Patents by Inventor Ao LEI
Ao LEI has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20250234402Abstract: This application pertains to the field of communication technologies, and provides a communication method, apparatus, and system. In the method, when a remote device has established a first relay connection to a first relay device by using a first PC5 connection mechanism, for example, a user plane based mechanism or a control plane based mechanism, if the remote device expects to switch the relay connection, the remote device may establish a second relay connection to a second relay device by preferentially reusing a connection mechanism used before relay connection switching, namely, the first PC5 connection mechanism, to improve PC5 connection switching efficiency, reduce a switching delay, and ensure continuity of a first service obtained by the remote device from a network.Type: ApplicationFiled: April 4, 2025Publication date: July 17, 2025Inventors: Ao Lei, Yizhuang Wu, He Li
-
Publication number: 20250234190Abstract: A communication method includes deriving a first key. The first key is determined based on a second key by using a first parameter value. The second key is a master key. The first parameter value is a 1st parameter value in a first set. The first set includes a plurality of parameter values associated with a secondary node to which a first cell belongs. The parameter value is a secondary node counter value. The communication method also includes deriving a third key based on the first key. The third key is one or more of a user plane key or a control plane key. The third key is used to perform encryption or data integrity protection on one or more of data or signaling between a terminal device and the first cell.Type: ApplicationFiled: March 31, 2025Publication date: July 17, 2025Inventors: Jiaojiao LI, Li QIANG, Junren CHANG, Ao LEI, Yizhuang WU, David LECOMPTE
-
Publication number: 20250126470Abstract: A communication method includes triggering, by a first network element, device authentication on a terminal. The communication method also includes, in response to the device authentication on the terminal being successful, verifying, by the first network element based on a preset binding relationship, whether a device identifier of the terminal matches a user identity. The user identity identifies a user who uses the terminal to request a service from a network. The communication method further includes triggering, by the first network element based on a verification result, the network to determine whether to provide the service for the terminal.Type: ApplicationFiled: December 23, 2024Publication date: April 17, 2025Inventors: Ao LEI, Yizhuang WU, Yang CUI
-
Patent number: 12273706Abstract: A method for determining a user plane security algorithm, a system, and an apparatus. The method may include: a second device selects a non-null user plane confidentiality protection algorithm based on a security capability of a first device and a security capability of the second device in a case in which user plane confidentiality protection between the second device and the first device is enabled and control plane confidentiality protection between the second device and the first device is not enabled. The second device sends a first message to the first device. The first message includes first algorithm indication information indicating the user plane confidentiality protection algorithm. Therefore, the first device can obtain the non-null user plane confidentiality protection algorithm. Embodiments can be adopted to determine an effective user plane confidentiality protection algorithm, for confidentiality protecting user plane data.Type: GrantFiled: February 6, 2023Date of Patent: April 8, 2025Assignee: Huawei Technologies Co., Ltd.Inventors: Ao Lei, He Li, Yizhuang Wu, Rong Wu
-
Publication number: 20250070988Abstract: A secure communication method includes receiving, by a first network element, first information and a first signature from a network management network element. The first signature is generated based on a private key of the network management network element and the first information, and the first information is used to describe the first network element. The method also includes sending, by the first network element, the first information and the first signature to a certificate issuing network element. The first information is used to obtain a first certificate, and the first certificate is used to prove an identity of the first network element. The method further includes receiving, by the first network element, the first certificate from the certificate issuing network element.Type: ApplicationFiled: November 15, 2024Publication date: February 27, 2025Inventors: Taoran SUN, Yizhuang WU, Lun LI, Yang CUI, Ao LEI
-
Publication number: 20250063348Abstract: This application provides example key management methods and example communication apparatuses. In an example method, a terminal device obtains identification information of a first decryption network element in a local network. The terminal device obtains, based on the identification information and a mapping relationship, a first encryption key corresponding to the first decryption network element, where the mapping relationship indicates at least one decryption network element and an encryption key corresponding to each of the at least one decryption network element, and the at least one decryption network element includes the first decryption network element. The terminal device encrypts the user identity information by using the first encryption key, to obtain a hidden user identity. The terminal device sends a registration request to the local network through an access network device, where the registration request includes the hidden user identity.Type: ApplicationFiled: November 5, 2024Publication date: February 20, 2025Inventors: Ao LEI, Yizhuang WU, Yang CUI, Li HU
-
Patent number: 12225090Abstract: Embodiments of this application provide a packet transmission method, a communication apparatus, and a communication system. A target transport layer proxy network element establishes a fourth transport layer connection based on a first context of a source transport layer proxy network element, where the first context is a context about packet transmission of the source transport layer proxy network element on a first path. If the target transport layer proxy network element receives first indication information, and the first indication information indicates that application context migration between a first application server and a second application server is completed, the target transport layer proxy network element performs transport layer processing on a packet on a second path based on a second context of the target transport layer proxy network element, and transmits, on the second path, a packet obtained through the transport layer processing. Hence, a packet loss can be avoided.Type: GrantFiled: June 29, 2023Date of Patent: February 11, 2025Assignee: Huawei Technologies Co., Ltd.Inventors: Fang Yu, Yan Li, Ao Lei
