-
公开(公告)号:US11882433B2
公开(公告)日:2024-01-23
申请号:US17867939
申请日:2022-07-19
Applicant: Huawei Technologies Co., Ltd.
IPC: H04L29/06 , H04W12/033 , H04W76/19 , H04W12/0431 , H04W12/041 , H04W12/10
CPC classification number: H04W12/033 , H04W12/041 , H04W12/0431 , H04W12/10 , H04W76/19
Abstract: A communication method and a communications apparatus, where the method includes: after receiving an RRC resume request message from a UE, determining, by a target access network device, a first user plane security protection method between the target access network device and the UE based on a context information obtaining response from a source access network device; determining a first user plane security key between the target access network device and the UE; when receiving first uplink user plane data from the UE, performing user plane security deprotection on the first uplink user plane data based on the first user plane security key and the first user plane security protection method, to obtain uplink user plane data; and sending the uplink user plane data.
-
公开(公告)号:US11877150B2
公开(公告)日:2024-01-16
申请号:US17511680
申请日:2021-10-27
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
IPC: H04W12/0431 , H04W12/106 , H04W12/033 , H04W8/12
CPC classification number: H04W12/0431 , H04W8/12 , H04W12/033 , H04W12/106
Abstract: An information obtaining method and an apparatus are disclosed. The method includes: sending a first initial NAS message including a non-cleartext information element protected using a first root key from a terminal to a source mobility management network element; receiving a second root key and first indication information from the source mobility management network element, where the first indication information indicates that the second root key is an updated key; sending second indication information and third indication information to the terminal based on the first indication information, where the second indication information indicates the terminal to update the first root key stored by the terminal to obtain the second root key, and the third indication information indicates the terminal to resend the initial NAS message; and receiving a second initial NAS message including the non-cleartext information element protected using the second root key from the terminal.
-
公开(公告)号:US11564099B2
公开(公告)日:2023-01-24
申请号:US16859699
申请日:2020-04-27
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Li Hu , Bingzhao Li , Xiaoying Xu , Jing Chen , He Li
IPC: H04L29/06 , H04W12/106 , H04W76/27 , H04L9/14 , H04W36/08 , H04W12/037 , H04W12/041
Abstract: This application provides an RRC connection resume method and apparatus. In the method, when a terminal moves to a target base station, the target base station may reselect, based on a capability and a requirement of the target base station, a first encryption algorithm and a first integrity protection algorithm that are used when the target base station communicates with the terminal, and send the first encryption algorithm and the first integrity protection algorithm to the terminal. On one hand, a security algorithm used for communication between the terminal and the target base station is flexibly selected. On the other hand, because the base station connected to the terminal changes, communication security can be improved by using a new encryption algorithm and integrity protection algorithm.
-
公开(公告)号:US11503469B2
公开(公告)日:2022-11-15
申请号:US16588599
申请日:2019-09-30
Applicant: Huawei Technologies Co., Ltd.
IPC: H04W12/06 , H04W76/11 , H04L67/141 , H04W8/18 , H04W12/069 , H04W12/084 , H04L9/40
Abstract: This application provides a user authentication method and an apparatus. Before establishing, for a terminal device, a session used to transmit service data, an SMF entity receives a session establishment request message; determines, based on the session establishment request message, to perform user authentication on a user using the terminal device; and sends a session establishment message to a UPF entity, where the session establishment message is used to establish a first session for the terminal device, and a session attribute of the first session is: a session used to transmit only a user authentication message. Subsequently, the terminal device and an AAA server transmit the user authentication message through the first session, to complete user authentication.
-
公开(公告)号:US11445365B2
公开(公告)日:2022-09-13
申请号:US17513021
申请日:2021-10-28
Applicant: Huawei Technologies Co., Ltd.
IPC: H04L29/06 , H04W12/033 , H04W76/19 , H04W12/0431 , H04W12/041 , H04W12/10
Abstract: A communication method and a communications apparatus, where the method includes: after receiving an RRC resume request message from a UE, determining, by a target access network device, a first user plane security protection method between the target access network device and the UE based on a context information obtaining response from a source access network device; determining a first user plane security key between the target access network device and the UE; when receiving first uplink user plane data from the UE, performing user plane security deprotection on the first uplink user plane data based on the first user plane security key and the first user plane security protection method, to obtain uplink user plane data; and sending the uplink user plane data.
-
Patent Agency Ranking
公开(公告)号:US11418962B2
公开(公告)日:2022-08-16
申请号:US16783976
申请日:2020-02-06
Applicant: Huawei Technologies Co., Ltd.
Inventor: Ahmad Shawky Muhanna , He Li , Mazin Ali Al-Shalash
Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.
-
公开(公告)号:US20220191701A1
公开(公告)日:2022-06-16
申请号:US17683022
申请日:2022-02-28
Applicant: Huawei Technologies Co., Ltd.
Inventor: Ahmad Shawky Muhanna , He Li , Mazin Ali Al-Shalash
Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.
-
公开(公告)号:US10952106B2
公开(公告)日:2021-03-16
申请号:US16731994
申请日:2019-12-31
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Abstract: This application relates to the field of wireless communications technologies. Embodiments of this application provide a security protection method, an apparatus, and a system, to resolve a problem of low efficiency in handing over a terminal between serving base stations. The method in this application includes: receiving, by a target access network device, a correspondence between user plane information and a security policy from a source access network device; and determining, by the target access network device based on the correspondence between user plane information and a security policy, a first user plane protection algorithm corresponding to the user plane information, where the first user plane protection algorithm includes one or both of a user plane encryption algorithm and a user plane integrity protection algorithm. This application is applicable to a procedure in which the terminal is handed over between serving base stations.
-
公开(公告)号:US20210067954A1
公开(公告)日:2021-03-04
申请号:US17023748
申请日:2020-09-17
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Abstract: The present disclosure discloses a communication method performed by a management function entity, including: receiving a first request message sent by user equipment UE; sending a second request message to a storage function entity based on the first request message, where the second request message is used to request a security service identifier for the UE, and the security service identifier is used to indicate a security service procedure; receiving a response message including the security service identifier from the storage function entity; obtaining a target security service identifier based on the security service identifier, where the target security service identifier is used to indicate a security service procedure to be initiated by the management function entity; and initiating the security service procedure indicated by the target security service identifier. The present disclosure further discloses a communications device.
-
公开(公告)号:US10904764B2
公开(公告)日:2021-01-26
申请号:US16874306
申请日:2020-05-14
Applicant: Huawei Technologies Co., Ltd.
Abstract: A security protection method and an apparatus to implement security protection for a plurality of non-access stratum (NAS) connection links. The method includes determining, by a terminal, a first parameter, where the first parameter is used to indicate an access technology used to transmit a non-access stratum NAS message. The terminal can support at least two access technologies, and can separately maintain a corresponding NAS COUNT for each of the at least two access technologies. The method further includes performing, by the terminal, security protection on the NAS message based on the first parameter, a NAS key, and a NAS COUNT corresponding to an access technology used to transmit the NAS message.
-
-
-
-
-
-
-
-
-
Search Results
87
records
(took 0.022 seconds)
