclose是用户设备的认证方法，设备和系统。 该方法包括：首先，在由网络侧设备发送的演进分组系统（EPS）认证向量中接收随机值RAND和认知代码AUTN的用户设备; 当用户设备的操作模式是长期演进节点LTE Hi操作模式时，用户设备基于RAND和AUTN进行认证。 在认证处理中，用户设备忽略AUTN中认证管理字段（AMF）的分离位的验证结果; 或者，用户设备不验证AMF的分离位。 本公开适用于通信系统领域。

公开(公告)号：US12225119B2

公开(公告)日：2025-02-11

申请号：US17011698

申请日：2020-09-03

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jing Chen

IPC: H04L9/08 ,  H04L9/32

Abstract: An information sending method, a key generation method, and an apparatus, where a core network element first determines whether a terminal device needs to perform a key activation procedure, and then sends a first message to an access network element, where the first message indicates whether the access network element needs to send, to the terminal device, a second message to trigger the terminal device to perform the key activation procedure. After receiving the first message, the access network element determines, based on the first message, whether the second message needs to be sent to the terminal device, and sends the second message to the terminal device when the second message needs to be sent to the terminal device.

公开(公告)号：US11943830B2

公开(公告)日：2024-03-26

申请号：US16455739

申请日：2019-06-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Li Hu ,  Jing Chen ,  Yinghui Yu

IPC: H04W76/19 ,  H04W8/08 ,  H04W76/25 ,  H04W76/27 ,  H04W80/02

CPC classification number: H04W76/19 ,  H04W8/08 ,  H04W76/25 ,  H04W76/27 ,  H04W80/02

Abstract: A link re-establishment method, an apparatus, and a system are provided. The method includes: obtaining, by user equipment (UE), a MAC of the UE based on a NAS integrity key and a first MAC generation parameter, where the first MAC generation parameter includes an identifier of the UE; sending, by the UE, a re-establishment request message to a target RAN, where the re-establishment request message includes the MAC and the first MAC generation parameter; and receiving, by the UE, a re-establishment response message of the target RAN. The UE triggers, by sending the re-establishment request message, a CP functional entity to perform authentication on the UE. This resolves a prior-art problem that an excessively long time is consumed to re-establish a connection to a target RAN by using an RAU procedure, increases a speed of re-establishing a connection between UE and a network, and improves user experience.

公开(公告)号：US20240004771A1

公开(公告)日：2024-01-04

申请号：US18467792

申请日：2023-09-15

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing Chen

IPC: G06F11/30 ,  G06F11/07

CPC classification number: G06F11/3034 ,  G06F11/3075 ,  G06F11/076

Abstract: An active-active storage system management method includes: obtaining first detection report information of a first storage system and second detection report information of a second storage system, and determining a sub-healthy object in an active-active storage system based on the first detection report information and the second detection report information. The first detection report information is generated by the first storage system, and the second detection report information is generated by the second storage system.