WO2017190306A1

WO2017190306A1 - Universal key agreement in device-to-device (d2d) communications

Info

Publication number: WO2017190306A1
Application number: PCT/CN2016/081106
Authority: WO
Inventors: Mingjun Wang; Zheng Yan
Original assignee: Nokia Technologies Oy
Priority date: 2016-05-05
Filing date: 2016-05-05
Publication date: 2017-11-09

Abstract

Method and apparatus are disclosed for universal key agreement in device-to-device (D2D) communications. According to an embodiment, a method is provided for securing a D2D session between a first user equipment (UE) and a second UE, wherein the first UE is served by a first wireless network (WN) with a first key shared there between, and the second UE is served by a second WN with a second key shared there between. The method comprising: generating a first Session Key (SK) hint based at least in part on the first key and a first random number (RAND), wherein the second WN is able to generate a second SK hint based at least in part on the second key and a second RAND; exchanging the SK hints with the second WN; and sending to the first UE a SK generation request comprising at least the second SK hint and the first RAND, such that the first UE is able to generate a SK for the D2D session based at least in part on the first key, the second SK hint and the first RAND.

Description

UNIVERSAL KEY AGREEMENT IN DEVICE-TO-DEVICE (D2D) COMMUNICATIONS

Field of the Invention

Embodiments of the disclosure generally relate to wireless communications, and, more particularly, to securing device-to-device (D2D) communications.

Background

Recent demands on wireless and mobile communications motivate exploring new technologies to improve network performance in terms of overall throughput, spectrum utilization, energy consumption and so on. Meanwhile, the appearance of new commercial services such as location-based services and content sharing services encourages the exploration of new paradigms to meet user demands. D2D communications were proposed as one of the promising technologies for communications in the vicinity, which is supposed to play as a key role in the next generation mobile communication networks and wireless systems (e.g., 5G) .

D2D communications refer to a type of technology that enables devices in the vicinity to communicate directly with each other under the control of existing network infrastructures such as access point (AP) , base station (BS) and core network (CN) . It has shown great potential in improving communication capability, reducing communication delay and power dissipation, as well as fostering multifarious new applications and services. As a promising technology, D2D communications have drawn considerable attentions in academia, industry and standard organizations in recent years. In academia, D2D communications were regarded as an underlay of long term evolution (LTE) -Advanced network to improve communication performance. In industry, D2D communication-based application developments are active. At the same time, the standardization work on D2D communications is on-going in standardization communities. The third generation partnership project (3GPP) is one of them. In 3GPP, D2D communication is defined as proximity-based services (ProSe) . Many technical issues are under discussion in the aspects of the feasibility study of the ProSe in LTE-A, system architecture and network entity functions, as well as extensive use case exploration.

In spite of the significant benefits, new application scenarios and system architecture expose D2D communications into security threats. Whether a secure and guaranteed D2D communication system can be provided is essential for the success of D2D services. In view of this, it would be advantageous to provide a way to allow for establishing a secure communication channel between D2D devices.

Summary

This summary is provided to introduce a selection of concepts in a simplified form that are further described below in detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.

According to one aspect of the disclosure, it is provided a method for securing a device-to-device (D2D) session between a first user equipment (UE) and a second UE, wherein the first UE is served by a first wireless network (WN) with a first key shared there between, and the second UE is served by a second WN with a second key shared there between, the method comprising: generating a first Session Key (SK) hint based at least in part on the first key and a first random number (RAND) , wherein the second WN is able to generate a second SK hint based at least in part on the second key and a second RAND； exchanging the SK hints with the second WN； and sending to the first UE a SK generation request comprising at least the second SK hint and the first RAND, such that the first UE is able to generate a SK for the D2D session based at least in part on the first key, the second SK hint and the first RAND.

According to another aspect of the disclosure, the step of generating comprises: deriving a first D2D function key (FK) based on the first key and a first function identity (FID) that is an ID of a D2D function entity serving the first UE； and creating the first SK hint based on the first D2D FK and the first RAND. The first UE is able to derive the first D2D FK and generate the SK based on the first D2D FK, the second SK hint and the first RAND.

According to another aspect of the disclosure, the method further comprises: determining a session identity (SID) that is an ID of the D2D session； and sending the SID to the second WN. The SK generation request further comprises the SID, and the first UE is able to generate the SK based further on the SID.

According to another aspect of the disclosure, the method further comprises: receiving an SID from the second WN. The SK generation request further comprises the SID, and the first UE is able to generate the SK based further on the SID.

According to another aspect of the disclosure, the step of generating is performed in response to a D2D session request from the first UE. The step of exchanging comprises: sending the first SK hint to the second WN； and receiving the second SK hint from the second WN.

According to another aspect of the disclosure, the step of exchanging comprises: receiving from the second WN a key agreement request comprising at least the second SK hint, wherein the step of generating is performed in response to the key agreement request； and sending to the second WN a key agreement response comprising at least the first SK hint.

According to another aspect of the disclosure, the first WN is the first UE’s visited network (VN) , and the second WN is the second UE’s VN. The first key is generated based on the first WN’s ID and a third key shared between the first UE and its home network (HN) , and the second key is generated based on the second WN’s ID and a fourth key shared between the second UE and its HN.

According to another aspect of the disclosure, the first WN is the first UE’s HN, and the second WN is the second UE’s HN. The first key is generated based on the first WN’s ID and a third key shared between the first UE and the first WN, and the second key is generated based on the second WN’s ID and a fourth key shared between the second UE and the second WN.

According to another aspect of the disclosure, the first WN is the first UE’s VN, and the second WN is the second UE’s HN. The first key is generated based on the first WN’s ID and a third key shared between the first UE and its HN, and the second key is generated based on the second WN’s ID and a fourth key shared between the second UE and the second WN.

According to another aspect of the disclosure, the first key is shared between the first UE and the first WN through a registration process and a mutual authentication and key agreement process. The second key is shared between the second UE and the second WN through a registration process and a mutual authentication and key agreement process.

According to another aspect of the disclosure, it is provided a method for securing a device-to-device (D2D) session between a first user equipment (UE) and a second UE, wherein the first UE is served by a wireless network (WN) with a first key shared there between, and the second UE is served by the WN with a second key shared there between, the method comprising: generating a first Session Key (SK) hint based at least in part on the first key and a random number (RAND) ； generating a second SK hint based at least in part on the second key and the RAND； sending to the first UE a first SK generation request comprising at least the second SK hint, such that the first UE is able to generate a SK for the D2D session based at least in part on the first key and the second SK hint； and sending to the second UE a second SK generation request comprising at least the first SK hint, such that the second UE is able to generate the same SK based at least in part on the second key and the first SK hint.

According to another aspect of the disclosure, the step of generating the first SK hint comprises: deriving a first D2D function key (FK) based on the first key and a function identity (FID) that is an ID of a D2D function entity serving the first UE； and creating the first SK hint based on the first D2D FK and the RAND. The step of generating the second SK hint comprises: deriving a second D2D FK based on the second key and the FID； and creating the second SK hint based on the second D2D FK and the RAND. The first UE is able to derive the first D2D FK and generate the SK based on the first D2D FK and the second SK hint, and the second UE is able to derive the second D2D FK and generate the SK based on the second D2D FK and the first SK hint.

According to another aspect of the disclosure, the method further comprises: determining a session identity (SID) that is an ID of the D2D session. The first SK generation request further comprises the SID, and the first UE is able to generate the SK based further on the SID. The second SK generation request further comprises the SID, and the second UE is able to generate the SK based further on the SID.

According to another aspect of the disclosure, the steps of generating the first and second SK hints are performed in response to a D2D session request from the first UE or the second UE.

According to another aspect of the disclosure, the WN is a home network (HN) of the first and second UEs. The first key is generated based on the WN’s ID and a third key shared between the first UE and the WN, and the second key is generated based on the WN’s ID and a fourth key shared between the second UE and the WN.

According to another aspect of the disclosure, the WN is a visited network (VN) of the first and second UEs. The first key is generated based on the WN’s ID and a third key shared between the first UE and its HN, and the second key is generated based on the WN’s ID and a fourth key shared between the second UE and its HN.

According to another aspect of the disclosure, the WN is the first UE’s VN, and the WN is the second UE’s HN. The first key is generated based on the WN’s ID and a third key shared between the first UE and its HN, and the second key is generated based on the WN’s ID and a fourth key shared between the second UE and the WN.

According to another aspect of the disclosure, the first key is shared between the first UE and the WN through a registration process and a mutual authentication and key agreement process. The second key is shared between the second UE and the WN through a registration process and a mutual authentication and key agreement process.

According to another aspect of the disclosure, it is provided a method for securing a device-to-device (D2D) session between a first user equipment (UE) and a second UE, wherein the first UE is served by a first wireless network (WN) with a first key shared there between, and the second UE is served by a second WN with a second key shared there between, the method comprising: receiving from the first WN a first Session Key (SK) generation request comprising at least a second SK hint and a first random number (RAND) ； and generating a SK for the D2D session based at least in part on the first key, the second SK hint and the first RAND； wherein the first WN is able to generate a first SK hint based at least in part on the first key and the first RAND, the second WN is able to generate the second SK hint based at least in part on the second key and a second RAND, and the first WN is able to exchange the SK hints with the second WN.

According to another aspect of the disclosure, the method further comprises: sending a D2D session request to the first WN. The first WN is able to generate the first SK hint in response to the D2D session request.

According to another aspect of the disclosure, the step of generating comprises: deriving a first D2D function key (FK) based on the first key and a first function identity (FID) that is an ID of a D2D function entity serving the first UE； and creating the SK based on the first D2D FK, the second SK hint and the first RAND. The first WN is able to derive the first D2D FK and generate the first SK hint based on the first D2D FK and the first RAND, and the second WN is able to derive a second D2D FK and generate the second SK hint based on the second D2D FK and the second RAND.

According to another aspect of the disclosure, the first SK generation request further comprises a session identity (SID) that is an ID of the D2D session. The step of generating comprises: generating the SK based further on the SID.

According to another aspect of the disclosure, it is provided a method for securing a device-to-device (D2D) session between a first user equipment (UE) and a second UE, wherein the first UE is served by a wireless network (WN) with a first key shared there between, and the second UE is served by the WN with a second key shared there between, the method comprising: receiving from the first WN a first Session Key (SK) generation request comprising at least a second SK hint； and generating a SK for the D2D session based at least in part on the first key and the second SK hint； wherein the WN is able to generate a first SK hint based at least in part on the first key and a random number (RAND) , and to generate the second SK hint based at least in part on the second key and the RAND.

