CN104348627A

CN104348627A - Secret key issuing method as well as method for carrying out authorization checking on UE (User Equipment) and related equipment

Info

Publication number: CN104348627A
Application number: CN201410608570.9A
Authority: CN
Inventors: 张丽佳; 李志明; 曹龙雨
Original assignee: Shanghai Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd; Shanghai Huawei Technologies Co Ltd
Priority date: 2014-10-31
Filing date: 2014-10-31
Publication date: 2015-02-11
Anticipated expiration: 2034-10-31
Also published as: WO2016065985A1; CN104348627B

Abstract

The embodiment of the invention provides a secret key issuing method as well as a method for carrying out authorization checking on UE (User Equipment) and related equipment. The secret key issuing method comprises the following steps: generating a multimedia broadcast multicast secret key MSK; establishing or obtaining a mapping relation between the MSK and a group identifier and/or a service identifier of each group communication service GCSE group from a broadcast multicast service center BM-SC; and sending the MSK generated according to the mapping relation between the MSK and the group identifier and/or the service identifier of each group communication service GCSE group to the user equipment UE in the corresponding GCSE group. According to the embodiment, under the precondition that the BM-SC is invisible to the GCSE group, the service authorization checking on the UE is realized by the BM-SC under the scene of completely reusing an MBMS (Multimedia Broadcast Multicast Service) security mechanism, and the MSK can be issued by the GCS AS under the scene of partially reusing the MBMS security mechanism, so that the safety of the communication is guaranteed by the MBMS security mechanism.

Description

Secret key sending method, UE is carried out to method and the relevant device of authorization check

Technical field

The embodiment of the present invention relates to communication technical field, particularly relates to a kind of secret key sending method, UE is carried out to method and the relevant device of authorization check.

Background technology

Multimedia broadcast multi-broadcasting business (Multimedia Broadcast Multicast Service, MBMS) be the multimedia broadcasting and multicast function defined in third generation partner program (The 3rd Generation Partnership Project, 3GPP) R6.

MBMS supports multi-media broadcasting service and multicast service two kinds of patterns, both multimedia video information can be broadcasted directly to all users, also one group of contracted user charged can be sent to watch, operator can be helped to carry out multimedia advertising, the free and multiple business application such as pay-television channels, multimedia message mass-sending.Operator just can carry out mobile phone TV services with lower network design cost.

MBMS to the change that existing communication network is main is: increase broadcast multicast service center (Broadcast Multicast Service Center, BM-SC), to existing packet switching (Packet Switch, PS) territory related network elements carries out MBMS function upgrading, to support the peculiar interface function of MBMS (as Gmb), peculiar channel, peculiar physical layer procedure and peculiar operation flow (as subscribed to).

BM-SC can realize providing and management MBMS.For content providers, BM-SC is the entrance of MBMS content; For bearer network, BM-SC be responsible for authorize, initiate MBMS, and scheduling, MBMS transmission business tine.As the core functional entities of MBMS, BM-SC comprises 5 partial functions:

1) member relation function: be responsible for the subscription information of preserving user, MBMS added to subscriber equipment (User Equipment, UE) and carries out authorisation process, and produce the station message recording.

2) session and transfer function: be responsible for initiating and stopping MBMS session, authorization identifying is carried out to outside content providers, and be responsible for receiving and sending MBMS data.

3) agency and forwarding capability: BM-SC is each function inner and gateway general packet wireless service support node (Gateway General Packet Radio Service Support Node on a control plane, GGSN) carrying out the agency of Signalling exchange between, user face is session and transfer function transmit the bridge of MBMS data to GGSN.

4) service statement function: be responsible for providing MBMS information to UE, comprises media specifier (as: video type, acoustic coding) and session specification (as: service identification, address, reproduction time).

5) safety function: for MBMS data provides integrality and privacy protection, provide key to the UE obtaining MBMS mandate.

BM-SC realizes the control to MBMS by two chain of command interfaces (Gmb interface, Mz interface).Wherein Gmb interface supports the Signalling exchange between GGSN and BM-SC, is the edge of MBMS bearer service; Mz interface is supported between different BM-SC and carries out Signalling exchange, for MBMS provides the ability across BM-SC roaming.On these two interfaces, mutual signaling comprises: MBMS carrying relevant (as: MBMS session start, stopping) relevant with MBMS user (as: mandate, MBMS activate) two classes.In addition BM-SC transmits MBMS data by Gi interface.

Based on group communication service (the Group Communication Service Enabler over Long Term Evolution of Long Term Evolution, GCSE_LTE) be trunking communication based on LTE network, can be realized by unicast bearer or multicast carrying, the foundation of multicast carrying can be realized by MBMS.Current SA2 determines by group communication service application server (Group Communication Service Enabler Application Server, GCS AS) carry out group communication service (Group Communication Service Enabler, GCSE) management and group, management and group is realized by application layer signaling.Like this, when selecting multicast carrying, BM-SC is invisible to GCSE group.The content of transmission in different GCSE groups may be different, need for different group communications distribute different business mark (such as a police office staff is as a GCSE group, a fire brigade staff is as a GCSE group, police office is different with fire brigade group communication content, need multicast/multicast service that different service identifications realizes in group), GCSE group member accesses corresponding service identification to receive data.

Namely based in the trunking communication of LTE network, carry out GCSE management and group by GCS AS, BM-SC is invisible to GCSE group.If reuse MBMS mechanism (BM-SC performs the whole flow processs providing MBMS) completely, BM-SC is upper cannot carry out authorization check to the UE of this business of request; If (BM-SC performs the part run providing MBMS to reuse part MBMS mechanism, GCS AS performs another part flow process providing MBMS), the function that then BM-SC issues MSK will be placed on GCS AS, and how GCS AS realizes issuing of MSK is a problem demanding prompt solution.

Summary of the invention

In view of this, embodiments provide a kind of secret key sending method, UE carried out to method and the relevant device of authorization check, can at BM-SC under the sightless prerequisite of GCSE group, guarantee to reuse completely the service authorization inspection that BM-SC under MBMS security mechanism scene realizes UE, and GCS AS completes issuing of MSK under partial reuse MBMS security mechanism scene, make MBMS security mechanism can be used for ensureing the safety of communication.

First aspect, the group communication service application server GCS AS that the embodiment of the present invention provides, comprising:

MSK generation unit, for generating multimedia broadcast multi-broadcasting business key MSK;

Processing unit, for setting up or identifying and/or the mapping relations of service identification from the group that broadcast multicast service center BM-SC obtains MSK and each group communication service GCSE group;

Transmitting element, for identify with the group of each GCSE group according to MSK and/or the MSK of generation to be sent to user equipment (UE) in corresponding GCSE group by the mapping relations of service identification.

In conjunction with first aspect, in the first execution mode of first aspect, described transmitting element also for, before described MSK generation unit generates MSK, send a request message to described BM-SC, comprise the group mark number of request and/or the business number of group number and/or request in described request message, described request message is for asking described BM-SC distribution service to identify and/or group mark;

Described GCS AS also comprises:

First receiving element, for receiving the response message that described BM-SC sends, comprises service identification and/or the group mark of described BM-SC distribution in described response message;

Described transmitting element also identify for, the group setting up MSK and each GCSE group at described processing unit and/or service identification mapping relations after, MSK is sent to described BM-SC.

In conjunction with first aspect, in the second execution mode of first aspect, described transmitting element also for, after described MSK generation unit generates MSK, send a request message to described BM-SC, comprise the group mark number and MSK of request in described request message, described request message is for asking described BM-SC point of combo mark and/or service identification and setting up the mapping relations of each group mark and/or each service identification and each MSK;

Described processing unit specifically for, receive the response message that described BM-SC sends, in described response message, comprise each group mark and/or mapping relations of each service identification and each MSK.

In conjunction with first aspect, in the third execution mode of first aspect, described GCS AS also comprises:

Unit is set up in mapping, after generating MSK at described MSK generation unit, and the mapping relations that the group setting up MSK and each GCSE group identifies;

Described transmitting element also for, send a request message to described BM-SC, the mapping relations that the group comprising each MSK and each GCSE group in described request message identifies, described request message is for asking described BM-SC distribution service to identify and setting up each service identification and each organizes the mapping relations identified;

Described processing unit specifically for, receive the response message that described BM-SC sends, in described response message, comprise each group mark and the mapping relations of each service identification.

In conjunction with first aspect, in the 4th kind of execution mode of first aspect, described GCS AS also comprises:

Second receiving element, for before described MSK generation unit generates MSK, receives the secret key request message that described BM-SC sends, comprises the MSK number of service identification and request in described secret key request message;

In conjunction with the first execution mode of first aspect, or the second execution mode of first aspect, or the third execution mode of first aspect, or the 4th of first aspect the kind of execution mode, in the 5th kind of execution mode of first aspect, described MSK generation unit also for, be that each MSK generates MSK mark and the key term of validity;

Described transmitting element also for, while MSK is sent to described BM-SC or afterwards and when sending to MSK in corresponding GCSE group UE, also the MSK of each MSK is identified and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in described BM-SC and corresponding GCSE group.

In conjunction with the first execution mode of first aspect, or the second execution mode of first aspect, or the third execution mode of first aspect, or the 4th of first aspect the kind of execution mode, in the 6th kind of execution mode of first aspect, described GCS AS also comprises:

3rd receiving element, for to identify with the group of each GCSE group according to MSK at described transmitting element and/or before the MSK of generation to send to the UE in corresponding GCSE group by the mapping relations of service identification, receive MSK mark and the key term of validity of each MSK that described BM-SC sends, the MSK mark of each MSK described and the key term of validity are generated by BM-SC;

Described transmitting element also for, while MSK is sent to described BM-SC or afterwards and when sending to MSK in corresponding GCSE group UE, also the group of GCSE group corresponding for each MSK mark and/or service identification are sent to described BM-SC; The MSK of each MSK is identified and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in corresponding GCSE group.

In conjunction with first aspect, or the first execution mode of first aspect, or the second execution mode of first aspect, or the third execution mode of first aspect, or the 4th of first aspect the kind of execution mode, in the 7th kind of execution mode of first aspect, described GCS AS also comprises:

Judging unit, for judging that according to preset rules MSK is the need of renewal;

Described MSK generation unit also for, when the judged result of described judging unit is for being, generate new MSK;

Described transmitting element also for, the first key updating message is sent to described BM-SC, the second key updating message is sent to the UE in corresponding GCSE group, to make the UE more new key in described BM-SC and corresponding GCSE group, in described first key updating message and described second key updating message, comprise described new MSK.

In conjunction with the 7th kind of execution mode of first aspect, in the 8th kind of execution mode of first aspect, described preset rules comprises adding and/or leaving of the interior UE of described GCSE group, or MSK is to the term of validity.

In conjunction with the 7th kind of execution mode of first aspect, in the 9th kind of execution mode of first aspect, described MSK generation unit also for, before described transmitting element sends the first key updating message to described BM-SC, generate described new MSK MSK mark and the key term of validity;

Described first key updating message and described second key updating message also comprise: the MSK mark of described new MSK and the key term of validity, the group mark of the GCSE group that described new MSK is corresponding and/or service identification.

In conjunction with the 7th kind of execution mode of first aspect, in the tenth kind of execution mode of first aspect, described GCS AS also comprises:

4th receiving element, before sending the first key updating message at described transmitting element to described BM-SC, receives MSK mark and the key term of validity of the described new MSK that described BM-SC sends;

Also comprise in described first key updating message: the group mark of the GCSE that described new MSK is corresponding and/or service identification; Comprise in described second key updating message: the MSK mark of described new MSK and the key term of validity, the group mark of the GCSE that described new MSK is corresponding and/or service identification.

In conjunction with first aspect, or the first execution mode of first aspect, or the second execution mode of first aspect, or the third execution mode of first aspect, or the 4th of first aspect the kind of execution mode, in the 11 kind of execution mode of first aspect, described GCS AS also comprises:

5th receiving element, for receiving the key updating Trigger message that described BM-SC issues, comprises the MSK mark of the group mark of GCSE group and/or the MSK of service identification and/or needs renewal in described key updating Trigger message;

Described MSK generation unit also for, generate new MSK;

Described transmitting element also for, the 3rd key updating message is sent to described BM-SC, the 4th key updating message is sent to the UE in corresponding GCSE group, to make the UE more new key in described BM-SC and corresponding GCSE group, in described 3rd key updating message and described 4th key updating message, comprise described new MSK.

