公开(公告)号：US11659393B2

公开(公告)日：2023-05-23

申请号：US17030926

申请日：2020-09-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04W12/08 ,  H04L9/08 ,  H04L9/40 ,  H04W36/00 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/033 ,  H04W12/037 ,  H04W12/041 ,  H04W12/069 ,  H04W12/0433

CPC classification number: H04W12/08 ,  H04L9/083 ,  H04L9/0816 ,  H04L9/0861 ,  H04L63/06 ,  H04L63/205 ,  H04W12/02 ,  H04W12/033 ,  H04W12/037 ,  H04W12/04 ,  H04W12/041 ,  H04W12/0433 ,  H04W12/06 ,  H04W12/069 ,  H04W36/0038 ,  H04L2209/24 ,  H04L2463/061

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

公开(公告)号：US11025414B2

公开(公告)日：2021-06-01

申请号：US16443723

申请日：2019-06-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04W12/041 ,  H04W12/0431 ,  H04L29/06 ,  H04W76/14

Abstract: Embodiments of the present invention disclose a key exchange method and apparatus. A network device acquires a first key, and sends a message including the first key to a second user equipment, so that the second user equipment uses, when communicating with a first user equipment by using a D2D link, the first key to protect transmitted information.

公开(公告)号：US20190281029A1

公开(公告)日：2019-09-12

申请号：US16426082

申请日：2019-05-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen ,  Yang Cui

IPC: H04L29/06 ,  H04W88/06 ,  H04W12/04 ,  H04W88/10

Abstract: In one embodiment, a system for generating an access stratum key comprises: a first network-side device that has access to a core network (CN) and is communicably coupled to a user equipment device (UE) through a first air interface, and a second network-side device that has access to the CN through the first network-side device and is communicably coupled to the UE through a second air interface. The first network-side device is configured to calculate an access stratum root key of the second network-side device according to an access stratum root key of the first network-side device and an input parameter; and send the access stratum root key of the second network-side device to the second network-side device. The second network-side device is configured to receive the access stratum root key of the second network-side device from the first network-side device; and generate an access stratum key according to the access stratum root key of the second network-side device.

公开(公告)号：US20190028268A1

公开(公告)日：2019-01-24

申请号：US16140338

申请日：2018-09-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04W36/00 ,  H04W12/08 ,  H04W12/06 ,  H04L29/06 ,  H04W12/04 ,  H04W12/02

Abstract: Embodiments disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

公开(公告)号：US20170310649A1

公开(公告)日：2017-10-26

申请号：US15644196

申请日：2017-07-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen ,  Yang Cui

IPC: H04L29/06 ,  H04W88/10 ,  H04W12/04 ,  H04W88/06 ,  H04W76/02

CPC classification number: H04L63/0485 ,  H04L2463/061 ,  H04W12/04 ,  H04W76/15 ,  H04W88/06 ,  H04W88/10

Abstract: In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side devic.

公开(公告)号：US20210266153A1

公开(公告)日：2021-08-26

申请号：US17243081

申请日：2021-04-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04W12/041 ,  H04W12/0431 ,  H04L29/06

Abstract: Embodiments of the present invention disclose a key exchange method and apparatus. A network device acquires a first key, and sends a message including the first key to a second user equipment, so that the second user equipment uses, when communicating with a first user equipment by using a D2D link, the first key to protect transmitted information.

公开(公告)号：US10812256B2

公开(公告)日：2020-10-20

申请号：US16537330

申请日：2019-08-09

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04W12/04 ,  H04W12/02 ,  H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  H04W36/00

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

公开(公告)号：US10735185B2

公开(公告)日：2020-08-04

申请号：US16140217

申请日：2018-09-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04W12/04 ,  H04W12/02 ,  H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  H04W36/00

Abstract: Embodiments disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

公开(公告)号：US10009326B2

公开(公告)日：2018-06-26

申请号：US15644196

申请日：2017-07-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen ,  Yang Cui

IPC: H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W88/06 ,  H04W88/10 ,  H04W76/02 ,  H04W76/15

CPC classification number: H04L63/0485 ,  H04L2463/061 ,  H04W12/04 ,  H04W76/15 ,  H04W88/06 ,  H04W88/10

Abstract: In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device.

公开(公告)号：US09736129B2

公开(公告)日：2017-08-15

申请号：US14946273

申请日：2015-11-19

Applicant: Huawei Technologies Co., Ltd.

Inventor： Tao Zhang ,  Bo Lin ,  Dongmei Zhang

IPC: H04W12/04 ,  H04L29/06 ,  H04L9/32 ,  H04W72/04 ,  H04W12/12 ,  H04L12/24 ,  H04W12/10 ,  H04W24/02 ,  H04W92/10

CPC classification number: H04L63/062 ,  H04L9/3226 ,  H04L41/0813 ,  H04L63/1441 ,  H04L63/1466 ,  H04L63/205 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10 ,  H04W12/12 ,  H04W24/02 ,  H04W72/0406 ,  H04W92/10

Abstract: The present invention relates to base stations, and a terminal. The primary base station execute the following steps, receiving, by a primary base station, security parameter update request information that is sent by a secondary base station and carries an encryption algorithm, wherein the security parameter update request information comprises the encryption algorithm; adding, by the primary base station, the encryption algorithm in the received security parameter update request information to reconfiguration information; sending, by the primary base station, the reconfiguration information carrying the encryption algorithm to a terminal; and receiving, by the primary base station, reconfiguration complete information sent by the terminal. Thereby, the present invention implements a reconfiguration process in a network architecture in which a primary base station is separated from a secondary base station.