-
公开(公告)号:US20240223613A1
公开(公告)日:2024-07-04
申请号:US18415304
申请日:2024-01-17
发明人: Zhongding Lei , Lichun Li , Haiguang Wang , Xin Kang
摘要: Embodiments of this application provide a network security management method and an apparatus. The method includes: receiving, by a first network device, a session request sent by a terminal device, where the session request is used to request establishment of a first session with a first data network, the session request includes first authentication information for the first session, and the first authentication information includes identifier information of the first data network; obtaining, by the first network device, second authentication information for a second session of the terminal device, where the second authentication information includes identifier information of a second data network to which the second session is connected; and if the identifier information of the first data network is the same as the identifier information of the second data network, authorizing the terminal device to establish the first session with the first data network.
-
公开(公告)号:US11477242B2
公开(公告)日:2022-10-18
申请号:US16746479
申请日:2020-01-17
发明人: Zhongding Lei , Lichun Li , Haiguang Wang , Xin Kang
摘要: Embodiments of this application provide a network security management method and an apparatus. The method includes: receiving, by a first network device, a session request sent by a terminal device, where the session request is used to request establishment of a first session with a first data network, the session request includes first authentication information for the first session, and the first authentication information includes identifier information of the first data network; obtaining, by the first network device, second authentication information for a second session of the terminal device, where the second authentication information includes identifier information of a second data network to which the second session is connected; and if the identifier information of the first data network is the same as the identifier information of the second data network, authorizing the terminal device to establish the first session with the first data network.
-
公开(公告)号:US20180331829A1
公开(公告)日:2018-11-15
申请号:US15977220
申请日:2018-05-11
发明人: Haiguang Wang , Jie Shi , Xin Kang
CPC分类号: H04L9/3013 , H04L9/0844 , H04L9/0869 , H04L9/14 , H04L9/3066 , H04L9/3242 , H04W12/06
摘要: Embodiments of the invention provide methods and apparatuses for session key generation, which use Diffie-Hellman procedure in both user equipment and network to prevent an attacker from breaking the session key by simply listening to signal exchanges passively when the attacker possesses credentials of a USIM card.
-
公开(公告)号:US11895157B2
公开(公告)日:2024-02-06
申请号:US17939637
申请日:2022-09-07
发明人: Zhongding Lei , Lichun Li , Haiguang Wang , Xin Kang
摘要: Embodiments of this application provide a network security management method and an apparatus. The method includes: receiving, by a first network device, a session request sent by a terminal device, where the session request is used to request establishment of a first session with a first data network, the session request includes first authentication information for the first session, and the first authentication information includes identifier information of the first data network; obtaining, by the first network device, second authentication information for a second session of the terminal device, where the second authentication information includes identifier information of a second data network to which the second session is connected; and if the identifier information of the first data network is the same as the identifier information of the second data network, authorizing the terminal device to establish the first session with the first data network.
-
公开(公告)号:US10931445B2
公开(公告)日:2021-02-23
申请号:US15977220
申请日:2018-05-11
发明人: Haiguang Wang , Jie Shi , Xin Kang
摘要: Embodiments of the invention provide methods and apparatuses for session key generation, which use Diffie-Hellman procedure in both user equipment and network to prevent an attacker from breaking the session key by simply listening to signal exchanges passively when the attacker possesses credentials of a USIM card.
-
公开(公告)号:US10581860B2
公开(公告)日:2020-03-03
申请号:US16372668
申请日:2019-04-02
发明人: Lichun Li , Haiguang Wang , Xin Kang
摘要: A system for managing and distributing a blacklist of User Equipment IDs (UE IDs) in a network. The system comprises a number of groups of networks, each of the groups of networks comprise a blacklist server and a number of authentication servers. The system further comprises a Package Key Generator (PKG). The blacklist server is configured to: store a blacklist containing UE IDs that are not allowed to gain access to the network; transmit the blacklist to the plurality of authentication servers in the same group; receive a message; determine a content in the message is an order to add a new revoked UE ID to the blacklist; update the blacklist to include the new revoked UE ID; and send an update blacklist message to the plurality of authentication servers in the same group.
-
公开(公告)号:US20200068397A1
公开(公告)日:2020-02-27
申请号:US16673467
申请日:2019-11-04
发明人: Xin Kang , Haiguang Wang , Zhongding Lei , Fei Liu
摘要: This application provides a network authentication method, a network device, a terminal device, and a storage medium. In one aspect, in this application, a network device generates a symmetric key by itself, and generates a correct sequence number of a terminal device in real time by using a first sequence number. In other words, in this application, the network device does not need to store the symmetric key and the correct sequence number of the terminal device, but generates the symmetric key and the correct sequence number of the terminal device in real time. Therefore, storage load of an HSS in the prior art can be reduced.
-
公开(公告)号:US11570008B2
公开(公告)日:2023-01-31
申请号:US17129428
申请日:2020-12-21
发明人: Xin Kang , Yanjiang Yang , Haiguang Wang , Zhongding Lei
摘要: A pseudonym credential configuration method and apparatus are provided. The method includes: receiving an identifier of a terminal device and information about N to-be-requested pseudonym credentials from the terminal device, sending N second request messages to a pseudonym credential generation server, and storing a tag of each second request message in association with the identifier of the terminal device in the registration server, so that the registration server can obtain, based on the tag, the identifier that is of the terminal device and that is associated with the tag; and generating N pseudonym credentials. The pseudonym credential generated in this application may enable a behavior investigation server to learn of a real identity of the terminal device.
-
公开(公告)号:US10979903B2
公开(公告)日:2021-04-13
申请号:US16258180
申请日:2019-01-25
发明人: Haiguang Wang , Jie Shi , Xin Kang
摘要: A key generation and distribution method is disclosed. The method includes receiving a first request from a first requestor, the first requestor comprising an identity of the first requestor; generating a new identity (ID) based on the identity of the first requestor; generating a secret key for the new ID with a predetermined pair of global keys, namely a Global Secret Key (GSK) and a Global Public Key (GPK); transmitting the new ID, secret key and the GPK to the first requestor; receiving a request from a second requestor, the request comprising a plurality of identities; generating an new ID for each of the plurality of identities; generating a secret key based on the IBC key generation algorithm for each of the plurality of new IDs; and transmitting the plurality of new IDs, secret keys corresponding to each of the plurality of IDs and the GPK to the second requestor.
-
公开(公告)号:US10694376B2
公开(公告)日:2020-06-23
申请号:US16673467
申请日:2019-11-04
发明人: Xin Kang , Haiguang Wang , Zhongding Lei , Fei Liu
摘要: This application provides a network authentication method, a network device, a terminal device, and a storage medium. In one aspect, in this application, a network device generates a symmetric key by itself, and generates a correct sequence number of a terminal device in real time by using a first sequence number. In other words, in this application, the network device does not need to store the symmetric key and the correct sequence number of the terminal device, but generates the symmetric key and the correct sequence number of the terminal device in real time. Therefore, storage load of an HSS in the prior art can be reduced.
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.019 秒)
