公开(公告)号：US20210289359A1

公开(公告)日：2021-09-16

申请号：US17336650

申请日：2021-06-02

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Bo ZHANG ,  Rong WU ,  Lu GAN

IPC: H04W12/37 ,  H04L29/06 ,  H04L9/08 ,  H04W12/0431 ,  H04W12/10

Abstract: This application provides a key configuration method. A session management network element receives a request for end-to-end communication and obtains a security policy, where the security policy is determined based on at least one of: a user security requirement that is of the user equipment and that is preconfigured on a home subscriber server, a service security requirement from the user equipment, a security capability requirement supported by the user equipment, a security capability requirement from a carrier network, and a security requirement of a device on the other end of the end-to-end communication. The session management network element obtains a protection key used for protecting the end-to-end communication. The session management network element sends the security policy to the devices on two ends of the end-to-end communication.

公开(公告)号：US20190215904A1

公开(公告)日：2019-07-11

申请号：US16351772

申请日：2019-03-13

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong WU ,  Bo ZHANG ,  Lu GAN

IPC: H04W80/10 ,  H04W12/06 ,  H04W88/16

Abstract: Embodiments of the present disclosure disclose a network roaming protection method and related device. The method includes: receiving, by a visited session management device, a first session establishment request that includes a first security requirement; obtaining, by the visited session management device, a target security policy, where the target security policy is obtained by processing the first security requirement set and a second security requirement set using a preset rule; and sending the target security policy to the UE instructing the UE to generate a target shared key based on a reference shared key and according to a rule defined by the target security policy, where the target shared key is used to protect secure end-to-end data transmission between the UE and the visited gateway.

公开(公告)号：US20190058701A1

公开(公告)日：2019-02-21

申请号：US16169416

申请日：2018-10-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong WU ,  Bo ZHANG ,  Lu GAN ,  Haiguang WANG

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

Abstract: This application provides a key distribution and authentication method, system, and an apparatus. The method includes: a service center server distributes different keys to terminal devices, and then the terminal devices perform mutual authentication with the network authentication server based on respective keys and finally obtain communication keys for communication between the terminal devices and a functional network element. This provides a method for establishing a secure communication channel for the terminal device, having a broad application range.

公开(公告)号：US20160316368A1

公开(公告)日：2016-10-27

申请号：US15197343

申请日：2016-06-29

Applicant: Huawei Technologies Co., Ltd.

Inventor： Lu GAN ,  Chengdong HE

IPC: H04W12/06

CPC classification number: H04W12/06 ,  H04L63/20

Abstract: Embodiments of the present disclosure provide a method for selecting an authentication algorithm, including: receiving, by a serving device, an authentication data request massage sent by a control device; selecting, by the serving device, an authentication algorithm according to the authentication data request message and information about an authentication algorithm supported by the serving device; determining, by the serving device, identification information of the authentication algorithm according to the selected authentication algorithm; and sending, by the serving device, the identification information of the authentication algorithm to the control device. The embodiments of the present disclosure further provide an apparatus and system for selecting an authentication algorithm. The embodiments of the present disclosure have advantages of improving diversity of methods for selecting an authentication algorithm, improving terminal utilization, and enhancing user experience of terminal authentication.

Abstract translation: 本公开的实施例提供了一种用于选择认证算法的方法，包括：由服务设备接收由控制设备发送的认证数据请求按摩; 由所述服务设备选择根据所述认证数据请求消息的认证算法和所述服务设备支持的认证算法的信息; 由所述服务设备根据所选择的认证算法确定所述认证算法的识别信息; 以及由所述服务设备将所述认证算法的识别信息发送到所述控制设备。 本公开的实施例还提供了一种用于选择认证算法的装置和系统。 本公开的实施例具有改善用于选择认证算法的方法的多样性，提高终端利用率和增强终端认证的用户体验的优点。