Patents by Inventor Chengdong He
Chengdong He has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240022910Abstract: A signaling protection method, apparatus, and system prevents an NF from spoofing an NF of another PLMN under a shared SEPP to access a peer PLMN service, so that system security is improved. A first SEPP serving a first PLMN receives a third service request that is from an NF of the first PLMN and that is sent to an NF of a second PLMN. A second SEPP serves the second PLMN, and a connection that is between the first SEPP and the second SEPP and is for the first PLMN and the second PLMN includes first N32-f. The first SEPP determines a first PLMN identifier based on configuration information. The first SEPP determines a first N32-f context context identifier corresponding to the first PLMN identifier, where the first N32-f context identifier corresponds to the first N32-f.Type: ApplicationFiled: September 27, 2023Publication date: January 18, 2024Inventors: Fei LI, Chengdong HE
-
Patent number: 11825303Abstract: A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.Type: GrantFiled: July 18, 2022Date of Patent: November 21, 2023Assignee: Huawei Technologies Co., Ltd.Inventors: Chengdong He, Hua Li
-
Publication number: 20230156042Abstract: Embodiments of this application disclose a trusted communication method. A core network device may detect, based on trusted policy information, whether a non-access stratum NAS message or user data that passes through the core network device is abnormal. When it is detected that the NAS message or the user data is abnormal, the NAS message or a service corresponding to the user data may be notified or blocked, and exception information notification signaling may be reported to a trusted control node (an independent network function entity, an existing control network element, or an existing management network element). In this way, the trusted control node can update the trusted policy information in a timely manner, or notify each network element to take a trusted protection operation. This effectively improves security of a communication system.Type: ApplicationFiled: January 13, 2023Publication date: May 18, 2023Applicant: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Yan ZHOU, Chengdong HE, Qingchun LIN
-
Patent number: 11647391Abstract: Embodiments of this application provide a security protection method, a device, and a system, to improve data transmission security. The method includes: determining, by a terminal, a session management network element, or a mobility management network element, whether a security protection policy determined by an access network device is consistent with a user plane security policy delivered by the session management network element to the access network device; and if the security protection policy determined by the access network device is inconsistent with the user plane security policy delivered by the session management network element to the access network device, performing processing according to a preset policy.Type: GrantFiled: February 19, 2021Date of Patent: May 9, 2023Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Bo Zhang, Chengdong He
-
Patent number: 11595817Abstract: Embodiments of this application provide an authentication method, device, and system, to resolve problems of wastage of performance and memory resources that may be caused by remaining n?1 unused authentication vectors (AVs).Type: GrantFiled: March 30, 2020Date of Patent: February 28, 2023Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Chengdong He, Hua Li
-
Publication number: 20230019000Abstract: Embodiments of this application relate to a service authorization method and system, and an apparatus. The method includes: A first NRF receives a first request requesting an access token for accessing service of a second NF in a second network from a first NF, where the first NF and the first NRF are located in a first network, and the first request includes SNPN information of the first network and/or the second network. The first NRF forwards the first request to a second NRF located in the second network. The second NRF generates an access token in response to the first request, where the access token includes the SNPN information of the first network and/or the second network. The second NRF sends the access token to the first NRF. The first NRF receives the access token and sends the access token to the first NF.Type: ApplicationFiled: September 22, 2022Publication date: January 19, 2023Inventors: Fei LI, Chengdong HE
-
Publication number: 20230007475Abstract: A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.Type: ApplicationFiled: July 18, 2022Publication date: January 5, 2023Inventors: Chengdong HE, Hua LI
-