According to another aspect of the disclosure, the method further comprises: sending a D2D session request to the WN. The WN is able to generate the first and second SK hints in response to the D2D session request.

According to another aspect of the disclosure, the step of generating comprises: deriving a first D2D function key (FK) based on the first key and a function identity (FID) that is an ID of a D2D function entity serving the first UE； and creating the SK based on the first D2D FK and the second SK hint. The WN is able to derive the first D2D FK and generate a first SK hint based on the first D2D FK and the RAND, and to derive a second D2D FK and generate the second SK hint based on the second D2D FK and the RAND.

According to another aspect of the disclosure, it is provided an apparatus comprising means configured to perform all steps of any one of the above described methods.

According to another aspect of the disclosure, it is provided an apparatus comprising: at least one processor； and at least one memory comprising computer-executable code, wherein the at least one memory and the computer-executable code are configured to, with the at least one processor, cause the apparatus to perform all steps of any one of the above described methods.

According to another aspect of the disclosure, it is provided a computer program product comprising at least one non-transitory computer-readable storage medium having computer-executable program code stored therein, the computer-executable code being configured to, when being executed, cause an apparatus to operate according to any one of the above described methods.

These and other objects, features and advantages of the disclosure will become apparent from the following detailed description of illustrative embodiments thereof, which are to be read in connection with the accompanying drawings.

Brief Description of the Drawings

FIG. 1 shows an exemplary system into which at least one embodiment of the present disclosure may be applied；

FIG. 2 depicts a flowchart of an authentication and key agreement protocol under inter-operator and full roaming situation according to an embodiment of the present disclosure；

FIG. 3 shows a key hierarchy for D2D communication according to an embodiment of the present disclosure；

FIG. 4 depicts a flowchart of an authentication and key agreement protocol under inter-operator and non-roaming situation according to an embodiment of the present disclosure；

FIG. 5 depicts a flowchart of an authentication and key agreement protocol under inter-operator and partial roaming situation according to an embodiment of the present disclosure；

FIG. 6 depicts a flowchart of an authentication and key agreement protocol under inner-operator and non-roaming situation according to an embodiment of the present disclosure；

FIG. 7 depicts a flowchart of an authentication and key agreement protocol under inner-operator and full-roaming situation according to an embodiment of the present disclosure；

FIG. 8 depicts a flowchart of an authentication and key agreement protocol under inter-operator and partial roaming situation according to an embodiment of the present disclosure；

FIG. 9 depicts a flowchart of a method implemented at network side for securing a D2D session according to an embodiment of the present disclosure；

FIG. 10 depicts a flowchart of a method implemented at network side for securing a D2D session according to an embodiment of the present disclosure；

FIG. 11 depicts a flowchart of a method implemented at UE side for securing a D2D session according to an embodiment of the present disclosure；

FIG. 12 depicts a flowchart of a method implemented at UE side for securing a D2D session according to an embodiment of the present disclosure； and

FIG. 13 is a simplified block diagram showing an apparatus that is suitable for use in practicing some embodiments of the present disclosure.

Detailed Description

For the purpose of explanation, details are set forth in the following description in order to provide a thorough understanding of the embodiments disclosed. It is apparent, however, to those skilled in the art that the embodiments may be implemented without these specific details or with an equivalent arrangement.

Recently, many authentication and key agreement schemes have been proposed to address secure D2D communication issues. However, little work is able to provide a universal key agreement scheme to deal with the security issues in all scenarios, especially in user roaming and inter-operator communication scenarios. In the inter-operator D2D communication scenarios, users engaging in direct D2D communications subscribe to different operator networks. The establishment of secure environment is quite different comparing with inter-operator communications in traditional cellular networks. In traditional cellular network, the secure communication between two users who subscribe to different operators can be divided into two security domains. In a background of for example LTE technologies, one security domain covers the communication links between LTE core network (CN, including eNodeB) and UE. In this security domain, CN and UE authenticate with each other and generate the security key to protect data transmission； the other security domain covers the communication links between the CNs of two different operators. The authentication and key agreement processes are necessary for the secure communication between different operators. But in D2D communication, user data is directly transmitted between UEs rather than route through CNs. So D2D UEs have to cooperate with their own CNs to negotiate a common session key to protect the direct communication links between them. The security of direct communication links between UEs may be defined as the third security domain, of which the security depends on the other two domains.

Moreover, the presence of user roaming makes the security management in D2D communications more complicated. For secure D2D communications in a roaming scenario, a visited network must authenticate the roaming user in the D2D services with a help of a home network. Furthermore, some secret information is required from the home network by the visited network in order to derive a secure session key for UEs’direct communications.

The present disclosure proposes a universal key agreement protocol for D2D communications which can address almost all secure D2D communication establishment scenarios, no matter whether UEs are roaming or belong to different operators or both. Hereinafter, the key agreement protocol will be described in detail with reference to FIGs. 1-12.

FIG. 1 shows an exemplary system into which at least one embodiment of the present disclosure may be applied. As shown in FIG. 1, the system may comprise three kinds of entities, i.e. D2D user equipments (UEs) such as UE1 and UE2, home networks (HNs) such as HN1 and HN2 to which the UEs subscribe, and visited networks (VNs) such as VN1 and VN2 which provide services to the roaming UEs directly. Although not shown, the system also comprise the underlying wired and wireless communication infrastructures.

The UEs may be mobile and/or stationary. Moreover, the UEs may be referred to as, for example, devices, mobile stations, mobile units, subscriber stations, wireless terminals, terminals, or the like. The UE may be implemented as, for example, a wireless handheld device, a wireless plug-in accessory, or the like. For example, the UE may take the form of a wireless phone, a computer with a wireless connection to a network, or the like. In some cases, the UE may include one or more of the following: at least one processor, at least one computer-readable storage medium (e.g., memory, storage, and the like) , a radio access mechanism, and a user interface.

The HNs or VNs may be any networks capable of providing wireless communication services to the UEs. For example, the HN or VN may comprise base stations and a core network (CN) . The base station may support a corresponding service or coverage area (also referred to as a cell) . The base station may also communicate with UEs within the coverage area. In some implementations, the base station may be implemented as an evolved node B (eNB) type base station consistent with standards including the long term evolution (LTE) standards. The CN may comprise the conventional network elements and function of a cellular communication network, such as mobility management entity (MME) , home subscriber server (HSS) and so on. The MME may authenticate a user by interacting with the HSS. It may check the authorization of the UE to camp on the service provider’s public land mobile network (PLMN) and enforce UE roaming restrictions. The HSS is a central database that contains user-related and subscription-related information. The functions of the HSS may include functionalities such as mobility management, call and session establishment support, user authentication and access authorization. Before 3GPP Release 5, the function of the HSS is implemented by home location register (HLR) and authentication center (AuC) . The HLR is a central database that contains details of each mobile phone subscriber that is authorized to use the CN. The AuC is a function to authenticate each user that attempts to connect to the CN. The network elements such as the above mentioned MME and HSS (or HLR/AuC) in the CN may be organized in a basic structure and operate in a basic way well known to one skilled in the art.

The HNs or VNs may be configured to further support network-controlled D2D communications. In this regard, a D2D feature is integrated into the public land mobile systems, such as the 3GPP as well as subsequent generations of cellular communication systems. The cellular communication systems, such as the eNB, the MME or other network elements, may be used to aid in the establishment and ongoing control of the D2D communications, e.g., radio resources allocation of the D2D communications, switch control and so on.

In an exemplary example, the UE1 and UE2 are two users subscribing to different home networks HN1 and HN2 separately. They roam to a same place (e.g., same university or conference venue) from their own home networks and they are in proximity to each other. But they are served by two different local operators (visited networks) because of different roaming agreements between their HNs and VNs. Specifically, the UE1 is served by the visited network VN1 and the UE2 is served by the visited network VN2. It is assumed that the HN1 and VN1 have a roaming agreement so that the UE1 can access its subscribed services through the VN1, and the HN2 and VN2 also have a roaming agreement.

In some situation, the UE1 and UE2 want to establish secure D2D direct communications for the purpose of D2D service, such as content sharing, gaming and so on. So a secure D2D communication channel should be established securely and efficiently between the UE1 and UE2. In this scenario, the UE1 and UE2 are both roaming users and served by different visited networks, and thus the establishment of a secure D2D communication channel needs to be conducted under the cooperation of the HN1, HN2, VH1 and VH2. This complicated D2D communication scenario can be addressed by the authentication and key agreement protocol shown in FIG. 2. For better understanding the protocol of FIG. 2, Diffie–Hellman key exchange (DHKE) algorithm will be explained below at first.

DHKE, which is based on Discrete Logarithm Problem (DLP) , provides a practical solution to the key distribution problem, i.e., it enables two parties to derive a common secret key by communicating over an insecure channel. The basic idea underlying DHKE is that the exponentiation in Z_q* is a one-way function and commutative, wherein Z_q* is a multiplicative group of integers modulo q, and q is a prime number.

Specifically, both parties agree on a finite cyclic group G, its generating element g and the prime number q. Then, the first party picks a random natural number a (where 1 ≤ a < q) and sends g^a to the second party. The second party picks a random natural number b (where 1 ≤ b < q) and sends g^b to the first party. Then, the first party computes (g^b) ^amod q, and the second party computes (g^a) ^b mod q. Because (g^a) ^b mod q ＝ (g^b) ^amod q ＝ k, a joint secret can be used as the session key between the two parties, wherein A ＝ g^a and B ＝ g^b are named key hints. In this way, the two parties only need to exchange their key hints and the secret session key can be computed separately.

For ease of description, the notations used in the present disclosure are summarized in the following Table 1.

Table 1: Notation description

FIG. 2 depicts a flowchart of an authentication and key agreement protocol under inter-operator and full roaming situation according to an embodiment of the present disclosure. Although the protocol of FIG. 2 will be described in the background of LTE network technologies, one skilled in the art can understand that the principle of the present disclosure can be applied to any other suitable networks.

