公开(公告)号：US20230362201A1

公开(公告)日：2023-11-09

申请号：US18348905

申请日：2023-07-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li HU ,  Rong WU

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/102

Abstract: Embodiments of this application provide a security policy processing method and a communication device. A target access network device receives, from a source access network device, a message that includes indication information. Then, when the indication information indicates that a terminal device supports on-demand user plane security protection between the terminal device and an access network device, the target access network device sends, to a mobility management entity, a path switch request that carries a user plane security policy 021, where the user plane security policy indicates whether to enable user plane integrity protection.

公开(公告)号：US20200162906A1

公开(公告)日：2020-05-21

申请号：US16749911

申请日：2020-01-22

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li HU ,  Jing CHEN

IPC: H04W12/04 ,  H04W36/00 ,  H04W36/08

Abstract: The present disclosure discloses a communication method and a device. The method is performed by a target base station and includes: receiving a handover request from a source base station, where the handover request includes a first key and first indication information, and the first indication information is used to indicate whether the first key is an updated key; and sending second indication information to the source base station based on the handover request, where the second indication information is used to indicate whether an access layer key between the target base station and a terminal device is an updated key. Using the embodiments of the present disclosure helps resolve a problem that a potential security risk exists in data transmitted between the terminal device and the target base station, and helps resolve a problem that a key change of the terminal device is not controlled by the base station.

公开(公告)号：US20200092722A1

公开(公告)日：2020-03-19

申请号：US16678314

申请日：2019-11-08

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li HU ,  Jing CHEN ,  Huan LI

IPC: H04W12/06 ,  H04W12/12

Abstract: A data packet verification method and a device improve network security. The method includes: receiving a data packet of a terminal device, where the data packet carries a first token and a service identifier, and the service identifier is used to indicate a type of a service to which the data packet belongs; obtaining first input information based on the data packet, and generating a second token based on the first input information, where the first input information includes an identifier of the terminal device and the service identifier carried in the data packet; and sending the data packet when the first token is the same as the second token.

公开(公告)号：US20230379700A1

公开(公告)日：2023-11-23

申请号：US18362155

申请日：2023-07-31

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Haoren ZHU ,  Hualin ZHU ,  Li HU ,  Yizhuang WU

IPC: H04W12/041 ,  H04W12/033 ,  H04L9/08

CPC classification number: H04W12/041 ,  H04W12/033 ,  H04L9/0819

Abstract: This application discloses a security parameter obtaining method, an apparatus, and a system, to ensure security of a private network service. In this application, security parameters used to derive an air interface control plane key and an air interface user plane key are separately generated, the security parameter used to derive the air interface user plane key is derived by using a root key of a private network, and derivation is completed in the private network, to prevent the root key of the private network and a process of deriving the security parameter from being exposed in a public network. In this way, when the air interface user plane key is used to securely transmit service data, security of service data transmission over an air interface can be improved.

公开(公告)号：US20210136070A1

公开(公告)日：2021-05-06

申请号：US17148234

申请日：2021-01-13

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li HU ,  Weisheng JIN ,  Jing CHEN ,  He LI

IPC: H04L29/06 ,  G06F7/58

Abstract: Example subscription information configuration methods and a communications device are described. One example method includes receiving a first device identifier by a network device from a first terminal device in a first access mode and receiving a second device identifier from a second terminal device in a second access mode. The network device determines whether the first device identifier matches the second device identifier to identify legality of the first terminal device. If the first device identifier matches the second device identifier, it indicates that the first terminal device is a legal terminal device. The network device sends subscription information of the first terminal device to the first terminal device in the first access mode, so that the first terminal device successfully accesses a network by using the subscription information.

