-
公开(公告)号:US20230396602A1
公开(公告)日:2023-12-07
申请号:US18452003
申请日:2023-08-18
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Yizhuang WU , He LI , Rong WU
CPC classification number: H04L63/0807 , H04L63/102 , H04L67/56
Abstract: Embodiments of this application disclose a service authorization method and system, and a communication apparatus. The method includes: A first network element obtains a first access token from a token generation network element, and sends a first service request for a specified service to a second network element. The first service request includes the first access token. The first access token indicates that an NF service consumer network element has permission to access a specified service provided by an NF service producer network element belonging to a specified service domain. The first access token includes an identifier of the NF service consumer network element, an identifier of the specified service, and first service domain information associated with the specified service domain. The first service domain information is carried in the first access token, so that service domain-based access control can be implemented, thereby helping improve security of service authorization.
-
公开(公告)号:US20230185910A1
公开(公告)日:2023-06-15
申请号:US18168228
申请日:2023-02-13
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: He LI , Rong WU , Yizhuang WU , Ao LEI
IPC: G06F21/55
CPC classification number: G06F21/554 , G06F2221/034
Abstract: Embodiments of this application provide a communication method, apparatus, and system, to improve security of a V2X PC5 establishment procedure. The method includes: A first terminal device obtains a first security protection method, where the first security protection method is a security protection method determined in a discovery procedure between the first terminal device and a second terminal device; and the first terminal device determines a second security protection method according to the first security protection method, where the second security protection method is a security protection method for a PC5 connection between the first terminal device and the second terminal device. For example, a security level of the second security protection method is not lower than a security level of the first security protection method. The communication method is applicable to the V2X communication field.
-
公开(公告)号:US20230179400A1
公开(公告)日:2023-06-08
申请号:US18163980
申请日:2023-02-03
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Longhua GUO , He LI , Rong WU
IPC: H04L9/08 , H04W12/033
CPC classification number: H04L9/0819 , H04W12/033 , H04L9/0861 , H04W4/06
Abstract: Embodiments of this application provide a key management method and a communication apparatus, and relate to the field of communication technologies, to securely transmit multicast service data, and prevent an unauthorized terminal device from obtaining the multicast service data. The method includes: A terminal device obtains a target key, where the target key includes at least one of a target multimedia broadcast/multicast service service key MSK, a first sub-key corresponding to the target MSK, or a second sub-key corresponding to the target MSK, the first sub-key is for confidentiality protection calculation, and the second sub-key is for integrity protection calculation. The terminal device receives target data from a multicast user-plane processing network element, where the target data is data on which security protection is performed. Then, the terminal device processes the target data by using the target key.
-
公开(公告)号:US20210136070A1
公开(公告)日:2021-05-06
申请号:US17148234
申请日:2021-01-13
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Li HU , Weisheng JIN , Jing CHEN , He LI
Abstract: Example subscription information configuration methods and a communications device are described. One example method includes receiving a first device identifier by a network device from a first terminal device in a first access mode and receiving a second device identifier from a second terminal device in a second access mode. The network device determines whether the first device identifier matches the second device identifier to identify legality of the first terminal device. If the first device identifier matches the second device identifier, it indicates that the first terminal device is a legal terminal device. The network device sends subscription information of the first terminal device to the first terminal device in the first access mode, so that the first terminal device successfully accesses a network by using the subscription information.
-
公开(公告)号:US20200228975A1
公开(公告)日:2020-07-16
申请号:US16834858
申请日:2020-03-30
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: He LI , Yizhuang WU , Jing CHEN
Abstract: A communication method includes receiving, by an access network (AN) node, indication information from a mobility management device. The indication information is indicative of a security policy of a quality of service (QoS) flow. The method also includes obtaining, by the access network node based on the indication information, security information of a radio bearer corresponding to the QoS flow. The security information is indicative of a security policy of the radio bearer. The method further includes sending, by the access network node, an identifier of the radio bearer and the security information of the radio bearer to a terminal.
-
Patent Agency Ranking
公开(公告)号:US20190320320A1
公开(公告)日:2019-10-17
申请号:US16453833
申请日:2019-06-26
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Abstract: A method and device for verifying a key requester are described. The method may include a security function entity receiving a request message sent by a user management function (UMF) entity. The method may also include decrypting information in the request message by using a private key of the security function entity, and obtaining the information carried in the request message after signature verification on decrypted information using a public key in a certificate of the UMF entity succeeds. Furthermore, the method may include determining to provide a key of a user equipment (UE) for the UMF entity, when determining that a first verification parameter carried in the request message is valid and determining that an identifier which is of the UMF entity and which is carried in the request message is the same as an identifier of a UMF entity to which the UE attaches.
