公开(公告)号：US20250030563A1

公开(公告)日：2025-01-23

申请号：US18905004

申请日：2024-10-02

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Guilin WANG ,  Yanjiang YANG ,  Jie ZHANG

IPC: H04L9/32

Abstract: This application discloses a digital certificate verification method and apparatus. The method includes: A first device receives a first link certificate and a first digital certificate that are sent by a second device, and verifies validity of the first digital certificate based on a root certificate trusted by the first device and the first link certificate. In this application, the first device and the second device do not need to confirm a root certificate trusted by a peer device, and the first device does not need to additionally upload another certificate or perceive a case in which at least two root certificates coexist. The first device may verify the validity of the first digital certificate based on the root certificate trusted by the first device and the received first link certificate. Therefore, the method is simple and easy to implement and has a wide application scope.

公开(公告)号：US20230308875A1

公开(公告)日：2023-09-28

申请号：US18327906

申请日：2023-06-02

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jun TIAN ,  Yanjiang YANG ,  Lianbing TIAN ,  Kai LIU

IPC: H04W12/06 ,  H04W12/08 ,  H04W12/041 ,  H04W12/0431

CPC classification number: H04W12/06 ,  H04W12/08 ,  H04W12/041 ,  H04W12/0431

Abstract: This application discloses a Wi-Fi security authentication method and a communication apparatus. In the method, an access point AP receives a first access request from a supplicant, where the first access request carries a first parameter, and the first parameter is a parameter generated by the supplicant based on a generator of a set cyclic group and a first random number; generates a second random number, generates a second parameter based on the second random number and the generator of the set cyclic group, and sends the second parameter to the supplicant; generates a second pairwise master key based on the second random number, the first parameter, the second parameter, and a first target random key; and performs a four-way handshake authentication procedure with the supplicant based on the first pairwise master key and the second pairwise master key.

公开(公告)号：US20230308874A1

公开(公告)日：2023-09-28

申请号：US18323211

申请日：2023-05-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Yanjiang YANG ,  Kai LIU ,  Yanjie GU ,  Lianbing TIAN

IPC: H04W12/06 ,  H04W12/0431 ,  H04W12/041

CPC classification number: H04W12/06 ,  H04W12/041 ,  H04W12/0431

Abstract: This application provides a security authentication method and apparatus applied to Wi-Fi. An access point AP negotiates, based on a password, a pairwise master key PMK with a first device based on a twin base password encrypted key exchange TBPEKE protocol, where the password is a shared key between the AP and the first device; and the AP performs a 4-way handshake with the first device based on the PMK. Therefore, in embodiments of this application, a PMK with a high entropy value can be generated by performing a TBPEKE procedure, so that the security authentication method provided in embodiments of this application can help resist an offline dictionary attack.

公开(公告)号：US20200007324A1

公开(公告)日：2020-01-02

申请号：US16564140

申请日：2019-09-09

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xin KANG ,  Xuwu ZHANG ,  Yanjiang YANG ,  Haiguang WANG ,  Zhongding LEI

IPC: H04L9/08

Abstract: Embodiments of this application provide a private key generation method and system, and a device. The method includes: receiving, by a terminal device, a first response message sent by a first network device, where the first response message includes at least a first sub-private key, and the first sub-private key is generated based on a first parameter set sent by a second network device; receiving, by the terminal device, a second response message sent by the second network device, where the second response message includes at least a second sub-private key, and the second sub-private key is generated based on a second parameter set sent by the first network device; and synthesizing, by the terminal device, a joint private key based on at least the first sub-private key and the second sub-private key.