公开(公告)号：US11765578B2

公开(公告)日：2023-09-19

申请号：US16937107

申请日：2020-07-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04W24/04 ,  H04W76/30 ,  H04W12/033 ,  H04L9/40 ,  H04W12/10 ,  H04W12/041

CPC classification number: H04W12/033 ,  H04L63/205 ,  H04W12/041 ,  H04W12/10

Abstract: A security negotiation method includes receiving, by a terminal, security negotiation information from a centralized unit control plane (CU-CP)/a centralized unit user plane (CU-UP), where the security negotiation information includes an integrity protection indication identifier of the CU-UP, and determining, by the terminal based on the integrity protection indication identifier, whether to enable user-plane integrity protection of the terminal.

公开(公告)号：US20230262459A1

公开(公告)日：2023-08-17

申请号：US18309530

申请日：2023-04-28

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Fei Li ,  Bo Zhang

IPC: H04W12/069 ,  H04W12/69

CPC classification number: H04W12/069 ,  H04W12/69

Abstract: A service authorization method includes: A first network element sends a first token request to a network repository function network element. After receiving the first token request from the first network element, the network repository function network element may complete verification on validity of a network function service consumer entity by determining, through verification, whether first information of the network function service consumer entity that is carried in the first token request matches second information in a certificate in an assertion of the network function service consumer entity, and does not rely on a profile of the network function service consumer entity to verify the validity of the network function service consumer entity.

公开(公告)号：US11695742B2

公开(公告)日：2023-07-04

申请号：US17321964

申请日：2021-05-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Rong Wu ,  Lu Gan

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/08 ,  H04L67/14 ,  H04W12/033 ,  H04W12/041 ,  H04W12/106

CPC classification number: H04L63/0428 ,  H04L9/0861 ,  H04L63/20 ,  H04L67/14 ,  H04W12/033 ,  H04W12/041 ,  H04W12/106 ,  H04L2209/80

Abstract: A security implementation method includes obtaining, by a first device, a security policy of a session and at least one key, and sending, by the first device, protected data to a second device, where the protected data is obtained by protecting security of session data of the session using the at least one key based on the security policy of the session, and the second device is configured to restore the protected data using the at least one key based on the security policy to obtain the session data, where when the first device is a terminal device, the second device is an access network node or a user plane node, or when the first device is an access network node or a user plane node, the second device is a terminal device.

公开(公告)号：US11647391B2

公开(公告)日：2023-05-09

申请号：US17180228

申请日：2021-02-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Bo Zhang ,  Chengdong He

IPC: H04L29/06 ,  H04W12/122 ,  H04W12/37 ,  H04W8/08 ,  H04W12/08

CPC classification number: H04W12/122 ,  H04W8/08 ,  H04W12/08 ,  H04W12/37

Abstract: Embodiments of this application provide a security protection method, a device, and a system, to improve data transmission security. The method includes: determining, by a terminal, a session management network element, or a mobility management network element, whether a security protection policy determined by an access network device is consistent with a user plane security policy delivered by the session management network element to the access network device; and if the security protection policy determined by the access network device is inconsistent with the user plane security policy delivered by the session management network element to the access network device, performing processing according to a preset policy.

公开(公告)号：US11533610B2

公开(公告)日：2022-12-20

申请号：US17031534

申请日：2020-09-24

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04W12/033 ,  H04L9/08 ,  H04W12/10

Abstract: Embodiments of this application provide a key generation method, applied to a scenario in which a base station is divided into a centralized unit and a distributed unit and a control plane and a user plane of the centralized unit are separated. And the control plane entity of the centralized unit obtains a root key, generates a user plane security key based on the root key, and sends the first user plane security key to the user plane entity of the first centralized unit. According to this application, key isolation between different user plane entities is implemented. Further, in an actual operation, the control plane entity or the user plane entity of the centralized unit may be flexibly selected to generate the user plane security key.