At step 202a, the UE1 sends a registration request to the VN1 for accessing roaming services. The registration request may contain the identity (ID) of the UE1 and the ID of the UE1’s home network HN1. The ID of a UE may be for example a permanent ID or a temporary ID. Then, at step 204a, in response to the registration request, the VN1 checks the ID of the HN1 and verifies whether it has a roaming agreement with the HN1. If the check result is negative (i.e., the VN1 does not have a roaming agreement with the HN1) , the VN1 rejects the registration request of the UE1. On the other hand, if the check result is positive (i.e., the VN1 has a roaming agreement with the HN1) , the VN1 orients the HN1 and forwards an authentication request to the HN1. For example, the VN1 may replace the ID of the HN1 in the registration request with its own ID (i.e., the VN1’s ID) to generate the authentication request.

Then, at step 206a, in response to the authentication request, the HN1 (for example, an AuC/HSS of the HN1) checks whether the VN1 is a legitimate operator network (for example, whether the VN1 is in its list about legitimate operator networks, or whether they have signed a roaming agreement) . If the check result is negative (i.e., the VN1 is not a legitimate operator network) , the HN1 rejects the authentication request. On the other hand, if the check result is positive (i.e., the VN1 is a legitimate operator network) , the HN1 further checks the legality of the UE1 by for example checking whether the ID of the UE1 is in its list about subscribed users. If the UE1 is not a legitimate user, the HN1 rejects the authentication request. On the other hand, if the UE1 is a legitimate user, the HN1 generates authentication information for the UE1.

The authentication information may contain a roaming key K _asme1, which is an access security management entity (ASME) key for the UE1. For example, the roaming key K _asme1 may be calculated as K _asme1＝KDF (K1, VN1_ID) , where KDF denotes the generic key derivation function defined in the Annex A of 3GPP TS33.401, and K1 is a secret key stored securely in the universal subscriber identity module (USIM) on the UE1 and in the Auc/HSS of the HN1. The authentication information may further contain a random number (RAND) , an authentication token (AUTN) and an expected response (XRES) for the UE1. The AUTN may be generated based on the K1, the RAND, an authentication management field (AMF) and a sequence number (SQN) . The XRES may be generated based on the K1 and the RAND. The details of the AUTN and XRES can be found from 3GPP TS33.401, and thus are omitted here. It should be noted that although not shown in the above formula K _asme1＝KDF (K1, VN1_ID) , K _asme1 is generated based further on the RAND.

Then, at step 208a, the HN1 sends the authentication information to the VN1 to delegate the authentication authority to the VN1. The communications between the HN1 and VN1 may be secured by existing secure protocols, e.g., network domain security scheme defined in 3GPP TS33.210 and TS33.310.

Then, at step 210a, the VN1 mutually authenticate with the UE1 by using the authentication information received from the HN1. For example, the VN1 may send a user authentication request to the UE1. The user authentication request may contain the RAND and AUTN from the authentication information, and may further contain KSI_asme, where KSI denotes key set identifier and KSI_asme is an identifier for identifying K_asme. In response to the user authentication request, the UE1 may verify the legality of the VN1 by checking whether the AUTN can be accepted. If the verification is successful, the UE1 may generate a response (RES) based on the K1 and RAND, and send the RES in a user authentication response to the VN1. Then, the VN1 may verify the legality of the UE1 by comparing the RES with the XRES. If the RES equals the XRES, the VN1 may authenticate the UE1 as a legitimate user. In this case, the UE1 may also generate K _asme1 based on the K1, the ID of the VN1 and the RAND. As a result, the same ASME key K _asme1 can be shared between the UE1 and VN1. Likewise, through steps 202b-210b, K _asme2 can be shared between the UE2 and VN2. Steps 202b-210b are similar to steps 202a-210a, and thus their detailed description is omitted here.

Then, at step 212a, the VN1 derives a D2D function key K _D2D1 based on the roaming key K _asme1 and a function identity of the UE1 (FID1) , where the FID1 is an ID of a D2D function entity (e.g, ProSe function of the VN1) serving the UE1. For example, the D2D function key K _D2D1 may be calculated as K _D2D1＝KDF (K _asme1, FID1) . The additional parameter FID may ensure that the K_D2D is different when a UE is served by different D2D function entities in a same network. The D2D function key K _D2D1 may be used for generating the D2D session key. Similarly, the UE1 also derives the same D2D function key K _D2D1 based on the roaming key K _asme1 and the FID1. In this way, the same D2D function key K _D2D1 can be shared between the UE1 and VN1.

Likewise, at step 212b, the VN2 derives a D2D function key K _D2D2 based on the roaming key K _asme2 and FID2, where the FID2 is an ID of a D2D function entity (e.g, ProSe function of the VN2) serving the UE2. For example, the D2D function key K _D2D2 may be calculated as K _D2D2＝KDF (K _asme2, FID2) . Similarly, the UE2 also derives the same D2D function key K _D2D2 based on the roaming key K _asme2 and the FID2. In this way, the same D2D function key K _D2D2 can be shared between the UE2 and VN2.

As one example, step 212a (or 212b) may a part of the mutual authentication process between the UE1 (or the UE2) and the VN1 (or the VN2) . As another example, step 212a (or 212b) may also be performed after the D2D discovery process between the UE1 and UE2 has been completed.

Then, at step 214, the UE1 and UE2 discover each other via a D2D discovery process to establish a D2D direct communication session. The D2D discovery process may be implemented by any existing protocols or technologies for D2D discovery. Then, at step 216, the UE1 sends a D2D session request to the VN1 to launch a session key generation process. The D2D session request may contain for example the IDs of both UEs and the ID of the UE2’s visited Network VN2.

Then, at step 218, in response to the D2D session request, the VN1 checks whether the VN2 is a legitimate operator network (for example, whether the VN2 is in its list about legitimate operator networks, or whether they have signed an interworking agreement for D2D services) . If the check result is negative (i.e., the VN2 is not a legitimate operator network) , the VN1 rejects the D2D session request. On the other hand, if the check result is positive (i.e., the VN2 is a legitimate operator network) , the VN1 chooses a random number RAND1 and generates a session key hint HINT1 for the UE1 based on the RAND1 and the D2D function key K _D2D1. For example, the HINT1 may be generated as HINT1＝g^K _D2D ^1·RAND1, where g is a parameter defined for the above mentioned DHKE process in the interworking agreement between the VN1 and VN2. As one example, g may be predetermined when the interworking agreement is signed between the VN1 and VN2. As another example, g may be dynamically determined by the VN1 in response to the D2D session request and sent to the VN2.

Optionally, the VN1 may determine a session identity (SID) for this D2D session. As one example, the SID may be arranged sequentially at the core network CN1 of the VN1 to facilitate the D2D session management, billing and so on. As another example, the SID may be determined as a random number.

Then, at step 220, the VN1 sends a key agreement request to the VN2 via a secure channel. The key agreement request may contain at least the HINT1. As one example, the key agreement request may contain the UE1’s ID, the UE2’s ID and the HINT1. As another example, the key agreement request may contain the UE1’s ID, the UE2’s ID, the HINT1 and the SID. The communication channel between the local networks VN1 and VN2 may be protected by existing secure protocols, e.g., network domain security scheme defined in 3GPP TS33.210 and TS33.310.

Then, at step 222, in response to the key agreement request, the VN2 checks the legality of the VN1 by for example checking whether the VN1 is in its list about legitimate operator networks, or whether they have signed an interworking agreement for D2D services) . If the check result is negative (i.e., the VN1 is not a legitimate operator network) , the VN2 rejects the key agreement request. On the other hand, if the check result is positive (i.e., the VN1 is a legitimate operator network) , the VN2 chooses a random number RAND2 and generates a session key hint HINT2 for the UE2 based on the RAND2 and the D2D function key K _D2D2. For example, the HINT2 may be generated as HINT2＝g^K _D2D ^2·RAND2.

It should be noted that the present disclosure is not so limited. As a further example, the VN1 may generate the HINT1 for the UE1 based on the RAND1 and the ASME key K _asme1, and the VN2 may generate the HINT2 for the UE2 based on the RAND2 and the ASME key K _asme2. For example, the HINT1 may be generated as HINT1＝g^K _asme ^1·RAND1, and the HINT2 may be generated as HINT2＝g^K _asme ^2·RAND2. In this case, step 212a/212b may be an optional step.

Then, at step 224, the VN2 send a key agreement response to the VN1. The key agreement response may contain at least the HINT2. As one example, the key agreement response may contain the UE2’s ID, the UE1’s ID and the HINT2. As another example, the key agreement response may contain the UE2’s ID, the UE1’s ID, the HINT2 and the SID. It should be noted that the present disclosure is not limited to steps 220-224 described above, as long as the key hints can be exchanged between the VN1 and VN2. As another example, the VN2 may generate the HINT2 after the D2D discovery process has been completed, and send the HINT2 to the VN1 once the HINT2 has been generated.

Then, at step 226a, the VN1 sends a first session key generation request to the UE1. The first session key generation request may contain at least the HINT2 and the RAND1. As one example, the first session key generation request may contain the HINT2, the RAND1 and the UE2’s ID. As another example, the first session key generation request may contain the HINT2, the RAND1, the UE2’s ID and the SID.

Similarly, at step 226b, the VN2 sends a second session key generation request to the UE2. The second session key generation request may contain at least the HINT1 and the RAND2. As one example, the second session key generation request may contain the HINT1, the RAND2 and the UE1’s ID. As another example, the second session key generation request may contain the HINT1, the RAND2, the UE1’s ID and the SID.

Then, at step 228a, in response to the first session key generation request, the UE1 generates a D2D session key Ks based at least in part on the D2D function key K _D2D1, the HINT2 and the RAND1. For example, the D2D session key Ks may be generated as HINT2^K _D2D ^1*RAND1 or KDF (HINT2^K _D2D ^1*RAND1) . Optionally, the UE1 may generate the D2D session key Ks based on the D2D function key K _D2D1, the HINT2, the RAND1 and the SID. For example, the D2D session key Ks may be generated as KDF (SID, HINT2^K _D2D ^1*RAND1) . Further, optionally, the UE1 may extract the ID contained in the first session key generation request and check whether the ID is the same as the counterpart user ID in the D2D Discovery process. If they match, the UE1 may generate the D2D session key Ks.

