公开(公告)号：US20190097986A1

公开(公告)日：2019-03-28

申请号：US16202329

申请日：2018-11-28

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Tao Zhang ,  Bo Lin ,  Dongmei Zhang

IPC: H04L29/06 ,  H04W12/04 ,  H04L12/24 ,  H04L9/32 ,  H04W72/04 ,  H04W12/06 ,  H04W12/12 ,  H04W92/10 ,  H04W24/02 ,  H04W12/10

Abstract: The present invention relates to a counter check and reconfiguration method, apparatus, and system. The method includes: sending a second identity information and a second count information to a terminal, so that the terminal compares, according to the second identity information, the second count information with third count information maintained by the terminal itself to obtain first comparison result information or second comparison result information; receiving the first comparison result information sent by the terminal, or the second identity information and second comparison result information sent by the terminal; and determining counter check result information according to the received first comparison result information, or the received second identity information and second comparison result information. Thereby, the present invention implements a counter check process and a reconfiguration process in a network architecture in which a primary base station is separated from a secondary base station.

公开(公告)号：US09681339B2

公开(公告)日：2017-06-13

申请号：US14526205

申请日：2014-10-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing Chen ,  Dongmei Zhang ,  Xiaoying Xu

IPC: H04W12/04 ,  H04W36/00 ,  H04W36/14 ,  H04W12/06

CPC classification number: H04W36/0038 ,  H04W12/04 ,  H04W12/06 ,  H04W36/14

Abstract: Embodiments of the present invention disclose a security processing method and system in a network handover process. The method includes: generating, by a network switching node, a target key after receiving a handover request; sending, by the network switching node, security information including the target key to a target network node, and receiving a handover response message sent by the target network node; and sending, by the network switching node, a handover command to a mobile terminal, so that the mobile terminal accesses a target network. By adopting the present invention, security processing in handover of a mobile terminal from a 3G network to an HSPA network or an LTE network may be completed in a case that the network switching node currently used in the network is not changed.

公开(公告)号：US20160337848A1

公开(公告)日：2016-11-17

申请号：US15221442

申请日：2016-07-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Junren Chang ,  Hao Bi ,  Yi Guo ,  Dongmei Zhang ,  Bo Lin

IPC: H04W12/04

CPC classification number: H04W12/04 ,  H04L9/0891 ,  H04L63/062 ,  H04L2463/061 ,  H04W36/0038 ,  H04W36/0069 ,  H04W36/06 ,  H04W88/08

Abstract: The present invention provides a security key change method and a user equipment (UE). The method performed by the UE includes: receiving a key change command message from a master eNodeB (MeNB), wherein the key change command message comprises an indication that a change of a security key between the UE and a secondary eNodeB (SeNB), and the UE is configured with a dual connectivity between the MeNB and the SeNB; updating a security key between the UE and the SeNB; performing random access to the SeNB; and sending a key change complete message to the MeNB.

Abstract translation: 本发明提供一种安全密钥改变方法和用户设备（UE）。 所述UE执行的方法包括：从主节点（MeNB）接收密钥改变命令消息，其中所述密钥改变命令消息包括所述UE与所述辅助eNodeB（SeNB）之间的安全密钥的改变的指示，以及 UE配置有MeNB和SeNB之间的双重连接; 更新UE与SeNB之间的安全密钥; 执行对SeNB的随机访问; 并向MeNB发送密钥更改完成消息。

公开(公告)号：US20160080339A1

公开(公告)日：2016-03-17

申请号：US14946273

申请日：2015-11-19

Applicant: Huawei Technologies Co., Ltd.

Inventor： Tao Zhang ,  Bo Lin ,  Dongmei Zhang

IPC: H04L29/06 ,  H04W12/04 ,  H04L12/24

CPC classification number: H04L63/062 ,  H04L9/3226 ,  H04L41/0813 ,  H04L63/1441 ,  H04L63/1466 ,  H04L63/205 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10 ,  H04W12/12 ,  H04W24/02 ,  H04W72/0406 ,  H04W92/10

Abstract: The present invention relates to base stations, and a terminal. The primary base station execute the following steps, receiving, by a primary base station, security parameter update request information that is sent by a secondary base station and carries an encryption algorithm, wherein the security parameter update request information comprises the encryption algorithm; adding, by the primary base station, the encryption algorithm in the received security parameter update request information to reconfiguration information; sending, by the primary base station, the reconfiguration information carrying the encryption algorithm to a terminal; and receiving, by the primary base station, reconfiguration complete information sent by the terminal. Thereby, the present invention implements a reconfiguration process in a network architecture in which a primary base station is separated from a secondary base station.

Abstract translation: 本发明涉及基站和终端。 主基站执行以下步骤，由主基站接收由辅基站发送并携带加密算法的安全参数更新请求信息，其中安全参数更新请求信息包括加密算法; 由所述主基站将所接收的安全参数更新请求信息中的加密算法添加到重新配置信息; 由主基站向终端发送携带加密算法的重配置信息; 并由主基站接收由终端发送的重新配置完成信息。 由此，本发明在主基站与二次基站分离的网络架构中实现重新配置处理。

公开(公告)号：US09049594B2

公开(公告)日：2015-06-02

申请号：US13952985

申请日：2013-07-29

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Xinyi Chen ,  Dongmei Zhang ,  Lijia Zhang ,  Xiaohan Liu

IPC: H04W12/04 ,  H04L29/06 ,  H04W88/12

CPC classification number: H04W12/04 ,  H04L63/061 ,  H04L2463/061 ,  H04W88/12

Abstract: A method and a device for key generation are disclosed in embodiments of the present invention. The method for key generation is applied to a UMTS-LTE resource convergence scenario that has a base station as an anchor point, and includes: deriving, according to a root key and a count value of an LTE system, or according to a random number and an LTE system root key, a UMTS integrity key and cipher key, and sending the UMTS integrity key and cipher key to a UMTS control node. The embodiments of the present invention enable the derivation of the UMTS integrity key and cipher key in a UMTS-LTE resource convergence scenario that has a base station as an anchor point, enable a user equipment to communicate securely through a UMTS, and further improve security of data transmitted in the UMTS.

Abstract translation: 在本发明的实施例中公开了用于密钥生成的方法和装置。 用于密钥生成的方法应用于以基站为锚点的UMTS-LTE资源汇聚场景，包括：根据根密钥和LTE系统的计数值，根据随机数 以及LTE系统根密钥，UMTS完整性密钥和密码密钥，并将UMTS完整性密钥和加密密钥发送到UMTS控制节点。 本发明的实施例能够在具有基站作为锚点的UMTS-LTE资源汇聚场景中导出UMTS完整性密钥和加密密钥，使得用户设备能够通过UMTS安全地通信，并进一步提高安全性 的在UMTS中发送的数据。

公开(公告)号：US10855461B2

公开(公告)日：2020-12-01

申请号：US15221442

申请日：2016-07-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Junren Chang ,  Hao Bi ,  Yi Guo ,  Dongmei Zhang ,  Bo Lin

IPC: H04L9/08 ,  H04L29/06 ,  H04W36/00 ,  H04W12/04 ,  H04W88/08 ,  H04W36/06

Abstract: The present invention provides a security key change method and a user equipment (UE). The method performed by the UE includes: receiving a key change command message from a master eNodeB (MeNB), wherein the key change command message comprises an indication that a change of a security key between the UE and a secondary eNodeB (SeNB), and the UE is configured with a dual connectivity between the MeNB and the SeNB; updating a security key between the UE and the SeNB; performing random access to the SeNB; and sending a key change complete message to the MeNB.

公开(公告)号：US20190306706A1

公开(公告)日：2019-10-03

申请号：US16443723

申请日：2019-06-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04W12/04 ,  H04L9/08 ,  H04L29/06

Abstract: Embodiments of the present invention disclose a key exchange method and apparatus. A network device acquires a first key, and sends a message including the first key to a second user equipment, so that the second user equipment uses, when communicating with a first user equipment by using a D2D link, the first key to protect transmitted information.

公开(公告)号：US20190044707A1

公开(公告)日：2019-02-07

申请号：US16140217

申请日：2018-09-24

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W12/02 ,  H04W12/06 ,  H04W12/08 ,  H04W36/00

Abstract: Embodiments disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

公开(公告)号：US10084594B2

公开(公告)日：2018-09-25

申请号：US15594975

申请日：2017-05-15

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04W12/02 ,  H04W12/04 ,  H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  H04W36/00

CPC classification number: H04L9/0816 ,  H04L9/083 ,  H04L9/0861 ,  H04L63/06 ,  H04L63/205 ,  H04L2209/24 ,  H04L2463/061 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W36/0038

Abstract: Embodiment of the present invention discloses a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption. The present invention mainly applies to SCC security protection.

公开(公告)号：US09924354B2

公开(公告)日：2018-03-20

申请号：US14842945

申请日：2015-09-02

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei Zhang ,  Jing Chen

IPC: H04L9/08 ,  H04W12/04 ,  H04L29/06 ,  H04W76/02

CPC classification number: H04W12/04 ,  H04L9/0819 ,  H04L63/06 ,  H04L63/061 ,  H04L63/205 ,  H04W76/14

Abstract: Embodiments of the present invention disclose a key exchange method and apparatus, which relate to the communications field, and can enable user equipments establishing a D2D link to share a set of keys, and further, information security can be achieved when a user equipment transmits service data or a signaling message through a Ud interface. A specific solution is that: a network device acquires a first key, and sends a message including the first key to a second user equipment, so that the second user equipment uses, when communicating with a first user equipment by using a D2D link, the first key to protect transmitted information. The present invention is applicable to an exchange process of keys for protecting data on a D2D link.