公开(公告)号：US20220272533A1

公开(公告)日：2022-08-25

申请号：US17736750

申请日：2022-05-04

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhongding LEI ,  Xin KANG ,  Haiguang WANG ,  Bo ZHANG

IPC: H04W12/06

Abstract: Embodiments of the present invention disclose an identity authentication method, including: A first network device receives first authentication indication information from a first terminal device, wherein the first request carries first authentication indication information and a unmanned aerial system (UAS) identifier of the first terminal device, and sends the UAS identifier of the first terminal device to a second network device. The second network device performs UAS authentication on the first terminal device based on the UAS identifier, and sends a UAS authentication result of the first terminal device to the first network device. By implementing embodiments of this application, a terminal device manufactured by an unmanned aerial system device vendor that has not signed with an operator of a mobile communications network can be prevented from using the mobile communications network.

公开(公告)号：US20210250762A1

公开(公告)日：2021-08-12

申请号：US17243011

申请日：2021-04-28

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding LEI ,  Haiguang WANG ,  Xin KANG

IPC: H04W12/041 ,  H04W12/033

Abstract: A key generation method includes a user plane network function and a terminal device obtain key update information sent by each other. The user plane network function updates, by using the obtained key update information, a sub-key derived from a permanent key, to obtain a new protection key. The terminal device updates, by using the obtained key update information, a sub-key derived from the permanent key, to obtain a new protection key. The terminal device and the user plane network function perform, by using the new protection key, security protection on user plane data transmitted between the terminal device and the user plane network function.

公开(公告)号：US20230017001A1

公开(公告)日：2023-01-19

申请号：US17946490

申请日：2022-09-16

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Xin KANG ,  Haiguang WANG ,  Zhuo WEI ,  Zhongding LEI

IPC: G07C9/26 ,  G07C9/00

Abstract: This disclosure provide a vehicle control method. A first terminal device obtains first biometric information of a first user, generates a first key based on the first biometric information and identifier information of the first terminal device, and generates first verification information based on the first key. Further, the first terminal device sends the first verification information to an in-vehicle device. When successfully verifying the first verification information, the in-vehicle device controls a vehicle to start. If the first user loses the first terminal device, an unauthorized user that obtains the first terminal device cannot control the vehicle based on only the identifier information of the first terminal device. Because different users have different biometric information, a key generated by the first terminal device is different from the first key, and the in-vehicle device cannot control the vehicle to start. This improves vehicle security.

公开(公告)号：US20220086145A1

公开(公告)日：2022-03-17

申请号：US17532757

申请日：2021-11-22

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding LEI ,  Haiguang WANG ,  Xin KANG

IPC: H04L29/06

Abstract: The present disclosure relates to secondary authentication methods and apparatus. In one example method, a core network function entity obtains an identity of a first terminal device, where the identity of the first terminal device is an identity in a first network. The core network function entity sends the identity of the first terminal device to an authentication device in a second network, where the identity of the first terminal device is used to determine an identity used by the second network to perform secondary authentication on a first user, and the identity of the first user is different from the identity of the first terminal device.

公开(公告)号：US20190208417A1

公开(公告)日：2019-07-04

申请号：US16297231

申请日：2019-03-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xin KANG ,  Haiguang WANG ,  Yanjiang YANG ,  Zhongding LEI

IPC: H04W12/04 ,  H04W12/06 ,  H04W12/00 ,  H04W80/02

CPC classification number: H04W12/04033 ,  H04L29/06 ,  H04L63/062 ,  H04L63/0869 ,  H04W12/001 ,  H04W12/0023 ,  H04W12/04031 ,  H04W12/0609 ,  H04W80/02

Abstract: This application discloses a mobile network authentication method, a terminal device, a server, and a network authentication entity. The method includes: receiving, by a first terminal device, a DH public key and a first ID that are sent by at least one second terminal device; sending a first message to a server, where the first message includes a DH public key of each second terminal device of the at least one second terminal device and a first ID of the second terminal device; receiving a second message sent by the server, where the second message includes a DH public key of the server and a second ID of the second terminal device that is generated by the server; and sending, by the first terminal device, the second ID of the second terminal device and the DH public key of the server to the second terminal device.