-
公开(公告)号:US20230284103A1
公开(公告)日:2023-09-07
申请号:US18171198
申请日:2023-02-17
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
IPC: H04W36/00 , H04W8/08 , H04W48/16 , H04W80/10 , H04L9/08 , H04W12/033 , H04W12/106
CPC classification number: H04W36/0038 , H04W8/08 , H04W48/16 , H04W80/10 , H04L9/08 , H04W12/033 , H04W12/106
Abstract: This application relates to the field of wireless communications technologies. Embodiments of this application provide a security protection method, an apparatus, and a system, to resolve a problem of low efficiency in handing over a terminal between serving base stations. The method in this application includes: receiving, by a target access network device, a correspondence between user plane information and a security policy from a source access network device; and determining, by the target access network device based on the correspondence between user plane information and a security policy, a first user plane protection algorithm corresponding to the user plane information, where the first user plane protection algorithm includes one or both of a user plane encryption algorithm and a user plane integrity protection algorithm. This application is applicable to a procedure in which the terminal is handed over between serving base stations.
-
公开(公告)号:US20230188997A1
公开(公告)日:2023-06-15
申请号:US18164131
申请日:2023-02-03
Applicant: Huawei Technologies Co., Ltd.
Inventor: He LI , Rong WU , Yizhuang WU
IPC: H04W12/106 , H04W12/041 , H04W12/63 , H04W12/75 , H04W12/0431
CPC classification number: H04W12/106 , H04W12/041 , H04W12/63 , H04W12/75 , H04W12/0431
Abstract: A secure communication method and apparatus are disclosed, to ensure security of a direct communication between terminal devices. In this application, a first terminal device may receive a key generation parameter from a first network element, where the key generation parameter includes a ProSe temporary identity of the first terminal device. Then, the first terminal device may generate a first discovery key based on the key generation parameter. The first terminal device sends a ProSe request message, where the ProSe request message includes the ProSe temporary identity and a message integrity code, and the message integrity code is generated based on the discovery key. The second terminal device receives the ProSe request message, and verifies the first terminal device based on the message integrity code, to ensure the security of a direct communication between the first terminal device and the second terminal device.
-
公开(公告)号:US20230188976A1
公开(公告)日:2023-06-15
申请号:US18166140
申请日:2023-02-08
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Longhua GUO , He LI , Yizhuang WU , Rong WU
IPC: H04W12/033 , H04W12/106 , H04W80/02
CPC classification number: H04W12/033 , H04W12/106 , H04W80/02
Abstract: Embodiments of this application provide a communication method and an apparatus, to ensure a multicast service data packet transmission security requirement. An access device may determine a user plane security active state of a multicast DRB in a PDU session, and indicate the user plane security active state of the multicast DRB to a terminal, where the user plane security active state includes whether integrity protection is activated and/or whether confidentiality protection is activated. In addition, the access device configures a multicast PDCP layer entity based on the user plane security active state of the DRB for transmitting multicast service data. The access device may further determine a user plane security active state of a unicast DRB, indicate the user plane security active state to the terminal, and modify a unicast PDCP layer entity.
-
公开(公告)号:US20230179997A1
公开(公告)日:2023-06-08
申请号:US18164697
申请日:2023-02-06
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Ao LEI , He LI , Yizhuang WU , Rong WU
IPC: H04W12/033 , H04W12/037
CPC classification number: H04W12/033 , H04W12/037
Abstract: A method for determining a user plane security algorithm, a system, and an apparatus. The method may include: a second device selects a non-null user plane confidentiality protection algorithm based on a security capability of a first device and a security capability of the second device in a case in which user plane confidentiality protection between the second device and the first device is enabled and control plane confidentiality protection between the second device and the first device is not enabled. The second device sends a first message to the first device. The first message includes first algorithm indication information indicating the user plane confidentiality protection algorithm. Therefore, the first device can obtain the non-null user plane confidentiality protection algorithm. Embodiments can be adopted to determine an effective user plane confidentiality protection algorithm, for confidentiality protecting user plane data.
-
-
-
-
-
-
-
-
-
Search Results
48
records
(took 0.021 seconds)
