公开(公告)号：US20210185524A1

公开(公告)日：2021-06-17

申请号：US17179820

申请日：2021-02-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong WU ,  Shuaishuai TAN

IPC: H04W12/033 ,  H04W12/0433 ,  H04W36/00 ,  H04W88/16

Abstract: This application provides a security context obtaining method and apparatus. The method includes: receiving, by a user plane gateway, a PDU session establishment request from UE, where the PDU session establishment request is used to request to establish a PDU session between the user plane gateway and the UE, and the PDU session is carried between the UE and a service server of a data network; and separately obtaining, by the user plane gateway and the UE, a security context used for the PDU session, and activating user plane security protection based on the security context. Therefore, during PDU session reestablishment, for example, PDU session reestablishment triggered by switching of the user plane gateway, a session management network element, and the like, the user plane gateway and the UE can obtain a new security context, thereby achieving end-to-end protection between the UE and the user plane gateway.

公开(公告)号：US20210168594A1

公开(公告)日：2021-06-03

申请号：US17171397

申请日：2021-02-09

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong WU ,  Bo ZHANG ,  Shuaishuai TAN

IPC: H04W12/033 ,  H04W12/0433 ,  H04W76/12 ,  H04W88/16 ,  H04W12/10

Abstract: This application provides an example secure session method and apparatus. The method includes receiving, by a user plane gateway, a service request message from user equipment UE, where the service request message is used to request to establish a connection between the UE and a service server in a data network. The user plane gateway and the UE separately generate an encryption key and an integrity protection key based on the service request message, and activate encryption protection and/or integrity protection based on the generated encryption key and integrity protection key.

公开(公告)号：US20210058771A1

公开(公告)日：2021-02-25

申请号：US17031534

申请日：2020-09-24

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong WU ,  Bo ZHANG ,  Shuaishuai TAN

IPC: H04W12/00 ,  H04W12/10 ,  H04L9/08

Abstract: Embodiments of this application provide a key generation method, applied to a scenario in which a base station is divided into a centralized unit and a distributed unit and a control plane and a user plane of the centralized unit are separated. And the control plane entity of the centralized unit obtains a root key, generates a user plane security key based on the root key, and sends the first user plane security key to the user plane entity of the first centralized unit. According to this application, key isolation between different user plane entities is implemented. Further, in an actual operation, the control plane entity or the user plane entity of the centralized unit may be flexibly selected to generate the user plane security key.