Abstract: A security negotiation method includes receiving, by a terminal, security negotiation information from a centralized unit control plane (CU-CP)/a centralized unit user plane (CU-UP), where the security negotiation information includes an integrity protection indication identifier of the CU-UP, and determining, by the terminal based on the integrity protection indication identifier, whether to enable user-plane integrity protection of the terminal.

Abstract: An exchangeable optic fiber connector assembly, including a pair of optic fiber connectors and a switching structure, is provided. Each optic fiber connector has a first locking portion and a first stopping portion. The switching structure has a pair of guiding slots. The optic fiber connectors respectively pass through the guiding slots to be movable and rotatable along the corresponding guiding slots. The switching structure further has a plurality of second locking portions and a plurality of second stopping portions disposed at two opposite ends of each guiding slot. Each optic fiber connector is locked with one of the second locking portions through the first locking portion, and the second stopping portion next to the locked second locking portion is located on a moving path of the first stopping portion.

Abstract: The present invention provides a spin-orbit torque magnetic random access memory (SOT-MRAM) circuit, including a read transistor pair with two read transistors in parallel, a write transistor pair with two write transistors in parallel, a SOT memory cell with a magnetic tunnel junction (MTJ) and a SOT layer, wherein one end of the MTJ is connected to the source of the read transistor pair and the other end of the MTJ is connected to the SOT layer, and one end of the SOT layer is connected to a source line and the other of the SOT layer is connected to the source of the write transistor pair, a read bit line is connected to the drain of the read transistor pair and a write bit line is connected to the drain of the read transistor.

Abstract: A method for fabricating a semiconductor device includes the steps of forming a magnetic tunneling junction (MTJ) on a substrate, forming a spin orbit torque (SOT) layer on the MTJ, forming an inter-metal dielectric (IMD) layer around the MTJ and the SOT layer, forming a first hard mask on the IMD layer, forming a semiconductor layer on the first hard mask, and then patterning the first hard mask.

Abstract: This application provides a security context obtaining method and apparatus. The method includes: receiving, by a user plane gateway, a PDU session establishment request from UE, where the PDU session establishment request is used to request to establish a PDU session between the user plane gateway and the UE, and the PDU session is carried between the UE and a service server of a data network; and separately obtaining, by the user plane gateway and the UE, a security context used for the PDU session, and activating user plane security protection based on the security context. Therefore, during PDU session reestablishment, for example, PDU session reestablishment triggered by switching of the user plane gateway, a session management network element, and the like, the user plane gateway and the UE can obtain a new security context, thereby achieving end-to-end protection between the UE and the user plane gateway.

Abstract: The present invention provides a semiconductor device, the semiconductor device includes a metal interconnection on a substrate, in which a top view of the metal interconnection comprises a quadrilateral; and a magnetic tunneling junction (MTJ) on the metal interconnection, in which a top view of the MTJ comprises a circular shape, an area of the MTJ is smaller than an area of the metal interconnection.

Abstract: The present invention provides a semiconductor device, the semiconductor device includes a metal interconnection on a substrate, in which a top view of the metal interconnection comprises a quadrilateral; and a magnetic tunneling junction (MTJ) on the metal interconnection, in which a top view of the MTJ comprises a circular shape.

Abstract: A secure communication method includes a second terminal device that receives a first request message about a first terminal device from a relay, the first request message includes a PC5 user plane security policy of the first terminal device and a PC5 user plane security policy of the relay; determines first information according to a PC5 user plane security policy of the second terminal device, the PC5 user plane security policy of the first terminal device, and the PC5 user plane security policy of the relay; and sends the first information to the relay, the first information indicates a user plane security protection method of a first PC5 link and a user plane security protection method of a second PC5 link, where the user plane security protection method of the first PC5 link is the same as the user plane security protection method of the second PC5 link.

Abstract: A key derivation method, an apparatus, and a system. The method includes: user equipment (UE) receives an authentication success message from a mobility management function network element, generates a master session key (MSK) and an extended master session key (EMSK) based on the authentication success message; and determines whether an authentication device is located outside a 3rd generation partnership project (3GPP) network, to determine whether to obtain Kausf based on the EMSK or the MSK. Therefore, the UE can be compatible with a key derivation manner used when the authentication device is located outside the 3GPP network and a key derivation manner used when the authentication device is located inside the 3GPP network.

Abstract: A security implementation method includes obtaining, by a first device, a security policy of a session and at least one key, and sending, by the first device, protected data to a second device, where the protected data is obtained by protecting security of session data of the session using the at least one key based on the security policy of the session, and the second device is configured to restore the protected data using the at least one key based on the security policy to obtain the session data, where when the first device is a terminal device, the second device is an access network node or a user plane node, or when the first device is an access network node or a user plane node, the second device is a terminal device.