公开(公告)号：US20250063364A1

公开(公告)日：2025-02-20

申请号：US18939046

申请日：2024-11-06

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding LEI ,  Haiguang WANG ,  Xin KANG ,  Tieyan LI ,  Yizhuang WU

IPC: H04W12/106 ,  H04W12/122 ,  H04W12/61

Abstract: Embodiments of this application provide a communication method and a network element device. The method includes: A first network function network element obtains integrity-protected attestation information, where the attestation information includes an attestation result and range indication information associated with the attestation result; generates a service request message when determining that a service provided by a second network function network element is to be requested; and sends the service request message to the second network function network element, where the service request message includes the attestation information and an identifier of the first network function network element. The method disclosed in this application can prevent and mitigate a potential security risk faced by a network function in a mobile communication network, especially faced by a network function implemented in a software or virtualization manner.

公开(公告)号：US20240163119A1

公开(公告)日：2024-05-16

申请号：US18416938

申请日：2024-01-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Haiguang WANG ,  Xin KANG ,  Tieyan LI ,  Cheng Kang CHU ,  Zhongding LEI

IPC: H04L9/00 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L9/50 ,  H04L9/30 ,  H04L9/32

Abstract: This disclosure discloses a device management method, system, and apparatus. The method includes: A second device sends an identity file to a first access control node, to indicate the first access control node to store the identity file in a file system, where the identity file includes identity information of a first device and a public key of the second device. The second device receives a first identifier sent by the first access control node. The first identifier is used to read the identity file from the file system. After verification is performed on the second device and information about a device associated with the first device in association information and succeeds, the first access control node sends the identity file to the file system. The association information is stored in a database node and a blockchain.

公开(公告)号：US20230014494A1

公开(公告)日：2023-01-19

申请号：US17952879

申请日：2022-09-26

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhongding LEI ,  Haiguang WANG ,  Xin KANG

IPC: H04W12/71 ,  H04W12/06 ,  H04W12/75

Abstract: A communication method and apparatus are provided. The method includes: Second user equipment sends a second message, first user equipment sends a first message to a network device in response to the second message, to request to perform identity verification on the second user equipment, and the network device verifies whether an identity of the second user equipment is valid, and sends, to the first user equipment, a verification result indicating whether the identity of the second user equipment is valid. Alternatively, the first user equipment sends a third message for request the second user equipment to reply with information used for remote identification, and the second user equipment replies with a fourth message, where the fourth message includes the information used for remote identification on the second user equipment, and the third message and the fourth message are encrypted by using corresponding keys.

公开(公告)号：US20210320788A1

公开(公告)日：2021-10-14

申请号：US17304587

申请日：2021-06-23

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Xin KANG ,  Haiguang WANG ,  Zhongding LEI ,  Bo ZHANG

IPC: H04L9/08 ,  H04L9/32

Abstract: Example communication methods and apparatus are described. One example communication method includes that user equipment (UE) sends an N1 message to a security anchor function (SEAF), where the N1 message carries a Diffie-Hellman (DH) public parameter or a DH public parameter index, the N1 message further carries an encrypted identifier of the UE, and the encrypted identifier is obtained by encrypting a permanent identifier of the UE and a first DH public key. The UE receives an authentication request that carries a random number and that is sent by the SEAF. The UE sends, to the SEAF, an authentication response used to respond to the authentication request, where the authentication response carries an authentication result calculated based on a root key and the random number.

公开(公告)号：US20190394033A1

公开(公告)日：2019-12-26

申请号：US16563316

申请日：2019-09-06

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Xin KANG ,  Xuwu ZHANG ,  Yanjiang YANG ,  Haiguang WANG ,  Zhongding LEI

IPC: H04L9/08

Abstract: This application discloses a private key generation method and system, and a device. The method includes: sending, by a first network device, a first request to a second network device, where the first request includes a first parameter set; receiving, by the first network device, a first response message returned by the second network device, where the first response message includes a first sub-private key and a second parameter set, the first sub-private key is generated based on the first parameter set, and the first sub-private key is generated for a terminal device; generating, by the first network device, a second sub-private key based on the second parameter set, where the second sub-private key is generated for the terminal device; and synthesizing, by the first network device, the first sub-private key and the second sub-private key into a joint private key according to a synthesis formula.