公开(公告)号：US20180167807A1

公开(公告)日：2018-06-14

申请号：US15892488

申请日：2018-02-09

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jiangwei YING ,  Lijia ZHANG ,  Jing CHEN

IPC: H04W12/02 ,  H04W12/06 ,  H04W12/04 ,  H04W12/10 ,  G09C1/00 ,  H04L9/14 ,  H04L9/08

CPC classification number: H04W12/02 ,  G09C1/00 ,  H04L9/0838 ,  H04L9/14 ,  H04L63/06 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10

Abstract: The present application discloses, among others, a message protection method performed by user equipment (UE). In one method an authentication and key agreement request message sent by an SGSN is received using a GMM/SM protocol layer of the UE. A first algorithm identifier on the GMM/SM protocol layer of the UE is obtained according to the authentication and key agreement request message, and a first key is generated. A first message authentication code on the GMM/SM protocol layer is verified according to the first key and a first algorithm. If the UE determines that the verification of the first message authentication code succeeds, an authentication and key agreement response message is generated on the GMM/SM protocol layer of the UE according to the first key and the first algorithm. The authentication and key agreement response message is sent to the SGSN by using the GMM/SM protocol layer of the UE.

公开(公告)号：US20130035067A1

公开(公告)日：2013-02-07

申请号：US13649540

申请日：2012-10-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lijia ZHANG ,  Yixian Xu ,  Yingxin Huang ,  Xiaohan Liu ,  Meriau Laurence

IPC: H04W12/06

CPC classification number: H04L63/08 ,  H04L63/0884 ,  H04L2463/061 ,  H04W4/08 ,  H04W4/70 ,  H04W8/186 ,  H04W12/04 ,  H04W12/06

Abstract: Embodiments of the present invention disclose a method and an apparatus for authenticating a communication device, where the method includes: receiving an attach request including a group identifier and sent by an MTC device to be authenticated, where the group identifier is a group identifier of an MTC group where the MTC device to be authenticated is located; determining whether a first group authentication vector bound to the group identifier exists locally, where the first group authentication vector is an authentication vector used for authenticating MTC devices in the MTC group; and if existing, according to the first group authentication vector, authenticating the MTC device to be authenticated, and generating a system key of the MTC device to be authenticated. The technical solutions provided in the present invention can be applied to the technical field of authenticating the MTC device.

Abstract translation: 本发明的实施例公开了一种用于认证通信设备的方法和装置，其中，所述方法包括：接收包括组标识符的附加请求，并由要被认证的MTC设备发送，其中所述组标识符是组识别符 要认证的MTC设备所在的MTC组; 确定是否本地存在绑定到组标识符的第一组认证向量，其中第一组认证向量是用于认证MTC组中的MTC设备的认证向量; 如果存在，根据第一组认证向量，认证要认证的MTC设备，并生成待认证的MTC设备的系统密钥。 本发明提供的技术方案可以应用于认证MTC设备的技术领域。

公开(公告)号：US20130305386A1

公开(公告)日：2013-11-14

申请号：US13943469

申请日：2013-07-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lijia ZHANG ,  Yixian XU ,  Jing CHEN

IPC: G06F21/60

CPC classification number: G06F21/60 ,  H04L63/205 ,  H04W4/70 ,  H04W12/04 ,  H04W12/06

Abstract: The present invention relates to communication technologies and discloses a method and an apparatus for protecting security of data, so as to solve the problem of the prior art in which the security of data transmission between a communication terminal which has a characteristic of small data transmission and the network cannot be guaranteed. Information relevant to security context is stored if a communication terminal has a characteristic of small data transmission; current security context is obtained according to the information relevant to security context; and security protection of communication data is performed by employing the current security context. The embodiments of the present invention may be applied to a communication system having a characteristic of small data transmission, such as an MTC and the like.

Abstract translation: 本发明涉及通信技术，并且公开了一种用于保护数据安全性的方法和装置，以解决现有技术的问题，其中具有小数据传输特性的通信终端与数据传输特性之间的数据传输安全性 网络无法保证。 如果通信终端具有小数据传输的特征，则存储与安全上下文相关的信息; 根据与安全环境相关的信息获取当前的安全上下文; 并且通过采用当前的安全上下文来执行通信数据的安全保护。 本发明的实施例可以应用于具有小数据传输特性的通信系统，例如MTC等。

公开(公告)号：US20130236016A1

公开(公告)日：2013-09-12

申请号：US13871900

申请日：2013-04-26

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei ZHANG ,  Jing CHEN ,  Lijia ZHANG ,  Zhuo CHEN

IPC: H04W12/08

CPC classification number: H04W12/10 ,  H04L9/14 ,  H04L63/205 ,  H04W12/02 ,  H04W12/08 ,  H04W84/047 ,  H04W92/20

