Patents by Inventor Zhongding Lei

Zhongding Lei has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20250063364
    Abstract: Embodiments of this application provide a communication method and a network element device. The method includes: A first network function network element obtains integrity-protected attestation information, where the attestation information includes an attestation result and range indication information associated with the attestation result; generates a service request message when determining that a service provided by a second network function network element is to be requested; and sends the service request message to the second network function network element, where the service request message includes the attestation information and an identifier of the first network function network element. The method disclosed in this application can prevent and mitigate a potential security risk faced by a network function in a mobile communication network, especially faced by a network function implemented in a software or virtualization manner.
    Type: Application
    Filed: November 6, 2024
    Publication date: February 20, 2025
    Inventors: Zhongding LEI, Haiguang WANG, Xin KANG, Tieyan LI, Yizhuang WU
  • Patent number: 12114154
    Abstract: Embodiments provide a communication method and a related product. The method includes: After primary authentication between a core network and a user equipment succeeds, a network function entity in the core network assists a data network in performing secondary authentication between the data network and the user equipment if the secondary authentication further needs to be performed between the data network and the user equipment; the network function entity obtains an authentication result of the secondary authentication and a restriction condition of the secondary authentication from the data network; and the network function entity stores the authentication result and the restriction condition into the core network. The restriction condition may be introduced for the secondary authentication, to make it possible that the authentication result is properly restricted for use, and to lay a foundation for effective management of the authentication result of the secondary authentication.
    Type: Grant
    Filed: February 15, 2022
    Date of Patent: October 8, 2024
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Zhongding Lei
  • Patent number: 12081976
    Abstract: Embodiments provide a communication method and a related product. The method includes: After primary authentication between a core network and a user equipment succeeds, a network function entity in the core network assists a data network in performing secondary authentication between the data network and the user equipment if the secondary authentication further needs to be performed between the data network and the user equipment; the network function entity obtains an authentication result of the secondary authentication and a restriction condition of the secondary authentication from the data network; and the network function entity stores the authentication result and the restriction condition into the core network. The restriction condition may be introduced for the secondary authentication, to make it possible that the authentication result is properly restricted for use, and to lay a foundation for effective management of the authentication result of the secondary authentication.
    Type: Grant
    Filed: February 15, 2022
    Date of Patent: September 3, 2024
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Zhongding Lei
  • Publication number: 20240223613
    Abstract: Embodiments of this application provide a network security management method and an apparatus. The method includes: receiving, by a first network device, a session request sent by a terminal device, where the session request is used to request establishment of a first session with a first data network, the session request includes first authentication information for the first session, and the first authentication information includes identifier information of the first data network; obtaining, by the first network device, second authentication information for a second session of the terminal device, where the second authentication information includes identifier information of a second data network to which the second session is connected; and if the identifier information of the first data network is the same as the identifier information of the second data network, authorizing the terminal device to establish the first session with the first data network.
    Type: Application
    Filed: January 17, 2024
    Publication date: July 4, 2024
    Inventors: Zhongding Lei, Lichun Li, Haiguang Wang, Xin Kang
  • Publication number: 20240195839
    Abstract: Embodiments of the present disclosure disclose a data transmission method and a related device. The method includes: receiving a first data packet from a terminal device, where the first data packet includes a first QoT level of a service corresponding to the first data packet and a forwarding policy of the first data packet; obtaining a second QoT level of a second network device; and sending the first data packet to the second network device based on the first QoT level and the second QoT level and according to the forwarding policy. Embodiments of this disclosure help construct a trusted network route for data transmission.
    Type: Application
    Filed: January 30, 2024
    Publication date: June 13, 2024
    Inventors: Haiguang WANG, Xin KANG, Tieyan LI, Cheng Kang CHU, Zhongding LEI
  • Publication number: 20240179614
    Abstract: A communication method and apparatus are provided. The method includes receiving, by an admission control network function, a first message including first parameter information used to update a number of terminal devices or sessions in a first network slice. The admission control network function verifies validity of the first parameter information. If the first parameter information is valid, the admission control network function updates the number of terminal devices or sessions in the first network slice. When the first parameter information is false, it indicates that the first parameter information is forged incorrect information, and the number of terminal devices or sessions in the first network slice is not updated. Incorrect updating, caused by a false message, on a configuration of a network slice can thereby be reduced, and stability of a service provided by the network slice can be improved.