Publication number: 20220415036Abstract: A method for analyzing experimental data related to quantum system by using neural network by an electronic device is provided. The method includes: generating a training dataset according to experimental data; performing one or more filtering operations on the training dataset to generate one or more filtered training datasets respectively corresponding to the filtering operations; training a first neural network and a second neural network by inputting the original and filtered training datasets; evaluating the first and the second neural network; obtaining one or more classification accuracies of the first and the second neural network; identifying the differences between pairs of classification accuracies; and determining impact level of each information preserved or removed by each of the filtering operations according to the differences.Type: ApplicationFiled: June 22, 2022Publication date: December 29, 2022Inventors: Gyu Boong JO, Junwei LIU, Entong ZHAO, Chengdong HE, Zejian REN, Elnur HAJIYEV, Jeongwon LEE
-
Patent number: 11503467Abstract: Example authentication methods, devices, and systems are provided, where those example can be used to verify validity of access location information of a next generation-residential gateway (NG-RG) in a fixed-mobile convergence architecture. One example method includes a network device receiving first link information that is used to represent an access location of a residential gateway, and the network device obtaining second link information of the residential gateway. When the first link information matches partial or all information of the second link information, or when the first link information matches partial or all information of one link information of the second link information, the network device verifies validity of the access location of the residential gateway.Type: GrantFiled: February 25, 2021Date of Patent: November 15, 2022Assignee: Huawei Technologies Co., Ltd.Inventors: Hua Li, Chengdong He, Bo Zhang
-
Patent number: 11405780Abstract: A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.Type: GrantFiled: July 9, 2020Date of Patent: August 2, 2022Assignee: Huawei Technologies Co., Ltd.Inventors: Chengdong He, Hua Li
-
Publication number: 20220053446Abstract: Embodiments of this application relate to a registration method and apparatus to ensure that user equipment does not discard and processes a received authentication request message sent by a target AMF. In the registration method, an initial AMF sends indication information to the UE, or the target AMF sends, to the UE, the authentication request message that includes indication information, where the indication information is used to indicate the UE to delete an NAS security context. The UE deletes the NAS security context, processes the received authentication request message, and sends an authentication response message to the target AMF. Alternatively, the UE directly processes a received authentication request message without security protection, and sends an authentication response message to the target AMF.Type: ApplicationFiled: October 28, 2021Publication date: February 17, 2022Inventors: Juan DENG, Chengdong HE
-
Publication number: 20210400482Abstract: An authentication result update method and a communications apparatus, where the authentication result update method includes: determining that an authentication result of a terminal device in a first serving network needs to be updated; and sending a first service invocation request to an authentication server, where the first service invocation request is used to request to update the authentication result stored in a unified data management device, where visited network spoofing can be prevented after authentication is completed, and where network security can be improved.Type: ApplicationFiled: September 1, 2021Publication date: December 23, 2021Inventors: Xuwen Zhao, Chengdong He
-
Publication number: 20210351925Abstract: A communication method and a related product are provided. The communication method includes: When UE switches from a source slice to a target slice mutually exclusive with the source slice, both the UE and a target AMF serving the target slice can obtain a first AMF key Kamf_new. The first AMF key Kamf_new is different from a second AMF key Kamf, and the second AMF key Kamf is a key of a source AMF serving the source slice. According to the application communication security and effectiveness are significantly improved_in a mutually exclusive slice switching scenario.Type: ApplicationFiled: July 20, 2021Publication date: November 11, 2021Inventors: Juan DENG, Chengdong HE
-
Publication number: 20210281986Abstract: A vehicle-to-everything (V2X) abnormal behavior detection method applied to a vehicle communications system that includes a V2X sending terminal, a V2X receiving terminal, and a V2X server. The method includes that the V2X receiving terminal receives a V2X message from the V2X sending terminal. The V2X receiving terminal determines, according to an abnormal behavior detection policy, that the V2X message is an abnormal message. The V2X receiving terminal sends a report message including the V2X message to the V2X server.Type: ApplicationFiled: May 13, 2021Publication date: September 9, 2021Inventors: Jintao Zhu, Fei Li, Chengdong He
-