公开(公告)号：US20230013010A1

公开(公告)日：2023-01-19

申请号：US17955614

申请日：2022-09-29

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Yizhuang WU ,  He LI ,  Li HU

IPC: H04W12/041 ,  H04W8/20 ,  H04W76/11

Abstract: A method for obtaining an identifier of a terminal device includes a key management network element receiving, from a first terminal device, a first key request including a first identifier, where the first identifier is an anonymous identifier or a temporary identifier of a second terminal device. The key management network element sends, to a unified data management network element, a first request including the first identifier. The unified data management network element determines a SUPI of the second terminal device based on the first identifier, and sends, to the key management network element, a first response including the SUPI. In response to an authorization check performed on the second terminal device based on the SUPI succeeds, the key management network element sends a first key response to the first terminal device, where the first key response includes a secure communication parameter.

公开(公告)号：US20210204181A1

公开(公告)日：2021-07-01

申请号：US17201974

申请日：2021-03-15

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chao CHEN ,  Li HU ,  Zhongli ZHANG

IPC: H04W36/00 ,  H04W36/32 ,  H04W12/041 ,  H04W12/037 ,  H04W76/27

Abstract: Example wireless communication methods and apparatus are described. One example method includes a terminal initiates a reestablishment procedure when a handover procedure of the terminal fails. When a base station reselected by the terminal is a base station (that is, a target base station) to which the terminal is handed over in a handover procedure, and because a key of the base station is updated in the handover procedure, the base station includes key derivation information in a reestablishment message to be sent to the terminal. Therefore, the terminal can update a key of the terminal based on the key derivation information, so that the key of the terminal can be consistent with the key of the base station.

公开(公告)号：US20240284174A1

公开(公告)日：2024-08-22

申请号：US18650700

申请日：2024-04-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： He LI ,  Rong WU ,  Li HU

IPC: H04W12/06 ,  H04W8/22 ,  H04W12/041 ,  H04W12/72

CPC classification number: H04W12/06 ,  H04W8/22 ,  H04W12/041 ,  H04W12/72

Abstract: This application provides a communication method, apparatus, and system, to determine a mode for authenticating a terminal device. The communication system includes unified data management and an authentication server function. The unified data management determines, based on anonymous domain information and configuration information, an authentication mode for authenticating the terminal device, and send an authentication obtaining response message to the authentication server function. The anonymous domain information indicates an identifier of a network to which an authentication device capable of authenticating the terminal device belongs, and the authentication mode includes an external authentication mode or an internal authentication mode. The configuration information includes an identifier of one or more networks corresponding to the external authentication mode and/or an identifier of one or more networks corresponding to the internal authentication mode, and the authentication obtaining response message includes the authentication indication information indicating the authentication mode.

公开(公告)号：US20240244087A1

公开(公告)日：2024-07-18

申请号：US18621939

申请日：2024-03-29

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Li HU ,  Rong WU

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/12

Abstract: This application provides a data invocation method and an apparatus. The method may include: An authorization verification network element receives a data invocation request message from a service consumer network element, where the data invocation request message includes an identifier of a terminal device, and the data invocation request message is used to request to invoke data of the terminal device. The authorization verification network element determines whether the service consumer network element has a capability of supporting stopping data processing. In response to the service consumer network element does not have the capability of supporting stopping data processing, the authorization verification network element rejects the data invocation request message of the service consumer network element. This solution can meet a requirement of a user for exercising a right of revocation on data use.

公开(公告)号：US20240223548A1

公开(公告)日：2024-07-04

申请号：US18606051

申请日：2024-03-15

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Yishan XU ,  Li HU ,  Hualin ZHU

IPC: H04L9/40

CPC classification number: H04L63/08

Abstract: Embodiments of this application provide a communication method and a communication device. The communication method includes: A mobility management device obtains first information of a terminal device, where the first information includes a home network identifier and/or a routing indicator that are/is of the terminal device, the first information indicates the mobility management device to select a second authentication device of a second network, a credential of the terminal device belongs to the second network, and the second authentication device is not deployed in the second network. The mobility management device selects a first authentication device based on the first information, where the first authentication device and the mobility management device belong to a first network. According to the method, in this application, the terminal device can be enabled to perform authentication when the second authentication device is not deployed in the second network.