    Type: Application
    Filed: February 6, 2024
    Publication date: May 30, 2024
    Inventors: Zhongding Lei, Haiguang Wang
  • Publication number: 20240163119
    Abstract: This disclosure discloses a device management method, system, and apparatus. The method includes: A second device sends an identity file to a first access control node, to indicate the first access control node to store the identity file in a file system, where the identity file includes identity information of a first device and a public key of the second device. The second device receives a first identifier sent by the first access control node. The first identifier is used to read the identity file from the file system. After verification is performed on the second device and information about a device associated with the first device in association information and succeeds, the first access control node sends the identity file to the file system. The association information is stored in a database node and a blockchain.
    Type: Application
    Filed: January 19, 2024
    Publication date: May 16, 2024
    Inventors: Haiguang WANG, Xin KANG, Tieyan LI, Cheng Kang CHU, Zhongding LEI
  • Publication number: 20240129843
    Abstract: A slice admission control method and a communication apparatus. For each slice of each UE, a determination is made to release a quota in a slice and that is occupied by the UE by using a single slice as a granularity and based on whether a slice use status of the UE is idle, or by setting valid duration in which the UE is admitted to the slice. The determination to release a quota in a slice and that is occupied by the UE enables the UE to not occupy a slice quota for a long time even in response to the UE not using the slice, and reduces a probability of a denial of services to another UE.
    Type: Application
    Filed: December 27, 2023
    Publication date: April 18, 2024
    Inventor: Zhongding LEI
  • Patent number: 11956715
    Abstract: A terminal device obtains first slice selection assistance information, where the first slice selection assistance information is obtained by encrypting second slice selection assistance information, and the second slice selection assistance information is selection assistance information of a slice to which the terminal device is allowed to access. The terminal device sends a registration request message to an access network device, where the registration request message includes the first slice selection assistance information.
    Type: Grant
    Filed: October 25, 2021
    Date of Patent: April 9, 2024
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Hao Hu, Zhongding Lei, Rong Wu, Bo Zhang
  • Patent number: 11917054
    Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.
    Type: Grant
    Filed: August 11, 2022
    Date of Patent: February 27, 2024
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Zhongding Lei, Lichun Li, Bo Zhang, Fei Liu, Haiguang Wang, Xin Kang
  • Patent number: 11909869
    Abstract: Communication methods and apparatus are described. One communication method includes that user equipment (UE) sends an N1 message to a security anchor function (SEAF), where the N1 message carries a Diffie-Hellman (DH) public parameter or a DH public parameter index, the N1 message further carries an encrypted identifier of the UE, and the encrypted identifier is obtained by encrypting a permanent identifier of the UE and a first DH public key. The UE receives an authentication request that carries a random number and that is sent by the SEAF. The UE sends, to the SEAF, an authentication response used to respond to the authentication request, where the authentication response carries an authentication result calculated based on a root key and the random number.
    Type: Grant
    Filed: June 23, 2021
    Date of Patent: February 20, 2024
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Xin Kang, Haiguang Wang, Zhongding Lei, Bo Zhang
  • Patent number: 11895157
    Abstract: Embodiments of this application provide a network security management method and an apparatus. The method includes: receiving, by a first network device, a session request sent by a terminal device, where the session request is used to request establishment of a first session with a first data network, the session request includes first authentication information for the first session, and the first authentication information includes identifier information of the first data network; obtaining, by the first network device, second authentication information for a second session of the terminal device, where the second authentication information includes identifier information of a second data network to which the second session is connected; and if the identifier information of the first data network is the same as the identifier information of the second data network, authorizing the terminal device to establish the first session with the first data network.
    Type: Grant
    Filed: September 7, 2022
    Date of Patent: February 6, 2024
    Assignee: HUAWEI INTERNATIONAL PTE. LTD.
    Inventors: Zhongding Lei, Lichun Li, Haiguang Wang, Xin Kang
  • Patent number: 11871223
    Abstract: An authentication method, apparatus, and device. The method includes sending, by a core network device, an authentication request message of a user to a data network device, where the authentication request message requests that the data network device perform identity authentication on the user, and receiving, by the core network device, an authentication response message sent by the data network device, where the authentication response message comprises first information, and the first information indicates user identity information of the user.