In conjunction with the 11 kind of execution mode of first aspect, in the 12 kind of execution mode of first aspect, described MSK generation unit also for, before described transmitting element sends the 3rd key updating message to described BM-SC, generate MSK mark and the key term of validity of described new MSK;

Described 3rd key updating message and described 4th key updating message also comprise: the MSK mark of described new MSK and the key term of validity, the group mark of the GCSE group that described new MSK is corresponding and/or service identification.

In conjunction with the 11 kind of execution mode of first aspect, in the 13 kind of execution mode of first aspect, described GCS AS also comprises:

6th receiving element, before sending the 3rd key updating message at described transmitting element to described BM-SC, receives MSK mark and the key term of validity of the described new MSK that described BM-SC sends;

Also comprise in described 3rd key updating message: the group mark of the GCSE group that described new MSK is corresponding and/or service identification; Also comprise in described 4th key updating message: the MSK mark of described new MSK and the key term of validity, the group mark of the GCSE group that described new MSK is corresponding and/or service identification.

Second aspect, the GCS AS that the embodiment of the present invention provides, comprising:

Acquiring unit, for obtaining multimedia broadcast multi-broadcasting business key MSK from broadcast multicast service center BM-SC;

Unit is set up in mapping, and the group for setting up MSK and each group communication service GCSE group identifies and/or the mapping relations of service identification;

In conjunction with second aspect, in the first execution mode of second aspect, described transmitting element also for, before described acquiring unit obtains MSK from described BM-SC, send a request message to described BM-SC, comprise the group mark number of request and/or the business number of group number and/or request in described request message, described request message identifies for asking described BM-SC to distribute MSK and service identification and/or group;

Described acquiring unit specifically for, receive described BM-SC send response message, comprise in described response message described BM-SC distribute MSK and service identification and/or group mark.

In conjunction with the first execution mode of second aspect, in the second execution mode of second aspect, described request message is also for asking described BM-SC to be that each MSK generates MSK mark and the key term of validity;

MSK mark and the key term of validity of each MSK is also comprised in described response message;

Described transmitting element also for, when MSK being sent to the UE in corresponding GCSE group, also by the mark of each MSK and the key term of validity, and the group mark of GCSE group corresponding to each MSK and/or service identification send to the UE in corresponding GCSE group.

The third aspect, the broadcast multicast service center BM-SC that the embodiment of the present invention provides, comprising:

Unit is set up in list, sets up Authorized UE List corresponding to service identification for the Authorized UE List request of setting up sent according to group communication service application server GCS AS;

Receiving element, for receiving the service activation request that UE sends, comprises the service identification that the mark of described UE and described UE want the business activated in described service activation request;

Authorization check unit, for checking whether the mark of described UE is wanted in the Authorized UE List that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if not, then to the authorization check failure of described UE.

In conjunction with the third aspect, in the first execution mode of the third aspect, described receiving element also for, set up before unit sets up Authorized UE List corresponding to service identification in described list, receive the request message that described GCS AS sends, in described request message, comprise the group mark number of request and/or the business number of group number and/or request;

Described BM-SC also comprises:

First generation unit, for generating service identification;

Transmitting element, for sending response message to described GCS AS, comprising service identification in described response message, to make described GCS AS, service identification being distributed to each group communication service GCSE group;

Described GCS AS sends described Authorized UE List according to the UE comprised in each GCSE group and sets up request, and described Authorized UE List sets up the mark comprising the service identification of GCSE group and the mandate UE of correspondence in request.

In conjunction with the third aspect, in the second execution mode of the third aspect, described receiving element also for, set up before unit sets up Authorized UE List corresponding to service identification in described list, receive the request message that described GCS AS sends, in described request message, comprise the group mark of GCSE group;

Described BM-SC also comprises:

Second generation unit, for generating service identification and the mapping relations of foundation group mark and service identification;

Described GCS AS sends described Authorized UE List according to the UE comprised in each GCSE group and sets up request, and described Authorized UE List sets up the mark of the mandate UE of group mark and the correspondence comprising GCSE group in request;

Described list set up unit specifically for:

According to described mapping relationship searching and described Authorized UE List set up ask in the group that comprises identify corresponding service identification, set up the Authorized UE List that service identification is corresponding.

In conjunction with the first execution mode of the third aspect, in the third execution mode of the third aspect, described receiving element also for, receive the Authorized UE List update request that described GCS AS sends, comprise service identification, the mark of UE, deletion in described Authorized UE List update request and/or add instruction;

Described BM-SC also comprises:

First updating block, for upgrading corresponding Authorized UE List according to described Authorized UE List update request.

In conjunction with the second execution mode of the third aspect, in the 4th kind of execution mode of the third aspect, described receiving element also for, receive the Authorized UE List update request that described GCS AS sends, comprise group mark and/or service identification, the mark of UE, deletion in described Authorized UE List update request and/or add instruction;

Described BM-SC also comprises:

Second updating block, for upgrading corresponding Authorized UE List according to described Authorized UE List update request.

Fourth aspect, the BM-SC that the embodiment of the present invention provides, comprising:

Transmitting element, for sending authorization check request to group communication service application server GCS AS, check to ask described GCS AS whether the mark of described UE is wanted in the group communication service GCSE group that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if do not exist, then to the authorization check failure of described UE.

In conjunction with fourth aspect, in the first execution mode of fourth aspect, described receiving element also for, before the service activation request receiving UE transmission, receive the request message that described GCS AS sends, in described request message, comprise the group mark number of request and/or the business number of group number and/or request;

Described BM-SC also comprises:

First generation unit, for generating service identification;

Described transmitting element also for, send response message to described GCS AS, in described response message, comprise service identification, to make described GCS AS by service identification and to distribute to each GCSE group;

The service identification that the mark of described UE and described UE want the business activated is comprised in described authorization check request.

In conjunction with fourth aspect, in the second execution mode of fourth aspect, described receiving element also for, receive UE send service activation request before, receive described GCS AS send request message, comprise in described request message GCSE group group identify;

Described BM-SC also comprises:

Search unit, before sending authorization check request at described transmitting element to GCS AS, search the group corresponding with the service identification comprised in described service activation request and identify;

Described authorization check request comprises, the group mark that the mark of described UE and described UE want the service identification of the business activated corresponding.

5th aspect, the secret key sending method that the embodiment of the present invention provides, comprising:

Generate multimedia broadcast multi-broadcasting business key MSK;

Set up or identify and/or the mapping relations of service identification from the group that broadcast multicast service center BM-SC obtains MSK and each group communication service GCSE group;

To identify with the group of each GCSE group according to MSK and/or the MSK of generation is sent to user equipment (UE) in corresponding GCSE group by the mapping relations of service identification.

In conjunction with the 5th aspect, in the first execution mode in the 5th, before generation MSK, described method also comprises:

Send a request message to described BM-SC, comprise the group mark number of request and/or the business number of group number and/or request in described request message, described request message is for asking described BM-SC distribution service to identify and/or group mark;

Receive the response message that described BM-SC sends, in described response message, comprise service identification and/or the group mark of described BM-SC distribution;

The group setting up MSK and each GCSE group identify and/or service identification mapping relations after, described method also comprises:

MSK is sent to described BM-SC.

In conjunction with the 5th aspect, in the second execution mode in the 5th, after generation MSK, described method also comprises:

Send a request message to described BM-SC, comprise the group mark number and MSK of request in described request message, described request message is for asking described BM-SC point of combo mark and/or service identification and setting up the mapping relations of each group mark and/or each service identification and each MSK;

The described group obtaining MSK and each GCSE group from described BM-SC identifies and/or the mapping relations of service identification comprise:

Receive the response message that described BM-SC sends, in described response message, comprise the mapping relations of each group mark and/or each service identification and each MSK.

In conjunction with the 5th aspect, in the third execution mode in the 5th, after generation MSK, described method also comprises:

The mapping relations that the group setting up MSK and each GCSE group identifies;

Send a request message to described BM-SC, the mapping relations that the group comprising MSK and each GCSE group in described request message identifies, described request message is for asking described BM-SC distribution service to identify and setting up each service identification and each organizes the mapping relations identified;

Receive the response message that described BM-SC sends, in described response message, comprise the mapping relations of each group mark and each service identification.

In conjunction with the 5th aspect, in the 4th kind of execution mode in the 5th, before generation MSK, described method also comprises:

Receive the secret key request message that described BM-SC sends, in described secret key request message, comprise the MSK number of service identification and request;

MSK is sent to described BM-SC.

In conjunction with the first execution mode of the 5th aspect, or the 5th the second execution mode of aspect, or the 5th the third execution mode of aspect, or the 5th the 4th kind of execution mode of aspect, in the 5th kind of execution mode in the 5th, before identifying with the group of each GCSE group according to MSK and/or the MSK of generation to send to the UE in corresponding GCSE group by the mapping relations of service identification, also comprise:

For each MSK generates MSK mark and the key term of validity;

While MSK is sent to described BM-SC or afterwards and MSK is sent to during the UE in corresponding GCSE group and also comprise:

The MSK of each MSK is identified and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in described BM-SC and corresponding GCSE group.

In conjunction with the first execution mode of the 5th aspect, or the 5th the second execution mode of aspect, or the 5th the third execution mode of aspect, or the 5th the 4th kind of execution mode of aspect, in the 6th kind of execution mode in the 5th, describedly to identify with the group of each GCSE group according to MSK and/or before the MSK of generation sends to the UE in corresponding GCSE group by the mapping relations of service identification, also comprise:

Receive MSK mark and the key term of validity of each MSK that described BM-SC sends, the MSK mark of each MSK described and the key term of validity are generated by BM-SC;

The group of GCSE group corresponding for each MSK mark and/or service identification are sent to described BM-SC; The MSK of each MSK is identified and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in corresponding GCSE group.

In conjunction with the 5th aspect, or the first execution mode of the 5th aspect, or the second execution mode of the 5th aspect, or the 5th the third execution mode of aspect, or the 5th the 4th kind of execution mode of aspect, in the 7th kind of execution mode in the 5th, described method also comprises:

Judge that MSK is the need of renewal according to preset rules;

If so, then new MSK is generated;

The first key updating message is sent to described BM-SC, the second key updating message is sent to the UE in corresponding GCSE group, to make the UE more new key in described BM-SC and corresponding GCSE group, in described first key updating message and described second key updating message, comprise described new MSK.

In conjunction with the 7th kind of execution mode of the 5th aspect, in the 8th kind of execution mode in the 5th, described preset rules comprises adding and/or leaving of the interior UE of described GCSE group, or MSK is to the term of validity.

In conjunction with the 7th kind of execution mode of the 5th aspect, in the 9th kind of execution mode in the 5th, before sending the first key updating message to described BM-SC, also comprise:

Generate MSK mark and the key term of validity of described new MSK;

In conjunction with the 7th kind of execution mode of the 5th aspect, in the tenth kind of execution mode in the 5th, before sending the first key updating message to described BM-SC, also comprise:

Receive MSK mark and the key term of validity of the described new MSK that described BM-SC sends;

In conjunction with the 5th aspect, or the first execution mode of the 5th aspect, or the second execution mode of the 5th aspect, or the 5th the third execution mode of aspect, or the 5th the 4th kind of execution mode of aspect, in the 11 kind of execution mode in the 5th, described method also comprises:

Receive the key updating Trigger message that described BM-SC issues, in described key updating Trigger message, comprise the MSK mark of the group mark of GCSE group and/or the MSK of service identification and/or needs renewal;

Generate new MSK;

The 3rd key updating message is sent to described BM-SC, the 4th key updating message is sent to the UE in corresponding GCSE group, to make the UE more new key in described BM-SC and corresponding GCSE group, in described 3rd key updating message and described 4th key updating message, comprise described new MSK.

