公开(公告)号：US20210273799A1

公开(公告)日：2021-09-02

申请号：US17321494

申请日：2021-05-16

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Sandeep Kampati ,  De Sheng ,  Dharmanandana Reddy Pothula ,  Bharath Soma Satya Meduri

IPC: H04L9/08 ,  H04L29/06

Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.

公开(公告)号：US11888982B2

公开(公告)日：2024-01-30

申请号：US17321494

申请日：2021-05-16

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Sandeep Kampati ,  De Sheng ,  Dharmanandana Reddy Pothula ,  Bharath Soma Satya Meduri

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/40

CPC classification number: H04L9/0891 ,  H04L63/029 ,  H04L63/164

Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.

公开(公告)号：US20220263811A1

公开(公告)日：2022-08-18

申请号：US17716470

申请日：2022-04-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Sandeep Kampati ,  Lohit S ,  Shubham Mamodiya ,  Bharath Soma Satya Meduri ,  Vishnu Vardhan Bachu V N ,  Dharmanandana Reddy Pothula ,  Karthigaasri R T

IPC: H04L9/40

Abstract: A method for Internet Key Exchange (IKE) re-authentication optimization includes sending, by a first network device and a second network device, a notification, which contains new Security Parameters Index (SPI) for new security association (SA), and sending, by the first network device alone, an OLD_SPI notification to map SPI of Internet Protocol Security (IPsec) (Authentication Header (AH)/Encapsulating Security Payload (ESP)) with the old IPSec SA.

公开(公告)号：US10904368B2

公开(公告)日：2021-01-26

申请号：US16420959

申请日：2019-05-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dharmanandana Reddy Pothula ,  Chandra Mohan Padamati ,  Antony Paul ,  Yun Qin ,  De Sheng

IPC: H04L29/08 ,  H04L9/08 ,  H04L29/06 ,  H04W84/12 ,  H04W12/04

Abstract: Disclosed are a system, method and devices for simultaneous MACsec key agreement (MKA) negotiation between the devices. The present application controls a basic TLV message exchange between supplicant and authenticator in case of race condition to establish the secure association key (SAK) channel. The present application by controlling a basic TLV message exchange enables to establish a secure channel in race condition and achieves a high reliability of the product as this makes product launch MACsec services quickly and available for the service. Accordingly, when both sides (two supplicants) exchange hello with basic TLV at the same time, triggering the race condition, drops first message from the authenticator at supplicant and update the peer MN and the supplicant will not send reply. The authenticator when send next message (basic+potential peer TLV) with peer MN incremented by 1, the supplicant will respond with incremental message with live peer TLV.

公开(公告)号：US20170104734A1

公开(公告)日：2017-04-13

申请号：US15381366

申请日：2016-12-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dharmanandana Reddy Pothula ,  Chi Zhang

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/04 ,  H04L9/14

CPC classification number: H04L63/061 ,  H04L9/14 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/0861 ,  H04L63/101 ,  H04W12/0013 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W36/0038 ,  H04W84/045

Abstract: A method for communication between femto access points (Aps) and a femto AP is presented. The method includes creating, by a first femto AP with a key server (KS), a first tunnel between the first femto AP and the KS, and downloading, by the first femto AP, a key as a first key and an access control list (ACL) from the KS through the first tunnel, wherein the ACL is configured to indicate a data flow access rule between the first femto AP and a second femto AP; encrypting, by the first femto AP, first data using the first key to obtain encrypted first data, and sending the encrypted first data to the second femto AP according to the data flow access rule indicated by the ACL, so that the second femto AP decrypts the encrypted first data using a second key.

公开(公告)号：US11943209B2

公开(公告)日：2024-03-26

申请号：US17321499

申请日：2021-05-17

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Sandeep Kampati ,  Bharath Soma Satya Meduri ,  Dharmanandana Reddy Pothula ,  De Sheng

IPC: H04L9/40

CPC classification number: H04L63/061 ,  H04L63/0245 ,  H04L63/029 ,  H04L63/0435

Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.

公开(公告)号：US20210273928A1

公开(公告)日：2021-09-02

申请号：US17321499

申请日：2021-05-17

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Sandeep Kampati ,  Bharath Soma Satya Meduri ,  Dharmanandana Reddy Pothula ,  De Sheng

IPC: H04L29/06

Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.

公开(公告)号：US20170251363A1

公开(公告)日：2017-08-31

申请号：US15596915

申请日：2017-05-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dharmanandana Reddy Pothula ,  Chi Zhang

IPC: H04W12/04 ,  H04W36/00 ,  H04L29/06

CPC classification number: H04W12/04 ,  H04L63/0272 ,  H04L63/061 ,  H04L63/062 ,  H04L63/065 ,  H04L63/164 ,  H04L2209/80 ,  H04W12/001 ,  H04W36/0038

Abstract: Methods, servers, base stations and communication systems for configuring security parameters are disclosed. Embodiments of the present invention provide a method for configuring security parameters in a network, the network comprising at least one base station and a server providing service for the at least one base station. The method comprises updating, by the server, security parameters for the base station and sending, by the server, the updated security parameters to the base station, so that base stations transmits data between each other according to the updated security parameters.

公开(公告)号：US20240223364A1

公开(公告)日：2024-07-04

申请号：US18392496

申请日：2023-12-21

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Sandeep Kampati ,  De Sheng ,  Dharmanandana Reddy Pothula ,  Bharath Soma Satya Meduri

IPC: H04L9/08 ,  H04L9/40

CPC classification number: H04L9/0891 ,  H04L63/029 ,  H04L63/164

Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, processing time, and power in the course of the IKE SA or the IPSec SA rekey.

公开(公告)号：US20210105348A1

公开(公告)日：2021-04-08

申请号：US17123631

申请日：2020-12-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dharmanandana Reddy Pothula ,  Chandra Mohan Padamati ,  Antony Paul ,  Yun Qin ,  De Sheng

IPC: H04L29/08 ,  H04L9/08 ,  H04L29/06 ,  H04W84/12 ,  H04W12/04

Abstract: Disclosed are a system, method and devices for simultaneous MACsec key agreement (MKA) negotiation between the devices. The present application controls a basic TLV message exchange between supplicant and authenticator in case of race condition to establish the secure association key (SAK) channel. The present application by controlling a basic TLV message exchange enables to establish a secure channel in race condition and achieves a high reliability of the product as this makes product launch MACsec services quickly and available for the service. Accordingly, when both sides (two supplicants) exchange hello with basic TLV at the same time, triggering the race condition, drops first message from the authenticator at supplicant and update the peer MN and the supplicant will not send reply. The authenticator when send next message (basic+potential peer TLV) with peer MN incremented by 1, the supplicant will respond with incremental message with live peer TLV.