CN103297961B - A kind of equipment and system for safety communication between devices - Google Patents
A kind of equipment and system for safety communication between devices Download PDFInfo
- Publication number
- CN103297961B CN103297961B CN201210055771.1A CN201210055771A CN103297961B CN 103297961 B CN103297961 B CN 103297961B CN 201210055771 A CN201210055771 A CN 201210055771A CN 103297961 B CN103297961 B CN 103297961B
- Authority
- CN
- China
- Prior art keywords
- user equipment
- equipment
- message
- security
- security configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
It is an object of the invention to provide a kind of equipment and system for safety communication between devices.Wherein, the first user equipment determines to treat to carry out the second user equipment of direct communication therewith;First network equipment generates the security configuration message of communication between devices to intend the first user equipment of direct communication with second user equipment, and the security configuration message is sent to first user equipment and the second user equipment;First user equipment, according to the security configuration message, establishes direct communication with the second user equipment.Compared with prior art, the present invention focuses on the security feature of D2D communications.Also, the equipment due to being communicated for D2D can support the communication via access link and D2D links simultaneously, therefore the safe design of D2D links will not be had an impact to the safety of access link.Safety approach in the present invention can protect data flow not received by third party, and allow recipient to detect the insertion and replacement of packet.
Description
Technical field
The present invention relates to wireless communication technology field, more particularly to a kind of technology for safety communication between devices.
Background technology
Communication between devices (device-to-device using based mobile communication facility as bottom architecture
Communications, D2D), direct communication can be achieved between aiming at two nearby devices in it.This equipment room is directly logical
The pattern of letter has huge commercial promise.
, it is necessary to the safety for the wave point established between base station and user in traditional cellular network, such as establish in connection,
Under the scene such as cell switching or connection reconstruction, safe key (security key) is generated by base station and user equipment respectively.So
And under D2D communication patterns, carry out needing to maintain D2D to lead in communication process between the equipment of D2D communications via wave point
The safety of letter, and traditional cellular network and need not.Further, there are a variety of D2D application scenarios in D2D communications, this causes
The safe design of D2D communications is more complicated.
Therefore, for the D2D communication scenes using based mobile communication facility as bottom architecture, effective peace is designed for it
Full mechanism is very important.
The content of the invention
It is an object of the invention to provide a kind of equipment and system for safety communication between devices.
According to an aspect of the invention, there is provided a kind of be used in the wireless communication networks based on based mobile communication facility
In network between other users equipment direct communication the first user equipment, wherein, first user equipment includes:
Straight-through equipment determining device, for determining to treat to carry out the second user equipment of direct communication therewith;
Security message acquisition device, for being obtained from the network equipment on first user equipment and the second user
First security configuration message of direct communication between equipment;
Direct communication establishes device, for according to the first security configuration message, being established with the second user equipment
Direct communication.
According to an aspect of the present invention, a kind of be used in the radio communication based on based mobile communication facility is additionally provided
In network between assisting user equipment direct communication trunking, wherein, the trunking includes:
The straight-through request of equipment that is straight-through to ask retransmission unit, being sent for receiving the first user equipment, and set described in forwarding
Standby straight-through request is treated to carry out the second user equipment of direct communication therewith to first user equipment;
User data retransmission unit, for forwarding what is transmitted between first user equipment and the second user equipment
User data.
According to an aspect of the present invention, a kind of be used in the radio communication based on based mobile communication facility is additionally provided
In network between assisting user equipment direct communication first network equipment, wherein, the first network equipment includes:
Security message generating means, for being respectively the first user equipment and the generation of second user equipment for intending direct communication
First security configuration message of communication between devices and the second security configuration message;
Security message dispensing device, for the first security configuration message to be sent to first user equipment, with
And the second security configuration message is sent to the second user equipment.
According to an aspect of the present invention, a kind of be used in the radio communication based on based mobile communication facility is additionally provided
In network between assisting user equipment direct communication second network equipment, wherein, second network equipment includes:
Security message obtains device, for being held consultation with first network equipment, thinks that plan is direct with the first user equipment
The second user equipment of communication obtains the second security configuration message of communication between devices, wherein, first user equipment and institute
It is corresponding to state first network equipment;
Security message dispensing device, for the second security configuration message to be sent to the second user equipment.
According to an aspect of the present invention, a kind of first base station is additionally provided, wherein, the first base station includes such as foregoing use
The first network of direct communication is set between the assisting user equipment in the cordless communication network based on based mobile communication facility
It is standby.
According to an aspect of the present invention, a kind of second base station is additionally provided, wherein, the first base station includes such as foregoing use
The second network of direct communication is set between the assisting user equipment in the cordless communication network based on based mobile communication facility
It is standby.
According to an aspect of the present invention, a kind of be used in the radio communication based on based mobile communication facility is additionally provided
In network between other users equipment direct communication system, wherein, the system includes such as being previously used for based on mobile logical
Believe the first user equipment of the direct communication between other users equipment in the cordless communication network of infrastructure, and it is such as foregoing
First network for direct communication between the assisting user equipment in the cordless communication network based on based mobile communication facility
Equipment.