Abstract: A method, applied in an apparatus and computer readable storage medium, for establishing location of a target terminal in an obstructed environment comprises determining, based on indoor environmental information and data observed by a plurality of base stations in communication with the terminal, establishes lines of signals from the terminal scattered by local obstructions, and based on positional information as to the obstructions which cause the scattering, estimating a more precise positional information of the terminal.

Abstract: This application provides a key configuration method. A session management network element receives a request for end-to-end communication and obtains a security policy, where the security policy is determined based on at least one of: a user security requirement that is of the user equipment and that is preconfigured on a home subscriber server, a service security requirement from the user equipment, a security capability requirement supported by the user equipment, a security capability requirement from a carrier network, and a security requirement of a device on the other end of the end-to-end communication. The session management network element obtains a protection key used for protecting the end-to-end communication. The session management network element sends the security policy to the devices on two ends of the end-to-end communication.

Abstract: Embodiments of this application provide a communication method, apparatus, and system, to improve security of a V2X PC5 establishment procedure. The method includes: A first terminal device obtains a first security protection method, where the first security protection method is a security protection method determined in a discovery procedure between the first terminal device and a second terminal device; and the first terminal device determines a second security protection method according to the first security protection method, where the second security protection method is a security protection method for a PC5 connection between the first terminal device and the second terminal device. For example, a security level of the second security protection method is not lower than a security level of the first security protection method. The communication method is applicable to the V2X communication field.

Abstract: Embodiments of this application provide a communication method and an apparatus to resolve a PC5 unicast establishment failure due to inconsistency between security parameters of terminal devices in a V2X scenario with security negotiation introduced into a PC5 unicast establishment procedure. The communication method includes: A first direct communication discovery name management function network element obtains a security parameter of a first terminal device. A security parameter is required for establishing a PC5 connection between the first terminal device and a second terminal device.

Abstract: This application provides a method and an apparatus for invoking an API. The method includes: An API-providing network element receives an API-invoking request for a target application from an application server, where the API-invoking request is for requesting to operate information of a terminal device, and includes a first identifier of the terminal device and an identifier of the target application on the application server side; obtains an authorization result based on the first identifier of the terminal device and the identifier of the target application on an application server side, where the authorization result indicates whether the application server is allowed to operate the information of the terminal device; and determines, based on the authorization result, whether to allow the application server to operate the information of the terminal device.

Abstract: A secure communication method and apparatus are disclosed, to ensure security of a direct communication between terminal devices. In this application, a first terminal device may receive a key generation parameter from a first network element, where the key generation parameter includes a ProSe temporary identity of the first terminal device. Then, the first terminal device may generate a first discovery key based on the key generation parameter. The first terminal device sends a ProSe request message, where the ProSe request message includes the ProSe temporary identity and a message integrity code, and the message integrity code is generated based on the discovery key. The second terminal device receives the ProSe request message, and verifies the first terminal device based on the message integrity code, to ensure the security of a direct communication between the first terminal device and the second terminal device.

Abstract: Embodiments of this application provide a communication method and an apparatus, to ensure a multicast service data packet transmission security requirement. An access device may determine a user plane security active state of a multicast DRB in a PDU session, and indicate the user plane security active state of the multicast DRB to a terminal, where the user plane security active state includes whether integrity protection is activated and/or whether confidentiality protection is activated. In addition, the access device configures a multicast PDCP layer entity based on the user plane security active state of the DRB for transmitting multicast service data. The access device may further determine a user plane security active state of a unicast DRB, indicate the user plane security active state to the terminal, and modify a unicast PDCP layer entity.

Abstract: A method for determining a user plane security algorithm, a system, and an apparatus. The method may include: a second device selects a non-null user plane confidentiality protection algorithm based on a security capability of a first device and a security capability of the second device in a case in which user plane confidentiality protection between the second device and the first device is enabled and control plane confidentiality protection between the second device and the first device is not enabled. The second device sends a first message to the first device. The first message includes first algorithm indication information indicating the user plane confidentiality protection algorithm. Therefore, the first device can obtain the non-null user plane confidentiality protection algorithm. Embodiments can be adopted to determine an effective user plane confidentiality protection algorithm, for confidentiality protecting user plane data.

Abstract: Embodiments of this application provide a key management method and a communication apparatus, and relate to the field of communication technologies, to securely transmit multicast service data, and prevent an unauthorized terminal device from obtaining the multicast service data. The method includes: A terminal device obtains a target key, where the target key includes at least one of a target multimedia broadcast/multicast service service key MSK, a first sub-key corresponding to the target MSK, or a second sub-key corresponding to the target MSK, the first sub-key is for confidentiality protection calculation, and the second sub-key is for integrity protection calculation. The terminal device receives target data from a multicast user-plane processing network element, where the target data is data on which security protection is performed. Then, the terminal device processes the target data by using the target key.