公开(公告)号：US20190320482A1

公开(公告)日：2019-10-17

申请号：US16455739

申请日：2019-06-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Li HU ,  Jing CHEN ,  Yinghui YU

IPC: H04W76/19 ,  H04W80/02 ,  H04W76/25 ,  H04W76/27 ,  H04W8/08

Abstract: The present disclosure discloses a link re-establishment method, an apparatus, and a system. The method includes: obtaining, by user equipment UE, a MAC of the UE based on a NAS integrity key and a first MAC generation parameter, where the first MAC generation parameter includes an identifier of the UE; sending, by the UE, a re-establishment request message to a target RAN, where the re-establishment request message includes the MAC and the first MAC generation parameter; and receiving, by the UE, a re-establishment response message of the target RAN. The UE triggers, by sending the re-establishment request message, a CP functional entity to perform authentication on the UE. This resolves a prior-art problem that an excessively long time is consumed to re-establish a connection to a target RAN by using an RAU procedure, increases a speed of re-establishing a connection between UE and a network, and improves user experience.

公开(公告)号：US20150163678A1

公开(公告)日：2015-06-11

申请号：US14625789

申请日：2015-02-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei ZHANG ,  Jing CHEN ,  Lijia ZHANG ,  Zhuo CHEN

IPC: H04W12/10 ,  H04L9/14

CPC classification number: H04W12/10 ,  H04L9/14 ,  H04L63/205 ,  H04W12/02 ,  H04W12/08 ,  H04W84/047 ,  H04W92/20

Abstract: A method and an apparatus for protecting data carried on an Un interface between a eNB and a relay node are disclosed. Three types of radio bearers (RBs) are defined over the Un interface: signaling radio bearers (SRBs) for carrying control plane signaling data, signaling-data radio bearers (s-DRBs) for carrying control plane signaling date; and data-data radio bearers (d-DRBs) for carrying user plane data. An integrity protection algorithm and an encryption algorithm are negotiated for control plane signaling data on an SRB, control plane signaling data carried on an s-DRB, and user plane data carried on a d-DRB. With the respective integrity protection algorithm and encryption algorithm, the data over the Un interface can be protected respectively. Therefore, the security protection on the Un interface is more comprehensive, and the security protection requirements of data borne over different RBs can be met.

Abstract translation: 公开了一种用于保护在eNB和中继节点之间的Un接口上承载的数据的方法和装置。 在Un接口上定义了三种类型的无线承载（RB）：用于承载控制平面信令数据的信令无线电承载（SRB），用于承载控制平面信令日期的信令数据无线电承载（s-DRB）; 和用于承载用户平面数据的数据数据无线电承载（d-DRB）。 协调SRB上的控制平面信令数据，s-DRB上承载的控制平面信令数据和d-DRB上携带的用户平面数据的完整性保护算法和加密算法。 通过各自的完整性保护算法和加密算法，可以分别保护Un接口上的数据。 因此，Un接口的安全保护更全面，可以满足不同RB承载的数据的安全保护要求。

公开(公告)号：US20150082393A1

公开(公告)日：2015-03-19

申请号：US14550629

申请日：2014-11-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing CHEN

IPC: H04W12/04 ,  H04W84/12 ,  H04L29/06 ,  H04W76/02

CPC classification number: H04W12/04 ,  H04L63/06 ,  H04L2463/061 ,  H04W12/06 ,  H04W76/10 ,  H04W84/12

Abstract: The embodiments of the present invention provide a secure establishment method, system and device of a wireless local area network. The method includes: acquiring, by a UE, a first key; the first key is a shared key of the UE and a network element equipment in a mobile communication network to which the UE is accessed when implementing air interface security, or is derived according to the shared key; deriving, by the UE, according to the first key and a derivation parameter to acquire a derivation key; establishing, by the UE, according to the derivation key, secure connection with a WLAN node acquiring a derivation key, wherein the derivation key acquired by the WLAN node is the same as the derivation key acquired by the UE.

Abstract translation: 本发明的实施例提供了无线局域网的安全建立方法，系统和设备。 该方法包括：由UE获取第一密钥; 第一个密钥是UE的共享密钥和在实现空中接口安全性时UE被访问的移动通信网络中的网元设备，或者是根据共享密钥导出的; 由UE根据第一密钥和导出参数导出获取推导密钥; 由UE根据推导密钥建立与获取导出密钥的WLAN节点的安全连接，其中由WLAN节点获取的导出密钥与由UE获取的推导密钥相同。

公开(公告)号：US20210250771A1

公开(公告)日：2021-08-12

申请号：US17245570

申请日：2021-04-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li HU ,  Jing CHEN

IPC: H04W12/12 ,  H04W48/06 ,  H04L29/06

Abstract: This application provides example methods and apparatuses for determining class information. One example method includes sending, by a security detection function network element, a subscription data collection event to a mobility management network element, where the subscription data collection event includes a collection range and a reporting condition. The security detection function network element can then receive a data collection service response message from the mobility management network element, where the data collection service response message includes first class information and first traffic data corresponding to the first class information, and where the first traffic data meets the reporting condition. The security detection function network element can then determine abnormal class information based on the first traffic data. The security detection function network element can then send the abnormal class information to a policy control network element.

公开(公告)号：US20210076207A1

公开(公告)日：2021-03-11

申请号：US17100093

申请日：2020-11-20

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dongmei ZHANG ,  Jing CHEN ,  Yang CUI

IPC: H04W12/04 ,  H04W88/06 ,  H04W88/10 ,  H04L29/06

Abstract: In one example method for generating an access stratum key in a communication system, a terminal device acquires an input parameter, where the terminal device is communicably coupled to a first network-side device through a first air interface and at the same time is communicably coupled to a second network-side device through a second air interface. The terminal device has access to a core network via the first network-side device, and has access to the core network via the second network-side device which has access to the core network through the first network-side device. The terminal device calculates an access stratum root key of the second air interface according to the input parameter and an access stratum root key of the first air interface, and generates an access stratum key of the second air interface according to the access stratum root key of the second air interface.

公开(公告)号：US20210014686A1

公开(公告)日：2021-01-14

申请号：US17035223

申请日：2020-09-28

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li HU ,  Yizhuang WU ,  Wei LU ,  Jing CHEN ,  Yong WANG

IPC: H04W12/08 ,  H04W48/08 ,  H04W48/16 ,  G16Y30/10 ,  G16Y10/75 ,  H04L29/06

Abstract: Example methods for controlling access of a terminal to a network and a network element are described. One example method includes detecting whether a target terminal is exposed to a security threat and sending a message to a storage function network element based on a detection result. The message includes device information and network access indication information, the device information indicates at least one terminal including the target terminal, and the network access indication information indicates that the at least one terminal is allowed or forbidden to access a network. Thus the security function network element outputs an allowed or forbidden indication to the storage function network element, and the storage function network element controls, based on the foregoing indication, access of the terminal to the network.

公开(公告)号：US20200260283A1

公开(公告)日：2020-08-13

申请号：US16859699

申请日：2020-04-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li HU ,  Bingzhao LI ,  Xiaoying XU ,  Jing CHEN ,  He LI

IPC: H04W12/10 ,  H04W12/00 ,  H04W12/04 ,  H04L9/14 ,  H04W36/08 ,  H04W76/27

Abstract: This application provides an RRC connection resume method and apparatus. In the method, when a terminal moves to a target base station, the target base station may reselect, based on a capability and a requirement of the target base station, a first encryption algorithm and a first integrity protection algorithm that are used when the target base station communicates with the terminal, and send the first encryption algorithm and the first integrity protection algorithm to the terminal. On one hand, a security algorithm used for communication between the terminal and the target base station is flexibly selected. On the other hand, because the base station connected to the terminal changes, communication security can be improved by using a new encryption algorithm and integrity protection algorithm.

公开(公告)号：US20200221297A1

公开(公告)日：2020-07-09

申请号：US16821103

申请日：2020-03-17

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li HU ,  Jing CHEN

IPC: H04W12/04

Abstract: This application provides a key derivation algorithm negotiation method and an apparatus. The method includes: checking, by a terminal, a sent first key derivation algorithm and a received second key derivation algorithm; if the checking is correct and the first key derivation algorithm is the same as the second key derivation algorithm, determining that the first key derivation algorithm sent by the terminal is not tampered with by an attacker; and then using a negotiated third key derivation algorithm as a key derivation algorithm of the terminal, to ensure confidentiality of the negotiated key derivation algorithm, thereby improving communication security.

公开(公告)号：US20190253887A1

公开(公告)日：2019-08-15

申请号：US16397789

申请日：2019-04-29

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xiaoying XU ,  Jing CHEN

IPC: H04W12/04 ,  H04W36/00 ,  H04L29/06 ,  H04W12/10 ,  H04W36/08 ,  H04W88/06 ,  H04W12/08 ,  H04B1/403 ,  H04L9/14

CPC classification number: H04W12/04 ,  H04B1/406 ,  H04L9/14 ,  H04L63/06 ,  H04L63/10 ,  H04L2209/24 ,  H04W12/08 ,  H04W12/10 ,  H04W36/0022 ,  H04W36/0038 ,  H04W36/08 ,  H04W48/18 ,  H04W88/06 ,  H04W88/08

Abstract: A solution for security negotiation during handover of a user equipment (UE) between different radio access technologies is provided. In the solution, the UE receives non-access stratum (NAS) security information and access stratum (AS) security information which are selected by the target system and then performs security negotiation with the target system according to the received NAS security information and AS security information. As such, the UE may obtain the key parameter information of the NAS and AS selected by a Long Term Evolution (LTE) system and perform security negotiation with the LTE system when the UE hands over from a different system, such as a Universal Terrestrial Radio Access Network (UTRAN), to the LTE system.

公开(公告)号：US20190149326A1

公开(公告)日：2019-05-16

申请号：US16243349

申请日：2019-01-09

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He LI ,  Jing CHEN ,  Jiangsheng WANG

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/14

Abstract: Embodiments of the present disclosure provide example key obtaining methods and apparatus. One example method includes receiving, by a terminal, a selected key generation capability from a network element, where the selected key generation capability is used to indicate a key generation capability that is determined by the network element based on a first key generation capability combination, and where the first key generation capability combination includes at least one key generation capability of the terminal. The terminal can then generate a first key parameter and a first base key based on the selected key generation capability.