公开(公告)号：US11228905B2

公开(公告)日：2022-01-18

申请号：US16720673

申请日：2019-12-19

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Lu Gan ,  Bo Zhang ,  Shuaishuai Tan

IPC: H04L29/06 ,  H04W12/041 ,  H04W36/00 ,  H04W36/08 ,  H04W12/04 ,  H04W12/08 ,  H04W12/06 ,  H04W12/033 ,  H04W12/0431

Abstract: A security implementation method, a related apparatus, and a system, where the method includes receiving, by a first network element, a request for handing over a user equipment from a source access network device to a target access network device to perform communication. The method further includes: obtaining, by the first network element, a security key, where the security key is used for protecting the communication between the user equipment and the target access network device after the user equipment is handed over from the source access network device to the target access network device; and sending, by the first network element, the security key to the target access network device.

公开(公告)号：US11218314B2

公开(公告)日：2022-01-04

申请号：US16566018

申请日：2019-09-10

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shuaishuai Tan ,  Lu Gan ,  Bo Zhang ,  Rong Wu

IPC: H04L29/06 ,  H04L9/32

Abstract: A network function service invocation method includes sending, by a first network function network element, a first request message to an authorization network element, wherein the first request message is used to request permission to invoke a first network function service provided by a second network function network element, performing, by the authorization network element, identity authentication on the first network function network element; generating, by the authorization network element, a token when determining that the identity authentication succeeds, wherein the token is used to indicate that the first network function network element has the permission to invoke the first network function service of the second network function network element, and sending, by the authorization network element, a token to the first network function network element.

公开(公告)号：US20210306381A1

公开(公告)日：2021-09-30

申请号：US17346961

申请日：2021-06-14

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang

IPC: H04L29/06 ,  H04W12/37

Abstract: A method and an apparatus for determining a security protection mode. In the method, a terminal device may determine a security protection mode of a second communications mode based on security protection information in a first communications mode. In this way, when switching from the first communications mode to the second communications mode, the terminal device may directly use the security protection mode corresponding to the second communications mode to protect transmitted data, so as to ensure data security of the terminal device after communications mode switching is performed.

公开(公告)号：US20210168614A1

公开(公告)日：2021-06-03

申请号：US17171658

申请日：2021-02-09

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Rong Wu ,  Shuaishuai Tan

IPC: H04W12/106 ,  H04W12/041 ,  H04W12/69 ,  H04W80/02 ,  H04W12/108

Abstract: A data transmission method and a device. The data transmission method includes performing integrity protection on to-be-sent data, to generate a packet data convergence protocol (PDCP) data packet, where the PDCP data packet includes identification information and integrity protection information, the identification information is at least used to indicate that integrity protection is performed on data carried in the PDCP data packet, and the integrity protection information is used to perform integrity check on the data carried in the PDCP data packet, and sending the PDCP data packet.

公开(公告)号：US20210126900A1

公开(公告)日：2021-04-29

申请号：US17139204

申请日：2020-12-31

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaoyang Qu ,  Jian Chen ,  Zhigang Huang ,  Bo Zhang

IPC: H04L29/12 ,  H04W72/04 ,  H04L1/08

Abstract: A data sending method, a sending device, a data receiving method, and a receiving device, the method including obtaining, by a sending device, a target medium access control protocol data unit (MPDU) by performing encapsulation processing on an internet protocol (IP) data packet of a specified service, where the sending device and a receiving device are connected through Wi-Fi, generating a backup MPDU of the target MPDU, and sending the target MPDU and the backup MPDU to the receiving device.

公开(公告)号：US10990670B2

公开(公告)日：2021-04-27

申请号：US16185971

申请日：2018-11-09

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Yuming Xie ,  Zhigang Huang ,  Yang Wang ,  Liang Xia

IPC: G06F21/55 ,  H04L12/24 ,  H04L29/08

Abstract: A virtual network function (VNF) audit method and apparatus, used to audit a VNF generated by a platform that includes an authentication and authorization component, a service component, and a virtualized infrastructure. The method includes receiving an event reported by the authentication and authorization component, receiving an event reported by the service component, and receiving an event reported by the virtualized infrastructure, obtaining an event occurrence sequence of each VNF according to all received events, and auditing the event occurrence sequence of each VNF to obtain an audit result of the VNF. According to the method, the events that are distributed in different components are integrated into one event occurrence sequence in order to visually and quickly detect a malicious VNF generated by bypassing a component, and more comprehensively detect the malicious VNF, thereby reducing a missed detection rate of a VNF operation audit.

公开(公告)号：US10903987B2

公开(公告)日：2021-01-26

申请号：US15978794

申请日：2018-05-14

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang ,  Lu Gan

IPC: H04L9/08 ,  H04W12/04 ,  H04L9/06 ,  H04L9/32 ,  H04L29/06

Abstract: This application provides a key configuration method and an apparatus. A key management center obtains a service key, and performs encryption and/or integrity protection on the service key to obtain a token. The key management center sends the token to a first network element, the first network element forwards the token to a second network element, and the second network element obtains the service key based on the token. The service key is used to perform encryption and/or integrity protection on data transmitted between the first network element and the second network element. Therefore, security key configuration can be implemented through interaction between the key management center and the network elements, thereby laying a foundation for end-to-end security communication between the first network element and the second network element.

公开(公告)号：US20200045553A1

公开(公告)日：2020-02-06

申请号：US16598981

申请日：2019-10-10

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Philip Ginzboorg ,  Valtteri Niemi ,  Bo Zhang

IPC: H04W12/12 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  H04W12/00

Abstract: A network authentication system comprises user equipment (UE), a service network (SN) and a home network (HN). The HN generates an expected user response (XRES) based on an identifier of the UE and generate an indicator, and sends the part of XRES and the indicator to the SN. The SN receives the part of XRES and indicator, and receives a user response (RES) from the UE. The SN then compares the RES with the XRES base on the indicator, and sends a confirmation message to the HN when the comparison succeeds.

公开(公告)号：US20200029121A1

公开(公告)日：2020-01-23

申请号：US16585889

申请日：2019-09-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo Zhang

IPC: H04N21/4363 ,  H04N21/44 ,  H04N21/4385

Abstract: This application discloses a data flow control method and apparatus. The method includes: calculating, by a device when a clock signal arrives, a quantity of transition-minimized differential signaling (TMDS) characters currently stored in a buffer of the device; and outputting, by the device, the TMDS character in the buffer when the quantity of TMDS characters currently stored in the buffer reaches a preset value, or outputting a gap data packet when the quantity of TMDS characters currently stored in the buffer does not reach a preset value, where the preset value is less than or equal to a TMDS character storage capacity of the buffer.

公开(公告)号：US20190253889A1

公开(公告)日：2019-08-15

申请号：US16388606

申请日：2019-04-18

Applicant: Huawei Technologies Co., Ltd.

Inventor： Rong Wu ,  Bo Zhang ,  Lu Gan

IPC: H04W12/04 ,  H04W80/10 ,  H04W8/08 ,  H04W76/11 ,  H04W76/25 ,  H04W88/02

CPC classification number: H04W12/0401 ,  H04L9/08 ,  H04W8/08 ,  H04W12/04 ,  H04W12/0403 ,  H04W76/11 ,  H04W76/25 ,  H04W80/10 ,  H04W88/023

Abstract: Embodiments of this application provide an anchor key generation method, device, and system. The method includes generating, by a user equipment, an intermediate key based on a cipher key (CK), an integrity key (IK), and an indication information regarding an operator; generating, by the user equipment, an anchor key based on the intermediate key; generating, by the user equipment, a key (Kamf) based on the anchor key; and deriving, by the user equipment, a 3rd Generation Partnership Project (3GPP) key based on the Kamf.