In conjunction with the 11 kind of execution mode of the 5th aspect, in the 12 kind of execution mode in the 5th, before sending the 3rd key updating message to described BM-SC, also comprise;

Generate MSK mark and the key term of validity of described new MSK;

In conjunction with the 11 kind of execution mode of the 5th aspect, in the 13 kind of execution mode in the 5th, before sending the 3rd key updating message to described BM-SC, also comprise:

6th aspect, the secret key sending method that the embodiment of the present invention provides, comprising:

Multimedia broadcast multi-broadcasting business key MSK is obtained from broadcast multicast service center BM-SC;

The group setting up MSK and each group communication service GCSE group identifies and/or the mapping relations of service identification;

In conjunction with the 6th aspect, in the first execution mode in the 6th, before obtaining MSK from described BM-SC, described method also comprises:

Send a request message to described BM-SC, comprise the group mark number of request and/or the business number of group number and/or request in described request message, described request message identifies for asking described BM-SC to distribute MSK and service identification and/or group;

Describedly obtain MSK from described BM-SC and comprise:

Receive the response message that described BM-SC sends, comprise MSK and the service identification of described BM-SC distribution in described response message and/or organize mark.

In conjunction with the first execution mode of the 6th aspect, in the second execution mode in the 6th, described request message is also for asking described BM-SC to be that each MSK generates MSK mark and the key term of validity;

Also comprise when MSK being sent to the UE in corresponding GCSE group:

By the mark of each MSK and the key term of validity, and the group mark of GCSE group corresponding to each MSK and/or service identification send to the UE in corresponding GCSE group.

7th aspect, the method for user equipment (UE) being carried out to authorization check that the embodiment of the present invention provides, comprising:

Authorized UE List corresponding to service identification is set up according to the Authorized UE List request of setting up that group communication service application server GCS AS sends;

Receive the service activation request that UE sends, in described service activation request, comprise the service identification that the mark of described UE and described UE want the business activated;

Check whether the mark of described UE is wanted in the Authorized UE List that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if not, then to the authorization check failure of described UE.

In conjunction with the 7th aspect, in the first execution mode in the 7th, before setting up Authorized UE List corresponding to service identification, also comprise:

Receive the request message that described GCS AS sends, in described request message, comprise the group mark number of request and/or the business number of group number and/or request;

Generate service identification;

Send response message to described GCS AS, comprise service identification in described response message, to make described GCS AS, service identification is distributed to each group communication service GCSE group;

In conjunction with the 7th aspect, in the second execution mode in the 7th, before setting up Authorized UE List corresponding to service identification, also comprise:

Receive the request message that described GCS AS sends, in described request message, comprise the group mark of GCSE group;

Generate service identification and the mapping relations of foundation group mark and service identification;

Described GCS AS sends described Authorized UE List according to the UE comprised in each GCSE group and sets up request, described Authorized UE List sets up the mark of the mandate UE of group mark and the correspondence comprising GCSE group in request, and the described Authorized UE List sent according to described GCS AS is set up and asked the Authorized UE List setting up service identification corresponding to comprise:

In conjunction with the first execution mode of the 7th aspect, in the third execution mode in the 7th, described method also comprises:

Receive the Authorized UE List update request that described GCS AS sends, comprise service identification, the mark of UE, deletion in described Authorized UE List update request and/or add instruction;

Corresponding Authorized UE List is upgraded according to described Authorized UE List update request.

In conjunction with the second execution mode of the 7th aspect, in the 4th kind of execution mode in the 7th, described method also comprises:

Receive the Authorized UE List update request that described GCS AS sends, comprise group mark and/or service identification, the mark of UE, deletion in described Authorized UE List update request and/or add instruction;

Eighth aspect, the method for user equipment (UE) being carried out to authorization check that the embodiment of the present invention provides, comprising:

Authorization check request is sent to group communication service application server GCS AS, check to ask described GCS AS whether the mark of described UE is wanted in the group communication service GCSE group that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if do not exist, then to the authorization check failure of described UE.

In conjunction with eighth aspect, in the first execution mode of eighth aspect, before the service activation request receiving UE transmission, described method also comprises:

Generate service identification;

Send response message to described GCS AS, in described response message, comprise service identification, to make described GCS AS by service identification and to distribute to each GCSE group;

In conjunction with eighth aspect, in the second execution mode of eighth aspect, before the service activation request receiving UE transmission, described method also comprises:

Before sending authorization check request to GCS AS, also comprise:

Search the group corresponding with the service identification comprised in described service activation request to identify;

As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages:

In the embodiment of the present invention, GCS AS can generate or obtain MSK from BM-SC, set up or identify and/or the mapping relations of service identification from the group that BM-SC obtains MSK and each GCSE group, then to identify with the group of each GCSE group according to MSK and/or MSK is handed down to UE in corresponding GCSE group by the mapping relations of service identification, namely achieve GCS AS under partial reuse MBMS security mechanism scene and complete issuing of MSK.

In addition, Authorized UE List is set up in the Authorized UE List request of setting up that BM-SC can send according to GCS AS, and like this after the service activation request receiving UE transmission, the Authorized UE List directly set up according to self can realize the authorization check to UE; Or BM-SC can after the service activation request receiving UE transmission, authorization check request is sent to GCS AS, to ask GCS AS, authorization check is carried out to UE, so namely, achieve when BM-SC is invisible to GCSE group, to reuse under MBMS security mechanism scene BM-SC completely to the service authorization inspection of UE.

Accompanying drawing explanation

In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.

Fig. 1 is GCS AS of the present invention embodiment schematic diagram;

Fig. 2 is another embodiment schematic diagram of GCS AS of the present invention;

Fig. 3 is another embodiment schematic diagram of GCS AS of the present invention;

Fig. 4 is another embodiment schematic diagram of GCS AS of the present invention;

Fig. 5 is another embodiment schematic diagram of GCS AS of the present invention;

Fig. 6 is another embodiment schematic diagram of GCS AS of the present invention;

Fig. 7 is another embodiment schematic diagram of GCS AS of the present invention;

Fig. 8 is another embodiment schematic diagram of GCS AS of the present invention;

Fig. 9 is BM-SC of the present invention embodiment schematic diagram;

Figure 10 is another embodiment schematic diagram of BM-SC of the present invention;

Figure 11 is another embodiment schematic diagram of BM-SC of the present invention;

Figure 12 is another embodiment schematic diagram of BM-SC of the present invention;

Figure 13 is another embodiment schematic diagram of BM-SC of the present invention;

Figure 14 is another embodiment schematic diagram of BM-SC of the present invention;

Figure 15 is secret key sending method of the present invention embodiment schematic diagram;

Figure 16 is another embodiment schematic diagram of secret key sending method of the present invention;

Figure 17 is another embodiment schematic diagram of secret key sending method of the present invention;

Figure 18 is another embodiment schematic diagram of secret key sending method of the present invention;

Figure 19 is another embodiment schematic diagram of secret key sending method of the present invention;

Figure 20 is key updating method of the present invention embodiment schematic diagram;

Figure 21 is another embodiment schematic diagram of key updating method of the present invention;

Figure 22 is another embodiment schematic diagram of secret key sending method of the present invention;

Figure 23 is another embodiment schematic diagram of secret key sending method of the present invention;

Figure 24 is that the present invention carries out method embodiment schematic diagram of authorization check to UE;

Figure 25 is that the present invention carries out another embodiment schematic diagram of method of authorization check to UE;

Figure 26 is that the present invention carries out another embodiment schematic diagram of method of authorization check to UE;

Figure 27 is that the present invention carries out another embodiment schematic diagram of method of authorization check to UE;

Figure 28 is that the present invention carries out another embodiment schematic diagram of method of authorization check to UE;

Figure 29 is that the present invention carries out another embodiment schematic diagram of method of authorization check to UE.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, clearly describe the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those skilled in the art obtain, all belongs to the scope of protection of the invention.

Due to based in the trunking communication of LTE network, BM-SC is invisible to GCSE group, and GCS AS is responsible for the management of UE in GCSE group, and namely GCSE knows which GCSE group which UE belongs to, and just each GCSE group does not have service identification, may not organize mark yet.GCSE group can be set up when UE registers by GCS AS, and certain GCSE group also can be set up in advance.Such as, UE registers to GCS AS, carries the mark of UE in log-on message, and GCS AS is that registered UE sets up GCSE group, and the quantity of registered UE can be one or more, and the quantity of the GCSE group of foundation also can be one or more, does not limit herein; Or GCSE group is for what establish in advance, and UE directly carries the mark of group mark and UE when GCS AS registers.When determine UE adopt multicast carrying and by reusing part MBMS mechanism and realizing setting up of multicast carrying time, need to consider how GCS AS to realize MSK and issue problem; When determine UE adopt multicast carry and pass through to reuse completely MBMS mechanism realize setting up of multicast carrying time, need consideration BM-SC how to asking the UE of this business to carry out authorization check.The multicast mentioned in the embodiment of the present invention can be multicast, also can be broadcast.Be described respectively by different embodiments below.

Device embodiment one:

Refer to Fig. 1, Fig. 1 is GCS AS of the present invention embodiment schematic diagram, and the GCS AS 10 of the present embodiment is for realizing issuing of MSK, and the GCS AS of the present embodiment comprises:

MSK generation unit 11, for generating MSK;

Processing unit 12, for setting up or identifying and/or the mapping relations of service identification from the group that BM-SC obtains MSK and each GCSE group;

In specific implementation, set up or identify from the group that BM-SC obtains MSK and each GCSE group and/or the mapping relations of service identification comprise: the mapping relations set up or identify from the group that BM-SC obtains MSK and each GCSE group, set up or obtain from BM-SC the mapping relations of the service identification of MSK and each GCSE group, and set up or obtain from BM-SC the mapping relations of MSK, the group mark of each GCSE group, the service identification three of each GCSE group.

Wherein, group mark can be GCS AS be that GCSE component is joined or fixing group of mark just having of GCSE group self, also can be the Temporary Mobile Group Identity that BM-SC generates according to the request of GCS AS, such as TMGI (Temporary Mobile Group Identity).

The MSK generated can have multiple, and each GCSE group can set up mapping relations with a MSK, and also can set up mapping relations with multiple MSK, namely each GCSE group can only have a MSK, also can have multiple MSK.For ease of describing, in subsequent embodiment, a MSK will be only had with each GCSE group, and the situation that each GCSE group only has a group mark and/or service identification is described.

Transmitting element 13, for identify with the group of each GCSE group according to MSK and/or the MSK of generation to be sent to UE in corresponding GCSE group by the mapping relations of service identification.

Device embodiment two:

The present embodiment is specific descriptions to GCS AS of the present invention, and refer to Fig. 2, the GCS AS 20 of the present embodiment comprises:

Transmitting element 21, for sending a request message to BM-SC, comprises the group mark number of request and/or the business number of group number and/or request in described request message;

First receiving element 22, for receiving the response message that described BM-SC sends, comprises service identification and/or the group mark of described BM-SC distribution in described response message;

MSK generation unit 23, for generating MSK;

Processing unit 24, the group for setting up MSK and each GCSE group identifies and/or the mapping relations of service identification;

Transmitting element 21, also for MSK is sent to BM-SC, and to identify with the group of each GCSE group according to MSK and/or the MSK of generation is sent to user equipment (UE) in corresponding GCSE group by the mapping relations of service identification.

In the present embodiment, the group that can be understood as GCSE group is designated the Temporary Mobile Group Identity generated by BM-SC.

In specific implementation, when determining that UE adopts multicast carrying, transmitting element 21 sends a request message to BM-SC, and described request message, for asking BM-SC distribution service to identify and/or group mark, comprises the group mark number of request and/or the business number of group number and/or request in described request message.The group number of the GCSE group that group mark number and/or group number and/or the business number of request can be managed by GCS AS is determined, namely GCS AS manages several GCSE group, follow-uply just asks several groups of marks and/or several service identification.

In the present embodiment, be understandable that, GCS AS itself knows which GCSE group which UE belongs to, and just each GCSE group does not organize mark and service identification, needs request BM-SC to generate.

After BM-SC gives birth to company identification and/or service identification, send response message to GCS AS, comprise group mark and/or the service identification of BM-SC generation in response message, the first receiving element 22 receives described response message.

Following MSK generation unit 23 generates MSK, processing unit 24 sets up MSK and group identifies and/or the mapping relations of service identification, MSK is sent to BM-SC by transmitting element 21, and to identify with group according to MSK and/or MSK is sent to UE in corresponding GCSE group by the mapping relations of service identification.Citing is below described:

Such as, GCS AS manages two GCSE groups, comprises UE1 and UE2 in first GCSE group, comprises UE3 and UE4 in the 2nd GCSE group.At GCS AS generation MSK and after BM-SC acquisition group mark and service identification, set up MSK, group mark (Temporary Mobile Group Identity), the mapping relations one by one of service identification three are (such as by MSK1, group mark 1 and service identification 1 give first GCSE group as one group, by MSK2, group mark 2 and service identification 2 as one group and give second GCSE group), the MSK of generation is directly sent to BM-SC by follow-up GCS AS, and according to set up mapping relations MSK sent to the UE in corresponding GCSE group, in this example, the UE in first GCSE group is sent to by MSK1, MSK2 is sent to the UE in second GCSE group.