Similarly, at step 228b, in response to the second session key generation request, the UE2 generates the D2D session key Ks based at least in part on the D2D function key K _D2D2, the HINT1 and the RAND2. For example, the D2D session key Ks may be generated as HINT1^K _D2D ^2*RAND2 or KDF (HINT1^K _D2D ^2*RAND2) . Optionally, the UE2 may generate the D2D session key Ks based on the D2D function key K _D2D2, the HINT1, the RAND2 and the SID. For example, the D2D session key Ks may be generated as KDF (SID, HINT1^K _D2D ^2*RAND2) . Further, optionally, the UE2 may extract the ID contained in the second session key generation request and check whether the ID is the same as the counterpart user ID in the D2D Discovery process. If they match, the UE2 may generate the D2D session key Ks. In this way, the same D2D session key Ks can be shared between the UE1 and UE2. Then, at step 230, the UE1 and UE2 use the D2D session key Ks for the D2D session.

It should be noted that the present disclosure is not so limited. In the above case where the HINT for the UE is generated based on the RAND and the ASME key, the D2D session key Ks may be generated for UE1 based at least on the ASME key K _asme1, the HINT2 and the RAND1. For example, the D2D session key Ks may be generated as HINT2^K _asme ^1*RAND1 or KDF (HINT2^K _asme ^1*RAND1) . Optionally, the D2D session key Ks may be generated for UE1 based on the ASME key K _asme1, the HINT2, the RAND1 and the SID. For example, the D2D session key Ks may be generated as KDF (SID, HINT2^K _asme ^1*RAND1) . Likewise, the D2D session key Ks may be generated for UE2 similarly.

In short, the above protocol takes advantage of 3GPP LTE authentication and key agreement (AKA) scheme to deal with the user roaming scenarios, and uses DHKE algorithm to address inter-operator session key generation for D2D communications. Specifically, a universal means can be provided to support D2D UEs to establish secure direct communication links by mutually authenticating with each other and generating D2D session keys. The D2D session key (K_S) may be derived from the keys shared between UEs and its home networks by generating firstly a shared key (K_asme) between the UE and its visited network if there is roaming, secondly a key for D2D communication purpose (K_D2D) , and then a D2D communication session key (K_S) based on Diffie-Hellman Key Exchange between two D2D communication devices.

FIG. 3 shows a key hierarchy for D2D communication according to an embodiment of the present disclosure. As shown, according to an embodiment of the present disclosure, two new keys are introduced into LTE-A network for D2D communications. The first one is the D2D function key K_D2D, which is derived from the ASME key K_ASME at ASME entity, such as the MME of the HN or VN. Then, it may be sent and stored at the D2D function entity (e.g., ProSe function) in the HN or VN. The other new key is the D2D session key Ks. It is derived from two D2D UEs’function keys and used for secure D2D session communications.

FIG. 4 depicts a flowchart of an authentication and key agreement protocol under inter-operator and non-roaming situation according to an embodiment of the present disclosure. In this situation, the UE1 and UE2 subscribe to different operators, and are served by their own home networks. At step 402a, the UE1 performs regular registration with the HN1. For example, the UE1 sends a registration request to the HN1 for accessing wireless services. The registration request may contain the identity (ID) of the UE1. The ID of a UE may be for example a permanent ID or a temporary ID. Then, in response to the registration request, the HN1 (for example, the AuC/HSS of the HN1) checks the legality of the UE1 by for example checking whether the ID of the UE1 is in its list about subscribed users. If the UE1 is not a legitimate user, the HN1 rejects the registration request. On the other hand, if the UE1 is a legitimate user, the HN1 generates authentication information for the UE1.

The authentication information may contain an ASME key K _asme1 for the UE1. For example, the ASME key K _asme1 may be calculated as K _asme1＝KDF (K1, HN1_ID) , where KDF denotes the generic key derivation function defined in the Annex A of 3GPP TS33.401, and the K1 is a secret key stored securely in the USIM on the UE1 and in the Auc/HSS of the HN1. The authentication information may further contain a random number (RAND) , an authentication token (AUTN) and an expected response (XRES) for the UE1. The AUTN may be generated based on the K1, the RAND, an authentication management field (AMF) and a sequence number (SQN) . The XRES may be generated based on the K1 and the RAND. The details of the AUTN and XRES can be found from 3GPP TS33.401, and thus are omitted here. It should be noted that although not shown in the above formula K _asme1＝KDF (K1, HN1_ID) , K _asme1 is generated based further on the RAND.

Then, the HN1 mutually authenticates with the UE1 by using the authentication information. For example, the HN1 may send a user authentication request to the UE1. The user authentication request may contain the RAND and the AUTN from the authentication information, and may further contain KSI_asme, where KSI denotes key set identifier and KSI_asme is an identifier for identifying K_asme. In response to the user authentication request, the UE1 may verify the legality of the HN1 by checking whether the AUTN can be accepted. If the verification is successful, the UE1 may generate a response (RES) based on the K1 and the RAND, and send the RES in a user authentication response to the HN1. Then, the HN1 may verify the legality of the UE1 by comparing the RES with the XRES. If the RES equals the XRES, the HN1 may authenticate the UE1 as a legitimate user. In this case, the UE1 may also generate K _asme1 based on the K1, the ID of the HN1 and the RAND. As a result, the same ASME key K _asme1 can be shared between the UE1 and HN1. Likewise, through step 402b, K _asme2 can be shared between the UE2 and HN2. Step 402b is similar to step 402a, and thus its detailed description is omitted here.

Then, at step 412a, the HN1 derives a D2D function key K _D2D1. Similarly, the UE1 also derives the same D2D function key K _D2D1. In this way, the same D2D function key K _D2D1 can be shared between the UE1 and HN1. Likewise, at step 412b, the HN2 derives a D2D function key K _D2D2. Similarly, the UE2 also derives the same D2D function key K _D2D2. In this way, the same D2D function key K _D2D2 can be shared between the UE2 and HN2. Step 412a/412b is similar to step 212a/212b of FIG. 2, and thus its detailed description is omitted here.

Then, at step 414, the UE1 and UE2 discover each other via a D2D discovery process to establish a D2D direct communication session. This step is similar to step 214 of FIG. 2. Then, at step 416, the UE1 send a D2D session request to the HN1 to launch a session key generation process. The D2D session request may contain for example the IDs of both UEs and the ID of the UE2’s Home Network HN2. This step is similar to step 216 of FIG. 2.

Then, at step 418, in response to the D2D session request, the HN1 checks whether the HN2 is a legitimate operator network. If the check result is negative (i.e., the HN2 is not a legitimate operator network) , the HN1 rejects the D2D session request. On the other hand, if the check result is positive (i.e., the HN2 is a legitimate operator network) , the HN1 generates a session key hint HINT1 for the UE1. This step is similar to step 218 of FIG. 2, and its detailed description is omitted here.

Then, at step 420, the HN1 sends a key agreement request to the HN2 via a secure channel. This step is similar to step 220 of FIG. 2. Then, at step 422, in response to the key agreement request, the HN2 checks the legality of the HN1. If the check result is negative (i.e., the HN1 is not a legitimate operator network) , the HN2 rejects the key agreement request. On the other hand, if the check result is positive (i.e., the HN1 is a legitimate operator network) , the HN2 generates a session key hint HINT2 for the UE2. This step is similar to step 422 of FIG. 2, and its detailed description is omitted here.

Then, at step 424, the HN2 sends the key agreement response to the HN1. This step is similar to step 224 of FIG. 2. Then, at step 426a, the HN1 sends a first session key generation request to the UE1. Similarly, at step 426b, the HN2 sends a second session key generation request to the UE2. Step 426a/426b is similar to step 226a/226b of FIG. 2, and its detailed description is omitted here.

Then, at step 428a, in response to the first session key generation request, the UE1 generates a D2D session key Ks. Similarly, at step 428b, in response to the second session key generation request, the UE2 generates the D2D session key Ks. Step 428a/428b is similar to step 228a/228b of FIG. 2, and its detailed description is omitted here. In this way, the same D2D session key Ks can be shared between the UE1 and UE2. Then, at step 430, the UE1 and UE2 use the D2D session key Ks for the D2D session.

FIG. 5 depicts a flowchart of an authentication and key agreement protocol under inter-operator and partial roaming situation according to an embodiment of the present disclosure. In this situation, the UE1 who subscribes to the operator network HN1 roams to a visited network VN1, and communicates with the UE2 who subscribes to and is served by its own home network HN2. Through steps 502a-510a, K _asme1 can be shared between the UE1 and VN1. Through step 502b, K _asme2 can be shared between the UE2 and HN2. Steps 502a-510a are similar to steps 202a-210a of FIG. 2, and step 502b is similar to step 402b of FIG. 4, and thus their detailed description is omitted here.

Then, at step 512a, the VN1 derives a D2D function key K _D2D1. Similarly, the UE1 also derives the same D2D function key K _D2D1. In this way, the same D2D function key K _D2D1 can be shared between the UE1 and VN1. This step is similar to step 212a of FIG. 2. At step 512b, the HN2 derives a D2D function key K _D2D2. Similarly, the UE2 also derives the same D2D function key K _D2D2. In this way, the same D2D function key K _D2D2 can be shared between the UE2 and HN2. This step is similar to step 412b of FIG. 4.

Then, at step 514, the UE1 and UE2 discover each other via a D2D discovery process to establish a D2D direct communication session. This step is similar to step 214 of FIG. 2. Then, at step 516, the UE1 sends a D2D session request to the VN1 to launch a session key generation process. This step is similar to step 416 of FIG. 4.

Then, at step 518, in response to the D2D session request, the VN1 checks whether the HN2 is a legitimate operator network. If the check result is negative (i.e., the HN2 is not a legitimate operator network) , the VN1 rejects the D2D session request. On the other hand, if the check result is positive (i.e., the HN2 is a legitimate operator network) , the VN1 generates a session key hint HINT1 for the UE1. This step is similar to step 418 of FIG. 4, and its detailed description is omitted here.

Then, at step 520, the VN1 sends a key agreement request to the HN2 via a secure channel. This step is similar to step 420 of FIG. 4. Then, at step 522, in response to the key agreement request, the HN2 checks the legality of the VN1. If the check result is negative (i.e., the VN1 is not a legitimate operator network) , the HN2 rejects the key agreement request. On the other hand, if the check result is positive (i.e., the VN1 is a legitimate operator network) , the HN2 generates a session key hint HINT2 for the UE2. This step is similar to step 222 of FIG. 2.

Then, at step 524, the HN2 sends the key agreement response to the VN1. This step is similar to step 224 of FIG. 2. Then, at step 526a, the VN1 sends a first session key generation request to the UE1. This step is similar to step 226a of FIG. 2. At step 526b, the HN2 sends a second session key generation request to the UE2. This step is similar to step 426b of FIG. 4.