公开(公告)号：US11500650B2

公开(公告)日：2022-11-15

申请号：US17339299

申请日：2021-06-04

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jianbo Xiang ,  Bo Zhang

IPC: G06F9/445 ,  G06F8/61 ,  G06F8/65 ,  G06F11/30 ,  G06F11/34 ,  G06F13/42

Abstract: An FPGA upgrade method is provided, including: delivering, by a host, an upgrade instruction to an FPGA; uninstalling a PCIe driver corresponding to the FPGA to let a status of the PCIe link be changed to link down; continuously monitoring, in a first expiration time, whether the status of the PCIe link is changed to link up; and if yes, reloading the PCIe driver. The method further includes: after the FPGA receives the upgrade instruction, continuously monitoring, in a second expiration time, whether the status of the PCIe link is changed to link down, if yes, loading the configuration data from the FPGA configuration memory for upgrade; and after upgrade is completed, negotiating, by the FPGA, with the host to restore the status of the PCIe link to link up that is used for reloading the PCIe driver upon detection by the host.

公开(公告)号：US20220166622A1

公开(公告)日：2022-05-26

申请号：US17540664

申请日：2021-12-02

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shuaishuai Tan ,  Lu Gan ,  Bo Zhang ,  Rong Wu

IPC: H04L9/32 ,  H04L9/40

Abstract: A network function service invocation method includes sending, by a first network function network element, a first request message to an authorization network element, wherein the first request message is used to request permission to invoke a first network function service provided by a second network function network element, performing, by the authorization network element, identity authentication on the first network function network element, generating, by the authorization network element, a token when determining that the identity authentication succeeds, wherein the token is used to indicate that the first network function network element has the permission to invoke the first network function service of the second network function network element, and sending, by the authorization network element, a token to the first network function network element.

公开(公告)号：US11228442B2

公开(公告)日：2022-01-18

申请号：US16923741

申请日：2020-07-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan ,  Yanjiang Yang

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04W12/06

Abstract: An authentication method, an authentication apparatus, and an authentication system for the communications field are described. The authentication includes receiving, by a communications network element, a request from a user equipment (UE) comprising a first identifier that is an international mobile subscriber identity (IMSI). The communication network element, in response to the request, sends the first identifier to a home subscriber server. The communications network element, upon authenticating the UE successfully, sends a second identifier to a key management center (KMS) to facilitate the KMS generating a subscriber private key corresponding to the second identifier and sending the subscriber private key to the communications network element. The communications network element thereafter sends the subscriber private key to the UE.

公开(公告)号：US20210273923A1

公开(公告)日：2021-09-02

申请号：US17321964

申请日：2021-05-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Rong Wu ,  Lu Gan

IPC: H04L29/06 ,  H04L9/08 ,  H04L29/08 ,  H04W12/033 ,  H04W12/041 ,  H04W12/106

Abstract: A security implementation method includes obtaining, by a first device, a security policy of a session and at least one key, and sending, by the first device, protected data to a second device, where the protected data is obtained by protecting security of session data of the session using the at least one key based on the security policy of the session, and the second device is configured to restore the protected data using the at least one key based on the security policy to obtain the session data, where when the first device is a terminal device, the second device is an access network node or a user plane node, or when the first device is an access network node or a user plane node, the second device is a terminal device.

公开(公告)号：US20210234929A1

公开(公告)日：2021-07-29

申请号：US17206928

申请日：2021-03-19

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xuwen Zhao ,  Bo Zhang

IPC: H04L29/08 ,  H04W12/102 ,  H04W12/106

Abstract: Embodiments of this application provide a data check method, a data check apparatus, and a storage medium. The data check method includes: obtaining a first counter value and a second counter value, where the first counter value is a value obtained by performing counting by UE during data transmission between the UE and a UPF entity, and the second counter value is a value obtained by performing counting by the UPF entity during the data transmission between the UE and the UPF entity; determining whether the first counter value matches the second counter value; and if the first counter value does not match the second counter value, sending a response message to a session management network element.