In addition, each MSK also should have MSK mark and the key term of validity.The MSK mark of each MSK and the key term of validity can be generated by GCS AS, also can be generated by BM-SC and be handed down to GCS AS.

When the MSK of each MSK identifies and the key term of validity is generated by GCS AS, transmitting element 21 is while sending to the UE in BM-SC and corresponding GCSE group by MSK, also need the MSK of each MSK to identify and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in BM-SC and corresponding GCSE group.

When each MSK MSK mark and the key term of validity generated by BM-SC, when then sending to GCS AS, need by the 3rd receiving element 25 receive each MSK that BM-SC generates and sends MSK identify and the key term of validity.In this case, transmitting element 21, while MSK being sent to the UE in BM-SC and corresponding GCSE group, also needs the group of GCSE group corresponding for each MSK mark and/or service identification to send to BM-SC; The MSK of each MSK is identified and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in corresponding GCSE group.

Device embodiment three:

The present embodiment is another specific descriptions to GCS AS of the present invention, and refer to Fig. 3, the GCS AS 30 of the present embodiment comprises:

MSK generation unit 31, for generating MSK;

Transmitting element 32, for sending a request message to BM-SC, comprises group mark number and the MSK of request in described request message;

Processing unit 33, for receiving the response message that BM-SC sends, comprises the mapping relations of each group mark and/or each service identification and each MSK in described response message;

Transmitting element 32 also for, to identify with the group of each GCSE group according to MSK and/or the MSK of generation is sent to user equipment (UE) in corresponding GCSE group by the mapping relations of service identification.

In specific implementation, the number of the GCSE group that MSK generation unit 31 manages according to GCS AS generates MSK, and the number generating MSK can be identical with the number of the GCSE group that GCS AS manages.After MSK generation unit 31 generates MSK, transmitting element 32 sends a request message to BM-SC, comprise the group mark number and MSK of request in described request message, described request message is for asking BM-SC point of combo mark and/or service identification and setting up the mapping relations of each group mark and/or each service identification and each MSK.

The request message point combo mark that BM-SC sends according to transmitting element 32 and/or service identification also set up the mapping relations of each group mark and/or each service identification and each MSK, then to GCS AS transmission response message.Processing unit 33 receives the response message that BM-SC sends, and comprises the mapping relations of each group mark and/or each service identification and each MSK in described response message.

When the MSK of each MSK identifies and the key term of validity is generated by GCS AS, when transmitting element 32 sends to the UE in corresponding GCSE group after MSK is sent to BM-SC and by MSK, also need the MSK of each MSK to identify and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in BM-SC and corresponding GCSE group.

When each MSK MSK mark and the key term of validity generated by BM-SC, when then sending to GCS AS, need by the 3rd receiving element 25 receive each MSK that BM-SC generates and sends MSK identify and the key term of validity.In this case, when transmitting element 21 sends to the UE in corresponding GCSE group after MSK is sent to BM-SC and by MSK, also need the group of GCSE group corresponding for each MSK mark and/or service identification to send to BM-SC; The MSK of each MSK is identified and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in corresponding GCSE group.

Device embodiment two and device embodiment three describe when the group of GCSE group is designated the Temporary Mobile Group Identity of BM-SC generation, realize the GCS AS that MSK issues, two device embodiments are by introducing when the group of GCSE group is designated fixing group mark below, realize the GCS AS that MSK issues.

Device embodiment four:

Refer to Fig. 4, the GCS AS 40 of the present embodiment comprises:

MSK generation unit 41, for generating MSK;

Unit 42 is set up in mapping, the mapping relations that the group for setting up MSK and each GCSE group identifies;

Transmitting element 43, for sending a request message to BM-SC, the mapping relations that the group comprising each MSK and each GCSE group in described request message identifies;

Processing unit 44, for receiving the response message that BM-SC sends, comprises the mapping relations of each group mark and each service identification in described response message.

In specific implementation, the number of the GCSE group that MSK generation unit 41 manages according to GCS AS generates MSK, and the number generating MSK can be identical with the number of the GCSE group that GCS AS manages.After MSK generation unit 41 generates MSK, map the mapping relations set up group that unit 42 sets up MSK and each GCSE group and identify, then transmitting element 43 sends a request message to BM-SC, the mapping relations that the group comprising each MSK and each GCSE group in described request message identifies, described request message is for asking BM-SC distribution service to identify and setting up each service identification and each organizes the mapping relations identified.BM-SC generates service identification, generate service identification number can with MSK and/or organize number identify identical, after generating service identification, BM-SC foundation group identify and service identification mapping relations and send response message to GCS AS.Processing unit 44 receives the response message that BM-SC sends, and comprises the mapping relations of each group mark and each service identification in described response message.

In the present embodiment, GCS AS self sets up and preserves the group mark of GCSE group and the mapping relations of MSK, after the mapping relations identified from BM-SC acquisition service identification and group, GCS AS just has MSK, group mark, the triangular mapping relations of service identification, just MSK can be sent to the UE in corresponding GCSE group according to the mapping relations GCS AS of this three.Citing is below described:

Such as, GCS AS manages two GCSE groups, the group of first GCSE group is designated group mark 1 (fixing group mark), UE1 and UE2 is comprised in first GCSE group, the group of the 2nd GCSE group is designated group mark 2 (fixing group mark), comprises UE3 and UE4 in second GCSE group.After GCS AS generates MSK, set up MSK and organize the mapping relations (such as organizing mark 1 with MSK1 is a group, and group mark 2 is a group with MSK2) identified.(such as organize mark 1 and service identification 1 is one group at GCS AS from BM-SC acquisition group mark and the mapping relations of service identification, group mark 2 is one group with service identification 2) after, GCS AS just has MSK, group mark, (the i.e. MSK1 of mapping relations one by one of service identification three, group mark 1 and service identification 1 correspond to first GCSE group as one group, MSK2, group mark 2 and service identification 2 correspond to second GCSE group as one group), MSK to be sent to the UE in corresponding GCSE group by follow-up GCS AS according to obtained mapping relations, in this example, the UE in first GCSE group is sent to by MSK1, MSK2 is sent to the UE in second GCSE group.

When the MSK of each MSK identifies and the key term of validity is generated by GCS AS, while transmitting element 43 sends to the UE in corresponding GCSE group after MSK is sent to BM-SC and by MSK, also need the MSK of each MSK to identify and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in BM-SC and corresponding GCSE group.

When each MSK MSK mark and the key term of validity generated by BM-SC, when then sending to GCS AS, need by the 3rd receiving element 45 receive each MSK that BM-SC generates and sends MSK identify and the key term of validity.In this case, while transmitting element 43 sends to the UE in corresponding GCSE group after MSK is sent to BM-SC and by MSK, also the group of GCSE group corresponding for each MSK mark and/or service identification are sent to BM-SC; The MSK of each MSK is identified and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in corresponding GCSE group.

Device embodiment five:

Refer to Fig. 5, the GCS AS 50 of the present embodiment comprises:

Second receiving element 51, for receiving the secret key request message that BM-SC sends, comprises the MSK number of service identification and request in described secret key request message;

MSK generation unit 52, for generating MSK;

Processing unit 53, the group for setting up MSK and each GCSE group identifies and/or the mapping relations of service identification;

Transmitting element 55, for MSK is sent to BM-SC, and to identify with the group of each GCSE group according to MSK and/or MSK is sent to UE in corresponding GCSE group by the mapping relations of service identification.

In specific implementation, GCS AS can according to the number of the GCSE group of self-management, the request message comprising group number and/or business number is sent to BM-SC, the group number that BM-SC sends according to GCS AS and/or business number send secret key request message, the MSK number of service identification and request is comprised in described secret key request message, second receiving element 51 receives described secret key request message, and MSK generation unit 52 generates MSK according to secret key request message.The group that processing unit 53 sets up MSK and each GCSE group identifies and/or the mapping relations of service identification, MSK is sent to BM-SC by transmitting element 55, and to identify with the group of each GCSE group according to MSK and/or MSK is sent to UE in corresponding GCSE group by the mapping relations of service identification.

When the MSK of each MSK identifies and the key term of validity is generated by GCS AS, transmitting element 55 is while sending to the UE in BM-SC and corresponding GCSE group by MSK, also need the MSK of each MSK to identify and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in BM-SC and corresponding GCSE group.

When each MSK MSK mark and the key term of validity generated by BM-SC, when then sending to GCS AS, need by the 3rd receiving element 54 receive each MSK that BM-SC generates and sends MSK identify and the key term of validity.In this case, the group of GCSE group corresponding for each MSK mark and/or service identification, while MSK being sent to the UE in BM-SC and corresponding GCSE group, are also sent to BM-SC by transmitting element 55; The MSK of each MSK is identified and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in corresponding GCSE group.

Several device embodiment describes the GCS AS realizing MSK and issue above, below several device embodiment will describe realize MSK upgrade GCS AS.

Device embodiment six:

Refer to Fig. 6, the GCS AS 60 of the present embodiment comprises:

Judging unit 61, for judging that according to preset rules MSK is the need of renewal;

Described preset rules comprises adding and/or leaving of the interior UE of described GCSE group, or MSK is to the term of validity.

MSK generation unit 62, for when the judged result of judging unit 61 is for being, generates new MSK;

Transmitting element 64, for sending the first key updating message to BM-SC, the second key updating message is sent to the UE in corresponding GCSE group, to make the UE more new key in BM-SC and corresponding GCSE group, in described first key updating message and described second key updating message, comprise described new MSK.

Described new MSK also should have MSK mark and the key term of validity.The MSK mark of described new MSK and the key term of validity can be generated by GCS AS, also can be generated by BM-SC and be handed down to GCS AS.

When the MSK mark of described new MSK and the key term of validity are generated by GCS AS, MSK generation unit 62 is also for before sending the first key updating message at transmitting element 64 to BM-SC, and the MSK generating described new MSK identifies and the key term of validity.Described first key updating message and described second key updating message also comprise: the MSK mark of described new MSK and the key term of validity, the group mark of the GCSE group that described new MSK is corresponding and/or service identification.

When the MSK mark of described new MSK and the key term of validity to be generated by BM-SC and to be handed down to GCS AS, 4th receiving element 63, before transmitting element 64 sends the first key updating message to BM-SC, receives MSK mark and the key term of validity of the described new MSK that BM-SC sends.Also comprise in described first key updating message: the group mark of the GCSE that described new MSK is corresponding and/or service identification; Comprise in described second key updating message: the MSK mark of described new MSK and the key term of validity, the group mark of the GCSE that described new MSK is corresponding and/or service identification.

Device embodiment six describes the GCS AS carrying out MSK renewal voluntarily, and device embodiment seven triggers by BM-SC the GCS AS carrying out MSK renewal by describing.

Device embodiment seven:

Refer to Fig. 7, the GCS AS 70 of the present embodiment comprises:

5th receiving element 71, for receiving the key updating Trigger message that BM-SC issues, comprises the MSK mark of the group mark of GCSE group and/or the MSK of service identification and/or needs renewal in described key updating Trigger message;

In specific implementation, BM-SC can judge that MSK is the need of renewal, the criterion of judgement such as: key is to the term of validity.If MSK needs to upgrade, then BM-SC issues key updating Trigger message to GCS AS.

MSK generation unit 72, for generating new MSK;

Transmitting element 74, for sending the 3rd key updating message to BM-SC, the 4th key updating message is sent to the UE in corresponding GCSE group, to make the UE more new key in BM-SC and corresponding GCSE group, in described 3rd key updating message and described 4th key updating message, comprise described new MSK.

When the MSK mark of described new MSK and the key term of validity are generated by GCS AS, MSK generation unit 72 is also for sending before the 3rd key updating message to BM-SC at transmitting element 74, and the MSK generating described new MSK identifies and the key term of validity.Described 3rd key updating message and described 4th key updating message also comprise: the MSK mark of described new MSK and the key term of validity, the group mark of the GCSE group that described new MSK is corresponding and/or service identification.