Then, at step 528a, in response to the first session key generation request, the UE1 generates a D2D session key Ks. Similarly, at step 528b, in response to the second session key generation request, the UE2 generates the D2D session key Ks. Step 528a/528b is similar to step 228a/228b of FIG. 2, and its detailed description is omitted here. In this way, the same D2D session key Ks can be shared between the UE1 and UE2. Then, at step 530, the UE1 and UE2 use the D2D session key Ks for the D2D session.

FIG. 6 depicts a flowchart of an authentication and key agreement protocol under inner-operator and non-roaming situation according to an embodiment of the present disclosure. In this situation, the UE1 and UE2 subscribe to a same operator and are served by the same home network. Through step 602a, K _asme1 can be shared between the UE1 and HN, wherein K _asme1 may be calculated as K _asme1＝KDF (K1, HN_ID) . Through step 602b, K _asme2 can be shared between the UE2 and HN, wherein K _asme2 may be calculated as K _asme2＝KDF (K2, HN_ID) . Step 602a/602b is similar to step 402a/402b of FIG. 4, and thus their detailed description is omitted here.

Then, at step 612a, the HN derives a D2D function key K _D2D1 based on the ASME key K _asme1 and FID, where the FID is an ID of a D2D function entity (e.g, a ProSe function of the HN) serving the UE1 and UE2. For example, the D2D function key K _D2D1 may be calculated as K _D2D1＝KDF (K _asme1, FID) . Similarly, UE1 also derives the same D2D function key K _D2D1 based on the ASME key K _asme1 and the FID. In this way, the same D2D function key K _D2D1 can be shared between the UE1 and HN.

Likewise, at step 612b, the HN derives a D2D function key K _D2D2 based on the ASME key K _asme2 and the FID. For example, the D2D function key K _D2D2 may be calculated as K _D2D2＝KDF (K _asme2, FID) . Similarly, UE2 also derives the same D2D function key K _D2D2 based on the ASME key K _asme2 and the FID. In this way, the same D2D function key K _D2D2 can be shared between the UE2 and HN.

Then, at step 614, the UE1 and UE2 discover each other via a D2D discovery process to establish a D2D direct communication session. This step is similar to step 214 of FIG. 2. Then, at step 616, the UE1 sends a D2D session request to the HN to launch a session key generation process. The D2D session request may contain for example the IDs of both UEs.

Then, at step 618, in response to the D2D session request, the HN generates a session key hint HINT1 for the UE1 based on the RAND and the D2D function key K _D2D1, and generates a session key hint HINT2 for the UE2 based on the RAND and the D2D function key K _D2D2. For example, the HINT1 may be generated as HINT1＝g^K _D2D ^1·RAND, and the HINT2 may be generated as HINT2＝g^K _D2D ^2·RAND. This step is similar to the combination of

steps

218 and 222 of FIG. 2. Optionally, the HN may determine a SID for this D2D session. As one example, the SID may be arranged sequentially at the core network CN of the HN to facilitate the D2D session management, billing and so on. As another example, the SID may be determined as a random number.

Then, at step 626a, the HN sends a first session key generation request to the UE1. The first session key generation request may contain at least the HINT2. As one example, the first session key generation request may contain the HINT2 and the UE2’s ID. As another example, the first session key generation request may contain the HINT2, the UE2’s ID and the SID.

Similarly, at step 626b, the HN sends a second session key generation request to the UE2. The second session key generation request may contain at least the HINT1. As one example, the second session key generation request may contain the HINT1 and the UE1’s ID. As another example, the session key generation request may contain the HINT1, the UE1’s ID and the SID.

Then, at step 628a, in response to the first session key generation request, the UE1 generates a D2D session key Ks based at least in part on the D2D function key K _D2D1 and the HINT2. For example, the D2D session key Ks may be generated as HINT2^K _D2D ¹ or KDF (HINT2^K _D2D ¹) . Optionally, the UE1 may generate the D2D session key Ks based on the D2D function key K _D2D1, the HINT2 and the SID. For example, the D2D session key Ks may be generated as KDF (SID, HINT2^K _D2D ¹) . Further, optionally, the UE1 may extract the ID contained in the first session key generation request and check whether the ID is the same as the counterpart user ID in the D2D discovery process. If they match, UE1 may generate the D2D session key Ks.

Similarly, at step 628b, in response to the second session key generation request, the UE2 generates the D2D session key Ks based at least in part on the D2D function key K _D2D2 and the HINT1. For example, the D2D session key Ks may be generated as HINT1^K _D2D ² or KDF (HINT1^K _D2D ²) . Optionally, the UE2 may generate the D2D session key Ks based on the D2D function key K _D2D2, the HINT1 and the SID. For example, the D2D session key Ks may be generated as KDF (SID, HINT1^K _D2D ²) . Further, optionally, the UE2 may extract the ID contained in the second session key generation request and check whether the ID is the same as the counterpart user ID in the D2D discovery process. If they match, the UE2 may generate the D2D session key Ks. In this way, the same D2D session key Ks can be shared between the UE1 and UE2. Then, at step 630, the UE1 and UE2 use the D2D session key Ks for the D2D session.

FIG. 7 depicts a flowchart of an authentication and key agreement protocol under inner-operator and full-roaming situation according to an embodiment of the present disclosure. In this situation, the UE1 and UE2 subscribe to the same operator network HN. Both of them roam to a same place and are served by a same visited network VN. Through steps 702a-710a, K _asme1 can be shared between the UE1 and VN, wherein K _asme1 may be calculated as K _asme1＝KDF (K1, VN_ID) . Through steps 702b-710b, K _asme2 can be shared between the UE2 and VN, wherein K _asme2 may be calculated as K _asme2＝KDF (K2, VN_ID) . Steps 702a-710a (or 702b-710b) are similar to steps 202a-210a (or 202b-210b) of FIG. 2, and thus their detailed description is omitted here.

Then, at step 712a, the VN derives a D2D function key K _D2D1. Similarly, the UE1 also derives the same D2D function key K _D2D1. In this way, the same D2D function key K _D2D1 can be shared between the UE1 and VN. Likewise, at step 712b, the VN derives a D2D function key K _D2D2. Similarly, the UE2 also derives the same D2D function key K _D2D2. In this way, the same D2D function key K _D2D2 can be shared between the UE2 and VN. Step 712a/712b is similar to step 612a/612b of FIG. 6.

Then, at step 714, the UE1 and UE2 discover each other via a D2D discovery process to establish a D2D direct communication session. This step is similar to step 214 of FIG. 2. Then, at step 716, the UE1 sends a D2D session request to the VN to launch a session key generation process. This step is similar to step 616 of FIG. 6.

Then, at step 718, in response to the D2D session request, the VN generates a session key hint HINT1 for the UE1, and generates a session key hint HINT2 for the UE2. This step is similar to step 618 of FIG. 6. Then, at step 726a, the VN sends a first session key generation request to the UE1. This step is similar to step 626a of FIG. 6. Similarly, at step 726b, the VN sends a second session key generation request to the UE2. This step is similar to step 626b of FIG. 6.

Then, at step 728a, in response to the first session key generation request, the UE1 generates a D2D session key Ks. Similarly, at step 728b, in response to the second session key generation request, the UE2 generates the D2D session key Ks. Step 728a/728b is similar to step 628a/628b of FIG. 6. Then, at step 730, the UE1 and UE2 use the D2D session key Ks for the D2D session.

FIG. 8 depicts a flowchart of an authentication and key agreement protocol under inter-operator and partial roaming situation according to an embodiment of the present disclosure. In this situation, the UE1 who subscribes to an operator network HN1 roams to a visited network VN2, to which the UE2 subscribes, i.e., the UE1’s visited network is the same as the UE2’s home network. Through steps 802a-810a, K _asme1 can be shared between the UE1 and VN2, wherein K _asme1 may be calculated as K _asme1＝KDF (K1, VN2_ID) . Through step 802b, K _asme2 can be shared between the UE2 and VN2, wherein K _asme2 may be calculated as K _asme2＝KDF (K2, VN2_ID) . Steps 802a-810a are similar to steps 202a-210a of FIG. 2, and step 802b is similar to step 402b of FIG. 4, and thus their detailed description is omitted here.

Then, at step 812a, the VN2 derives a D2D function key K _D2D1. Similarly, the UE1 also derives the same D2D function key K _D2D1. In this way, the same D2D function key K _D2D1 can be shared between the UE1 and VN2. Likewise, at step 812b, the VN2 derives a D2D function key K _D2D2. Similarly, the UE2 also derives the same D2D function key K _D2D2. In this way, the same D2D function key K _D2D2 can be shared between the UE2 and VN2. Step 812a/812b is similar to step 612a/612b of FIG. 6.

Then, at step 814, the UE1 and UE2 discover each other via a D2D discovery process to establish a D2D direct communication session. This step is similar to step 214 of FIG. 2. Then, at step 816, the UE1 sends a D2D session request to the VN2 to launch a session key generation process. This step is similar to step 616 of FIG. 6.

Then, at step 818, in response to the D2D session request, the VN2 generates a session key hint HINT1 for the UE1, and generates a session key hint HINT2 for the UE2. This step is similar to step 618 of FIG. 6. Then, at step 826a, the VN2 sends a first session key generation request to the UE1. This step is similar to step 626a of FIG. 6. Similarly, at step 826b, the VN2 sends a second session key generation request to the UE2. This step is similar to step 626b of FIG. 6.

Then, at step 828a, in response to the first session key generation request, the UE1 generates a D2D session key Ks. Similarly, at step 828b, in response to the second session key generation request, the UE2 generates the D2D session key Ks. Step 828a/828b is similar to step 628a/628b of FIG. 6. Then, at step 830, the UE1 and UE2 use the D2D session key Ks for the D2D session.

In short, according to the above description with reference to FIGs. 1-8, a universal key agreement protocol for D2D communications can be provided based on Diffle-Hellman key exchange. It can help D2D users to generate the security key for a D2D session in almost all communication scenarios under the control of LTE core networks.