    Type: Grant
    Filed: October 11, 2021
    Date of Patent: January 9, 2024
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Zhongding Lei, Xin Kang, Haiguang Wang
  • Patent number: 11863977
    Abstract: A key generation method includes a user plane network function and a terminal device obtain key update information sent by each other. The user plane network function updates, by using the obtained key update information, a sub-key derived from a permanent key, to obtain a new protection key. The terminal device updates, by using the obtained key update information, a sub-key derived from the permanent key, to obtain a new protection key. The terminal device and the user plane network function perform, by using the new protection key, security protection on user plane data transmitted between the terminal device and the user plane network function.
    Type: Grant
    Filed: April 28, 2021
    Date of Patent: January 2, 2024
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Zhongding Lei, Haiguang Wang, Xin Kang
  • Publication number: 20230269577
    Abstract: This application provides a slice isolation method, an apparatus, and a system. An example method includes: A first network device obtains information about a first slice of user equipment; and the first network device obtains a second key in response to determining that the information about the first slice does not match information about a second slice that the user equipment requests to access. The second key is for performing security protection on at least one of the information about the second slice or information that is in a process in which the user equipment accesses the second slice.
    Type: Application
    Filed: May 1, 2023
    Publication date: August 24, 2023
    Inventor: Zhongding LEI
  • Publication number: 20230102604
    Abstract: Embodiments of this application disclose a slice service verification method and apparatus, to improve network security. The method in embodiments of this application includes: A slice service verification function entity receives a first message sent by a terminal device, where the first message carries an identifier of a first network slice and a first message authentication code, and the first message authentication code is calculated based on a first network identifier. The slice service verification function entity verifies the first message authentication code based on a second network identifier. The slice service verification function entity sends the second network identifier to an authentication server when the verification succeeds.
    Type: Application
    Filed: December 8, 2022
    Publication date: March 30, 2023
    Inventors: Zhongding Lei, Yizhuang Wu
  • Publication number: 20230076628
    Abstract: Embodiments of this application provide a network security management method and an apparatus. The method includes: receiving, by a first network device, a session request sent by a terminal device, where the session request is used to request establishment of a first session with a first data network, the session request includes first authentication information for the first session, and the first authentication information includes identifier information of the first data network; obtaining, by the first network device, second authentication information for a second session of the terminal device, where the second authentication information includes identifier information of a second data network to which the second session is connected; and if the identifier information of the first data network is the same as the identifier information of the second data network, authorizing the terminal device to establish the first session with the first data network.
    Type: Application
    Filed: September 7, 2022
    Publication date: March 9, 2023
    Inventors: Zhongding LEI, Lichun LI, Haiguang WANG, Xin KANG
  • Publication number: 20230048066
    Abstract: This application provides a slice authentication method and an apparatus. One example method includes: initiating, by a first network function (NF), slice authentication between a terminal device and an authentication server for a slice; sending, by the first NF, identification information of a first network, identification information of the slice, and identification information of the terminal device to the authentication server, wherein the first NF is an NF in the first network; and receiving, by the first NF, a slice authentication result for the slice, the identification information of the slice, and the identification information of the terminal device from the authentication server.
    Type: Application
    Filed: October 27, 2022
    Publication date: February 16, 2023
    Inventor: Zhongding LEI
  • Publication number: 20230044476
    Abstract: A terminal device verification method and an apparatus are provided. The method includes: A first network device receives a first message from a first terminal device. Then, the first network device verifies a pairing relationship between the first terminal device and a second terminal device. After the verification on the pairing relationship between the first terminal device and the second terminal device succeeds, the first network device sends a second message to the first terminal device, where the second message include first indication information, and the first indication information is used to indicate a pairing result of the first terminal device and the second terminal device. The pairing relationship between the first terminal device and the second terminal device is verified, so that the first terminal device and the second terminal device can be securely paired, to improve use security of the first terminal device and the second terminal device.
    Type: Application
    Filed: September 30, 2022
    Publication date: February 9, 2023
    Inventors: Zhongding Lei, Haiguang Wang, Xin Kang
  • Publication number: 20230033598
    Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.
    Type: Application
    Filed: August 11, 2022
    Publication date: February 2, 2023
    Inventors: Zhongding LEI, Lichun LI, Bo ZHANG, Fei LIU, Haiguang WANG, Xin KANG