When the MSK mark of described new MSK and the key term of validity to be generated by BM-SC and to be handed down to GCS AS, needed by the 6th receiving element 73 before transmitting element 74 sends the 3rd key updating message to BM-SC, receive MSK mark and the key term of validity of the described new MSK that BM-SC sends.Also comprise in described 3rd key updating message: the group mark of the GCSE that described new MSK is corresponding and/or service identification; Comprise in described 4th key updating message: the MSK mark of described new MSK and the key term of validity, the group mark of the GCSE that described new MSK is corresponding and/or service identification.

Seven device embodiments above describe MSK when being generated by GCS AS self, realize the GCS AS that MSK issues, and device embodiment below will introduce MSK when being generated by BM-SC, realize the GCS AS that MSK issues.

Device embodiment eight:

Refer to Fig. 8, the GCS AS 80 of the present embodiment comprises:

Acquiring unit 81, for obtaining MSK from BM-SC;

Unit 82 is set up in mapping, and the group for setting up MSK and each group communication service GCSE group identifies and/or the mapping relations of service identification;

Transmitting element 83, for identify with the group of each GCSE group according to MSK and/or the MSK of generation to be sent to user equipment (UE) in corresponding GCSE group by the mapping relations of service identification.

In a specific embodiment, the number of the GCSE group that transmitting element 83 can manage according to GCS AS sends a request message to BM-SC, comprise the group mark number of request and/or the business number of group number and/or request in described request message, request message identifies for asking BM-SC to distribute MSK and service identification and/or group.The group mark number of asking in described request message and/or the business number of group number and/or request can be identical with the number of the GCSE group that GCS AS manages.

BM-SC is that GCSE distributes MSK and service identification and/or organizes mark, and sends response message to GCS AS.Acquiring unit 81 receives the response message that described BM-SC sends, and comprises MSK and the service identification of described BM-SC distribution and/or organize mark in described response message.In addition, described request message is also for asking BM-SC to be that each MSK generates MSK mark and the key term of validity; MSK mark and the key term of validity of each MSK is also comprised in described response message.

Map and set up group that unit 82 sets up MSK and each group communication service GCSE group and identify and/or the mapping relations of service identification, transmitting element 83 identifies according to the group of MSK and each GCSE group and/or the mapping relations of service identification will generate MSK, the mark of each MSK and the key term of validity, and the group mark of GCSE group corresponding to each MSK and/or service identification send to the UE in corresponding GCSE group.

In a specific embodiment: GCS AS can comprise processor and transmitter, wherein:

Processor is used for, and generates MSK, sets up or identifies and/or the mapping relations of service identification from the group that BM-SC obtains MSK and each group communication service GCSE group;

Transmitter is used for, and to identify and/or the MSK of generation is sent to user equipment (UE) in corresponding GCSE group by the mapping relations of service identification according to MSK with the group of each GCSE group.

Or

Processor is used for, and obtains MSK from BM-SC, and the group setting up MSK and each group communication service GCSE group identifies and/or the mapping relations of service identification;

It should be noted that, in each embodiment GCS AS is described above, can be understood as in the various mapping relations that BM-SC sends to GCS AS, itself utilize MSK, group mark and the service identification itself of mapping relations represent, therefore, both contain MSK, group mark, service identification itself in mapping relations, also comprise the mapping relations between three.Certainly, in other examples, mapping relations can also utilize the mark of MSK, representative group to identify and other information of service identification represent, so when BM-SC sends various mapping relations to GCS AS, also the MSK related in mapping relations, group mark and service identification should be sent to GCS AS.

In addition, in each embodiment GCS AS is described above, the various mapping relations that GCS AS self sets up, can be understood as GCS AS utilizes MSK, group mark, service identification itself to set up mapping relations, also can be understood as GCS AS utilizes the information of MSK mark, representative group mark, service identification to set up mapping relations, is not specifically limited herein.

Introduce the BM-SC of the embodiment of the present invention below, the BM-SC of the embodiment of the present invention is for realizing the authorization check to UE.

Device embodiment nine:

Refer to Fig. 9, the BM-SC 90 of the present embodiment comprises:

Unit 91 is set up in list, sets up Authorized UE List corresponding to service identification for the Authorized UE List request of setting up sent according to GCS AS;

Receiving element 92, for receiving the service activation request that UE sends, comprises the service identification that the mark of described UE and described UE want the business activated in described service activation request;

Authorization check unit 93, for checking whether the mark of described UE is wanted in the Authorized UE List that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if not, then to the authorization check failure of described UE.

Device embodiment ten:

The present embodiment is an introduction in detail to BM-SC of the present invention, and refer to Figure 10, the BM-SC of the present embodiment comprises:

Receiving element 101, receives the request message that GCS AS sends, and comprises the group mark number of request and/or the business number of group number and/or request in described request message;

First generation unit 102, for generating service identification;

Transmitting element 103, for sending response message to GCS AS, comprising service identification in described response message, to make described GCS AS, service identification being distributed to each GCSE group;

Receiving element 101 also for, receive Authorized UE List that GCS AS sends and set up the service activation request that request and UE send;

BM-SC also comprises:

Unit 104 is set up in list, sets up Authorized UE List corresponding to service identification for the Authorized UE List request of setting up sent according to GCS AS;

Authorization check unit 105, for checking whether the mark of UE is wanted in the Authorized UE List that the service identification of the business activated is corresponding at UE, if, then to the authorization check success of described UE, if not, then to the authorization check failure of described UE.

In other examples, BM-SC can also comprise the first updating block 106, upgrades corresponding Authorized UE List for the Authorized UE List update request received according to receiving element 101.

In a specific embodiment, GCS AS sends a request message to BM-SC according to the number of the GCSE group of self-management, comprise the group mark number of request and/or the business number of group number and/or request in described request message, the group mark number of described request and/or the business number of group number and/or request can be identical with the number of the GCSE group that GCS AS manages.Receiving element 101 receives the request message that GCS AS sends.

In the present embodiment, be understandable that, GCS AS itself knows which GCSE group which UE belongs to, but each GCSE group does not organize mark and service identification, therefore needs request BM-SC to generate.

First generation unit 102 generates service identification according to request message.The service identification that transmitting element 103 generates according to the first generation unit 102 sends response message to GCS AS, comprises service identification, to make GCS AS, service identification is distributed to each group communication service GCSE group in described response message.After service identification is distributed to each GCSE group by GCS AS, send described Authorized UE List according to the UE comprised in each GCSE group and set up request, described Authorized UE List sets up the mark comprising the service identification of GCSE group and the mandate UE of correspondence in request.

List is set up the Authorized UE List request of setting up that unit 104 sends according to GCS AS and is set up Authorized UE List corresponding to service identification, comprises the mark of corresponding UE in the Authorized UE List that each service identification is corresponding.After receiving element 101 receives the service activation request of UE transmission, authorization check unit 105 checks whether the mark of described UE is wanted in the Authorized UE List that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if not, then to the authorization check failure of described UE.The service identification that the mark of described UE and described UE want the business activated is comprised in described service activation request.

In addition, the first generation unit 102 can also give birth to company identification while generating service identification according to request message, and group mark is sent to GCS AS in the lump, to make GCS AS, group mark is also distributed to each GCSE group.Here group mark can be understood as to move organizes mark temporarily.Citing is below described:

Such as, GCS AS manages two GCSE groups, comprises UE1 and UE2 in first GCSE group, comprises UE3 and UE4 in the 2nd GCSE group.After the group of generation mark and service identification are sent to GCS AS by BM-SC, GCS AS is by group mark (Temporary Mobile Group Identity), service identification is distributed to each GCSE group and (such as group mark 1 and service identification 1 is given first GCSE group as one group, using group mark 2 and service identification 2 as one group and give second GCSE group), follow-up GCS AS sends Authorized UE List to BM-SC and sets up request, the mark of the service identification of GCSE group and the mandate UE of correspondence is comprised (as service identification 1 and UE1 in request, the mark of UE2, service identification 2 and UE3, the mark of UE4).BM-SC sets up the Authorized UE List (in Authorized UE List that namely service identification 1 corresponding comprise UE1 and UE2, in the Authorized UE List of service identification 2 correspondence comprise UE3 and UE4) corresponding with service identification.When BM-SC receives the service activation request of certain UE transmission, just can search and judge whether the mark of this UE is wanted in the Authorized UE List that the service identification of the business activated is corresponding at this UE, if, then to the authorization check success of this UE, if not, then to the authorization check failure of this UE.

It is follow-up when GCS AS finds that Authorized UE List needs to upgrade, Authorized UE List update request can be sent to BM-SC, receiving element 101 receives described Authorized UE List update request, comprises service identification, the mark of UE, deletion and/or add instruction in described Authorized UE List update request; First updating block 106 upgrades corresponding Authorized UE List according to described Authorized UE List update request.

Device embodiment 11:

Can think in device embodiment ten that GCSE group does not need group mark, or group is designated the Temporary Mobile Group Identity of BM-SC generation, the group introducing GCSE is designated BM-SC when fixing group identifies, UE being carried out to authorization check by the present embodiment, and refer to Figure 11, the BM-SC 110 of the present embodiment comprises:

Receiving element 111, for receiving the request message that GCS AS sends, comprises the group mark of GCSE group in described request message;

Second generation unit 112, for generating service identification and the mapping relations of foundation group mark and service identification;

Receiving element 111 also for, receive Authorized UE List that GCS AS sends and set up the service activation request that request and UE send, described Authorized UE List is set up the group comprising GCSE group in request and is identified and the mark of mandate UE of correspondence;

BM-SC also comprises:

Unit 113 is set up in list, for set up according to described mapping relationship searching and described Authorized UE List ask in the group that comprises identify corresponding service identification, set up the Authorized UE List that service identification is corresponding;

Authorization check unit 114, for checking whether the mark of described UE is wanted in the Authorized UE List that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if not, then to the authorization check failure of described UE.

In other examples, BM-SC can also comprise the second updating block 115, upgrades corresponding Authorized UE List for the Authorized UE List update request received according to receiving element 111.

In a specific embodiment, GCS AS sends a request message to BM-SC according to the number of the GCSE group of self-management, comprise the group mark of GCSE group in described request message, the number of group mark is identical with the number of the GCSE group that GCS AS manages, and receiving element 111 receives described request message.Second generation unit 112 generates service identification according to request message and the mapping relations of foundation group mark and service identification.

Described GCS AS sends Authorized UE List according to the UE comprised in each GCSE group and sets up request, and described Authorized UE List sets up the mark of the mandate UE of group mark and the correspondence comprising GCSE group in request.Receiving element 111 receives described Authorized UE List and sets up request, list set up unit 113 according to set up group mark and the mapping relationship searching of service identification and described Authorized UE List set up ask in the group that comprises identify corresponding service identification, the Authorized UE List that the service identification that foundation finds is corresponding.The mark of corresponding UE is comprised in Authorized UE List.

Receive the service activation request of UE transmission at receiving element 111 after, authorization check unit 114, for checking whether the mark of described UE is wanted in the Authorized UE List that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if not, then to the authorization check failure of described UE.

It is follow-up when GCS AS finds that Authorized UE List needs to upgrade, Authorized UE List update request can be sent to BM-SC, receiving element 111 receives described Authorized UE List update request, comprises service identification and/or group mark, the mark of UE, deletion and/or add instruction in described Authorized UE List update request; Second updating block 115 upgrades corresponding Authorized UE List according to described Authorized UE List update request.

In a specific embodiment, BM-SC can also comprise processor and receiver, wherein,

Processor is used for, and sets up Authorized UE List corresponding to service identification according to the Authorized UE List request of setting up that GCS AS sends;

Receiver is used for, and receives the service activation request that UE sends, and comprises the service identification that the mark of described UE and described UE want the business activated in described service activation request;

Described processor also for, check that whether the mark of described UE is wanted at described UE in the Authorized UE List that the service identification of the business activated is corresponding, if, then to the authorization check success of described UE, if not, then to the authorization check failure of described UE.

Device embodiment ten and 11 describes self and establishes Authorized UE List, thus realizes BM-SC UE being carried out to authorization check, and the following examples will describe self does not set up Authorized UE List, but needs BM-SC UE being carried out to authorization check.