Patent number: 11096142Abstract: A terminal device location determining method and a device. A core network device obtains location information of a terminal device reported by the terminal device and location information reported by a first base station. The core network device determines whether the location information of the terminal device matches the location information reported by the first base station, and if the location information of the terminal device does not match the location information reported by the first base station, the core network device sends a reject message to the terminal device. By determining, through comparison, whether the location information of the terminal device reported by the terminal device matches the location information reported by the base station, it can be determined whether a location of the terminal device is incorrectly determined.Type: GrantFiled: August 27, 2020Date of Patent: August 17, 2021Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Chengdong He, Hua Li, Xuwen Zhao
-
Patent number: 11089479Abstract: A signaling attack prevention method and apparatus is provided. The signaling attack prevention method can include receiving a Diameter request message sent by a mobility management entity (MME) or a serving general packet radio service (GPRS) support node (SGSN); and determining whether the Diameter request message is received through a roaming interface. When the Diameter request message is received from the roaming interface, the signaling attack prevention method can include determining whether a characteristic parameter of the Diameter request message is valid; and if the characteristic parameter of the Diameter request message is invalid, the method can include discarding Diameter request message or returning, to the MME or the SGSN, a Diameter response message carrying an error code. In this way, a hacker can be effectively prevented from attacking an HSS or an edge node by using each attack path, and communication security is improved.Type: GrantFiled: February 28, 2019Date of Patent: August 10, 2021Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventor: Chengdong He
-
Publication number: 20210185527Abstract: Example authentication methods, devices, and systems are provided, where those example can be used to verify validity of access location information of a next generation-residential gateway (NG-RG) in a fixed-mobile convergence architecture. One example method includes a network device receiving first link information that is used to represent an access location of a residential gateway, and the network device obtaining second link information of the residential gateway. When the first link information matches partial or all information of the second link information, or when the first link information matches partial or all information of one link information of the second link information, the network device verifies validity of the access location of the residential gateway.Type: ApplicationFiled: February 25, 2021Publication date: June 17, 2021Inventors: Hua LI, Chengdong HE, Bo ZHANG
-
Publication number: 20210185538Abstract: Embodiments of this application provide a security protection method, a device, and a system, to improve data transmission security. The method includes: determining, by a terminal, a session management network element, or a mobility management network element, whether a security protection policy determined by an access network device is consistent with a user plane security policy delivered by the session management network element to the access network device; and if the security protection policy determined by the access network device is inconsistent with the user plane security policy delivered by the session management network element to the access network device, performing processing according to a preset policy.Type: ApplicationFiled: February 19, 2021Publication date: June 17, 2021Inventors: Bo ZHANG, Chengdong HE
-
Publication number: 20210176080Abstract: In a method for enabling a message receive end to quickly confirm a certificate status, a defined field of a certificate includes classification information of the certificate, and a defined field of a certificate revocation list includes classification information of a revoked certificate, so that the receive end can quickly narrow a searching or matching range in massive records of the certificate revocation list based on the classification information carried in the certificate of a transmit end.Type: ApplicationFiled: February 23, 2021Publication date: June 10, 2021Inventors: Fei Li, Jintao Zhu, Chengdong He, Tao Bai
-
Patent number: 10972917Abstract: A signaling attack prevention method and apparatus, where the method includes receiving a general packet radio service (GPRS) Tunneling Protocol (GTP-C) message from a serving gateway (SGW), determining whether the GTP-C message is received from an eighth data interface (S8), determining whether a first characteristic parameter of the GTP-C message is valid when the GTP-C message is received from the S8 interface, where the first characteristic parameter includes at least one of an international mobile subscriber identity (IMSI) of a user, or an identifier of a message source end of the GTP-C message, and discarding the GTP-C message or returning, to the SGW, a GTP-C response message carrying an error code cause value when the first characteristic parameter of the GTP-C message is invalid.Type: GrantFiled: February 28, 2019Date of Patent: April 6, 2021Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventor: Chengdong He