Compared with prior art, the present invention focuses on the security feature of D2D communications.Also, because what is communicated for D2D sets
The standby communication that can be supported simultaneously via access link and D2D links, therefore will not be to access link to the safe design of D2D links
Safety have an impact.Safety approach in the present invention can protect data flow not received by third party, and make it that recipient can
To detect the insertion of packet and replacement.
Brief description of the drawings
By reading the detailed description made to non-limiting example made with reference to the following drawings, of the invention is other
Feature, objects and advantages will become more apparent upon:
Fig. 1 is shown according to one group of exemplary D2D communications applications scene of the invention;
Fig. 2 is shown according to another group of exemplary D2D communications applications scene of the invention;
Fig. 3 shows D2D communication schemes in accordance with a preferred embodiment of the present invention;
Fig. 4 shows the schematic device of D2D communications in accordance with a preferred embodiment of the present invention;
Fig. 5 shows the D2D communication schemes according to another preferred embodiment of the present invention;
Fig. 6 shows the schematic device to be communicated according to the D2D of another preferred embodiment of the present invention;
Fig. 7 shows the D2D communication schemes according to another preferred embodiment of the invention;
Fig. 8 shows the schematic device to be communicated according to the D2D of another preferred embodiment of the invention;
Fig. 9 shows the D2D communication schemes according to another preferred embodiment of the invention;
Figure 10 shows the schematic device to be communicated according to the D2D of another preferred embodiment of the invention.
Same or analogous reference represents same or analogous part in accompanying drawing.
Embodiment
The present invention is described in further detail below in conjunction with the accompanying drawings.
In order to support the security function of D2D communications, a kind of logic entity, i.e. secure entity are introduced in the present invention
(security entity), it is in the cordless communication network based on based mobile communication facility, such as LTE (Long Term
Evolution, Long Term Evolution) network, IMT-Advanced networks, WiMAX (Worldwide Interoperability for
Microwave Access, worldwide interoperability for microwave accesses) network etc., perform D2D communication security functions.The secure entity independently of
The security architecture and operating process of conventional access network and core net, the former is such as E-UTRAN (evolved universal
Terrestrial radio access network, the Universal Terrestrial wireless access network of evolution), the latter is as in LTE system
EPC (Evolved Packet Core, the block core of evolution).The secure entity can be installed on base station, or foregoing channel radio
Other network equipments in communication network, such as other addressable network elements of base station in LTE system.
Herein, for the sake of for convenience, base station is installed on secure entity and carries out citing elaboration, however, this area
Technical staff will be understood that such citing is merely illustrative, be not construed as any restrictions to protection scope of the present invention, other
The equipment that can include the secure entity that is existing or being likely to occur in the future belongs to protection scope of the present invention.For example, work as
When secure entity is installed on addressable other network elements in base station in LTE system, base station according to the D2D communication events between equipment,
The request of D2D security configurations is sent to the network element, mandate device secure entity therein generates corresponding security configuration and disappeared
Breath, and send to base station, the equipment that pending D2D communications are transmitted to by base station.
In the present invention, the equipment for carrying out D2D communications using based mobile communication facility as bottom architecture, its one side
It should establish and connect with base station, peer device (peer device) communication that on the other hand should be communicated with pending D2D.
Herein, former communication link is referred to as access link, and latter communication link is referred to as D2D links.In order to support two
Between equipment, even more than the safety of D2D links between equipment, following principle will be applicable.
1) equipment for D2D communications should support the communication via access link and D2D links simultaneously.Therefore, to D2D
The safe design of link should not have an impact to the safety of access link.
2) safe design typically requires to realize two functions:Encryption and integrity protection.Encrypt for protecting data flow not
Received by third party, the integrity protection of control signaling allows recipient to detect the insertion and replacement of packet.D2D leads to
Letter require between neighbouring device (proximate devices) can direct transmitting data stream, therefore should primarily be supported in D2D links
Encryption function.If D2D links need high-rise control signaling, to support the encryption of control signaling and integrity protection.
3) being used for the equipment of D2D communications can be communicated with other multiple peer devices that can carry out D2D communications simultaneously.
Safe design should have certain control signaling, to identify each D2D communication connections.
The safety approach of the D2D communications using based mobile communication facility as bottom architecture will be described in detail below.Specifically
Ground, can be with direct communication between base station determines the user equipment of plan progress D2D communications, and the base station requires secure entity generation
D2D safe keys.Afterwards, the base station generates and distributed corresponding security configuration message to intend carrying out the user equipment of D2D communications.
According to the security configuration message, such user equipment can perform encryption and integrity protection function on D2D links.The present invention's
Safety approach includes two crucial aspects:The generation of security configuration message and the distribution of security configuration message.
I. the generation of security configuration message
Based on mentioned above principle 1), the safe key generated by D2D links should be different from the safe key of access link.
Otherwise, an equipment may receive the data flow that other equipment is transmitted via access link.The safe key of D2D links by
The secure entity generation of base station side.