FIG. 9 depicts a flowchart of a method implemented at network side for securing a D2D session according to an embodiment of the present disclosure. The method may be employed for securing a D2D session between a first UE and a second UE, wherein the first UE is served by a first wireless network (WN) with a first key shared there between, and the second UE is served by a second WN with a second key shared there between. The method may be performed by one of the first and second WNs (for example the first WN) . At step 902, the first WN generates a first Session Key (SK) hint based at least in part on the first key and a first RAND, wherein the second WN is able to generate a second SK hint based at least in part on the second key and a second RAND. This step may be implemented as described with reference to step 218 of FIG. 2, step 418 of FIG. 4 and step 518 of FIG. 5.

At step 904, the first WN exchanges the SK hints with the second WN. This step may be implemented as described with reference to

steps

220, 224 of FIG. 2,

steps

420, 424 of FIG. 4, and steps 520, 524 of FIG. 5. Then, at step 906, the first WN sends to the first UE a SK generation request comprising at least the second SK hint and the first RAND, such that the first UE is able to generate a SK for the D2D session based at least in part on the first key, the second SK hint and the first RAND. This step may be implemented as described with reference to step 226a of FIG. 2, step 426a of FIG. 4 and step 526a of FIG. 5.

FIG. 10 depicts a flowchart of a method implemented at network side for securing a D2D session according to an embodiment of the present disclosure. The method may be employed for securing a D2D session between a first UE and a second UE, wherein the first UE is served by a wireless network (WN) with a first key shared there between, and the second UE is served by the WN with a second key shared there between. The method may be performed by the WN. At step 1002, the WN generates a first Session Key (SK) hint based at least in part on the first key and a RAND. At step 1004, the WN generates a second SK hint based at least in part on the second key and the RAND. Steps 1002-1004 may be implemented as described with reference to step 618 of FIG. 6, step 718 of FIG. 7 and step 818 of FIG. 8.

Then, at step 1006, the WN sends to the first UE a first SK generation request comprising at least the second SK hint, such that the first UE is able to generate a SK for the D2D session based at least in part on the first key and the second SK hint. At step 1008, the WN sends to the second UE a second SK generation request comprising at least the first SK hint, such that the second UE is able to generate the same SK based at least in part on the second key and the first SK hint. Steps 1006-1008 may be implemented as described with reference to step 626a and 626b of FIG. 6,

step

726a and 726b of FIG. 7 and

step

826a and 826b of FIG. 8.

FIG. 11 depicts a flowchart of a method implemented at UE side for securing a D2D session according to an embodiment of the present disclosure. The method may be employed for securing a D2D session between a first UE and a second UE, wherein the first UE is served by a first wireless network (WN) with a first key shared there between, and the second UE is served by a second WN with a second key shared there between. The method may be performed by one of the first and second UEs (for example the first UE) . At step 1102, the first UE receives from the first WN a first Session Key (SK) generation request comprising at least a second SK hint and a first RAND. This step may be implemented as described with reference to step 226a/226b of FIG. 2.

Then, at step 1104, the first UE generates a SK for the D2D session based at least in part on the first key, the second SK hint and the first RAND, wherein the first WN is able to generate a first SK hint based at least in part on the first key and the first RAND, the second WN is able to generate the second SK hint based at least in part on the second key and a second RAND, and the first WN is able to exchange the SK hints with the second WN. This step may be implemented as described with reference to step 228a/228b of FIG. 2, step 428a/428b of FIG. 4 and step 528a/528b of FIG. 5.

FIG. 12 depicts a flowchart of a method implemented at UE side for securing a D2D session according to an embodiment of the present disclosure. The method may be employed for securing a D2D session between a first UE and a second UE, wherein the first UE is served by a wireless network (WN) with a first key shared there between, and the second UE is served by the WN with a second key shared there between. The method may be performed by one of the first and second UEs (for example, the first UE) . At step 1202, the first UE receives from the first WN a first Session Key (SK) generation request comprising at least a second SK hint. This step may be implemented as described with reference to step 626a/626b of FIG. 6, step 726a/726b of FIG. 7 and step 826a/826b of FIG. 8.

Then, at step 1204, the first UE generates a SK for the D2D session based at least in part on the first key and the second SK hint, wherein the WN is able to generate a first SK hint based at least in part on the first key and a RAND, and to generate the second SK hint based at least in part on the second key and the RAND. This step may be implemented as described with reference to step 628a/628b of FIG. 6, step 728a/728b of FIG. 7 and step 828a/828b of FIG. 8.

Based on the above description, the following advantageous technical effects can be achieved by the present disclosure:

(1) The security issues in D2D communications in the situation that users roam from home networks to visited networks and users belong to different operators can be addressed. The proposed protocol gives a universal method of handling the user roaming and inter-operator D2D secure communications. By considering the most complicated situation where two users belonging to two different operators roam to the same place, but are serviced by two different local operators’networks, the key agreement in all scenarios can be solved by the present disclosure.

(2) The present disclosure proposes a key hierarchy of D2D communication based on the framework of LTE-A network key hierarchy. New keys used for D2D communication are derived from the existing keys in LTE-A system, which greatly increases the compatibility of D2D communication subsystem with the LTE-A system and reduces the deployment cost of D2D service.

(3) The present disclosure is flexible to support various cases regarding roaming or inter-operator based D2D communications. By making use of different shared keys for generation of D2D session key Ks, the invention can support various D2D communication scenarios.

FIG. 13 is a simplified block diagram showing an apparatus that is suitable for use in practicing some embodiments of the present disclosure. For example, the UEs and the network element in the HNs or VNs may be implemented through the apparatus 1300. As shown, the apparatus 1300 may include a data processor 1310, a memory 1320 that stores a program 1330, and a communication interface 1340 for communicating data with other external devices through wired and/or wireless communication.

The program 1330 is assumed to include program instructions that, when executed by the data processor 1310, enable the apparatus 1300 to operate in accordance with the embodiments of this disclosure, as discussed above. That is, the embodiments of this disclosure may be implemented at least in part by computer software executable by the data processor 1310, or by hardware, or by a combination of software and hardware.

The memory 1320 may be of any type suitable to the local technical environment and may be implemented using any suitable data storage technology, such as semiconductor based memory devices, flash memory, magnetic memory devices and systems, optical memory devices and systems, fixed memory and removable memory. The data processor 1310 may be of any type suitable to the local technical environment, and may include one or more of general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multi-core processor architectures, as non-limiting examples.

In general, the various exemplary embodiments may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. For example, some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device, although the disclosure is not limited thereto. While various aspects of the exemplary embodiments of this disclosure may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.

As such, it should be appreciated that at least some aspects of the exemplary embodiments of the disclosure may be practiced in various components such as integrated circuit chips and modules. It should thus be appreciated that the exemplary embodiments of this disclosure may be realized in an apparatus that is embodied as an integrated circuit, where the integrated circuit may comprise circuitry (as well as possibly firmware) for embodying at least one or more of a data processor, a digital signal processor, baseband circuitry and radio frequency circuitry that are configurable so as to operate in accordance with the exemplary embodiments of this disclosure.

It should be appreciated that at least some aspects of the exemplary embodiments of the disclosure may be embodied in computer-executable instructions, such as in one or more program modules, executed by one or more computers or other devices. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types when executed by a processor in a computer or other device. The computer executable instructions may be stored on a computer readable medium such as a hard disk, optical disk, removable storage media, solid state memory, RAM, etc. As will be appreciated by one of skill in the art, the function of the program modules may be combined or distributed as desired in various embodiments. In addition, the function may be embodied in whole or in part in firmware or hardware equivalents such as integrated circuits, field programmable gate arrays (FPGA) , and the like.

The present disclosure includes any novel feature or combination of features disclosed herein either explicitly or any generalization thereof. Various modifications and adaptations to the foregoing exemplary embodiments of this disclosure may become apparent to those skilled in the relevant arts in view of the foregoing description, when read in conjunction with the accompanying drawings. However, any and all modifications will still fall within the scope of the non-Limiting and exemplary embodiments of this disclosure.

Claims

A method for securing a device-to-device (D2D) session between a first user equipment and a second user equipment, wherein the first user equipment is served by a first wireless network with a first key shared there between, and the second user equipment is served by a second wireless network with a second key shared there between, the method comprising:

generating a first session key hint based at least in part on the first key and a first random number, wherein the second wireless network is able to generate a second session key hint based at least in part on the second key and a second random number；

exchanging the session key hints with the second wireless network； and

sending to the first user equipment a session key generation request comprising at least the second session key hint and the first random number, such that the first user equipment is able to generate a session key for the D2D session based at least in part on the first key, the second session key hint and the first random number.
The method according to claim 1, wherein the step of generating comprises:

deriving a first D2D function key based on the first key and a first function identity that is an identity of a D2D function entity serving the first user equipment； and

creating the first session key hint based on the first D2D function key and the first random number；

wherein the first user equipment is able to derive the first D2D function key and generate the session key based on the first D2D function key, the second session key hint and the first random number.
The method according to claim 1 or 2, further comprising:

determining a session identity that is an identity of the D2D session； and

sending the session identity to the second wireless network；

wherein the session key generation request further comprises the session identity, and the first user equipment is able to generate the session key based further on the session identity.
The method according to claim 1 or 2, further comprising: receiving a session identity from the second wireless network；

wherein the session key generation request further comprises the session identity, and the first user equipment is able to generate the session key based further on the session identity.
The method according to any one of claims 1-3, wherein the step of generating is performed in response to a D2D session request from the first user equipment；

wherein the step of exchanging comprises:

sending the first session key hint to the second wireless network； and

receiving the second session key hint from the second wireless network.
The method according to any one of claims 1, 2 and 4, wherein the step of exchanging comprises:

receiving from the second wireless network a key agreement request comprising at least the second session key hint, wherein the step of generating is performed in response to the key agreement request； and

sending to the second wireless network a key agreement response comprising at least the first session key hint.
The method according to any one of claims 1-6, wherein the first wireless network is the first user equipment’s visited network, and the second wireless network is the second user equipment’s visited network； and

wherein the first key is generated based on the first wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the second wireless network’s identity and a fourth key shared between the second user equipment and its home network.
The method according to any one of claims 1-6, wherein the first wireless network is the first user equipment’s home network, and the second wireless network is the second user equipment’s home network； and

wherein the first key is generated based on the first wireless network’s identity and a third key shared between the first user equipment and the first wireless network, and the second key is generated based on the second wireless network’s identity and a fourth key shared between the second user equipment and the second wireless network.
The method according to any one of claims 1-6, wherein the first wireless network is the first user equipment’s visited network, and the second wireless network is the second user equipment’s home network； and