-
Publication number: 20250048076Abstract: A communication method and apparatus are provided. The method may include: A mobility management network element receives a transaction identifier of a remote terminal device and a name of a data network from a relay terminal device. The mobility management network element determines a subscription permanent identifier of the remote terminal device based on the transaction identifier, and then sends the subscription permanent identifier and the name of the data network to a session management network element. After receiving the subscription permanent identifier and the name of the data network, the session management network element determines, by using a data management network element based on the subscription permanent identifier and the name of the data network, whether to perform secondary authentication on the remote terminal device. Whether to perform secondary authentication on the remote terminal device can be determined by using the provided solution.Type: ApplicationFiled: October 21, 2024Publication date: February 6, 2025Inventors: He Li, Rong Wu, Ao Lei, Yizhuang Wu
-
Publication number: 20250048073Abstract: A communication method and apparatus are provided. The method includes: A network repository function network element receives a discovery request message including a type of a network element that requests to be discovered. The network repository function network element determines a second network element based on the type of the network element that requests to be discovered, and sends an identifier of a first dataset, a first token, and an identifier of the second network element to the first network element, where the first token authorizes the first network element to obtain the first dataset. According to the foregoing designs, the network repository function network element can provide, to the first network element, an identifier of a network element and information needed for obtaining the dataset, so that the first network element can determine, based on the dataset, whether to access the network element.Type: ApplicationFiled: October 21, 2024Publication date: February 6, 2025Applicant: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Lun LI, Yizhuang WU, Yang CUI, Ao LEI, Taoran SUN
-
Publication number: 20250016555Abstract: This application relates to communication technologies, and provides a channel key-based encryption method and an apparatus, to resolve a problem that a terminal cannot avoid an attack from a false base station before a security mode is enabled, and a security risk. The method includes: A network device broadcasts a system information block, indicating that channel key generation is supported, where the system information block includes a preamble and a resource configuration of a physical random access channel; receives, on the physical random access channel, a first message from a user equipment, where the first message includes the preamble; sends a second message to the user equipment, where the second message includes configuration information of a first time-frequency resource; receives, on the first time-frequency resource, a third message from the user equipment; and performs channel measurement based on the third message, to obtain a channel key.Type: ApplicationFiled: September 23, 2024Publication date: January 9, 2025Inventors: Hongyu Xiang, Lei Chen, Yang Cui, Yizhuang Wu, Ao Lei, Ruijie Li
-
Publication number: 20240305983Abstract: This application provides a communication method and apparatus, and relates to the communication field, to ensure proximity based service relay communication security. In the method, proximity based service authentication information #1 provided by a data management network element is used, so that a remote terminal and a network may authenticate each other and generate a proximity based service key used for communication between the remote terminal and a relay terminal. Further, the remote terminal device and the relay terminal device derive a communication protection key for a PC5 connection (namely, a connection between the remote terminal and the relay terminal) based on the proximity based service key, which may include at least one of an encryption key and an integrity protection key, so that proximity based service relay communication security is ensured, and a case such as user information leakage caused by an attack is avoided.Type: ApplicationFiled: May 17, 2024Publication date: September 12, 2024Applicant: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Yizhuang Wu, Ao Lei, He Li
-
Publication number: 20240291849Abstract: Embodiments of this application provide a method for obtaining a security classification result and a communication apparatus. The method includes: A security function network element determines to perform security analytics on a target location area; and the security function network element determines a security classification result of the target location area based on first information, where the security classification result indicates a degree to which a potential attack exists in the target location area, the first information is related to behavior information of a terminal device in the target location area, and the behavior information includes traffic data and/or movement track information. According to this application, security analytics may be performed on a location area, to obtain a security classification result of the location area.Type: ApplicationFiled: May 9, 2024Publication date: August 29, 2024Applicant: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Ao LEI, Yizhuang WU, Yang CUI, Taoran SUN
-
Publication number: 20240236755Abstract: The present disclosure provides example traffic routing methods, apparatuses, and systems. One example method includes receiving a routing rule from a session management network element in a session management process, wherein the routing rule indicates at least one of the following: to send a first traffic to a first function entity, or to send a second traffic to a second function entity or an access device, where the first traffic is a traffic on which first traffic steering control is to be performed, and the second traffic is a traffic on which the first traffic steering control has been performed; and transmitting a received traffic according to the routing rule.Type: ApplicationFiled: March 25, 2024Publication date: July 11, 2024Inventors: Yongcui LI, Ao LEI, Hui NI