Based on mentioned above principle 2), secure entity needs to generate different safe keys, to be respectively used to encryption and integrality
Protection.For example, a safe key is used for the integrity protection of D2D control signalings, a safe key is used for D2D control signalings
Encryption, safe key is used for the encryption of user data.Corresponding AES and protection algorithm integrallty are also included within
In security configuration message.
Based on mentioned above principle 3), also include D2D identification informations in security configuration message, in multiple D2D links
Identify each D2D communications.Here, D2D identification informations can have a variety of implementations.For example, as a kind of simple realization
Mode, the identification information that the identification information for the peer device for carrying out D2D communications can be used to be communicated as its D2D.Peer device
Identification information can be obtained in the discovery phase of neighbouring device.
Here, basic security configuration message can include herein below:
- D2D identifies message;
- the safe key and AES for encryption;
- the safe key and protection algorithm integrallty for integrity protection.
For example, in LTE/LTE-A systems, RRC (Radio Resource Control, radio resource control) is even
Connect and reconfigure for adjusting RRC connections.Match somebody with somebody here, RRC connections reconfiguration message is expanded to include for the safety of D2D communications
Put message.RRC connection reconfiguration messages after the extension, are sent to equipment, it uses the equipment in access link by base station
Safe key be encrypted and integrity protection.The security configuration described below being included in RRC connection reconfiguration messages disappears
One example of breath.
It should be noted that those skilled in the art will be understood that above-mentioned LTE/LTE-A systems are merely illustrative, for saying
A bright specific applicable network of the invention, it is not construed as any restrictions to protection scope of the present invention, such as WiMAX system
Deng, other it is existing or in the future be likely to occur go for the present invention systems and/or network belong to the present invention guarantor
Protect scope.
II. the distribution of security configuration message
Figures 1 and 2 show that the application scenarios of a variety of D2D communications.As shown in figure 1, the user equipment in same cell
11 and user equipment 12 can mutual direct communication, be respectively at the user equipment 13 and user equipment 14 of two neighbor cells
Can mutual direct communication.In addition, D2D communications can also aid in via relaying, including single relaying auxiliary and multiple relayings aid in
Situation, for example, as shown in Fig. 2 user equipment 17 and user equipment 19 are relayed via trunking 18 to carry out D2D communications.
Based on the D2D communication scenes shown in Fig. 1 and Fig. 2, the security configuration based on network control will be described in detail below and disappear
Cease the basic process of distribution.
As shown in figure 1, user equipment 11 and user equipment 12 in the coverage of base station 21 mutually can be with direct communications.
Fig. 3 shows the direct communication process between exemplary a user equipment 11 and user equipment 12.When base station 21 determines user
D2D communication events between equipment 11 and user equipment 12, such as base station 21, by one of user equipment to report, this time D2D leads to
The notification message of letter, it is determined that this time D2D communication events, the base station 21 sends D2D security configuration message to each user equipment.
Afterwards, each user equipment returns to security configuration response message to the base station 21.Built between user equipment 11 and user equipment 12
Vertical direct communication.Disappear here, sending to the security configuration message 1 of user equipment 11 with the security configuration sent to user equipment 12
Breath 2 can be with identical, can also be different.For example, send to the security configuration message 1 of user equipment 11 with sending to user equipment 12
Security configuration message 2 in encryption key it is identical with AES, tegrity protection key and protection algorithm integrallty.
As shown in figure 4, user equipment 11 includes straight-through equipment determining device 111, security message acquisition device 112, directly
Connection setup device 113;User equipment 12 includes straight-through equipment determining device 121, security message acquisition device 122 and directly led to
Letter establishes device 123;Base station 21 includes security message generating means 211 and security message dispensing device 212.
Specifically, Beacon frames or Preamble frames, user equipment are sent by D2D discovery procedures, such as user equipment 12
11 detect the Beacon frames or Preamble frames, and the straight-through equipment determining device 111 of user equipment 11 determines to treat to carry out therewith
The user equipment 12 of direct communication, the straight-through equipment determining device 121 of user equipment 12 determine to treat to carry out direct communication therewith
User equipment 11.
Then, the security message acquisition device 112 of user equipment 11 is sent on user equipment 11 and user to base station 21
The notification message of direct communication between equipment 12;The security message generating means 211 of base station 21 are respectively according to the notification message
Intend the user equipment 11 of direct communication and user equipment 12 generates the security configuration message 1 and security configuration message of communication between devices
2。
Then, the security message dispensing device 212 of base station 21 sends out security configuration message 1 and security configuration message 2 respectively
Deliver to user equipment 11 and user equipment 12;The security message acquisition device 112 of user equipment 11 receives safety corresponding to it and matched somebody with somebody
Message 1 is put, the security message acquisition device 122 of user equipment 12 receives its corresponding security configuration message 2.
Here, user equipment 11 should be used in access link by sending to the D2D security configurations message 1 of user equipment 11
Safe key is encrypted and integrity protection.Similarly, send to the D2D security configurations message 2 of user equipment 12 and should also be as
It is encrypted and integrity protection in the safe key of access link using user equipment 12.