Abstract: A method and an apparatus for protecting data carried on an Un interface between a eNB and a relay node are disclosed. Three types of radio bearers (RBs) are defined over the Un interface: signaling radio bearers (SRBs) for carrying control plane signaling data, signaling-data radio bearers (s-DRBs) for carrying control plane signaling date; and data-data radio bearers (d-DRBs) for carrying user plane data. An integrity protection algorithm and an encryption algorithm are negotiated for control plane signaling data on an SRB, control plane signaling data carried on an s-DRB, and user plane data carried on a d-DRB. With the respective integrity protection algorithm and encryption algorithm, the data over the Un interface can be protected respectively. Therefore, the security protection on the Un interface is more comprehensive, and the security protection requirements of data borne over different RBs can be met.

公开(公告)号：US20140310523A1

公开(公告)日：2014-10-16

申请号：US14311898

申请日：2014-06-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lijia ZHANG ,  Jing CHEN

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L63/205 ,  H04W12/02 ,  H04W12/10 ,  H04W80/02 ,  H04W84/047

Abstract: Embodiments of the present invention provide a method for secure communication of a low-cost terminal, which solves a communication security problem in the low-cost terminal and on a network side. The method includes: selecting, by an access point, a ciphering algorithm and an integrity algorithm according to a security capability of the low-cost terminal after successful authentication and key negotiation between the low cost terminal and a mobility management entity, and acquiring a cipher key and an integrity key according to the ciphering algorithm and the integrity algorithm; sending, by the access point, a security mode command including the ciphering algorithm and the integrity algorithm to the low-cost terminal so that the low-cost terminal calculates the cipher key and the integrity key; and receiving, by the access point, a security mode complete response message sent by the low-cost terminal. Embodiments of the present invention apply to radio communication.

Abstract translation: 本发明的实施例提供了一种用于低成本终端的安全通信的方法，其解决了低成本终端和网络侧的通信安全问题。 该方法包括：在低成本终端与移动性管理实体成功认证和密钥协商之后，根据低成本终端的安全能力，由接入点选择加密算法和完整性算法，并获取密码 密钥和完整性密钥根据加密算法和完整性算法; 由接入点向低成本终端发送包括加密算法和完整性算法的安全模式命令，使得低成本终端计算密码密钥和完整性密钥; 以及由所述接入点接收由所述低成本终端发送的安全模式完整响应消息。 本发明的实施例适用于无线电通信。

公开(公告)号：US20140237559A1

公开(公告)日：2014-08-21

申请号：US14264566

申请日：2014-04-29

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Lijia ZHANG ,  Jing CHEN ,  Yixian XU

IPC: H04W12/04

CPC classification number: H04W12/04 ,  H04L9/0833 ,  H04L9/0869 ,  H04L63/062 ,  H04L63/065 ,  H04L2463/061 ,  H04W4/70 ,  H04W88/08

Abstract: A method and a related device for generating a group key are provided. A group ID of a group to which an MTC device belongs and a group communication root key related to a security key are received from an MME, where the security key is corresponding to the group ID; a group key corresponding to the group ID is generated according to the group communication root key; and a generating parameter used to generate the group key is sent to the MTC device, so that the MTC device generates the group key according to the group key generating parameter and a security key saved in the MTC device. Therefore, a base station only needs to maintain a same group key for a same group, thereby reducing the operation complexity of the base station.

Abstract translation: 提供了一种用于生成组密钥的方法和相关设备。 从MME接收MTC设备所属的组的组ID和与安全密钥相关的组通信根密钥，其中安全密钥对应于组ID; 根据组通信根密钥生成与组ID对应的组密钥; 并且将用于生成组密钥的生成参数发送到MTC设备，使得MTC设备根据组密钥生成参数和保存在MTC设备中的安全密钥生成组密钥。 因此，基站仅需要为同一组保持相同的组密钥，从而降低基站的操作复杂度。

公开(公告)号：US20140105383A1

公开(公告)日：2014-04-17

申请号：US14109809

申请日：2013-12-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lijia ZHANG ,  Yixian XU

IPC: H04L9/28

CPC classification number: H04L9/14 ,  G06F21/602 ,  H04L63/205 ,  H04W4/08 ,  H04W4/70 ,  H04W12/0017 ,  H04W12/04 ,  H04W12/10

Abstract: Disclosed is a method for negotiating machine type communication (MTC) device group algorithms, including: selecting a negotiated group encryption algorithm and a negotiated group integrity algorithm from group encryption algorithms and group integrity algorithms supported by an MTC device; sending a security mode command message or a radio resource control (RRC) connection reconfiguration message to the MTC device, wherein the security mode command message or the RRC connection reconfiguration message carries the negotiated group encryption algorithm and the negotiated group integrity algorithm. The method disclosed in this invention enables the MTC devices to realize the encryption and the integrity protection of communication contents when performing group communication.

