公开(公告)号：US20200344063A1

公开(公告)日：2020-10-29

申请号：US16923741

申请日：2020-07-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo ZHANG ,  Lu GAN ,  Yanjiang YANG

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08 ,  H04W12/06

Abstract: An authentication method, an authentication apparatus, and an authentication system for the communications field are described. The authentication includes receiving, by a communications network element, a request from a user equipment (UE) comprising a first identifier that is an international mobile subscriber identity (IMSI). The communication networkelement, in response to the request, sends the first identifier to a home subscriber server. The communications network element, upon authenticating the UE successfully, sends a second identifier to a key management center (KMS) to facilitate the KMS generating a subscriber private key corresponding to the second identifier and sending the subscriber private key to the communications network element. The communications network element thereafter sends the subscriber private key to the UE.

公开(公告)号：US20190261167A1

公开(公告)日：2019-08-22

申请号：US16400032

申请日：2019-04-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Bo ZHANG ,  Lu GAN ,  Rong WU

IPC: H04W12/00 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10 ,  H04L29/06

Abstract: Embodiments of the present invention disclose a data transmission method and a related device and system. The system includes an access network device AN and user equipment UE. The AN is configured to receive a base key sent by a key management device in a core network, where the base key is a key generated from two-way authentication between the UE and the core; the AN and the UE are configured to process the base key according to a preset rule to generate an air interface protection key; the UE is configured to: protect a target field in an uplink protocol data unit PDU by using the air interface protection key; and the AN is configured to parse the target field in the uplink protocol data unit by using the air interface protection key.

公开(公告)号：US20190149329A1

公开(公告)日：2019-05-16

申请号：US16248778

申请日：2019-01-16

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong WU ,  Bo ZHANG ,  Lu GAN

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  H04L9/14

Abstract: Embodiments of the present invention disclose a network system. The system includes user equipment, a network authentication device, and a service authentication device. The service authentication device is configured to obtain reference information and generate a second shared key with reference to the reference information and a first shared key, where the first shared key is a shared key pre-configured between the user equipment and the service authentication device; the user equipment is configured to obtain the reference information and generate the second shared key with reference to the reference information and the first shared key; the service authentication device is configured to send the second shared key to the network authentication device; and the network authentication device is configured to receive the second shared key, where the second shared key is used by the user equipment and the network authentication device to generate a target shared key.

公开(公告)号：US20190199532A1

公开(公告)日：2019-06-27

申请号：US16291954

申请日：2019-03-04

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo ZHANG ,  Lu GAN ,  Yanjiang YANG

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3242 ,  H04L9/0838 ,  H04L9/0844 ,  H04L9/0866 ,  H04L9/3247 ,  H04L9/3273 ,  H04L63/061 ,  H04L63/0869 ,  H04L2209/80 ,  H04W12/06

Abstract: An authentication method, an authentication apparatus, and an authentication system for the communications field are described. The authentication includes sending, by first user equipment, a first random parameter to second user equipment. The second user equipment obtains a first user identifier, a second user identifier, and a second random parameter; and generates a second authentication feature based on the first user identifier, the second user identifier, the first random parameter, and the second random parameter. The second user equipment sends the second authentication feature to the first user equipment for authentication. The first user equipment, after authentication, generatesgenerates a first authentication feature. The first authentication feature is sent to the second user equipment for authentication.

公开(公告)号：US20190068591A1

公开(公告)日：2019-02-28

申请号：US16171235

申请日：2018-10-25

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Bo ZHANG ,  Rong WU ,  Lu GAN ,  Haiguang WANG

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: The present disclosure relates to example key distribution and authentication methods and devices. In one example method, a second-level key is received by a terminal device from a user management server. The terminal device performs mutual authentication with a network authentication server based on the second-level key, to obtain a communication key for communication between the terminal device and a functional network element.

公开(公告)号：US20200322798A1

公开(公告)日：2020-10-08

申请号：US16909601

申请日：2020-06-23

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong WU ,  Bo ZHANG ,  Lu GAN

IPC: H04W12/06 ,  H04W8/12 ,  H04W12/02 ,  H04W12/04 ,  H04W80/10 ,  H04W88/16

Abstract: Embodiments of the present disclosure disclose a network roaming protection method and related device. The method includes: receiving, by a visited session management device, a first session establishment request that includes a first security requirement; obtaining, by the visited session management device, a target security policy, where the target security policy is obtained by processing the first security requirement set and a second security requirement set using a preset rule; and sending the target security policy to the UE instructing the UE to generate a target shared key based on a reference shared key and according to a rule defined by the target security policy, where the target shared key is used to protect secure end-to-end data transmission between the UE and the visited gateway.

公开(公告)号：US20190141531A1

公开(公告)日：2019-05-09

申请号：US16221566

申请日：2018-12-16

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Rong WU ,  Lu GAN ,  Haiguang WANG

IPC: H04W12/06 ,  H04W12/08 ,  H04W8/26 ,  H04W76/11

Abstract: Embodiments of the present invention disclose a vertical industry user system, including a service provider device, a terminal, a core network element, and a base station. The core network element is configured to: obtain a distribution instruction; and according to the distribution instruction, configure a core network identification number for the core network element, distribute a provider identification number to the service provider device, and distribute a base station identification number to the base station. The service provider device is configured to receive the provider identification number. The base station is configured to receive the base station identification number. The embodiments of the present invention further provide an identification number distribution method.

公开(公告)号：US20180278595A1

公开(公告)日：2018-09-27

申请号：US15978794

申请日：2018-05-14

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bo ZHANG ,  Lu GAN

IPC: H04L29/06 ,  H04L9/06 ,  H04W12/04 ,  H04L9/32

CPC classification number: H04L63/062 ,  H04L9/0618 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/3213 ,  H04L2209/80 ,  H04W12/04

Abstract: This application provides a key configuration method and an apparatus. A key management center obtains a service key, and performs encryption and/or integrity protection on the service key to obtain a token. The key management center sends the token to a first network element, the first network element forwards the token to a second network element, and the second network element obtains the service key based on the token. The service key is used to perform encryption and/or integrity protection on data transmitted between the first network element and the second network element. Therefore, security key configuration can be implemented through interaction between the key management center and the network elements, thereby laying a foundation for end-to-end security communication between the first network element and the second network element.

公开(公告)号：US20250097065A1

公开(公告)日：2025-03-20

申请号：US18714195

申请日：2022-11-15

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Dehai WANG ,  Lu GAN

IPC: H04L12/28

Abstract: This application can be applicable to the field of the internet of things, and relates to a device registration method, a hub device, and an apparatus. In an example device registration method provided in this application, a hub device may register a target device with the hub device with assistance of first user equipment, and the hub device may register the hub device with a server with assistance of second user equipment. The hub device may register a registered device (which may include the target device that is registered with the hub device) with the server after the hub device registers the hub device with the server.

公开(公告)号：US20190089648A1

公开(公告)日：2019-03-21

申请号：US16193574

申请日：2018-11-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Hongna CHANG ,  Lu GAN

IPC: H04L12/911 ,  H04L29/08

Abstract: A network resource subscription system is provided. In the system, a subscription apparatus and a publishing apparatus respectively send a resource subscription request and a resource publishing request to a control apparatus through a forwarding apparatus, to establish a network resource tree. Then, the control apparatus can use a relatively exact or fuzzy matching manner to make the subscription apparatus subscribe to a resource of the publishing apparatus, and make the subscription apparatus and the publishing apparatus perform peer to peer (P2P) communication, thereby taking both transmission efficiency and subscription efficiency into account.