Then, the direct communication of user equipment 11 establishes device 113 and the direct communication of user equipment 12 establishes device 123
Respectively according to the security configuration message 1 received and security configuration message 2, direct communication is established with counterpart device.
Referring still to Fig. 1, the user equipment 13 in the coverage of base station 21 and the user in the coverage of base station 22 set
Standby 14 can direct communication from each other.
Fig. 5 shows the direct communication process between exemplary a user equipment 13 and user equipment 14.Once user
Equipment 13 and user equipment 14 identify that both can carry out direct communication by D2D discovery procedures, and user equipment 13 is to belonging to it
Base station 21 report its own base station 22 of peer user devices 14 identification information, such as cell ID.
Based on the report of user equipment 13, base station 21 performs security configuration message negotiations process with base station 22.Afterwards, base station
21 send security configuration message 3 to user equipment 13, and security configuration message 3 includes D2D identification informations, encryption key and added
Close algorithm, tegrity protection key and protection algorithm integrallty.Here, send to the D2D security configurations message 3 of user equipment 13
User equipment 13 should be used to be encrypted and integrity protection in the safe key of access link.Similarly, base station 22 is sent
D2D security configurations message 4 to user equipment 14 should also be as in the safe key of access link being added using user equipment 14
Close and integrity protection.
It is based respectively on received D2D security configurations message 3 and security configuration message 4, user equipment 13 and user equipment
14 establish the D2D communications of safety.
As shown in fig. 6, user equipment 13 includes straight-through equipment determining device 131, security message acquisition device 132 and directly
Connection setup device 133;User equipment 14 includes straight-through equipment determining device 141, security message acquisition device 142 and directly led to
Letter establishes device 143;Base station 21 includes security message generating means 211 and security message dispensing device 212;Base station 22 includes peace
It totally disappeared breath and obtain device 221 and security message dispensing device 222.
Specifically, determine to treat to carry out therewith by D2D discovery procedures, the straight-through equipment determining device 131 of user equipment 13
The user equipment 14 of direct communication, the straight-through equipment determining device 141 of user equipment 14 determine to treat to carry out direct communication therewith
User equipment 13.
Then, the security message acquisition device 132 of user equipment 13 is sent on user equipment 13 and user to base station 21
The notification message of direct communication between equipment 14, the notification message include the identification information of user equipment 14;According to the notice
Message, the security message generating means 211 of base station 21 determine that the base station corresponding to user equipment 14 is base station 22, and with base station 22
Security message obtain device 221 and hold consultation, to be respectively user equipment 13 and user equipment 14 generates communication between devices
Security configuration message 3 and security configuration message 4, and security configuration message 4 is sent to base station 22, with by sent after its processing to
User equipment 14.
Then, the security message dispensing device 212 of base station 21 according to user equipment 13 access link safe key pair
D2D security configurations message 3 is encrypted and integrity protection, and the security configuration message 3 after processing is sent to user equipment 13;
Similarly, the security message dispensing device 222 of base station 22 is safe to D2D in the safe key of access link according to user equipment 14
Configuration message is encrypted and integrity protection, and the security configuration message 4 after processing is sent to user equipment 14.
Then, the direct communication of user equipment 13 establishes device 133 and the direct communication of user equipment 14 establishes device 143
Respectively according to the security configuration message 3 and security configuration message 4 received, direct communication is established with counterpart device.
Fig. 2 show repeated enhancing D2D communication, wherein user equipment 15 temporarily in base station 23 coverage it
Outside, and via the relaying of user equipment 16 can still be communicated with base station 23.
The angle of Fig. 7 from user equipment 15 shows the detailed process of the D2D communications of repeated enhancing.Here, by user
Equipment 16 is labeled as K6 with the safe key that base station 23 uses on access link, by user equipment 15 and base station 23 in access chain
The safe key used on road is labeled as K5.Determine that user equipment 15 and user equipment 16 mutually can be with direct communications in base station 23
Afterwards, for example, user equipment 15 and user equipment 16 identify that both can carry out direct communication, Yong Hushe by D2D discovery procedures
Standby 16 send the notification messages of D2D communications to base station 23, and base station 23 determines therefrom that the D2D communication events, and base station 23 is by user
The security configuration message 5 of equipment 15 is sent to user equipment 16, to be forwarded to user equipment 15 by it.The security configuration message 5
First it is encrypted using K5 and integrity protection, then is encrypted using K6 and integrity protection.The security configuration message 5 is as after
It is shown:K6 { K5 { D2D security configurations message 5 } }.
When user equipment 16 receives the security configuration message 5, its first according to its access link safe key K6
It is decrypted and integrity detection.When successful, by D2D security configurations message 5, with K5, { D2D security configurations disappear user equipment 16
Breath 5 form send to user equipment 15.