wherein the first key is generated based on the first wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the second wireless network’s identity and a fourth key shared between the second user equipment and the second wireless network.
The method according to any one of claims 1-9, wherein the first key is shared between the first user equipment and the first wireless network through a registration process and a mutual authentication and key agreement process； and

wherein the second key is shared between the second user equipment and the second wireless network through a registration process and a mutual authentication and key agreement process.
A method for securing a device-to-device (D2D) session between a first user equipment and a second user equipment, wherein the first user equipment is served by a wireless network with a first key shared there between, and the second user equipment is served by the wireless network with a second key shared there between, the method comprising:

generating a first session key hint based at least in part on the first key and a random number；

generating a second session key hint based at least in part on the second key and the random number；

sending to the first user equipment a first session key generation request comprising at least the second session key hint, such that the first user equipment is able to generate a session key for the D2D session based at least in part on the first key and the second session key hint； and

sending to the second user equipment a second session key generation request comprising at least the first session key hint, such that the second user equipment is able to generate the same session key based at least in part on the second key and the first session key hint.
The method according to claim 11, wherein the step of generating the first session key hint comprises:

deriving a first D2D function key based on the first key and a function identity that is an identity of a D2D function entity serving the first user equipment； and

creating the first session key hint based on the first D2D function key and the random number；

wherein the step of generating the second session key hint comprises:

deriving a second D2D function key based on the second key and the function identity； and

creating the second session key hint based on the second D2D function key and the random number；

wherein the first user equipment is able to derive the first D2D function key and generate the session key based on the first D2D function key and the second session key hint, and the second user equipment is able to derive the second D2D function key and generate the session key based on the second D2D function key and the first session key hint.
The method according to claim 11 or 12, further comprising: determining a session identity that is an identity of the D2D session；

wherein the first session key generation request further comprises the session identity, and the first user equipment is able to generate the session key based further on the session identity； and

wherein the second session key generation request further comprises the session identity, and the second user equipment is able to generate the session key based further on the session identity.
The method according to any one of claims 11-13, wherein the steps of generating the first and second session key hints are performed in response to a D2D session request from the first user equipment or the second user equipment.
The method according to any one of claims 11-14, wherein the wireless network is a home network of the first and second user equipments； and

wherein the first key is generated based on the wireless network’s identity and a third key shared between the first user equipment and the wireless network, and the second key is generated based on the wireless network’s identity and a fourth key shared between the second user equipment and the wireless network.
The method according to any one of claims 11-14, wherein the wireless network is a visited network of the first and second user equipments； and

wherein the first key is generated based on the wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the wireless network’s identity and a fourth key shared between the second user equipment and its home network.
The method according to any one of claims 11-14, wherein the wireless network is the first user equipment’s visited network, and the wireless network is the second user equipment’s home network； and

wherein the first key is generated based on the wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the wireless network’s identity and a fourth key shared between the second user equipment and the wireless network.
The method according to any one of claims 11-17, wherein the first key is shared between the first user equipment and the wireless network through a registration process and a mutual authentication and key agreement process； and

wherein the second key is shared between the second user equipment and the wireless network through a registration process and a mutual authentication and key agreement process.
A method for securing a device-to-device (D2D) session between a first user equipment and a second user equipment, wherein the first user equipment is served by a first wireless network with a first key shared there between, and the second user equipment is served by a second wireless network with a second key shared there between, the method comprising:

receiving from the first wireless network a first session key generation request comprising at least a second session key hint and a first random number； and

generating a session key for the D2D session based at least in part on the first key, the second session key hint and the first random number；

wherein the first wireless network is able to generate a first session key hint based at least in part on the first key and the first random number, the second wireless network is able to generate the second session key hint based at least in part on the second key and a second random number, and the first wireless network is able to exchange the session key hints with the second wireless network.
The method according to claim 19, further comprising: sending a D2D session request to the first wireless network；

wherein the first wireless network is able to generate the first session key hint in response to the D2D session request.
The method according to claim 19 or 20, wherein the step of generating comprises:

deriving a first D2D function key based on the first key and a first function identity that is an identity of a D2D function entity serving the first user equipment； and

creating the session key based on the first D2D function key, the second session key hint and the first random number；

wherein the first wireless network is able to derive the first D2D function key and generate the first session key hint based on the first D2D function key and the first random number, and the second wireless network is able to derive a second D2D function key and generate the second session key hint based on the second D2D function key and the second random number.
The method according to any one of claims 19-21, wherein the first session key generation request further comprises a session identity that is an identity of the D2D session； and

wherein the step of generating comprises: generating the session key based further on the session identity.
The method according to any one of claims 19-22, wherein the first wireless network is the first user equipment’s visited network, and the second wireless network is the second user equipment’s visited network； and

wherein the first key is generated based on the first wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the second wireless network’s identity and a fourth key shared between the second user equipment and its home network.
The method according to any one of claims 19-22, wherein the first wireless network is the first user equipment’s home network, and the second wireless network is the second user equipment’s home network； and

wherein the first key is generated based on the first wireless network’s identity and a third key shared between the first user equipment and the first wireless network, and the second key is generated based on the second wireless network’s identity and a fourth key shared between the second user equipment and the second wireless network.
The method according to any one of claims 19-22, wherein the first wireless network is the first user equipment’s visited network, and the second wireless network is the second user equipment’s home network； and

wherein the first key is generated based on the first wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the second wireless network’s identity and a fourth key shared between the second user equipment and the second wireless network.
The method according to any one of claims 19-25, wherein the first key is shared between the first user equipment and the first wireless network through a registration process and a mutual authentication and key agreement process； and

wherein the second key is shared between the second user equipment and the second wireless network through a registration process and a mutual authentication and key agreement process.
A method for securing a device-to-device (D2D) session between a first user equipment and a second user equipment, wherein the first user equipment is served by a wireless network with a first key shared there between, and the second user equipment is served by the wireless network with a second key shared there between, the method comprising:

receiving from the first wireless network a first session key generation request comprising at least a second session key hint； and

generating a session key for the D2D session based at least in part on the first key and the second session key hint；

wherein the wireless network is able to generate a first session key hint based at least in part on the first key and a random number, and to generate the second session key hint based at least in part on the second key and the random number.
The method according to claim 27, further comprising: sending a D2D session request to the wireless network；

wherein the wireless network is able to generate the first and second session key hints in response to the D2D session request.
The method according to claim 27 or 28, wherein the step of generating comprises:

deriving a first D2D function key based on the first key and a function identity that is an identity of a D2D function entity serving the first user equipment； and

creating the session key based on the first D2D function key and the second session key hint；

wherein the wireless network is able to derive the first D2D function key and generate a first session key hint based on the first D2D function key and the random number, and to derive a second D2D function key and generate the second session key hint based on the second D2D function key and the random number.
The method according to any one of claims 27-29, wherein the first session key generation request further comprises a session identity that is an identity of the D2D session； and

wherein the step of generating comprises: generating the session key based further on the session identity.
The method according to any one of claims 27-30, wherein the wireless network is a home network of the first and second user equipments； and

wherein the first key is generated based on the wireless network’s identity and a third key shared between the first user equipment and the wireless network, and the second key is generated based on the wireless network’s identity and a fourth key shared between the second user equipment and the wireless network.
The method according to any one of claims 27-30, wherein the wireless network is a visited network of the first and second user equipments； and

wherein the first key is generated based on the wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the wireless network’s identity and a fourth key shared between the second user equipment and its home network.
The method according to any one of claims 27-30, wherein the wireless network is the first user equipment’s visited network, and the wireless network is the second user equipment’s home network； and

wherein the first key is generated based on the wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the wireless network’s identity and a fourth key shared between the second user equipment and the wireless network.
The method according to any one of claims 27-33, wherein the first key is shared between the first user equipment and the wireless network through a registration process and a mutual authentication and key agreement process； and

wherein the second key is shared between the second user equipment and the wireless network through a registration process and a mutual authentication and key agreement process.
An apparatus for securing a device-to-device (D2D) session between a first user equipment and a second user equipment, wherein the first user equipment is served by a first wireless network with a first key shared there between, and the second user equipment is served by a second wireless network with a second key shared there between, the apparatus comprising:

means for generating a first session key hint based at least in part on the first key and a first random number, wherein the second wireless network is able to generate a second session key hint based at least in part on the second key and a second random number；

means for exchanging the session key hints with the second wireless network； and

means for sending to the first user equipment a session key generation request comprising at least the second session key hint and the first random number, such that the first user equipment is able to generate a session key for the D2D session based at least in part on the first key, the second session key hint and the first random number.
The apparatus according to claim 35, wherein means for generating comprises:

means for deriving a first D2D function key based on the first key and a first function identity that is an identity of a D2D function entity serving the first user equipment； and

means for creating the first session key hint based on the first D2D function key and the first random number；

wherein the first user equipment is able to derive the first D2D function key and generate the session key based on the first D2D function key, the second session key hint and the first random number.
The apparatus according to claim 35 or 36, further comprising:

means for determining a session identity that is an identity of the D2D session； and

means for sending the session identity to the second wireless network；

wherein the session key generation request further comprises the session identity, and the first user equipment is able to generate the session key based further on the session identity.
The apparatus according to claim 35 or 36, further comprising: means for receiving a session identity from the second wireless network；

wherein the session key generation request further comprises the session identity, and the first user equipment is able to generate the session key based further on the session identity.
The apparatus according to any one of claims 35-37, wherein means for generating operates in response to a D2D session request from the first user equipment；

wherein means for exchanging comprises:

means for sending the first session key hint to the second wireless network； and

means for receiving the second session key hint from the second wireless network.
The apparatus according to any one of claims 35, 36 and 38, wherein means for exchanging comprises:

means for receiving from the second wireless network a key agreement request comprising at least the second session key hint, wherein means for generating operates in response to the key agreement request； and

means for sending to the second wireless network a key agreement response comprising at least the first session key hint.
The apparatus according to any one of claims 35-40, wherein the first wireless network is the first user equipment’s visited network, and the second wireless network is the second user equipment’s visited network； and

wherein the first key is generated based on the first wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the second wireless network’s identity and a fourth key shared between the second user equipment and its home network.
The apparatus according to any one of claims 35-40, wherein the first wireless network is the first user equipment’s home network, and the second wireless network is the second user equipment’s home network； and

