公开(公告)号：US11582602B2

公开(公告)日：2023-02-14

申请号：US17014538

申请日：2020-09-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jing Chen ,  Kai Pan ,  He Li

IPC: H04W12/041 ,  H04W76/25 ,  H04W76/11 ,  H04W8/08 ,  H04W12/06 ,  H04W60/00 ,  H04W12/0431 ,  H04W12/0433 ,  H04W12/0471

Abstract: A method for security handling in a mobility of a terminal device, where the method includes: a target access and mobility management function (AMF) entity receiving a first message for registering a terminal device; the target AMF entity sending a second message to a source AMF entity after receiving the first message; the source AMF entity deriving a first key based on a key between the source AMF entity and the terminal device; the source AMF entity sending the first key to the target AMF entity; the target AMF entity determining to use the first key based on security related information after receiving the first key; and the target AMF entity determining a communication key between the target AMF entity and the terminal device based on the first key after determining to use the first key.

公开(公告)号：US11259185B2

公开(公告)日：2022-02-22

申请号：US17023748

申请日：2020-09-17

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li Hu ,  Jing Chen ,  He Li ,  Kai Pan

IPC: H04W8/20 ,  H04W12/40 ,  H04L29/06 ,  H04W12/06

Abstract: The present disclosure discloses a communication method performed by a management function entity, including: receiving a first request message sent by user equipment UE; sending a second request message to a storage function entity based on the first request message, where the second request message is used to request a security service identifier for the UE, and the security service identifier is used to indicate a security service procedure; receiving a response message including the security service identifier from the storage function entity; obtaining a target security service identifier based on the security service identifier, where the target security service identifier is used to indicate a security service procedure to be initiated by the management function entity; and initiating the security service procedure indicated by the target security service identifier. The present disclosure further discloses a communications device.

公开(公告)号：US20210227393A1

公开(公告)日：2021-07-22

申请号：US17139235

申请日：2020-12-31

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jing Chen

IPC: H04W12/106 ,  H04L29/06 ,  H04W12/033 ,  H04W12/108 ,  H04W12/122 ,  H04W12/0431

Abstract: A security protection method and an apparatus to implement security protection for a plurality of non-access stratum (NAS) connection links. The method includes determining, by a terminal, a first parameter, where the first parameter is used to indicate an access technology used to transmit a non-access stratum NAS message. The terminal can support at least two access technologies, and can separately maintain a corresponding NAS COUNT for each of the at least two access technologies. The method further includes performing, by the terminal, security protection on the NAS message based on the first parameter, a NAS key, and a NAS COUNT corresponding to an access technology used to transmit the NAS message. This application is applicable to a process of performing security protection on a NAS message.

公开(公告)号：US10911948B2

公开(公告)日：2021-02-02

申请号：US16574899

申请日：2019-09-18

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jing Chen ,  Huan Li

IPC: H04W12/04 ,  H04W76/25 ,  H04W76/11 ,  H04W12/06 ,  H04W8/08 ,  H04W12/10

Abstract: Embodiments of the present invention disclose a method and a system for performing network access authentication based on a non-3GPP network, and a related device. In the solutions of this application, steps in a non-3GPP-based network access authentication procedure in the prior art are reduced, and the UE can quickly access the network.

公开(公告)号：US20200374691A1

公开(公告)日：2020-11-26

申请号：US16993729

申请日：2020-08-14

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jing Chen ,  Li Hu

IPC: H04W12/00 ,  H04W12/04 ,  H04W8/08 ,  H04W80/10 ,  H04W76/27 ,  H04W92/10 ,  H04L29/06 ,  H04W12/10 ,  H04W12/02 ,  H04W12/08

Abstract: A communication method and a related apparatus, where sending, by an access and mobility management function (AMF) entity, a request message to a session management function (SMF) entity, wherein the request message comprises a data network name (DNN) of a terminal device and an identifier of a slice of the terminal device; obtaining, by the SMF entity, a security policy based on the DNN of the terminal device and the identifier of the slice of the terminal device; sending, by the SMF entity, the security policy to a base station; and enabling, by the base station, user plane encryption protection when the security policy comprises first encryption protection indication information indicating the base station to enable the user plane encryption protection.

公开(公告)号：US10798082B2

公开(公告)日：2020-10-06

申请号：US16388326

申请日：2019-04-18

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jing Chen ,  Huan Li ,  Yizhuang Wu

IPC: H04L29/06 ,  H04L9/30 ,  H04W12/02 ,  H04W12/06 ,  H04L9/32

Abstract: This application relates to the field of communications technologies, and discloses a network authentication triggering system, method and a related device. The method includes: receiving a first message from a terminal, where the first message carries first identity information and identifier information, the first identity information is encrypted identity information, and the identifier information is used to identify an encryption manner of the first identity information; and sending a second message to a first security function entity, where the second message is used to trigger authentication for the terminal, and the second message carries the identifier information. This application provides a solution of triggering an authentication process when identity information is encrypted.

公开(公告)号：US10681551B2

公开(公告)日：2020-06-09

申请号：US16404163

申请日：2019-05-06

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jing Chen

IPC: H04W12/10 ,  H04W12/04 ,  H04W12/00 ,  H04L29/06 ,  H04W12/12

Abstract: A security protection method and an apparatus to implement security protection for a plurality of non-access stratum (NAS) connection links. The method includes determining, by a terminal, a first parameter, where the first parameter is used to indicate an access technology used to transmit a non-access stratum NAS message. The terminal can support at least two access technologies, and can separately maintain a corresponding NAS COUNT for each of the at least two access technologies. The method further includes performing, by the terminal, security protection on the NAS message based on the first parameter, a NAS key, and a NAS COUNT corresponding to an access technology used to transmit the NAS message. This application is applicable to a process of performing security protection on a NAS message.

公开(公告)号：US10560848B2

公开(公告)日：2020-02-11

申请号：US16386462

申请日：2019-04-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jing Chen ,  Li Hu

IPC: H04W8/08 ,  H04W12/10 ,  H04W12/04 ,  H04W80/10 ,  H04W76/27

Abstract: A communication method and a related apparatus are provided. A base station obtains a security policy, where the security policy includes integrity protection indication information, and the integrity protection indication information is used to indicate the base station whether to enable integrity protection for a terminal device; and when the integrity protection indication information indicates the base station to enable integrity protection for the terminal device, the base station sends a target user plane integrity protection algorithm to the terminal device.

公开(公告)号：US20200029205A1

公开(公告)日：2020-01-23

申请号：US16585978

申请日：2019-09-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li Hu ,  Jing Chen ,  He Li ,  Kai Pan

IPC: H04W12/00 ,  H04W8/20 ,  H04L29/06 ,  H04W12/06

Abstract: The present disclosure discloses a communication method performed by a management function entity, including: receiving a first request message sent by user equipment UE; sending a second request message to a storage function entity based on the first request message, where the second request message is used to request a security service identifier for the UE, and the security service identifier is used to indicate a security service procedure; receiving a response message including the security service identifier from the storage function entity; obtaining a target security service identifier based on the security service identifier, where the target security service identifier is used to indicate a security service procedure to be initiated by the management function entity; and initiating the security service procedure indicated by the target security service identifier. The present disclosure further discloses a communications device.

公开(公告)号：US10142376B2

公开(公告)日：2018-11-27

申请号：US15827959

申请日：2017-11-30

Applicant: Huawei Technologies Co., Ltd.

Inventor： He Li ,  Jinzhou Ye ,  Ridong Xu ,  Biao Zhang ,  Shufeng Shi ,  Boqiang Luo

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/14 ,  H04L29/14 ,  H04L12/26

Abstract: Embodiments of the present invention disclose a method, a related apparatus, and a system for recovering a called service of a terminal. The method includes: when a called request of a user terminal is received, querying an initial proxy-call session control function (P-CSCF) entity with which the user terminal currently registers; if it is detected that the initial P-CSCF is faulty, selecting an available P-CSCF and sending, to the available P-CSCF, a notification message that carries a redundancy identifier, where the redundancy identifier is used to instruct the available P-CSCF to trigger the user terminal to re-register with the P-CSCF; and when a registration complete message sent by the P-CSCF with which the user terminal re-registers is received, delivering the called request to the re-registered P-CSCF to bear a called service of the user terminal.