公开(公告)号：US20240040376A1

公开(公告)日：2024-02-01

申请号：US18448235

申请日：2023-08-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04W12/033 ,  H04L9/40 ,  H04W12/10 ,  H04W12/041

CPC classification number: H04W12/033 ,  H04L63/205 ,  H04W12/10 ,  H04W12/041

Abstract: A security negotiation method includes receiving, by a terminal, security negotiation information from a centralized unit control plane (CU-CP)/a centralized unit user plane (CU-UP), where the security negotiation information includes an integrity protection indication identifier of the CU-UP, and determining, by the terminal based on the integrity protection indication identifier, whether to enable user-plane integrity protection of the terminal.

公开(公告)号：US10588014B2

公开(公告)日：2020-03-10

申请号：US16409207

申请日：2019-05-10

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Lu Gan ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04L29/00 ,  H04W12/04 ,  H04W36/00 ,  H04W12/00 ,  H04W36/08

Abstract: A security implementation method includes receiving, by a first network element, a request for handing over user equipment from a source access network device to a target access network device to perform communication. The method further includes obtaining, by the first network element, a security key, where the security key is used for protecting the communication between the user equipment and the target access network device after the user equipment is handed over from the source access network device to the target access network device, and sending, by the first network element, the security key to the target access network device.

公开(公告)号：US11778459B2

公开(公告)日：2023-10-03

申请号：US17171397

申请日：2021-02-09

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong Wu ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04W12/033 ,  H04W76/12 ,  H04W12/0433 ,  H04W12/10 ,  H04W88/16

CPC classification number: H04W12/033 ,  H04W12/0433 ,  H04W12/10 ,  H04W76/12 ,  H04W88/16

Abstract: This application provides an example secure session method and apparatus. The method includes receiving, by a user plane gateway, a service request message from user equipment UE, where the service request message is used to request to establish a connection between the UE and a service server in a data network. The user plane gateway and the UE separately generate an encryption key and an integrity protection key based on the service request message, and activate encryption protection and/or integrity protection based on the generated encryption key and integrity protection key.

公开(公告)号：US11722888B2

公开(公告)日：2023-08-08

申请号：US17179820

申请日：2021-02-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong Wu ,  Shuaishuai Tan

IPC: H04W12/03 ,  H04W12/033 ,  H04W12/0433 ,  H04W36/00 ,  H04W88/16

CPC classification number: H04W12/033 ,  H04W12/0433 ,  H04W36/0038 ,  H04W88/16

Abstract: This application provides a security context obtaining method and apparatus. The method includes: receiving, by a user plane gateway, a PDU session establishment request from UE, where the PDU session establishment request is used to request to establish a PDU session between the user plane gateway and the UE, and the PDU session is carried between the UE and a service server of a data network; and separately obtaining, by the user plane gateway and the UE, a security context used for the PDU session, and activating user plane security protection based on the security context. Therefore, during PDU session reestablishment, for example, PDU session reestablishment triggered by switching of the user plane gateway, a session management network element, and the like, the user plane gateway and the UE can obtain a new security context, thereby achieving end-to-end protection between the UE and the user plane gateway.

公开(公告)号：US11824981B2

公开(公告)日：2023-11-21

申请号：US17696093

申请日：2022-03-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan ,  Rong Wu ,  Shuaishuai Tan

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04W12/06 ,  H04W88/14 ,  H04W8/00 ,  H04L67/51

CPC classification number: H04L9/088 ,  H04L9/3247 ,  H04L63/0435 ,  H04W12/06

Abstract: A discovery method and apparatus based on a service-based architecture, where the method includes a control network element sending a discovery response to a first functional network element, where the discovery response includes a determined security parameter and an access address or an identifier of a second functional network element. The first functional network element receives the discovery response from the control network element, and sends an access request to the second functional network element based on the address or the identifier of the second functional network element, where the access request includes the received security parameter. The second functional network element receives the access request from the first functional network element, verifies correctness of the security parameter, and determines, based on the correctness of the security parameter, whether the access request is authorized by the first functional network element.