Abstract translation: 公开了一种用于协商机器类型通信（MTC）设备组算法的方法，包括：从MTC设备支持的组加密算法和组完整性算法中选择协商组加密算法和协商组完整性算法; 向所述MTC设备发送安全模式命令消息或无线资源控制（RRC）连接重配置消息，其中，所述安全模式命令消息或所述RRC连接重配置消息携带所协商的组加密算法和协商的组完整性算法。 本发明公开的方法使得MTC设备能够在进行群组通信时实现通信内容的加密和完整性保护。

公开(公告)号：US20180249331A1

公开(公告)日：2018-08-30

申请号：US15966568

申请日：2018-04-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jing CHEN ,  Lijia ZHANG ,  Jingjing GUO

IPC: H04W12/04 ,  H04W76/27 ,  H04W76/10 ,  H04W4/50

CPC classification number: H04W12/04 ,  H04L9/08 ,  H04L63/062 ,  H04W4/50 ,  H04W76/10 ,  H04W76/27

Abstract: Embodiments of the present invention provide an SeNB key update method, including: establishing, by an MeNB, an RRC connection to UE, and determining a first SeNB and a second SeNB that are connected to the UE; calculating, by the MeNB, a key S-KeNB1 of the first SeNB and a key S-KeNB2 of the second SeNB, and sending an SeNB addition request to the first SeNB and the second SeNB; receiving, by the MeNB, a first request acknowledgment message fed back by the first SeNB, and receiving a second request acknowledgment message fed back by the second SeNB; and sending, by the MeNB, an RRC reconfiguration request to the UE according to the first request acknowledgment message and the second request acknowledgment message, where the RRC reconfiguration request includes key update information of the first SeNB and key update information of the second SeNB.

公开(公告)号：US20140233735A1

公开(公告)日：2014-08-21

申请号：US14263253

申请日：2014-04-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lijia ZHANG ,  Jing CHEN

IPC: H04W12/04

CPC classification number: H04W12/04 ,  H04L9/0656 ,  H04L9/12 ,  H04L63/10 ,  H04L63/104 ,  H04L2209/80 ,  H04W4/70 ,  H04W12/02

Abstract: Embodiments of the present application provide an encryption method, a decryption method, and a related apparatus. The encryption method includes: generating a keystream, where the keystream is used to encrypt a part of data to be encrypted in an initial layer-3 message, and the part of data to be encrypted includes small data; generating, by performing an exclusive OR operation on the keystream and the initial layer-3 message, an initial layer-3 message in which the part of data is encrypted; and sending the initial layer-3 message in which the part of data is encrypted, where the initial layer-3 message includes an added encryption indication, and the encryption indication is used to indicate that the part of data to be encrypted in the initial layer-3 message is encrypted.

Abstract translation: 本申请的实施例提供一种加密方法，解密方法和相关装置。 加密方法包括：生成密钥流，其中密钥流用于加密在初始层3消息中要加密的数据的一部分，并且要加密的部分数据包括小数据; 通过对密钥流和初始层3消息执行异或运算，生成其中部分数据被加密的初始层3消息; 并且发送其中部分数据被加密的初始层3消息，其中初始层3消息包括添加的加密指示，并且加密指示用于指示要在初始层中加密的数据的一部分 -3消息被加密。

公开(公告)号：US20140185585A1

公开(公告)日：2014-07-03

申请号：US14197660

申请日：2014-03-05

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei ZHANG ,  Lijia ZHANG ,  Ke WANG

IPC: H04W36/00

CPC classification number: H04W36/0033 ,  H04W36/0038 ,  H04W36/12

Abstract: The present invention discloses a method for transferring a context and a mobility management entity. When S1 handover occurs on an RN, the method includes: acquiring, by a source MME to which a UE is attached, an indicator for transferring a context of the UE, where the UE is a UE served by the RN when the S1 handover occurs; and transferring, by the source MME to which the UE is attached, the context of the UE to a target MME according to the indicator for transferring the context of the UE, so that the target MME acquires security information of the UE according to the context of the UE, where the target MME is an MME to which the UE needs to be attached in the handover process.

Abstract translation: 本发明公开了一种用于传送上下文和移动性管理实体的方法。 当在RN上发生S1切换时，该方法包括：由UE附加的源MME获取用于传送UE的上下文的指示符，其中，当发生S1切换时，UE是由RN服务的UE ; 并且根据用于传送所述UE的上下文的指示符，将所述UE附加的所述UE的上下文传送到目标MME，使得所述目标MME根据所述上下文获取所述UE的安全性信息 的UE，其中目标MME是切换过程中UE需要附加的MME。