When user equipment 15 receives the security configuration message 5 of the forwarding of user equipment 16, it is first according in access chain
The safe key K5 on road is decrypted and integrity detection.When successful, user equipment 15 obtains D2D security configuration message, and
Security configuration response message is sent to user equipment 16.Afterwards, user equipment 16 sends security configuration response message to base station 23.
Meanwhile base station 23 also using user equipment 16 access link safe key K6, to user equipment 16 send D2D
Security configuration message 6.User equipment 16 is decrypted and integrity detection according to it in the safe key K6 of access link.Treat as
During work(, user equipment 16 obtains D2D security configuration message, and sends security configuration response message to base station 23.Based on being received
D2D security configuration informations, user equipment 15 and user equipment 16 establish safe D2D communications.
As shown in figure 8, user equipment 15 includes straight-through equipment determining device 151, security message acquisition device 152, directly
Connection setup device 153;User equipment 16 includes straight-through equipment determining device 161, security message acquisition device 162 and directly led to
Letter establishes device 163;Base station 23 includes security message generating means 231 and security message dispensing device 232.
Specifically, determine to treat to carry out therewith by D2D discovery procedures, the straight-through equipment determining device 151 of user equipment 15
The user equipment 16 of direct communication, the straight-through equipment determining device 161 of user equipment 16 determine to treat to carry out direct communication therewith
User equipment 15.
Then, the security message acquisition device 162 of user equipment 16 is sent on user equipment 15 and user to base station 23
The notification message of direct communication between equipment 16;The security message generating means 231 of base station 23 are respectively according to the notification message
User equipment 15 generates the security configuration message 5 and security configuration message 6 of communication between devices with user equipment 15.
Then, the order of security message dispensing device 232 of base station 23 is accessing according to user equipment 15 and user equipment 16
D2D security configurations message 5 is encrypted the safe key of link and integrity protection, by the security configuration message 5 after processing
Send to user equipment 16, to send D2D security configurations message 5 to user equipment 15 via user equipment 16;Also, base station
23 security message dispensing device 232 enters according to safe key of the user equipment 16 in access link to D2D security configurations message 6
Row encryption and integrity protection, the security configuration message 6 after processing is sent to user equipment 16.
Then, the direct communication of user equipment 15 establishes device 153 and the direct communication of user equipment 16 establishes device 163
Respectively according to the security configuration message 5 and security configuration message 6 received, direct communication is established with counterpart device.
Fig. 2 shows the D2D communications of repeated enhancing, and wherein user equipment 17 and user equipment 19 is in covering for base station 23
Lid scope, and relayed via trunking 18 to carry out D2D communications.Here, trunking include but is not limited to it is any applicable
In the present invention, the equipment that can be relayed for D2D communications, such as user equipment.
Fig. 9 shows the detailed process of the D2D communications of 19 repeated enhancing of user equipment 17 and user equipment.User equipment
17 carry out the forwarding of the straight-through request of equipment via trunking 18, so as to find to treat to carry out the user equipment of direct communication therewith
19.Base station 23 is by one of user equipment to report notification message that this time D2D communicates, it is determined that this time D2D communication events, should
Base station 23 sends D2D security configuration message to each user equipment.Afterwards, each user equipment returns to safety to the base station 23
Configuration response message.Direct communication is established between user equipment 17 and user equipment 19, and is forwarded via trunking 18 for it
User data waiting for transmission.
As shown in Figure 10, user equipment 17 includes straight-through equipment determining device 171, security message acquisition device 172, directly
Connection setup device 173 and subscriber data transmission apparatus 174;User equipment 19 includes straight-through equipment determining device 191, safety disappears
Breath acquisition device 192, direct communication establish device 193 and subscriber data transmission apparatus 194;Trunking 18 includes straight-through request
Retransmission unit 181 and user data retransmission unit 182;Base station 23 includes security message generating means 231 and security message is distributed
Device 232.
Specifically, the straight-through equipment determining device 171 of user equipment 17 sends the straight-through request of equipment to trunking 18,
To indicate that the straight-through request of the equipment is forwarded into user equipment 17 treats to carry out the user of direct communication therewith to the trunking 18
Equipment 19;The straight-through request retransmission unit 181 of trunking 18 receives the straight-through request of equipment that user equipment 17 is sent, and forwards
The equipment is straight-through to ask to user equipment 19;The straight-through equipment determining device 191 of user equipment 19, which determines therefrom that, to be treated to carry out therewith
The user equipment 17 of direct communication.
Then, the security message acquisition device 192 of user equipment 19 is sent on user equipment 17 and user to base station 23
The notification message of direct communication between equipment 19;The security message generating means 231 of base station 23 are respectively to intend the use of direct communication
Family equipment 17 generates the security configuration message 7 and security configuration message 9 of communication between devices with user equipment 19.
Then, the security message dispensing device 232 of base station 23 sends out security configuration message 7 and security configuration message 9 respectively
Deliver to user equipment 17 and user equipment 19;The security message acquisition device 172 of user equipment 17 and the safety of user equipment 19
Message acquisition device 192 receives its corresponding security configuration message 7 and security configuration message 9 respectively.
Here, user equipment 17 should be used in access link by sending to the D2D security configurations message 7 of user equipment 17
Safe key is encrypted and integrity protection.Similarly, send to the D2D security configurations message 9 of user equipment 19 and should also be as
It is encrypted and integrity protection in the safe key of access link using user equipment 19.
Then, the direct communication of user equipment 17 establishes device 173 and the direct communication of user equipment 19 establishes device 193
Respectively according to the security configuration message received, direct communication is established with counterpart device.
Then, the subscriber data transmission apparatus 174 of user equipment 17 sends user data waiting for transmission to trunking
18, to indicate that the user data is forwarded to user equipment 19 by it;The forwarding of user data retransmission unit 182 of trunking 18 is used
The user data transmitted between family equipment 17 and user equipment 19;During the subscriber data transmission apparatus 194 of user equipment 19 receives
After the user data that equipment 18 is the forwarding of user equipment 17.
Straight-through the request retransmission unit and user data retransmission unit of above-mentioned trunking can be two independent functions
Module, One function module can also be integrated into.Similarly, the direct communication of above-mentioned user equipment establishes device and user data
Transmitting device can be two independent functional modules, can also be integrated into One function module.
It should be noted that foregoing merely illustrate the scheme relayed via a trunking for D2D communications, ability
Field technique personnel are based on the above, and it equally can be that D2D communications are carried out by cooperation mode that should be able to know multiple trunkings
Relaying.Therefore, the D2D Secure Communications of such cooperating relay fall within protection scope of the present invention.
In the present invention, after D2D ceased communications, secure entity will withdraw D2D safe keys.
In addition, under the scene of cell switching and connection reconstruction, AES and integral algorithm, and lead to for D2D
The safe key of letter may change.D2D Secure Communications based on network control in the present invention can be equally applicable
In foregoing scene.The present invention can work TDD (Time Division Duplexing, time division duplex) and FDD (Frequency
Division Duplexing, FDD) under pattern, and special frequency spectrum and shared frequency spectrum.
It should be noted that the present invention can be carried out in the assembly of software and/or software and hardware, for example, can adopt
With application specific integrated circuit (ASIC), general purpose computer or any other realized similar to hardware device.The software of the present invention
Program can realize function as described above by computing device.Similarly, software program of the invention (includes the number of correlation
According to structure) can be stored in computer readable recording medium storing program for performing, for example, RAM memory, magnetically or optically driver or floppy disc and
Similar devices.In addition, some functions of the present invention can employ hardware to realize, for example, coordinating as with processor so as to perform
The circuit of each function.
In addition, the part of the present invention can be applied to computer program product, such as computer program instructions, when its quilt
When computer performs, by the operation of the computer, technique according to the invention scheme can be called or provided.And call this hair
The programmed instruction of bright technical scheme, be possibly stored in fixed or moveable recording medium, and/or by broadcast or
Data flow in other signal bearing medias and be transmitted, and/or be stored in the computer according to described program instruction operation
In the working storage of equipment.Here, including a device according to one embodiment of present invention, the device includes being used to store
The memory of computer program instructions and the processor for execute program instructions, wherein, when the computer program instructions are by this
During computing device, technical scheme of the plant running based on foregoing multiple embodiments according to the present invention is triggered.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended power
Profit requires rather than described above limits, it is intended that all in the implication and scope of the equivalency of claim by falling
Change is included in the present invention.Any reference in claim should not be considered as to the involved claim of limitation.This
Outside, it is clear that the word of " comprising " one is not excluded for other units or step, and odd number is not excluded for plural number.Stated in equipment and/or claim
Multiple units or device can also be realized by a unit or device by software or hardware.The first, the second grade word
For representing title, and it is not offered as any specific order.
Claims (14)
1. a kind of be used to carry out D2D between other users equipment in the cordless communication network based on based mobile communication facility
First user equipment of communication, wherein, first user equipment includes:
Straight-through equipment determining device, for determining to treat to carry out the second user equipment of D2D communications therewith;
Security message acquisition device, for being obtained from the network equipment on first user equipment and the second user equipment
Between D2D communicate the first security configuration message;
Direct communication establishes device, for according to the first security configuration message, establishing D2D with the second user equipment and leading to
Letter.
2. the first user equipment according to claim 1, wherein, the security message acquisition device is used for:
- send to the network equipment and lead on what D2D between first user equipment and the second user equipment communicated
Know message;
- receive the first security configuration message that the network equipment is sent based on the notification message.
3. the first user equipment according to claim 1, wherein, the security message acquisition device is additionally operable to:
- the to be communicated on D2D between first user equipment and the second user equipment is obtained from the network equipment
Two security configuration message;
- the second security configuration message is forwarded to the second user equipment.
4. the first user equipment according to claim 1, wherein, the straight-through equipment determining device is used for:
- send the straight-through request of equipment to trunking, to indicate that the equipment is led directly into request is forwarded to described second to it
User equipment;
Wherein, first user equipment also includes:
Subscriber data transmission apparatus, for after being communicated with second user equipment foundation, user data waiting for transmission to be sent out
The trunking is delivered to, to indicate that the user data is forwarded to the second user equipment by it.