Device embodiment 12:

Refer to Figure 12, the BM-SC 120 of the present embodiment comprises:

Receiving element 121, for receiving the service activation request that UE sends, comprises the service identification that the mark of described UE and described UE want the business activated in described service activation request;

Transmitting element 122, for sending authorization check request to GCS AS, check to ask described GCS AS whether the mark of described UE is wanted in the group communication service GCSE group that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if do not exist, then to the authorization check failure of described UE.

Device embodiment 13:

The present embodiment is a detailed description of BM-SC of the present invention, and refer to Figure 13, the BM-SC 130 of the present embodiment comprises:

Receiving element 131, for receiving the request message that described GCS AS sends, comprises the group mark number of request and/or the business number of group number and/or request in described request message;

First generation unit 132, for generating service identification;

Transmitting element 133, for sending response message to GCS AS, comprises service identification in described response message, to make GCS AS by service identification and to distribute to each GCSE group;

Receiving element 131 also for, receive the authorization check request that UE sends, in described authorization check request, comprise the service identification that the mark of described UE and described UE want the business activated;

Transmitting element 133 also for, authorization check request is sent to GCS AS, check to ask described GCS AS whether the mark of described UE is wanted in the group communication service GCSE group that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if do not exist, then to the authorization check failure of described UE.

In a specific embodiment, GCS AS sends a request message to BM-SC according to the number of the GCSE group of self-management, comprise the group mark number of request and/or the business number of group number and/or request in described request message, the group mark number of described request and/or the business number of group number and/or request can be identical with the number of the GCSE group that GCS AS manages.Receiving element 131 receives the request message that GCS AS sends.

First generation unit 132 generates service identification according to request message.The service identification that transmitting element 133 generates according to the first generation unit 132 sends response message to GCS AS, service identification is comprised in described response message, to make GCS AS that service identification is distributed to each group communication service GCSE group, in GCS AS, be equivalent to the Authorized UE List just having had service identification corresponding.

After receiving element 131 receives the service activation request of UE transmission, transmitting element 133 sends authorization check request to GCS AS, check to ask GCS AS whether the mark of described UE is wanted in the group communication service GCSE group that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if do not exist, then to the authorization check failure of described UE.The service identification that the mark of described UE and described UE want the business activated is comprised in described authorization check request.Authorization check result can be sent to BM-SC after carrying out authorization check to UE by GCS AS.

In addition, the first generation unit 132 can also give birth to company identification while generating service identification according to request message, and group mark is sent to GCS AS in the lump, to make GCS AS, group mark is also distributed to each GCSE group.Here group mark can be understood as to move organizes mark temporarily.Citing is below described:

Such as, GCS AS manages two GCSE groups, comprises UE1 and UE2 in first GCSE group, comprises UE3 and UE4 in second GCSE group.After the group of generation mark and service identification are sent to GCS AS by BM-SC, GCS AS is by group mark (Temporary Mobile Group Identity), service identification is distributed to each GCSE group and (such as group mark 1 and service identification 1 is given first GCSE group as one group, using group mark 2 and service identification 2 as one group and give second GCSE group), it is follow-up when BM-SC receives the service activation request of certain UE transmission, just can send authorization check request to GCS AS, check to ask GCS AS whether the mark of this UE is wanted in the GCSE group that the service identification of the business activated is corresponding at this UE, if, then to the authorization check success of this UE, if do not existed, then to the authorization check failure of this UE.

Device embodiment 14:

Can think in device embodiment 13 that GCSE group does not need group mark, or group is designated the Temporary Mobile Group Identity of BM-SC generation, the group introducing GCSE is designated BM-SC when fixing group identifies, UE being carried out to authorization check by the present embodiment, and refer to Figure 14, the BM-SC 140 of the present embodiment comprises:

Receiving element 141, for receiving the request message that described GCS AS sends, comprises the group mark of GCSE group in described request message;

Second generation unit 142, for generating service identification and the mapping relations of foundation group mark and service identification;

Receiving element 141, also for receiving the service activation request that UE sends, comprises the service identification that the mark of UE and UE want the business activated in described service activation request;

BM-SC also comprises:

Search unit 143, the group corresponding for the service identification searched with comprise in described service activation request identifies;

Transmitting element 144, for sending authorization check request to GCS AS, described authorization check request comprises, the group mark that the mark of described UE and described UE want the service identification of the business activated corresponding, checks to ask GCS AS whether the mark of described UE wants the group that the service identification of the business activated is corresponding to identify in corresponding GCSE group at described UE.

In a specific embodiment, GCS AS sends a request message to BM-SC according to the number of the GCSE group of self-management, the group mark of GCSE group is comprised in described request message, in this case be equivalent to GCS AS and self have Authorized UE List corresponding to group mark, receiving element 141 receives described request message.Second generation unit 142 generates service identification according to request message and the mapping relations of foundation group mark and service identification.

After receiving element 141 receives the service activation request of UE transmission, search unit 143 to search the group corresponding with the service identification comprised in described service activation request and identify, in described service activation request, comprise the service identification that the mark of described UE and described UE want the business activated.Transmitting element 144 sends authorization check request to GCS AS, the mark and the described UE that comprise described UE in authorization check request want the group that the service identification of the business activated is corresponding to identify, check to ask GCS AS whether the mark of described UE identifies in corresponding GCSE group in the group found, if, then to this UE authorization check success, otherwise, to this UE authorization check failure.Authorization check result can be sent to BM-SC after carrying out authorization check to UE by GCS AS.

In a specific embodiment, BM-SC can also comprise receiver and transmitter, wherein,

Transmitter is used for, authorization check request is sent to group communication service application server GCS AS, check to ask described GCS AS whether the mark of described UE is wanted in the group communication service GCSE group that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if do not exist, then to the authorization check failure of described UE.

Below secret key sending method provided by the invention is introduced.

Embodiment of the method one:

Refer to Figure 15, Figure 15 is secret key sending method embodiment, and the method for the present embodiment comprises:

S11, GCS AS generates MSK;

S12, GCS AS sets up or identifies and/or the mapping relations of service identification from the group that BM-SC obtains MSK and each GCSE group;

Wherein, group mark can be GCS AS be that GCSE component is joined or fixing group of mark just having of GCSE group self, also can be the Temporary Mobile Group Identity that BM-SC generates according to the request of GCS AS, such as TMGI.

S13, GCS AS to identify with the group of each GCSE group according to MSK and/or the MSK of generation is sent to UE in corresponding GCSE group by the mapping relations of service identification.

In the present embodiment, GCS AS can generate MSK, and set up or identify and/or the mapping relations of service identification from the group that BM-SC obtains MSK and each GCSE group, then to identify with the group of each GCSE group according to MSK and/or MSK is handed down to UE in corresponding GCSE group by the mapping relations of service identification, namely achieve GCS AS under partial reuse MBMS security mechanism scene and complete issuing of MSK.

Embodiment of the method two:

The present embodiment is specific descriptions to secret key sending method of the present invention, and refer to Figure 16, the method for the present embodiment comprises:

S21, GCS AS sends a request message to BM-SC, comprises the group mark number of request and/or the business number of group number and/or request in request message;

In specific implementation, when determining that UE adopts multicast carrying, GCS AS sends a request message to BM-SC, and described request message, for asking BM-SC distribution service to identify and/or group mark, comprises the group mark number of request and/or the business number of group number and/or request in described request message.The group number of the GCSE group that group mark number and/or group number and/or the business number of request can be managed by GCS AS is determined, namely GCS AS manages several GCSE group, follow-uply just asks several groups of marks and/or several service identification.

S22, GCS AS receives the response message that BM-SC sends, and comprises service identification and/or the group mark of described BM-SC distribution in response message;

The raw company identification of BM-SC and/or service identification, and send response message to GCS AS, comprise group mark and/or the service identification of BM-SC generation in response message, GCS AS receives described response message.

S23, GCS AS generates MSK;

The group that S24, GCS AS sets up MSK and each GCSE group identifies and/or the mapping relations of service identification;

MSK is sent to BM-SC by S25, GCS AS, and to identify with the group of each GCSE group according to MSK and/or the MSK of generation is sent to UE in corresponding GCSE group by the mapping relations of service identification.Citing is below described:

When the MSK of each MSK identifies and the key term of validity is generated by GCS AS, GCS AS is while sending to the UE in BM-SC and corresponding GCSE group by MSK, also need the MSK of each MSK to identify and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in BM-SC and corresponding GCSE group.

When each MSK MSK mark and the key term of validity generated by BM-SC, when then sending to GCS AS, before step S25, GCS AS also to receive each MSK that BM-SC generates and sends MSK mark and the key term of validity.In this case, GCS AS, while MSK being sent to the UE in BM-SC and corresponding GCSE group, also needs the group of GCSE group corresponding for each MSK mark and/or service identification to send to BM-SC; The MSK of each MSK is identified and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in corresponding GCSE group.

Embodiment of the method three:

The present embodiment is specific descriptions to secret key sending method of the present invention, and refer to Figure 17, the method for the present embodiment comprises:

S31, GCS AS generates MSK;

In specific implementation, GCS AS generates MSK according to the number of the GCSE group of self-management, and the number generating MSK can be identical with the number of the GCSE group that GCS AS manages.

S32, GCS AS sends a request message to BM-SC, comprises group mark number and the MSK of request in described request message;

Described request message is for asking BM-SC point of combo mark and/or service identification and setting up the mapping relations of each group mark and/or each service identification and each MSK.

S33, GCS AS receives the response message that BM-SC sends, and comprises the mapping relations of each group mark and/or each service identification and each MSK in described response message;

S34, GCS AS to identify with the group of each GCSE group according to MSK and/or the MSK of generation is sent to user equipment (UE) in corresponding GCSE group by the mapping relations of service identification.

When the MSK of each MSK identifies and the key term of validity is generated by GCS AS, when GCS AS sends to the UE in corresponding GCSE group after MSK is sent to BM-SC and by MSK, also need the MSK of each MSK to identify and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in BM-SC and corresponding GCSE group.

When the MSK mark of each MSK and the key term of validity are generated by BM-SC, when then sending to GCS AS, before step S34, GCS AS also needs the MSK mark and the key term of validity that receive each MSK of generating and sending of BM-SC.In this case, when GCS AS sends to the UE in corresponding GCSE group after MSK is sent to BM-SC and by MSK, also need the group of GCSE group corresponding for each MSK mark and/or service identification to send to BM-SC; The MSK of each MSK is identified and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in corresponding GCSE group.

Embodiment of the method two and embodiment of the method three describe when the group of GCSE group is designated the Temporary Mobile Group Identity of BM-SC generation, realize the method that MSK issues, two embodiments of the method are by introducing when the group of GCSE group is designated fixing group mark below, realize the method that MSK issues.

Embodiment of the method four:

Refer to Figure 18, the method for the present embodiment comprises:

S41, GCS AS generates MSK;

GCS AS can generate MSK according to the number of the GCSE group of self-management, and the number generating MSK can be identical with the number of the GCSE group that GCS AS manages.

The mapping relations that the group that S42, GCS AS sets up MSK and each GCSE group identifies;

S43, GCS AS sends a request message to BM-SC, the mapping relations that the group comprising each MSK and each GCSE group in described request message identifies;

S44, GCS AS receives the response message that BM-SC sends, and comprises the mapping relations of each group mark and each service identification in described response message;

S45, GCS AS to identify with the group of each GCSE group according to MSK and/or MSK is sent to UE in corresponding GCSE group by the mapping relations of service identification.

When the MSK of each MSK identifies and the key term of validity is generated by GCS AS, while GCS AS sends to the UE in corresponding GCSE group after MSK is sent to BM-SC and by MSK, also need the MSK of each MSK to identify and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in BM-SC and corresponding GCSE group.

When the MSK mark of each MSK and the key term of validity are generated by BM-SC, when then sending to GCS AS, before step S45, GCS AS also needs the MSK mark and the key term of validity that receive each MSK of generating and sending of BM-SC.In this case, while GCS AS sends to the UE in corresponding GCSE group after MSK is sent to BM-SC and by MSK, also the group of GCSE group corresponding for each MSK mark and/or service identification are sent to BM-SC; The MSK of each MSK is identified and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in corresponding GCSE group.

Embodiment of the method five:

Refer to Figure 19, the secret key sending method of the present embodiment comprises:

S51, GCS AS receives the secret key request message that BM-SC sends, and comprises the MSK number of service identification and request in described secret key request message;

GCS AS can according to the number of the GCSE group of self-management, the request message comprising group number and/or business number is sent to BM-SC, the group number that BM-SC sends according to GCS AS and/or business number send secret key request message, comprise the MSK number of service identification and request in described secret key request message, GCS AS receives described secret key request message.

S52, GCS AS generates MSK;

The group that S53, GCS AS sets up MSK and each GCSE group identifies and/or the mapping relations of service identification;

MSK is sent to BM-SC by S54, GCS AS, and to identify with the group of each GCSE group according to MSK and/or MSK is sent to UE in corresponding GCSE group by the mapping relations of service identification.

When the MSK mark of each MSK and the key term of validity are generated by BM-SC, when then sending to GCS AS, before step S54, GCS AS also needs the MSK mark and the key term of validity that receive each MSK of generating and sending of BM-SC.In this case, the group of GCSE group corresponding for each MSK mark and/or service identification, while MSK being sent to the UE in BM-SC and corresponding GCSE group, are also sent to BM-SC by transmitting element 55; The MSK of each MSK is identified and the key term of validity, and the group of GCSE group corresponding to each MSK identifies and/or service identification sends to UE in corresponding GCSE group.

Several embodiment of the method describes MSK delivery method above, below several embodiment of the method will be described in after MSK issues, to the method that MSK upgrades.

Embodiment of the method six:

Refer to Figure 20, the present embodiment MSK update method comprises:

According to preset rules, S61, GCS AS judges that MSK is the need of renewal; If so, then step S62 is performed, otherwise, perform step S64 and end process;

S62, GCS AS generates new MSK;

S63, GCS AS sends the first key updating message to BM-SC, sends the second key updating message to the UE in corresponding GCSE group, to make the UE more new key in BM-SC and corresponding GCSE group.Described new MSK is comprised in described first key updating message and described second key updating message.

When the MSK of described new MSK identifies and the key term of validity is generated by GCS AS, GCS AS, before transmission first key updating message, also generates MSK mark and the key term of validity of described new MSK.Described first key updating message and described second key updating message also comprise: the MSK mark of described new MSK and the key term of validity, the group mark of the GCSE group that described new MSK is corresponding and/or service identification.

When the MSK mark of described new MSK and the key term of validity to be generated by BM-SC and to be handed down to GCS AS, GCS AS, before send the first key updating message to BM-SC, also receives MSK mark and the key term of validity of the described new MSK that BM-SC sends.Also comprise in described first key updating message: the group mark of the GCSE that described new MSK is corresponding and/or service identification; Comprise in described second key updating message: the MSK mark of described new MSK and the key term of validity, the group mark of the GCSE that described new MSK is corresponding and/or service identification.

Embodiment of the method six describes the method that GCS AS carries out MSK renewal voluntarily, and embodiment of the method seven triggers by BM-SC the method that GCS AS carries out MSK renewal by describing.

Embodiment of the method seven:

Refer to Figure 21, the MSK update method of the present embodiment comprises:

S71, GCS AS receives the key updating Trigger message that BM-SC issues, and comprises the MSK mark of the group mark of GCSE group and/or the MSK of service identification and/or needs renewal in described key updating Trigger message;

S72, generate new MSK;

S73, to BM-SC send the 3rd key updating message, the 4th key updating message is sent to the UE in corresponding GCSE group, to make the UE more new key in BM-SC and corresponding GCSE group, in described 3rd key updating message and described 4th key updating message, comprise described new MSK.

When the MSK of described new MSK identifies and the key term of validity is generated by GCS AS, GCS AS, before sending the 3rd key updating message to BM-SC, also generates MSK mark and the key term of validity of described new MSK.Described 3rd key updating message and described 4th key updating message also comprise: the MSK mark of described new MSK and the key term of validity, the group mark of the GCSE group that described new MSK is corresponding and/or service identification.

When the MSK mark of described new MSK and the key term of validity to be generated by BM-SC and to be handed down to GCS AS, GCS AS, before sending the 3rd key updating message to BM-SC, also receives MSK mark and the key term of validity of the described new MSK that BM-SC sends.Also comprise in described 3rd key updating message: the group mark of the GCSE that described new MSK is corresponding and/or service identification; Comprise in described 4th key updating message: the MSK mark of described new MSK and the key term of validity, the group mark of the GCSE that described new MSK is corresponding and/or service identification.

Seven embodiments of the method above describe MSK when being generated by GCS AS self, and GCS AS realizes the method that MSK issues, and embodiment of the method below will introduce MSK when being generated by BM-SC, and GCS AS realizes the method that MSK issues.

Embodiment of the method eight:

Refer to Figure 22, the method for the present embodiment comprises:

S81, GCS AS obtains MSK from BM-SC;

The group that S82, GCS AS sets up MSK and each group communication service GCSE group identifies and/or the mapping relations of service identification;

S83, GCS AS to identify with the group of each GCSE group according to MSK and/or the MSK of generation is sent to UE in corresponding GCSE group by the mapping relations of service identification.

In the present embodiment, GCS AS can obtain MSK from BM-SC, the group setting up MSK and each GCSE group identifies and/or the mapping relations of service identification, then to identify with the group of each GCSE group according to MSK and/or MSK is handed down to UE in corresponding GCSE group by the mapping relations of service identification, namely achieve GCS AS under partial reuse MBMS security mechanism scene and complete issuing of MSK.

Embodiment of the method nine:

Refer to Figure 23, when MSK is generated by BM-SC, the specific embodiment that GCS AS realizes the method that MSK issues comprises:

S91, GCS AS sends a request message to BM-SC, comprises the group mark number of request and/or the business number of group number and/or request in described request message;

GCS AS can send a request message to BM-SC according to the number of the GCSE group of self-management, and the group mark number of asking in described request message and/or the business number of group number and/or request can be identical with the number of the GCSE group that GCS AS manages.

Described request message identifies for asking BM-SC to distribute MSK and service identification and/or group, and in addition, described request message is also for asking BM-SC to be that each MSK generates MSK mark and the key term of validity.

S92, GCS AS receives the response message that BM-SC sends, and comprises MSK and the service identification of described BM-SC distribution and/or organize mark in described response message;

In addition, MSK mark and the key term of validity of each MSK is also comprised in described response message.

The group that S93, GCS AS sets up MSK and each group communication service GCSE group identifies and/or the mapping relations of service identification;

S94, GCS AS to identify with the group of each GCSE group according to MSK and/or the MSK of generation is sent to UE in corresponding GCSE group by the mapping relations of service identification.

In addition, GCS AS is also by the mark of each MSK and the key term of validity, and the group mark of GCSE group corresponding to each MSK and/or service identification send to the UE in corresponding GCSE group.

It should be noted that, in each embodiment secret key sending method is described above, can be understood as in the various mapping relations that BM-SC sends to GCS AS, itself utilize MSK, group mark and the service identification itself of mapping relations represent, therefore, both contain MSK, group mark, service identification itself in mapping relations, also comprise the mapping relations between three.Certainly, in other examples, mapping relations can also utilize the mark of MSK, representative group to identify and other information of service identification represent, so when BM-SC sends various mapping relations to GCS AS, also the MSK related in mapping relations, group mark and service identification should be sent to GCS AS.

In addition, in each embodiment secret key sending method is described above, the various mapping relations that GCS AS self sets up, can be understood as GCS AS utilizes MSK, group mark, service identification itself to set up mapping relations, also can be understood as GCS AS utilizes the information of MSK mark, representative group mark, service identification to set up mapping relations, is not specifically limited herein.

To provided by the invention, the method that UE carries out authorization check is introduced below.

Embodiment of the method ten:

Refer to Figure 24, the method for the present embodiment comprises:

Authorized UE List corresponding to service identification is set up in the Authorized UE List request of setting up that S101, BM-SC send according to GCS AS;

S102, BM-SC receive the service activation request that UE sends, and comprise the service identification that the mark of described UE and described UE want the business activated in described service activation request;

S103, BM-SC check whether the mark of described UE is wanted in the Authorized UE List that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if not, then to the authorization check failure of described UE.

In the present embodiment, Authorized UE List is set up in the Authorized UE List request of setting up that BM-SC can send according to GCS AS, like this after the service activation request receiving UE transmission, the Authorized UE List directly set up according to self can realize the authorization check to UE, so namely, achieve when BM-SC is invisible to GCSE group, to reuse under MBMS security mechanism scene BM-SC completely to the service authorization inspection of UE.

Embodiment of the method 11:

The present embodiment introduces in detail that UE carries out authorization check method the present invention, and refer to Figure 25, the method for the present embodiment comprises:

S111, BM-SC receive the request message that GCS AS sends, and comprise the group mark number of request and/or the business number of group number and/or request in described request message;

GCS AS sends a request message to BM-SC according to the number of the GCSE group of self-management, and the group mark number of described request and/or the business number of group number and/or request can be identical with the number of the GCSE group that GCS AS manages.

S112, BM-SC generate service identification;

S113, BM-SC send response message to GCS AS, comprise service identification, to make described GCS AS, service identification is distributed to each GCSE group in described response message;

In addition, BM-SC can also give birth to company identification while generating service identification according to request message, and group mark is sent to GCS AS in the lump, to make GCS AS, group mark is also distributed to each GCSE group.Here group mark can be understood as to move organizes mark temporarily.

Authorized UE List corresponding to service identification is set up in the Authorized UE List request of setting up that S114, BM-SC send according to GCS AS;

After service identification is distributed to each GCSE group by GCS AS, send described Authorized UE List according to the UE comprised in each GCSE group and set up request, described Authorized UE List sets up the mark comprising the service identification of GCSE group and the mandate UE of correspondence in request.The mark of corresponding UE is comprised in the Authorized UE List that each service identification is corresponding.

S115, BM-SC receive the service activation request that GCS AS sends;

The service identification that the mark of described UE and described UE want the business activated is comprised in described service activation request.

S116, BM-SC check whether the mark of UE is wanted in the Authorized UE List that the service identification of the business activated is corresponding at UE, if, then to the authorization check success of described UE, if not, then to the authorization check failure of described UE;

S117, BM-SC receive the Authorized UE List update request that GCS AS sends;

S118, BM-SC upgrade corresponding Authorized UE List.

It is follow-up when GCS AS finds that Authorized UE List needs to upgrade, Authorized UE List update request can be sent to BM-SC, BM-SC receives described Authorized UE List update request, comprises service identification, the mark of UE, deletion and/or add instruction in described Authorized UE List update request; BM-SC upgrades corresponding Authorized UE List according to described Authorized UE List update request.Citing is below described:

Embodiment of the method 12:

Can think in embodiment of the method 11 that GCSE group does not need group mark, or group is designated the Temporary Mobile Group Identity of BM-SC generation, the group introducing GCSE is designated the method that when fixing group identifies, BM-SC carries out authorization check to UE by the present embodiment, and refer to Figure 26, the method for the present embodiment comprises:

S121, BM-SC receive the request message that GCS AS sends, and comprise the group mark of GCSE group in described request message;

GCS AS sends a request message to BM-SC according to the number of the GCSE group of self-management, and comprise the group mark of GCSE group in described request message, the number of group mark is identical with the number of the GCSE group that GCS AS manages.

S122, BM-SC generate service identification and the mapping relations of foundation group mark and service identification;

Authorized UE List is set up in the Authorized UE List request of setting up that S123, BM-SC send according to GCS AS, and described Authorized UE List sets up the mark of the mandate UE of group mark and the correspondence comprising GCSE group in request;

GCS AS sends Authorized UE List according to the UE comprised in each GCSE group and sets up request, and described Authorized UE List sets up the mark of the mandate UE of group mark and the correspondence comprising GCSE group in request.BM-SC according to set up group mark and the mapping relationship searching of service identification and described Authorized UE List set up ask in the group that comprises identify corresponding service identification, the Authorized UE List that the service identification that foundation finds is corresponding.The mark of corresponding UE is comprised in Authorized UE List.

S124, BM-SC receive the service activation request that UE sends;

The service identification that the mark of UE and UE want the business activated is comprised in service activation request.

S125, BM-SC check whether the mark of described UE is wanted in the Authorized UE List that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if not, then to the authorization check failure of described UE;

The Authorized UE List update request that S126, BM-SC receive;

S127, BM-SC upgrade corresponding Authorized UE List.

