公开(公告)号：US08989381B2

公开(公告)日：2015-03-24

申请号：US13871900

申请日：2013-04-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dongmei Zhang ,  Jing Chen ,  Lijia Zhang ,  Zhuo Chen

IPC: H04K1/00 ,  H04W12/08 ,  H04W12/02 ,  H04W12/10 ,  H04L29/06 ,  H04W84/04 ,  H04W92/20

CPC classification number: H04W12/10 ,  H04L9/14 ,  H04L63/205 ,  H04W12/02 ,  H04W12/08 ,  H04W84/047 ,  H04W92/20

Abstract: A method and an apparatus for protecting data carried on an Un interface between a eNB and a relay node are disclosed. Three types of radio bearers (RBs) are defined over the Un interface: signaling radio bearers (SRBs) for carrying control plane signaling data, signaling-data radio bearers (s-DRBs) for carrying control plane signaling date; and data-data radio bearers (d-DRBs) for carrying user plane data. An integrity protection algorithm and an encryption algorithm are negotiated for control plane signaling data on an SRB, control plane signaling data carried on an s-DRB, and user plane data carried on a d-DRB. With the respective integrity protection algorithm and encryption algorithm, the data over the Un interface can be protected respectively. Therefore, the security protection on the Un interface is more comprehensive, and the security protection requirements of data borne over different RBs can be met.

Abstract translation: 公开了一种用于保护在eNB和中继节点之间的Un接口上承载的数据的方法和装置。 在Un接口上定义了三种类型的无线承载（RB）：用于承载控制平面信令数据的信令无线电承载（SRB），用于承载控制平面信令日期的信令数据无线电承载（s-DRB）; 和用于承载用户平面数据的数据数据无线电承载（d-DRB）。 协调SRB上的控制平面信令数据，s-DRB上承载的控制平面信令数据和d-DRB上携带的用户平面数据的完整性保护算法和加密算法。 通过各自的完整性保护算法和加密算法，可以分别保护Un接口上的数据。 因此，Un接口的安全保护更全面，可以满足不同RB承载的数据的安全保护要求。

公开(公告)号：US20140053249A1

公开(公告)日：2014-02-20

申请号：US14062602

申请日：2013-10-24

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yanmei Yang ,  Yixian Xu ,  Jing Chen

IPC: H04W12/04

CPC classification number: H04W12/04 ,  H04W12/04031 ,  H04W12/10 ,  H04W12/12 ,  H04W12/1208

Abstract: A method for preventing abuse of an Authentication Vector (AV) and a system and apparatus for implementing the method are provided. Access network information of a non-3rd Generation Partnership Project (3GPP) access network where a user resides is bound to an AV of the user, so that when the user accesses an Evolved Packet System (EPS) through the non-3GPP access network, even if an entity in the non-3GPP access network is breached, or an Evolved Packet Data Gateway (ePDG) connected to an untrusted non-3GPP access network is breached, the stolen AV cannot be applied to other non-3GPP access networks by an attacker.

Abstract translation: 提供了防止认证向量（AV）的滥用的方法以及用于实现该方法的系统和装置。 用户驻留的非第三代合作伙伴计划（3GPP）接入网络的接入网络信息被绑定到用户的AV，使得当用户通过非3GPP接入网络访问演进分组系统（EPS）时， 即使违反非3GPP接入网络中的实体，或者违反连接到非信任非3GPP接入网络的演进分组数据网关（ePDG），则被盗AV不能通过以下方式应用于其他非3GPP接入网络 攻击者

公开(公告)号：US20130079014A1

公开(公告)日：2013-03-28

申请号：US13667944

申请日：2012-11-02

Applicant: Huawei Technologies Co., Ltd.

Inventor： Min Huang ,  Jing Chen ,  Aiqin Zhang ,  Xiaohan Liu

IPC: H04W36/08

CPC classification number: H04W36/08 ,  H04W12/04 ,  H04W36/0038 ,  H04W36/0088 ,  H04W76/27

Abstract: A method, an apparatus and a system for key derivation are disclosed. The method includes the following steps: a target base station) receives multiple keys derived by a source base station, where the keys correspond to cells under control of the target base station; the target base station selects a key corresponding to the target cell after knowing a target cell that a user equipment (UE) wants to access. An apparatus for key derivation and a communications system are also provided.

Abstract translation: 公开了一种用于密钥推导的方法，装置和系统。 该方法包括以下步骤：目标基站）接收由源基站导出的多个密钥，其中密钥对应于目标基站的控制下的小区; 目标基站在知道用户设备（UE）想要访问的目标小区之后，选择与目标小区相对应的密钥。 还提供了用于密钥推导的装置和通信系统。

公开(公告)号：US12219055B2

公开(公告)日：2025-02-04

申请号：US17583013

申请日：2022-01-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Aiqin Zhang ,  Jing Chen ,  Xiaoyu Bi

IPC: H04L9/08 ,  H04L9/40 ,  H04W12/041 ,  H04W36/00 ,  H04W88/14

Abstract: Method, device, and system for deriving keys are provided in the field of mobile communications technologies. The method for deriving keys may be used, for example, in a handover process of a User Equipment (UE) from an Evolved Universal Terrestrial Radio Access Network (EUTRAN) to a Universal Terrestrial Radio Access Network (UTRAN). If a failure occurred in a first handover, the method ensures that the key derived by a source Mobility Management Entity (MME) for a second handover process of the UE is different from the key derived for the first handover process of the UE. This is done by changing input parameters used in the key derivation, so as to prevent the situation in the prior art that once the key used on one Radio Network Controller (RNC) is obtained, the keys on other RNCs can be derived accordingly, thereby enhancing the network security.