5. the first user equipment according to any one of claim 1 to 4, wherein, the first security configuration message package
Include following at least any one:
- D2D identifies message;
- the safe key and AES for encryption;
- the safe key and protection algorithm integrallty for integrity protection.
6. a kind of be used in the cordless communication network based on based mobile communication facility what D2D between assisting user equipment communicated
First network equipment, wherein, the first network equipment includes:
Security message generating means, for being respectively the first user equipment and the generation of second user equipment for intending carrying out D2D communications
First security configuration message of communication between devices and the second security configuration message;
Security message dispensing device, for the first security configuration message to be sent to first user equipment, and will
The second security configuration message is sent to the second user equipment.
7. first network equipment according to claim 6, wherein, the security message generating means are used for:
- second network equipment corresponding with the second user equipment is held consultation, and is disappeared with generating first security configuration
Breath and the second security configuration message;
Wherein, the second security configuration message is sent to the second user performed by the security message dispensing device
The operation of equipment includes:
- send the second security configuration message to the second user equipment via second network equipment.
8. first network equipment according to claim 6, wherein, described in the general performed by the security message dispensing device
Second security configuration message, which is sent to the operation of the second user equipment, to be included:
- send the second security configuration message to the second user equipment via first user equipment.
9. first network equipment according to claim 6, wherein, the security message generating means are used for:
- according to first user equipment send on D2D between first user equipment and the second user equipment
The notification message of communication, respectively described first user equipment generate first security configuration with the second user equipment and disappeared
Breath and the second security configuration message.
10. the first network equipment according to any one of claim 6 to 9, wherein, the first security configuration message with
The second security configuration message includes following at least any one respectively:
- D2D identifies message;
- the safe key and AES for encryption;
- the safe key and protection algorithm integrallty for integrity protection.
11. a kind of be used to carry out D2D between assisting user equipment in the cordless communication network based on based mobile communication facility
Second network equipment of communication, wherein, second network equipment includes:
Security message obtains device, for being held consultation with first network equipment, thinks that plan carries out D2D with the first user equipment and led to
The second user equipment of letter obtains the second security configuration message of communication between devices, wherein, first user equipment with it is described
First network equipment is corresponding;
Security message dispensing device, for the second security configuration message to be sent to the second user equipment.
12. a kind of be used to carry out D2D between assisting user equipment in the cordless communication network based on based mobile communication facility
The first base station of communication, wherein, the first base station includes the first network equipment as any one of claim 6 to 10.
13. a kind of be used to carry out D2D between assisting user equipment in the cordless communication network based on based mobile communication facility
Second base station of communication, wherein, second base station includes second network equipment as claimed in claim 11.
14. a kind of be used to carry out D2D communications between user equipment in the cordless communication network based on based mobile communication facility
System, wherein, the system include the first user equipment as any one of claim 1 to 5 and such as claim 6 to
First network equipment any one of 10.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210055771.1A CN103297961B (en) | 2012-03-05 | 2012-03-05 | A kind of equipment and system for safety communication between devices |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210055771.1A CN103297961B (en) | 2012-03-05 | 2012-03-05 | A kind of equipment and system for safety communication between devices |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103297961A CN103297961A (en) | 2013-09-11 |
CN103297961B true CN103297961B (en) | 2018-03-09 |
Family
ID=49098145
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210055771.1A Active CN103297961B (en) | 2012-03-05 | 2012-03-05 | A kind of equipment and system for safety communication between devices |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103297961B (en) |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20150035355A (en) * | 2013-09-27 | 2015-04-06 | 삼성전자주식회사 | Method and apparatus for securing discovery information |
US9485653B2 (en) * | 2014-03-11 | 2016-11-01 | Nagravision S.A. | Secure smartcard pairing |
CN105025478A (en) | 2014-04-30 | 2015-11-04 | 中兴通讯股份有限公司 | D2D communication safe configuration method, and ProSe key management function entity, terminal and system |
KR102250056B1 (en) | 2014-05-09 | 2021-05-10 | 주식회사 아이티엘 | Method and apparatus of scheduling for d2d communication |
