公开(公告)号：US10827351B2

公开(公告)日：2020-11-03

申请号：US16239409

申请日：2019-01-03

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xin Kang ,  Haiguang Wang ,  Yanjiang Yang

IPC: H04L9/32 ,  H04W12/06 ,  H04W8/04 ,  H04L29/06 ,  H04W12/04 ,  H04W12/00

Abstract: Embodiments of the present disclosure disclose a network authentication method, a relay node, and a related system. The system includes user equipment, a relay node, and a cellular network authentication network element. The user equipment is configured to send a first authentication message to the relay node; the relay node is configured to receive first authentication messages, and generate first encrypted information by using an aggregation algorithm based on first encrypted identifiers in the first authentication; the cellular network authentication network element is configured to receive a first aggregation message, and when verifying, by using the first encrypted information, that information in the first aggregation message is correct, send a first response message to the relay node; and the user equipment is configured to generate a session key between the user equipment and the cellular network authentication network element when verifying that information in the first response message is correct.

公开(公告)号：US20190141524A1

公开(公告)日：2019-05-09

申请号：US16237902

申请日：2019-01-02

Applicant: Huawei Technologies Co., Ltd.

Inventor： Haiguang Wang ,  Fei Liu ,  Xin Kang

IPC: H04W12/04 ,  H04L29/06 ,  H04W12/02 ,  H04W12/06 ,  H04W8/04 ,  H04L29/08

Abstract: A system for transmission data protection includes user equipment (UE) and an access point. The access point sends a broadcast message that carries a public key for encryption. The UE receives and stores the public key for encryption. The UE obtains a global public key or a private key corresponding to the UE, and protects transmission data using the public key for encryption and the global public key or the private key corresponding to the UE.

公开(公告)号：US11431479B2

公开(公告)日：2022-08-30

申请号：US16517645

申请日：2019-07-21

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding Lei ,  Lichun Li ,  Bo Zhang ,  Fei Liu ,  Haiguang Wang ,  Xin Kang

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/40

Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.

公开(公告)号：US11272365B2

公开(公告)日：2022-03-08

申请号：US17090757

申请日：2020-11-05

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding Lei ,  Haiguang Wang ,  Xin Kang

IPC: H04W12/06 ,  H04W8/04 ,  H04W12/08 ,  H04W48/08 ,  H04W48/16 ,  H04W12/033

Abstract: This application discloses a network authentication method, and a related device and system. The method includes: receiving, by a network authentication network element, an access request sent by user equipment, where the access request includes identification information of the user equipment; verifying, by the network authentication network element, whether the identification information is valid, and if the identification information is valid, determining, based on the identification information, a slice authentication network element corresponding to the user equipment; and sending, by the network authentication network element, the identification information to the slice authentication network element corresponding to the user equipment, where the identification information is used by the slice authentication network element corresponding to the user equipment to generate authentication data for the user equipment and initiate a user authentication request to the user equipment by using the authentication data.

公开(公告)号：US11240218B2

公开(公告)日：2022-02-01

申请号：US16169416

申请日：2018-10-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan ,  Haiguang Wang

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: This application provides a key distribution and authentication method, system, and an apparatus. The method includes: a service center server distributes different keys to terminal devices, and then the terminal devices perform mutual authentication with the network authentication server based on respective keys and finally obtain communication keys for communication between the terminal devices and a functional network element. This provides a method for establishing a secure communication channel for the terminal device, having a broad application range.

公开(公告)号：US11871223B2

公开(公告)日：2024-01-09

申请号：US17498175

申请日：2021-10-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhongding Lei ,  Xin Kang ,  Haiguang Wang

IPC: H04W12/06 ,  H04W12/03 ,  H04W4/12 ,  H04W60/04

CPC classification number: H04W12/06 ,  H04W4/12 ,  H04W12/03 ,  H04W60/04

Abstract: An authentication method, apparatus, and device. The method includes sending, by a core network device, an authentication request message of a user to a data network device, where the authentication request message requests that the data network device perform identity authentication on the user, and receiving, by the core network device, an authentication response message sent by the data network device, where the authentication response message comprises first information, and the first information indicates user identity information of the user.

公开(公告)号：US20210058783A1

公开(公告)日：2021-02-25

申请号：US17090757

申请日：2020-11-05

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding Lei ,  Haiguang Wang ,  Xin Kang

IPC: H04W12/06 ,  H04W12/00 ,  H04W8/04 ,  H04W12/08 ,  H04W48/08 ,  H04W48/16

Abstract: This application discloses a network authentication method, and a related device and system. The method includes: receiving, by a network authentication network element, an access request sent by user equipment, where the access request includes identification information of the user equipment; verifying, by the network authentication network element, whether the identification information is valid, and if the identification information is valid, determining, based on the identification information, a slice authentication network element corresponding to the user equipment; and sending, by the network authentication network element, the identification information to the slice authentication network element corresponding to the user equipment, where the identification information is used by the slice authentication network element corresponding to the user equipment to generate authentication data for the user equipment and initiate a user authentication request to the user equipment by using the authentication data.

公开(公告)号：US10924268B2

公开(公告)日：2021-02-16

申请号：US16382201

申请日：2019-04-12

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Haiguang Wang ,  Yanjiang Yang ,  Xin Kang ,  Zhongding Lei

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04W12/04 ,  H04L9/00 ,  H04W4/40

Abstract: A key distribution method is disclosed. In this method, a key request can be received by a key management system (KMS) from a mobile operator network element (MNO). The key request can carry a public key of UE. At least one PVT and one SSK can be allocated to the US based on an IBC ID. The at least one PVT and SSK can be encrypted based on the public key to generate ciphertext; and an object can be signed based on a preset digital signature private key (DSPK) to generate a digital signature. The object can include the public key and the ciphertext. Still, a signature validation public key associated with the DSPK can be determined and a key response can be returned to the MNO. The key response can carry the signature validation public key, the public key of the UE, the ciphertext, and the digital signature.

公开(公告)号：US20190141533A1

公开(公告)日：2019-05-09

申请号：US16239409

申请日：2019-01-03

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xin Kang ,  Haiguang Wang ,  Yanjiang Yang

IPC: H04W12/06 ,  H04L9/32 ,  H04W8/04 ,  H04W12/00 ,  H04W12/04 ,  H04L29/06

Abstract: Embodiments of the present disclosure disclose a network authentication method, a relay node, and a related system. The system includes user equipment, a relay node, and a cellular network authentication network element. The user equipment is configured to send a first authentication message to the relay node; the relay node is configured to receive first authentication messages, and generate first encrypted information by using an aggregation algorithm based on first encrypted identifiers in the first authentication; the cellular network authentication network element is configured to receive a first aggregation message, and when verifying, by using the first encrypted information, that information in the first aggregation message is correct, send a first response message to the relay node; and the user equipment is configured to generate a session key between the user equipment and the cellular network authentication network element when verifying that information in the first response message is correct.

公开(公告)号：US11917054B2

公开(公告)日：2024-02-27

申请号：US17819188

申请日：2022-08-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhongding Lei ,  Lichun Li ,  Bo Zhang ,  Fei Liu ,  Haiguang Wang ,  Xin Kang

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/40

CPC classification number: H04L9/0819 ,  H04L9/085 ,  H04L9/14 ,  H04L63/0428

Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.