公开(公告)号：US20240064003A1

公开(公告)日：2024-02-22

申请号：US18453662

申请日：2023-08-22

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lijia Zhang ,  Jing Chen

IPC: H04L9/06 ,  H04L9/40 ,  H04L9/12 ,  H04W12/02 ,  H04W12/04 ,  H04W12/033

CPC classification number: H04L9/0656 ,  H04L63/10 ,  H04L9/12 ,  H04L63/104 ,  H04W12/02 ,  H04W12/04 ,  H04W12/033 ,  H04L2209/80 ,  H04W4/70

Abstract: A method, and related apparatuses are provided. The method comprises receiving an initial layer-3 message, wherein the initial layer-3 message comprises an indication indicating that a part of the initial layer-3 message is encrypted, and generating a keystream, wherein the keystream is used to decrypt the encrypted part of the initial layer-3 message.

公开(公告)号：US11882436B2

公开(公告)日：2024-01-23

申请号：US18150962

申请日：2023-01-06

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Kai Pan ,  Jing Chen

IPC: H04W12/041 ,  H04W4/70 ,  H04L9/08 ,  H04W8/02 ,  H04W36/00 ,  H04W12/106 ,  H04W12/0433

CPC classification number: H04W12/041 ,  H04L9/0869 ,  H04W4/70 ,  H04W8/02 ,  H04W12/0433 ,  H04W12/106 ,  H04W36/0022 ,  H04L2209/80

Abstract: A key generation method includes determining, by an access and mobility management function node, key-related information. The method also includes sending, by the access and mobility management function node, a redirection request message to a mobility management entity. The redirection request message includes the key-related information, and the redirection request message is used to request to hand over a voice service from a packet switched (PS) domain to a circuit switched (CS) domain. The method further includes receiving, by the mobility management entity, the redirection request message. The method additionally includes generating, by the mobility management entity, an encryption key and an integrity protection key for the voice service based on the key-related information.

公开(公告)号：US11777716B2

公开(公告)日：2023-10-03

申请号：US17243081

申请日：2021-04-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04W12/041 ,  H04W12/0431 ,  H04L9/40 ,  H04W76/14

CPC classification number: H04L9/0819 ,  H04L63/061 ,  H04W12/041 ,  H04W12/0431 ,  H04L63/06 ,  H04L63/205 ,  H04W76/14

Abstract: Embodiments of the present invention disclose a key exchange method and apparatus. A network device acquires a first key, and sends a message including the first key to a second user equipment, so that the second user equipment uses, when communicating with a first user equipment by using a D2D link, the first key to protect transmitted information.

公开(公告)号：US20230292388A1

公开(公告)日：2023-09-14

申请号：US18185762

申请日：2023-03-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Li Hu ,  Bingzhao Li ,  Jing Chen ,  Tingting Geng

IPC: H04W76/18 ,  H04W76/34 ,  H04W12/04 ,  H04W12/10

CPC classification number: H04W76/18 ,  H04W76/34 ,  H04W12/04 ,  H04W12/10

Abstract: A connection resume request method includes generating, by a terminal, a new access stratum key; sending, by the terminal to a target base station, a connection resume request message requesting to resume a radio resource control (RRC) connection; receiving, by the terminal, a connection resume rejection message from the target base station, wherein the connection resume rejection message indicates that the resuming of the RRC connection is rejected; and resuming, by the terminal, the new access stratum key to a previous access stratum key, wherein the previous access stratum key is an access stratum key that is used, before the apparatus enters an inactive state, by the terminal and the source base station.

公开(公告)号：US11757623B2

公开(公告)日：2023-09-12

申请号：US17013643

申请日：2020-09-06

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Lijia Zhang ,  Jing Chen

IPC: H04L29/06 ,  H04L9/06 ,  H04L9/40 ,  H04L9/12 ,  H04W12/02 ,  H04W12/04 ,  H04W12/033 ,  H04W4/70

CPC classification number: H04L9/0656 ,  H04L9/12 ,  H04L63/10 ,  H04L63/104 ,  H04W12/02 ,  H04W12/033 ,  H04W12/04 ,  H04L2209/80 ,  H04W4/70

Abstract: This application pertains to encryption/decryption methods and related apparatuses. A communication device receives an initial layer-3 message. The initial layer-3 message includes an indication indicating that a part of the initial layer-3 message is encrypted. The communication device generates a keystream, and decrypts the encrypted part of the initial layer-3 message by performing an exclusive OR operation on the keystream and the initial layer-3 message.

公开(公告)号：US11736519B2

公开(公告)日：2023-08-22

申请号：US17723257

申请日：2022-04-18

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jing Chen ,  Qi Li ,  Lin Shu

IPC: H04L9/40 ,  H04W12/08 ,  H04W12/106 ,  H04W12/125 ,  H04L9/32 ,  H04W8/24 ,  H04W12/04 ,  H04W12/06

CPC classification number: H04L63/1466 ,  H04L9/3242 ,  H04L63/20 ,  H04W8/24 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W12/106 ,  H04W12/125

Abstract: The present disclosure relates to mobile communications technologies, and in particular, to a mobile communication method, apparatus, and device. The method includes: receiving, by user equipment UE, a non-access stratum NAS security mode command message from a mobility management entity MME, where the NAS security mode command message carries first verification matching information used to verify UE capability information received by the MME; determining, by the UE based on the first verification matching information, whether the UE capability information received by the MME is consistent with UE capability information sent by the UE to the MME; and if the UE capability information received by the MME is consistent with the UE capability information sent by the UE to the MME, sending, by the UE, a NAS security mode complete message to the MME.