It is follow-up when GCS AS finds that Authorized UE List needs to upgrade, Authorized UE List update request can be sent to BM-SC, BM-SC receives described Authorized UE List update request, comprises service identification and/or group mark, the mark of UE, deletion and/or add instruction in described Authorized UE List update request; BM-SC upgrades corresponding Authorized UE List according to described Authorized UE List update request.

Embodiment of the method 11 and 12 describes BM-SC self and establishes Authorized UE List, thus realize the method for UE being carried out to authorization check, description BM-SC self is not set up Authorized UE List by the following examples, but needs the method for UE being carried out to authorization check.

Embodiment of the method 13:

Refer to Figure 27, the method for the present embodiment comprises:

S131, BM-SC receive the service activation request that UE sends, and comprise the service identification that the mark of described UE and described UE want the business activated in described service activation request;

S132, send authorization check request to GCS AS, check to ask described GCS AS whether the mark of described UE is wanted in the group communication service GCSE group that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if do not exist, then to the authorization check failure of described UE.

In the present embodiment, BM-SC is after the service activation request receiving UE transmission, authorization check request is sent to GCS AS, to ask GCS AS, authorization check is carried out to UE, so namely, achieve when BM-SC is invisible to GCSE group, to reuse under MBMS security mechanism scene BM-SC completely to the service authorization inspection of UE.

Embodiment of the method 14:

The present embodiment is that BM-SC self does not set up Authorized UE List, but needs a detailed description of UE being carried out to the method for authorization check, and refer to Figure 28, the method for the present embodiment comprises:

S141, BM-SC receive the request message that described GCS AS sends, and comprise the group mark number of request and/or the business number of group number and/or request in described request message;

GCS AS sends a request message to BM-SC according to the number of the GCSE group of self-management, the group mark number of request and/or the business number of group number and/or request is comprised in described request message, the group mark number of described request and/or the business number of group number and/or request can be identical with the number of the GCSE group that GCS AS manages, and BM-SC receives the request message that described GCS AS sends.

S142, BM-SC generate service identification;

S143, BM-SC send response message to GCS AS, comprise service identification in described response message, to make GCS AS by service identification and to distribute to each GCSE group;

Now, the Authorized UE List just having had service identification corresponding is equivalent in GCS AS.

S144, BM-SC receive the authorization check request that UE sends, and comprise the service identification that the mark of described UE and described UE want the business activated in described authorization check request;

S145, BM-SC send authorization check request to GCS AS, check to ask described GCS AS whether the mark of described UE is wanted in the group communication service GCSE group that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if do not exist, then to the authorization check failure of described UE.

Authorization check result can be sent to BM-SC after carrying out authorization check to UE by GCS AS.

Citing is below described:

Embodiment of the method 15:

Can think in embodiment of the method 14 that GCSE group does not need group mark, or group is designated the Temporary Mobile Group Identity of BM-SC generation, the group introducing GCSE is designated the method for when fixing group identifies, UE being carried out to authorization check by the present embodiment, and refer to Figure 29, the method for the present embodiment comprises:

S151, BM-SC receive the request message that GCS AS sends, and comprise the group mark of GCSE group in described request message;

In specific implementation, GCS AS can send a request message to BM-SC according to the number of the GCSE group of self-management, comprises the group mark of GCSE group in described request message, is equivalent to GCS AS in this case and self has Authorized UE List corresponding to group mark.

S152, generate service identification and foundation group mark and the mapping relations of service identification;

S153, receive the service activation request that UE sends, in described service activation request, comprise the service identification that the mark of UE and UE want the business activated;

S154, search the group corresponding with the service identification comprised in described service activation request and identify;

S155, for sending authorization check request to GCS AS, described authorization check request comprises, the group mark that the mark of described UE and described UE want the service identification of the business activated corresponding, checks to ask GCS AS whether the mark of described UE wants the group that the service identification of the business activated is corresponding to identify in corresponding GCSE group at described UE.

In several embodiments that the application provides, should be understood that, disclosed device, the mode by other realizes.Such as, device embodiment described above is only schematic, the such as division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical or other form.

The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.

In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.

If described integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprises all or part of step of some instructions in order to make a computer equipment (can be personal computer, server or the network equipment etc.) perform method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), portable hard drive, magnetic disc or CD etc. various can be program code stored medium.

The above, above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.

Claims

1. a group communication service application server GCS AS, is characterized in that, comprising:

2. GCS AS as claimed in claim 1, is characterized in that,

Described transmitting element also for, before described MSK generation unit generates MSK, send a request message to described BM-SC, comprise the group mark number of request and/or the business number of group number and/or request in described request message, described request message is for asking described BM-SC distribution service to identify and/or group mark;

Described GCS AS also comprises:

3. GCS AS as claimed in claim 1, is characterized in that,

Described transmitting element also for, after described MSK generation unit generates MSK, send a request message to described BM-SC, comprise the group mark number and MSK of request in described request message, described request message is for asking described BM-SC point of combo mark and/or service identification and setting up the mapping relations of each group mark and/or each service identification and each MSK;

4. GCS AS as claimed in claim 1, it is characterized in that, described GCS AS also comprises:

5. GCS AS as claimed in claim 1, it is characterized in that, described GCS AS also comprises:

6. the GCS AS as described in claim 2 to 5 any one, is characterized in that, described MSK generation unit also for, be that each MSK generates MSK mark and the key term of validity;

7. the GCS AS as described in claim 2 to 5 any one, is characterized in that, described GCS AS also comprises:

8. the GCS AS as described in claim 1 to 5 any one, is characterized in that, described GCS AS also comprises:

9. GCS AS as claimed in claim 8, is characterized in that, described preset rules comprises adding and/or leaving of the interior UE of described GCSE group, or MSK is to the term of validity.

10. GCS AS as claimed in claim 8, is characterized in that,

Described MSK generation unit also for, before described transmitting element sends the first key updating message to described BM-SC, generate described new MSK MSK mark and the key term of validity;

11. GCS AS as claimed in claim 8, it is characterized in that, described GCS AS also comprises:

12. GCS AS as described in claim 1 to 5 any one, it is characterized in that, described GCSAS also comprises:

Described MSK generation unit also for, generate new MSK;

13. GCS AS as claimed in claim 12, is characterized in that,

Described MSK generation unit also for, before described transmitting element sends the 3rd key updating message to described BM-SC, generate MSK mark and the key term of validity of described new MSK;

14. GCS AS as claimed in claim 12, it is characterized in that, described GCS AS also comprises:

15. 1 kinds of group communication service application server GCS AS, is characterized in that, comprising:

16. GCS AS as claimed in claim 15, is characterized in that,

Described transmitting element also for, before described acquiring unit obtains MSK from described BM-SC, send a request message to described BM-SC, comprise the group mark number of request and/or the business number of group number and/or request in described request message, described request message identifies for asking described BM-SC to distribute MSK and service identification and/or group;

17. GCS AS as claimed in claim 16, is characterized in that, described request message is also for asking described BM-SC to be that each MSK generates MSK mark and the key term of validity;

18. 1 kinds of broadcast multicast service center BM-SC, is characterized in that, comprising:

19. BM-SC as claimed in claim 18, is characterized in that,

Described receiving element also for, set up before unit sets up Authorized UE List corresponding to service identification in described list, receive the request message that described GCS AS sends, in described request message, comprise the group mark number of request and/or the business number of group number and/or request;

Described BM-SC also comprises:

First generation unit, for generating service identification;

20. BM-SC as claimed in claim 18, is characterized in that,

Described receiving element also for, set up before unit sets up Authorized UE List corresponding to service identification in described list, receive the request message that described GCS AS sends, the group comprising GCSE group in described request message identifies;

Described BM-SC also comprises:

Described list set up unit specifically for:

21. BM-SC as claimed in claim 19, is characterized in that,

Described receiving element also for, receive the Authorized UE List update request that described GCS AS sends, comprise service identification, the mark of UE, deletion in described Authorized UE List update request and/or add instruction;

Described BM-SC also comprises:

22. BM-SC as claimed in claim 20, is characterized in that,

Described receiving element also for, receive the Authorized UE List update request that described GCS AS sends, comprise group mark and/or service identification, the mark of UE, deletion in described Authorized UE List update request and/or add instruction;

Described BM-SC also comprises:

23. 1 kinds of broadcast multicast service center BM-SC, is characterized in that, comprising:

24. BM-SC as claimed in claim 23, is characterized in that,

Described receiving element also for, before receiving the service activation request that UE sends, receive the request message that described GCS AS sends, in described request message, comprise the group mark number of request and/or group number and/or the business number of request;

Described BM-SC also comprises:

First generation unit, for generating service identification;

25. BM-SC as claimed in claim 23, is characterized in that,

Described receiving element also for, receive UE send service activation request before, receive described GCS AS send request message, comprise in described request message GCSE group group identify;

Described BM-SC also comprises:

26. 1 kinds of secret key sending methods, is characterized in that, comprising:

Generate multimedia broadcast multi-broadcasting business key MSK;

27. methods as claimed in claim 26, is characterized in that, before generation MSK, described method also comprises:

MSK is sent to described BM-SC.

28. methods as claimed in claim 26, is characterized in that, after generation MSK, described method also comprises:

29. methods as claimed in claim 26, is characterized in that, after generation MSK, described method also comprises:

30. methods as claimed in claim 26, is characterized in that, before generation MSK, described method also comprises:

MSK is sent to described BM-SC.

31. methods as described in claim 27 to 30 any one, is characterized in that, before identifying with the group of each GCSE group according to MSK and/or the MSK of generation to send to the UE in corresponding GCSE group by the mapping relations of service identification, also comprise:

For each MSK generates MSK mark and the key term of validity;

32. methods as described in claim 27 to 30 any one, is characterized in that, describedly to identify with the group of each GCSE group according to MSK and/or before the MSK of generation sends to the UE in corresponding GCSE group by the mapping relations of service identification, also comprise:

33. methods as described in claim 26 to 30 any one, it is characterized in that, described method also comprises:

Judge that MSK is the need of renewal according to preset rules;

If so, then new MSK is generated;

34. methods as claimed in claim 33, is characterized in that, described preset rules comprises adding and/or leaving of the interior UE of described GCSE group, or MSK is to the term of validity.

35. methods as claimed in claim 33, is characterized in that, before sending the first key updating message to described BM-SC, also comprise:

Generate MSK mark and the key term of validity of described new MSK;

36. methods as claimed in claim 33, is characterized in that, before sending the first key updating message to described BM-SC, also comprise:

37. methods as described in claim 26 to 30 any one, it is characterized in that, described method also comprises:

Generate new MSK;

38. methods as claimed in claim 37, is characterized in that, before sending the 3rd key updating message to described BM-SC, also comprise;

Generate MSK mark and the key term of validity of described new MSK;

39. methods as claimed in claim 37, is characterized in that, before sending the 3rd key updating message to described BM-SC, also comprise:

40. 1 kinds of secret key sending methods, is characterized in that, comprising:

41. methods as claimed in claim 40, is characterized in that, before obtaining MSK from described BM-SC, described method also comprises:

Describedly obtain MSK from described BM-SC and comprise:

42. methods as claimed in claim 41, is characterized in that, described request message is also for asking described BM-SC to be that each MSK generates MSK mark and the key term of validity;

Also comprise when MSK being sent to the UE in corresponding GCSE group:

43. 1 kinds are carried out the method for authorization check to user equipment (UE), it is characterized in that, comprising:

44. methods as claimed in claim 43, is characterized in that, before setting up Authorized UE List corresponding to service identification, also comprise:

Generate service identification;

45. methods as claimed in claim 43, is characterized in that, before setting up Authorized UE List corresponding to service identification, also comprise:

46. methods as claimed in claim 44, it is characterized in that, described method also comprises:

47. methods as claimed in claim 45, it is characterized in that, described method also comprises:

48. 1 kinds are carried out the method for authorization check to user equipment (UE), it is characterized in that, comprising:

Authorization check request is sent to group communication service application server GCS AS, check to ask described GCSAS whether the mark of described UE is wanted in the group communication service GCSE group that the service identification of the business activated is corresponding at described UE, if, then to the authorization check success of described UE, if do not exist, then to the authorization check failure of described UE.

49. methods as claimed in claim 48, is characterized in that, before the service activation request receiving UE transmission, described method also comprises:

Generate service identification;

50. methods as claimed in claim 48, is characterized in that, before the service activation request receiving UE transmission, described method also comprises:

Before sending authorization check request to GCS AS, also comprise: