Security implementation method, related apparatus, and system

    公开(公告)号:US10588014B2

    公开(公告)日:2020-03-10

    申请号:US16409207

    申请日:2019-05-10

    Abstract: A security implementation method includes receiving, by a first network element, a request for handing over user equipment from a source access network device to a target access network device to perform communication. The method further includes obtaining, by the first network element, a security key, where the security key is used for protecting the communication between the user equipment and the target access network device after the user equipment is handed over from the source access network device to the target access network device, and sending, by the first network element, the security key to the target access network device.

    Security context obtaining method and apparatus

    公开(公告)号:US11722888B2

    公开(公告)日:2023-08-08

    申请号:US17179820

    申请日:2021-02-19

    CPC classification number: H04W12/033 H04W12/0433 H04W36/0038 H04W88/16

    Abstract: This application provides a security context obtaining method and apparatus. The method includes: receiving, by a user plane gateway, a PDU session establishment request from UE, where the PDU session establishment request is used to request to establish a PDU session between the user plane gateway and the UE, and the PDU session is carried between the UE and a service server of a data network; and separately obtaining, by the user plane gateway and the UE, a security context used for the PDU session, and activating user plane security protection based on the security context. Therefore, during PDU session reestablishment, for example, PDU session reestablishment triggered by switching of the user plane gateway, a session management network element, and the like, the user plane gateway and the UE can obtain a new security context, thereby achieving end-to-end protection between the UE and the user plane gateway.

    Discovery method and apparatus based on service-based architecture

    公开(公告)号:US11824981B2

    公开(公告)日:2023-11-21

    申请号:US17696093

    申请日:2022-03-16

    CPC classification number: H04L9/088 H04L9/3247 H04L63/0435 H04W12/06

    Abstract: A discovery method and apparatus based on a service-based architecture, where the method includes a control network element sending a discovery response to a first functional network element, where the discovery response includes a determined security parameter and an access address or an identifier of a second functional network element. The first functional network element receives the discovery response from the control network element, and sends an access request to the second functional network element based on the address or the identifier of the second functional network element, where the access request includes the received security parameter. The second functional network element receives the access request from the first functional network element, verifies correctness of the security parameter, and determines, based on the correctness of the security parameter, whether the access request is authorized by the first functional network element.

    Discovery Method and Apparatus Based on Service-Based Architecture

    公开(公告)号:US20220278831A1

    公开(公告)日:2022-09-01

    申请号:US17696093

    申请日:2022-03-16

    Abstract: A discovery method and apparatus based on a service-based architecture, where the method includes a control network element sending a discovery response to a first functional network element, where the discovery response includes a determined security parameter and an access address or an identifier of a second functional network element. The first functional network element receives the discovery response from the control network element, and sends an access request to the second functional network element based on the address or the identifier of the second functional network element, where the access request includes the received security parameter. The second functional network element receives the access request from the first functional network element, verifies correctness of the security parameter, and determines, based on the correctness of the security parameter, whether the access request is authorized by the first functional network element.

    Security Implementation Method, Related Apparatus, and System

    公开(公告)号:US20190274038A1

    公开(公告)日:2019-09-05

    申请号:US16409207

    申请日:2019-05-10

    Abstract: A security implementation method includes receiving, by a first network element, a request for handing over user equipment from a source access network device to a target access network device to perform communication. The method further includes obtaining, by the first network element, a security key, where the security key is used for protecting the communication between the user equipment and the target access network device after the user equipment is handed over from the source access network device to the target access network device, and sending, by the first network element, the security key to the target access network device.

    Registration method and apparatus based on service-based architecture

    公开(公告)号:US11496320B2

    公开(公告)日:2022-11-08

    申请号:US16803624

    申请日:2020-02-27

    Abstract: Embodiments of this application provide a registration method and apparatus based on a service-based architecture. In this method, a management network element determines configuration information of a function network element, where the configuration information includes a security parameter; and the management network element sends the configuration information to the function network element. The function network element receives the configuration information sent by the management network element; and the function network element sends a registration request to a control network element based on the configuration information, where the registration request includes the security parameter. The control network element receives the registration request sent by the function network element, where the registration request includes the security parameter; and the control network element verifies correctness of the security parameter, and determines validity of the registration request based on the correctness of the security parameter.

    Authorization method and network element

    公开(公告)号:US11431695B2

    公开(公告)日:2022-08-30

    申请号:US16814018

    申请日:2020-03-10

    Abstract: An authorization method and a network element are disclosed, to implement a third-party authorization function based on a 5G service-based network architecture. The method is: receiving, by a resource control network element, a resource usage request message sent by a terminal device; replacing a first user identifier in the resource usage request message with a second user identifier; sending an authorization request message carrying the second user identifier to an authorization server by using an NEF; receiving, by using the NEF, an authorization response message sent by the authorization server, where the authorization response message includes an authorization result that is obtained by performing authorization based on the second user identifier and the resource usage request message; and allocating a network resource to the terminal device based on the authorization result, and sending a resource allocation response message to the terminal device.

    Discovery method and apparatus based on service-based architecture

    公开(公告)号:US11296877B2

    公开(公告)日:2022-04-05

    申请号:US16716044

    申请日:2019-12-16

    Abstract: A discovery method and apparatus based on a service-based architecture, where the method includes a control network element sending a discovery response to a first functional network element, where the discovery response includes a determined security parameter and an access address or an identifier of a second functional network element. The first functional network element receives the discovery response from the control network element, and sends an access request to the second functional network element based on the address or the identifier of the second functional network element, where the access request includes the received security parameter. The second functional network element receives the access request from the first functional network element, verifies correctness of the security parameter, and determines, based on the correctness of the security parameter, whether the access request is authorized by the first functional network element.

Patent Agency Ranking