-
Publication number: 20240224355Abstract: A method for determining a key obtaining manner, a communication method, and a communication apparatus. In response to a preset condition being met, a first terminal device sends a first message to a second terminal device, where the first message includes first indication information. The first indication information indicates a first PC5 key in a control plane manner is to be obtained, and the first PC5 key is a key used for a PC5 link between the first terminal device and the second terminal device. The first terminal device receives, from the second terminal device, a response message of the first message, where the response message indicates whether the second terminal device is able to obtain the first PC5 key.Type: ApplicationFiled: March 15, 2024Publication date: July 4, 2024Inventors: Ao LEI, He LI, Yizhuang WU
-
Publication number: 20240214365Abstract: This application provides a communication method and apparatus. The method includes: A first network element receives a first request message from a second network element, where the first request message is used to request to perform a first operation on a first terminal device. The first network element determines, based on the first request message, whether the second network element is authorized to request to perform the first operation on the first terminal device. Whether a network element that sends a request message is authorized to request to perform a related operation is verified, to determine whether the network element is an attacker. This reduces impact on a system service resulting from requests of an attacker and improves system security.Type: ApplicationFiled: August 21, 2023Publication date: June 27, 2024Applicant: HUAWEI TECHNOLOGIES CO., LTD.Inventors: He Li, Ao Lei, Rong Wu
-
Patent number: 11963032Abstract: The present disclosure provides example traffic routing methods, apparatuses, and systems. One example method includes determining, by a session management network element, a routing rule, where the routing rule indicates a first traffic steering entity to send a first traffic to a first function entity, or send a second traffic to a second function entity or an access device, where the first traffic is a traffic on which first traffic steering control is to be performed, and the second traffic is a traffic on which the first traffic steering control has been performed. The routing rule is sent by the session management network element to the first traffic steering entity in a session management process.Type: GrantFiled: May 6, 2022Date of Patent: April 16, 2024Assignee: Huawei Technologies Co., Ltd.Inventors: Yongcui Li, Ao Lei, Hui Ni
-
Publication number: 20240080345Abstract: A method may include: a first terminal device receiving a first identifier from a core network element, where the first identifier is used to modify a security protection policy of a terminal device; in a process in which the first terminal device establishes a connection to a second terminal device for a service, the first terminal device determines, based on the first identifier, whether to enable security protection for the connection; and the first terminal device sends first information to the second terminal device, where the first information indicates whether to enable security protection for the connection.Type: ApplicationFiled: November 10, 2023Publication date: March 7, 2024Inventors: Ao Lei, Yizhuang Wu, He Li
-
Publication number: 20230421642Abstract: Embodiments of this application provide a packet transmission method, a communication apparatus, and a communication system. A target transport layer proxy network element establishes a fourth transport layer connection based on a first context of a source transport layer proxy network element, where the first context is a context about packet transmission of the source transport layer proxy network element on a first path. If the target transport layer proxy network element receives first indication information, and the first indication information indicates that application context migration between a first application server and a second application server is completed, the target transport layer proxy network element performs transport layer processing on a packet on a second path based on a second context of the target transport layer proxy network element, and transmits, on the second path, a packet obtained through the transport layer processing. Hence, a packet loss can be avoided.Type: ApplicationFiled: June 29, 2023Publication date: December 28, 2023Inventors: Fang Yu, Yan Li, Ao Lei
-
Publication number: 20230354028Abstract: First user equipment generates a first temporary identifier based on a first key; the first user equipment sends a first request to second user equipment, where the first request is used to establish a communication connection between the first user equipment and the second user equipment, and the first request includes the first temporary identifier and a relay service code; and the first user equipment generates a shared key based on a second key and the relay service code, where the shared key is used to protect the communication connection between the first user equipment and the second user equipment.Type: ApplicationFiled: July 10, 2023Publication date: November 2, 2023Inventors: Yizhuang Wu, Ao Lei, Taoran Sun
-
Patent number: 11722574Abstract: Embodiments of this application provide a packet transmission method, a communication apparatus, and a communication system. A target transport layer proxy network element establishes a fourth transport layer connection based on a first context of a source transport layer proxy network element, where the first context is a context about packet transmission of the source transport layer proxy network element on a first path. If the target transport layer proxy network element receives first indication information, and the first indication information indicates that application context migration between a first application server and a second application server is completed, the target transport layer proxy network element performs transport layer processing on a packet on a second path based on a second context of the target transport layer proxy network element, and transmits, on the second path, a packet obtained through the transport layer processing. Hence, a packet loss can be avoided.Type: GrantFiled: May 27, 2022Date of Patent: August 8, 2023Assignee: Huawei Technologies Co., Ltd.Inventors: Fang Yu, Yan Li, Ao Lei