公开(公告)号：US20220278831A1

公开(公告)日：2022-09-01

申请号：US17696093

申请日：2022-03-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan ,  Rong Wu ,  Shuaishuai Tan

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04W12/06

Abstract: A discovery method and apparatus based on a service-based architecture, where the method includes a control network element sending a discovery response to a first functional network element, where the discovery response includes a determined security parameter and an access address or an identifier of a second functional network element. The first functional network element receives the discovery response from the control network element, and sends an access request to the second functional network element based on the address or the identifier of the second functional network element, where the access request includes the received security parameter. The second functional network element receives the access request from the first functional network element, verifies correctness of the security parameter, and determines, based on the correctness of the security parameter, whether the access request is authorized by the first functional network element.

公开(公告)号：US20190274038A1

公开(公告)日：2019-09-05

申请号：US16409207

申请日：2019-05-10

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Lu Gan ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04W12/04 ,  H04W36/00 ,  H04W36/08 ,  H04W12/00

Abstract: A security implementation method includes receiving, by a first network element, a request for handing over user equipment from a source access network device to a target access network device to perform communication. The method further includes obtaining, by the first network element, a security key, where the security key is used for protecting the communication between the user equipment and the target access network device after the user equipment is handed over from the source access network device to the target access network device, and sending, by the first network element, the security key to the target access network device.

公开(公告)号：US11496320B2

公开(公告)日：2022-11-08

申请号：US16803624

申请日：2020-02-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Bo Zhang ,  Lu Gan ,  Rong Wu ,  Shuaishuai Tan

IPC: H04L9/32 ,  H04L9/30

Abstract: Embodiments of this application provide a registration method and apparatus based on a service-based architecture. In this method, a management network element determines configuration information of a function network element, where the configuration information includes a security parameter; and the management network element sends the configuration information to the function network element. The function network element receives the configuration information sent by the management network element; and the function network element sends a registration request to a control network element based on the configuration information, where the registration request includes the security parameter. The control network element receives the registration request sent by the function network element, where the registration request includes the security parameter; and the control network element verifies correctness of the security parameter, and determines validity of the registration request based on the correctness of the security parameter.

公开(公告)号：US11431695B2

公开(公告)日：2022-08-30

申请号：US16814018

申请日：2020-03-10

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Shuaishuai Tan ,  Lu Gan ,  Bo Zhang ,  Rong Wu

IPC: H04L9/40 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32 ,  H04L47/70 ,  H04W8/18 ,  H04W12/06 ,  H04W12/08 ,  H04W12/0431

Abstract: An authorization method and a network element are disclosed, to implement a third-party authorization function based on a 5G service-based network architecture. The method is: receiving, by a resource control network element, a resource usage request message sent by a terminal device; replacing a first user identifier in the resource usage request message with a second user identifier; sending an authorization request message carrying the second user identifier to an authorization server by using an NEF; receiving, by using the NEF, an authorization response message sent by the authorization server, where the authorization response message includes an authorization result that is obtained by performing authorization based on the second user identifier and the resource usage request message; and allocating a network resource to the terminal device based on the authorization result, and sending a resource allocation response message to the terminal device.

公开(公告)号：US11296877B2

公开(公告)日：2022-04-05

申请号：US16716044

申请日：2019-12-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan ,  Rong Wu ,  Shuaishuai Tan

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  H04W8/00 ,  H04L29/08 ,  H04W12/06

Abstract: A discovery method and apparatus based on a service-based architecture, where the method includes a control network element sending a discovery response to a first functional network element, where the discovery response includes a determined security parameter and an access address or an identifier of a second functional network element. The first functional network element receives the discovery response from the control network element, and sends an access request to the second functional network element based on the address or the identifier of the second functional network element, where the access request includes the received security parameter. The second functional network element receives the access request from the first functional network element, verifies correctness of the security parameter, and determines, based on the correctness of the security parameter, whether the access request is authorized by the first functional network element.