wherein the first key is generated based on the first wireless network’s identity and a third key shared between the first user equipment and the first wireless network, and the second key is generated based on the second wireless network’s identity and a fourth key shared between the second user equipment and the second wireless network.
The apparatus according to any one of claims 35-40, wherein the first wireless network is the first user equipment’s visited network, and the second wireless network is the second user equipment’s home network； and

wherein the first key is generated based on the first wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the second wireless network’s identity and a fourth key shared between the second user equipment and the second wireless network.
The apparatus according to any one of claims 35-43, wherein the first key is shared between the first user equipment and the first wireless network through a registration process and a mutual authentication and key agreement process； and

wherein the second key is shared between the second user equipment and the second wireless network through a registration process and a mutual authentication and key agreement process.
An apparatus for securing a device-to-device (D2D) session between a first user equipment and a second user equipment, wherein the first user equipment is served by a wireless network with a first key shared there between, and the second user equipment is served by the wireless network with a second key shared there between, the apparatus comprising:

means for generating a first session key hint based at least in part on the first key and a random number；

means for generating a second session key hint based at least in part on the second key and the random number；

means for sending to the first user equipment a first session key generation request comprising at least the second session key hint, such that the first user equipment is able to generate a session key for the D2D session based at least in part on the first key and the second session key hint； and

means for sending to the second user equipment a second session key generation request comprising at least the first session key hint, such that the second user equipment is able to generate the same session key based at least in part on the second key and the first session key hint.
The apparatus according to claim 45, wherein means for generating the first session key hint comprises:

means for deriving a first D2D function key based on the first key and a function identity that is an identity of a D2D function entity serving the first user equipment； and

means for creating the first session key hint based on the first D2D function key and the random number；

wherein means for generating the second session key hint comprises:

means for deriving a second D2D function key based on the second key and the function identity； and

means for creating the second session key hint based on the second D2D function key and the random number；

wherein the first user equipment is able to derive the first D2D function key and generate the session key based on the first D2D function key and the second session key hint, and the second user equipment is able to derive the second D2D function key and generate the session key based on the second D2D function key and the first session key hint.
The apparatus according to claim 45 or 46, further comprising: means for determining a session identity that is an identity of the D2D session；

wherein the first session key generation request further comprises the session identity, and the first user equipment is able to generate the session key based further on the session identity； and

wherein the second session key generation request further comprises the session identity, and the second user equipment is able to generate the session key based further on the session identity.
The apparatus according to any one of claims 45-47, wherein means for generating the first and second session key hints operate in response to a D2D session request from the first user equipment or the second user equipment.
The apparatus according to any one of claims 45-48, wherein the wireless network is a home network of the first and second user equipments； and

wherein the first key is generated based on the wireless network’s identity and a third key shared between the first user equipment and the wireless network, and the second key is generated based on the wireless network’s identity and a fourth key shared between the second user equipment and the wireless network.
The apparatus according to any one of claims 45-48, wherein the wireless network is a visited network of the first and second user equipments； and

wherein the first key is generated based on the wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the wireless network’s identity and a fourth key shared between the second user equipment and its home network.
The apparatus according to any one of claims 45-48, wherein the wireless network is the first user equipment’s visited network, and the wireless network is the second user equipment’s home network； and

wherein the first key is generated based on the wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the wireless network’s identity and a fourth key shared between the second user equipment and the wireless network.
The apparatus according to any one of claims 45-51, wherein the first key is shared between the first user equipment and the wireless network through a registration process and a mutual authentication and key agreement process； and

wherein the second key is shared between the second user equipment and the wireless network through a registration process and a mutual authentication and key agreement process.
An apparatus for securing a device-to-device (D2D) session between a first user equipment and a second user equipment, wherein the first user equipment is served by a first wireless network with a first key shared there between, and the second user equipment is served by a second wireless network with a second key shared there between, the apparatus comprising:

means for receiving from the first wireless network a first session key generation request comprising at least a second session key hint and a first random number； and

means for generating a session key for the D2D session based at least in part on the first key, the second session key hint and the first random number；

wherein the first wireless network is able to generate a first session key hint based at least in part on the first key and the first random number, the second wireless network is able to generate the second session key hint based at least in part on the second key and a second random number, and the first wireless network is able to exchange the session key hints with the second wireless network.
The apparatus according to claim 53, further comprising: means for sending a D2D session request to the first wireless network；

wherein the first wireless network is able to generate the first session key hint in response to the D2D session request.
The apparatus according to claim 53 or 54, wherein means for generating comprises:

means for deriving a first D2D function key based on the first key and a first function identity that is an identity of a D2D function entity serving the first user equipment； and

means for creating the session key based on the first D2D function key, the second session key hint and the first random number；

wherein the first wireless network is able to derive the first D2D function key and generate the first session key hint based on the first D2D function key and the first random number, and the second wireless network is able to derive a second D2D function key and generate the second session key hint based on the second D2D function key and the second random number.
The apparatus according to any one of claims 53-55, wherein the first session key generation request further comprises a session identity that is an identity of the D2D session； and

wherein means for generating comprises: means for generating the session key based further on the session identity.
The apparatus according to any one of claims 53-56, wherein the first wireless network is the first user equipment’s visited network, and the second wireless network is the second user equipment’s visited network； and

wherein the first key is generated based on the first wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the second wireless network’s identity and a fourth key shared between the second user equipment and its home network.
The apparatus according to any one of claims 53-56, wherein the first wireless network is the first user equipment’s home network, and the second wireless network is the second user equipment’s home network； and

wherein the first key is generated based on the first wireless network’s identity and a third key shared between the first user equipment and the first wireless network, and the second key is generated based on the second wireless network’s identity and a fourth key shared between the second user equipment and the second wireless network.
The apparatus according to any one of claims 53-56, wherein the first wireless network is the first user equipment’s visited network, and the second wireless network is the second user equipment’s home network； and

wherein the first key is generated based on the first wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the second wireless network’s identity and a fourth key shared between the second user equipment and the second wireless network.
The apparatus according to any one of claims 53-59, wherein the first key is shared between the first user equipment and the first wireless network through a registration process and a mutual authentication and key agreement process； and

wherein the second key is shared between the second user equipment and the second wireless network through a registration process and a mutual authentication and key agreement process.
An apparatus for securing a device-to-device (D2D) session between a first user equipment and a second user equipment, wherein the first user equipment is served by a wireless network with a first key shared there between, and the second user equipment is served by the wireless network with a second key shared there between, the apparatus comprising:

means for receiving from the first wireless network a first session key generation request comprising at least a second session key hint； and

means for generating a session key for the D2D session based at least in part on the first key and the second session key hint；

wherein the wireless network is able to generate a first session key hint based at least in part on the first key and a random number, and to generate the second session key hint based at least in part on the second key and the random number.
The apparatus according to claim 61, further comprising: means for sending a D2D session request to the wireless network；

wherein the wireless network is able to generate the first and second session key hints in response to the D2D session request.
The apparatus according to claim 61 or 62, wherein means for generating comprises:

means for deriving a first D2D function key based on the first key and a function identity that is an identity of a D2D function entity serving the first user equipment； and

means for creating the session key based on the first D2D function key and the second session key hint；

wherein the wireless network is able to derive the first D2D function key and generate a first session key hint based on the first D2D function key and the random number, and to derive a second D2D function key and generate the second session key hint based on the second D2D function key and the random number.
The apparatus according to any one of claims 61-63, wherein the first session key generation request further comprises a session identity that is an identity of the D2D session； and

wherein means for generating comprises: means for generating the session key based further on the session identity.
The apparatus according to any one of claims 61-64, wherein the wireless network is a home network of the first and second user equipments； and

wherein the first key is generated based on the wireless network’s identity and a third key shared between the first user equipment and the wireless network, and the second key is generated based on the wireless network’s identity and a fourth key shared between the second user equipment and the wireless network.
The apparatus according to any one of claims 61-64, wherein the wireless network is a visited network of the first and second user equipments； and

wherein the first key is generated based on the wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the wireless network’s identity and a fourth key shared between the second user equipment and its home network.
The apparatus according to any one of claims 61-64, wherein the wireless network is the first user equipment’s visited network, and the wireless network is the second user equipment’s home network； and

wherein the first key is generated based on the wireless network’s identity and a third key shared between the first user equipment and its home network, and the second key is generated based on the wireless network’s identity and a fourth key shared between the second user equipment and the wireless network.
The apparatus according to any one of claims 61-67, wherein the first key is shared between the first user equipment and the wireless network through a registration process and a mutual authentication and key agreement process； and

wherein the second key is shared between the second user equipment and the wireless network through a registration process and a mutual authentication and key agreement process.
An apparatus for securing a device-to-device (D2D) session between a first user equipment and a second user equipment, wherein the first user equipment is served by a first wireless network with a first key shared there between, and the second user equipment is served by a second wireless network with a second key shared there between, the apparatus comprising:

at least one processor； and

at least one memory comprising computer-executable code,

wherein the at least one memory and the computer-executable code are configured to, with the at least one processor, cause the apparatus to operate according to any one of claims 1-10.
An apparatus for securing a device-to-device (D2D) session between a first user equipment and a second user equipment, wherein the first user equipment is served by a wireless network with a first key shared there between, and the second user equipment is served by the wireless network with a second key shared there between, the apparatus comprising:

at least one processor； and

at least one memory comprising computer-executable code,

wherein the at least one memory and the computer-executable code are configured to, with the at least one processor, cause the apparatus to operate according to any one of claims 11-18.
An apparatus for securing a device-to-device (D2D) session between a first user equipment and a second user equipment, wherein the first user equipment is served by a first wireless network with a first key shared there between, and the second user equipment is served by a second wireless network with a second key shared there between, the apparatus comprising:

at least one processor； and

at least one memory comprising computer-executable code,

wherein the at least one memory and the computer-executable code are configured to, with the at least one processor, cause the apparatus to operate according to any one of claims 19-26.
An apparatus for securing a device-to-device (D2D) session between a first user equipment and a second user equipment, wherein the first user equipment is served by a wireless network with a first key shared there between, and the second user equipment is served by the wireless network with a second key shared there between, the apparatus comprising:

at least one processor； and

at least one memory comprising computer-executable code,

wherein the at least one memory and the computer-executable code are configured to, with the at least one processor, cause the apparatus to operate according to any one of claims 27-34.
A computer program product comprising at least one non-transitory computer-readable storage medium having computer-executable program instructions stored therein, the computer-executable instructions being configured to, when being executed, cause an apparatus to operate according to any one of claims 1-34.