CN105637961A (en) * | 2014-09-26 | 2016-06-01 | 华为技术有限公司 | Communication method and user device |
CN105592434A (en) * | 2014-10-23 | 2016-05-18 | 中兴通讯股份有限公司 | Method and device for managing D2D (Device to Device) communication group |
WO2016065647A1 (en) * | 2014-10-31 | 2016-05-06 | 西安酷派软件科技有限公司 | Mic verification method in d2d communications and d2d communications system |
WO2016155018A1 (en) * | 2015-04-03 | 2016-10-06 | 华为技术有限公司 | Data transmission method, user equipment and base station |
CN106162512A (en) * | 2015-04-09 | 2016-11-23 | 中兴通讯股份有限公司 | A kind of relaying bear control method and device |
CN106162618A (en) * | 2015-04-23 | 2016-11-23 | 中兴通讯股份有限公司 | Authentication method, device and the system of a kind of D2D business multicast |
CN106488581A (en) * | 2015-08-25 | 2017-03-08 | 中兴通讯股份有限公司 | A kind of data transmission method and device |
US10567964B2 (en) * | 2015-11-24 | 2020-02-18 | Futurewei Technologies, Inc. | Security for proxied devices |
EP3393200A4 (en) | 2016-02-04 | 2018-10-24 | Huawei Technologies Co., Ltd. | Data transmission system, method, and device |
EP3446534A4 (en) * | 2016-04-20 | 2019-11-27 | Telefonaktiebolaget LM Ericsson (PUBL) | UE-UE Configuration Framework w/o NW Support |
CN107666667B (en) * | 2016-07-29 | 2019-09-17 | 电信科学技术研究院 | A kind of data transmission method, the first equipment and the second equipment |
CN108011856B (en) * | 2016-10-31 | 2020-05-08 | 华为技术有限公司 | Method and device for transmitting data |
CN110366181B (en) * | 2019-07-29 | 2024-02-13 | 努比亚技术有限公司 | Data transmission method, system and computer readable storage medium |
CN112351431B (en) * | 2019-08-09 | 2023-06-30 | 华为技术有限公司 | Security protection mode determining method and device |
CN112449323B (en) * | 2019-08-14 | 2022-04-05 | 华为技术有限公司 | Communication method, device and system |
CN111935851A (en) * | 2020-07-17 | 2020-11-13 | 广东以诺通讯有限公司 | Communication method, WiFi access point and D2D terminal |
CN111954318B (en) * | 2020-07-20 | 2022-06-10 | 广东工贸职业技术学院 | Equipment interconnection method, device and system |
CN117597963A (en) * | 2022-06-16 | 2024-02-23 | 北京小米移动软件有限公司 | Relay communication method, communication device and communication equipment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101005359A (en) * | 2006-01-18 | 2007-07-25 | 华为技术有限公司 | Method and device for realizing safety communication between terminal devices |
WO2011056878A1 (en) * | 2009-11-04 | 2011-05-12 | Qualcomm Incorporated | Method and apparatus for peer discovery in a wireless communication network |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101986763A (en) * | 2010-10-22 | 2011-03-16 | 浙江大学 | Double battle mobile game method |
-
2012
- 2012-03-05 CN CN201210055771.1A patent/CN103297961B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101005359A (en) * | 2006-01-18 | 2007-07-25 | 华为技术有限公司 | Method and device for realizing safety communication between terminal devices |
WO2011056878A1 (en) * | 2009-11-04 | 2011-05-12 | Qualcomm Incorporated | Method and apparatus for peer discovery in a wireless communication network |
Also Published As
Publication number | Publication date |
---|---|
CN103297961A (en) | 2013-09-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103297961B (en) | A kind of equipment and system for safety communication between devices | |
KR101770708B1 (en) | Systems and methods for secure high-speed link maintenance via nfc | |
US8838972B2 (en) | Exchange of key material | |
EP2611227B1 (en) | DATA PROTECTION ON AN Un INTERFACE | |
CN106134231B (en) | Key generation method, equipment and system | |
CN102404720B (en) | Sending method and sending device of secret key in wireless local area network | |
JP2019512942A (en) | Authentication mechanism for 5G technology | |
JP7127689B2 (en) | CORE NETWORK DEVICE, COMMUNICATION TERMINAL, AND COMMUNICATION METHOD | |
CN107852600A (en) | The network architecture and safety with simplified mobile process | |
CN106105143A (en) | Security key derivation in dual connectivity | |
CN109644134A (en) | System and method for the certification of large-scale Internet of Things group | |
CN105916140A (en) | Security communication method for carrier aggregation between base stations and equipment | |
CN107005927A (en) | Cut-in method, equipment and the system of user equipment (UE) | |
CN103905389B (en) | Relay equipment-based security association, data transmission method, device and system | |
CN101977378B (en) | Information transferring method, network side and via node | |
CN104936171B (en) | The determination method and device of security algorithm | |
CN110167019A (en) | Communication means and device | |
CN103200191B (en) | Communicator and wireless communications method | |
CN103686704B (en) | Method and device for communication between terminal and network side | |
EP3311599B1 (en) | Ultra dense network security architecture and method | |
Čaušević et al. | D2D technology implementation in 5G network and the security aspect: A Review | |
CN114208240B (en) | Data transmission method, device and system | |
CN213906705U (en) | Safe communication system based on electric power wireless private network hybrid networking | |
WO2022253298A1 (en) | Method and apparatus for transmitting system information | |
CN110650476B (en) | Management frame encryption and decryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 201206 ningqiao Road, Shanghai free trade test area, No. 388 Applicant after: Shanghai NOKIA Baer Limited by Share Ltd Address before: 201206 Pudong New Area Jinqiao Ning Road, Shanghai, No. 388 Applicant before: Shanghai Alcatel-Lucent Co., Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |