CN108521641A

CN108521641A - A kind of D2D communications generate the methods, devices and systems of key

Info

Publication number: CN108521641A
Application number: CN201810272425.6A
Authority: CN
Inventors: 李文锦; 龚贺
Original assignee: Vivo Mobile Communication Co Ltd
Current assignee: Vivo Mobile Communication Co Ltd
Priority date: 2018-03-29
Filing date: 2018-03-29
Publication date: 2018-09-11

Abstract

The methods, devices and systems for generating key are communicated the embodiment of the invention discloses a kind of D2D, it is related to field of communication technology, D2D communications are not suitable for which the safety of the communication data of D2D communications can not be improved to the key that the method for solving the problem of the generation key of prior art offer generates.This method includes：First user equipment receives the first parameter that the network equipment is sent, and the first parameter is used to indicate the initial key of second user equipment, and the condition of D2D communications is met between second user equipment and the first user equipment；First user equipment generates the first transmission key, the initial key of the first user equipment is different from the initial key of second user equipment according to the initial key and the first parameter of the first user equipment using the first algorithm.The present invention is applied to D2D communication encryptions.

Description

Method, device and system for generating secret key through D2D communication

Technical Field

The embodiment of the invention relates to the technical field of communication, in particular to a method, a device and a system for generating a secret key in D2D communication.

Background

With the continuous evolution of wireless communication systems, the wireless spectrum resources of mobile communication systems have gradually failed to meet the development requirements of wireless communication. In order to improve the utilization rate of the wireless spectrum resources, Device-to-Device (D2D) communication based on a cellular network, or called Proximity Service (ProSe), is introduced, which means that User data can be directly transmitted between User Equipments (UEs) without being transferred through a network Device.

A conventional method for generating a key in cellular communication is that a first user equipment and a second user equipment capable of cellular communication generate different first transmission keys and second transmission keys, a network device generates the first transmission keys by using the same parameters (including an initial key and a random number of the first user equipment, etc.) and algorithm as those used by the first user equipment to generate the first transmission keys, and generates the second transmission keys by using the same parameters (including an initial key and a random number of the second user equipment, etc.) and algorithm as those used by the second user equipment to generate the second transmission keys. Therefore, the communication data of the first user equipment and the second user equipment can be transmitted safely and effectively through the network equipment.

However, the conventional method for encrypting the communication data by the key generated by the cellular communication is not suitable for the D2D communication, so a safe and effective method for generating the key is needed to encrypt and decrypt the communication data of the D2D communication so as to improve the security of the communication data of the D2D communication.

Disclosure of Invention

Embodiments of the present invention provide a method, an apparatus, and a system for generating a key in D2D communication, so as to solve the problem that the key generated by the method for generating a key provided in the prior art is not suitable for D2D communication, and thus cannot improve the security of communication data of D2D communication.

In order to solve the technical problem, the invention is realized as follows:

in a first aspect, an embodiment of the present invention provides a method for generating a key through device-to-device D2D communication, where the method is applied to a first user equipment, and the method includes:

receiving a first parameter sent by the network device, wherein the first parameter is used for indicating an initial key of the second user device, and the condition of D2D communication is satisfied between the second user device and the first user device;

and generating a first transmission key by adopting a first algorithm according to the initial key and the first parameter of the first user equipment, wherein the initial key of the first user equipment is different from the initial key of the second user equipment.

In a second aspect, an embodiment of the present invention provides a method for generating a key in device-to-device D2D communication, where the method is applied to a network device, and the method includes:

acquiring a first parameter, wherein the first parameter is used for indicating an initial key of second user equipment, and a condition of D2D communication is met between the second user equipment and the first user equipment;

and sending a first parameter to the first user equipment, wherein the first parameter is used for generating a first transmission key by the first user equipment according to the initial key and the first parameter of the first user equipment by adopting a first algorithm, and the initial key of the first user equipment is different from the initial key of the second user equipment.

In a third aspect, an embodiment of the present invention provides a first user equipment, including: a receiving module and a generating module;

the receiving module is used for receiving a first parameter sent by the network device, wherein the first parameter is used for indicating an initial key of the second user equipment, and a condition of D2D communication is met between the second user equipment and the first user equipment;

and the generating module is used for generating a first transmission key by adopting a first algorithm according to the initial key of the first user equipment and the first parameter received by the receiving module, wherein the initial key of the first user equipment is different from the initial key of the second user equipment.

In a fourth aspect, an embodiment of the present invention provides a network device, including: the device comprises an acquisition module and a sending module;

the acquisition module is used for acquiring a first parameter, wherein the first parameter is used for indicating an initial key of the second user equipment, and the condition of D2D communication is met between the second user equipment and the first user equipment;

and the sending module is used for sending the first parameter obtained by the obtaining module to the first user equipment, wherein the first parameter is used for generating a first transmission key by the first user equipment according to the initial key and the first parameter of the first user equipment by adopting a first algorithm, and the initial key of the first user equipment is different from the initial key of the second user equipment.

In a fifth aspect, an embodiment of the present invention provides a first user equipment, including a processor, a memory, and a computer program stored on the memory and operable on the processor, the computer program, when executed by the processor, implementing the steps of the method for generating a key for device-to-device D2D communication as in the first aspect.

In a sixth aspect, an embodiment of the present invention provides a network device, including a processor, a memory, and a computer program stored on the memory and operable on the processor, where the computer program, when executed by the processor, implements the steps of the method for generating a key by device-to-device D2D communication as in the second aspect.

In a seventh aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps of the method for generating a key by device-to-device D2D communication as in the first or second aspect.

In an eighth aspect, an embodiment of the present invention provides a wireless communication system, including: a first user equipment and a network equipment;

the first user equipment comprises first user equipment as in the third aspect and the network equipment comprises network equipment as in the fourth aspect;

alternatively, the first user equipment comprises the first user equipment as in the fifth aspect and the network equipment comprises the network equipment as in the sixth aspect.

In the embodiment of the invention, the first user equipment receives a first parameter sent by the network equipment, wherein the first parameter is used for indicating an initial key of the second user equipment, and a condition of D2D communication is satisfied between the second user equipment and the first user equipment; the first user equipment generates a first transmission key by adopting a first algorithm according to an initial key and a first parameter of the first user equipment, wherein the initial key of the first user equipment is different from the initial key of the second user equipment. Through the scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment, and similarly, the second user equipment can also generate the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment, that is, the first user equipment and the second user equipment which can perform D2D communication generate the same transmission key, and can perform encryption or decryption of data according to the same transmission key. The secret key generated by the secret key generating method in the scheme is used for encrypting and decrypting the communication data, so that the safety of the communication data of D2D communication is improved, and the problem that the secret key generated by the secret key generating method provided by the prior art is not suitable for D2D communication, and the safety of the communication data of D2D communication cannot be improved is solved.

Drawings

Fig. 1 is a schematic diagram of a network architecture for D2D communication according to an embodiment of the present invention;

fig. 2 is a flowchart of a method for generating a key in D2D communication according to an embodiment of the present invention;

fig. 3(a) is a second flowchart of a method for generating a secret key by D2D communication according to an embodiment of the present invention;

fig. 3(b) is a third flowchart of a method for generating a key in D2D communication according to an embodiment of the present invention;

fig. 4(a) is a fourth flowchart of a method for generating a key in D2D communication according to an embodiment of the present invention;

fig. 4(b) is a fifth flowchart of a method for generating a key in D2D communication according to an embodiment of the present invention;

fig. 4(c) is a sixth flowchart of a method for generating a key in D2D communication according to an embodiment of the present invention;

fig. 5(a) is a seventh flowchart of a method for generating a key in D2D communication according to an embodiment of the present invention;

fig. 5(b) is an eighth flowchart of a method for generating a secret key by D2D communication according to an embodiment of the present invention;

fig. 5(c) is a ninth flowchart of a method for generating a key in D2D communication according to an embodiment of the present invention;

fig. 6 is a tenth flowchart of a method for generating a key in D2D communication according to an embodiment of the present invention;

fig. 7 is an eleventh flowchart of a method for generating a secret key in D2D communication according to an embodiment of the present invention;

fig. 8 is a twelfth flowchart of a method for generating a secret key in D2D communication according to an embodiment of the present invention;

fig. 9(a) is thirteen of a flowchart of a method for generating a key by D2D communication according to an embodiment of the present invention;

fig. 9(b) is a fourteen flowchart of a method for generating a key by D2D communication according to an embodiment of the present invention;

fig. 10(a) is a fifteen step flowchart of a method for generating a key for D2D communication according to an embodiment of the present invention;

fig. 10(b) is a sixteen-way flowchart of a method for generating a key through D2D communication according to an embodiment of the present invention;

fig. 10(c) is a seventeenth flowchart of a method for generating a key by D2D communication according to an embodiment of the present invention;

fig. 11(a) is an eighteenth flowchart of a method for generating a key by D2D communication according to an embodiment of the present invention;

fig. 11(b) is nineteen in the flowchart of the method for generating the key by D2D communication according to the embodiment of the present invention;

fig. 11(c) is twenty of a flowchart of a method for generating a key in D2D communication according to an embodiment of the present invention;

fig. 12 is a twenty-one flowchart of a method for generating a secret key in D2D communication according to an embodiment of the present invention;

fig. 13 is a schematic structural diagram of a user equipment according to an embodiment of the present invention;

fig. 14 is a second schematic structural diagram of a ue according to an embodiment of the present invention;

fig. 15 is a third schematic structural diagram of a ue according to an embodiment of the present invention;

fig. 16 is a hardware diagram of a user equipment according to an embodiment of the present invention;

fig. 17 is a schematic structural diagram of a network device according to an embodiment of the present invention;

fig. 18 is a hardware schematic diagram of a network device according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The terms "first," "second," "third," and "fourth," etc. in the description and in the claims of the present invention are used for distinguishing between different objects and not for describing a particular order of the objects. For example, the first input, the second input, the third input, the fourth input, etc. are used to distinguish between different inputs, rather than to describe a particular order of inputs.

In the embodiments of the present invention, words such as "exemplary" or "for example" are used to mean serving as examples, illustrations or descriptions. Any embodiment or design described as "exemplary" or "e.g.," an embodiment of the present invention is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.

In the description of the embodiments of the present invention, unless otherwise specified, "a plurality" means two or more, for example, a plurality of processing units means two or more processing units; plural elements means two or more elements, and the like.

The embodiment of the invention provides a method for generating a secret key by D2D communication, wherein a first user equipment receives a first parameter sent by a network device, the first parameter is used for indicating an initial secret key of a second user equipment, and the condition of D2D communication is met between the second user equipment and the first user equipment; the first user equipment generates a first transmission key by adopting a first algorithm according to an initial key and a first parameter of the first user equipment, wherein the initial key of the first user equipment is different from the initial key of the second user equipment. Through the scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment, and similarly, the second user equipment can also generate the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment, that is, the first user equipment and the second user equipment which can perform D2D communication generate the same transmission key, and can perform encryption or decryption of data according to the same transmission key. The secret key generated by the secret key generating method in the scheme is used for encrypting and decrypting the communication data, so that the safety of the communication data of D2D communication is improved, and the problem that the secret key generated by the secret key generating method provided by the prior art is not suitable for D2D communication, and the safety of the communication data of D2D communication cannot be improved is solved.

The user equipment in the embodiment of the invention can be user equipment or non-user equipment. The user equipment device may be a mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted terminal, a wearable device, an ultra-mobile personal computer (UMPC), a netbook or a Personal Digital Assistant (PDA), etc.; the non-user equipment device may be a Personal Computer (PC), a Television (TV), a teller machine, a self-service machine, or the like; the embodiments of the present invention are not particularly limited.

The execution subject of the method for generating the secret key through D2D communication provided in the embodiment of the present invention may be the user equipment, or may also be a functional module and/or a functional entity capable of implementing the control method in the user equipment, which may be determined specifically according to actual usage requirements, and the embodiment of the present invention is not limited. The following takes the user equipment as an example to exemplarily describe the method for generating the key by D2D communication according to the embodiment of the present invention.

The network architecture of D2D communication is significantly different from the network architecture of conventional cellular communication, as shown in fig. 1, in which the dotted line represents the network architecture of conventional cellular communication, and the solid line represents the architecture of D2D communication network. In a D2D communication mode, user data is directly transmitted between UEs, so that link gain generated by user data in cellular communication through network transfer is avoided; secondly, the resources of the D2D communication and the cellular communication can be multiplexed, thereby generating a resource multiplexing gain; the utilization rate of wireless spectrum resources can be improved through link gain and resource multiplexing gain, and further network throughput is improved.

Example one

Referring to fig. 2, an embodiment of the present invention provides a method for generating a key for D2D communication, where the method is applied to a first user equipment, and the method may include steps 201 to 202 described below.

Step 201, receiving a first parameter sent by a network device.

The first parameter is used for indicating that the initial key of the second user equipment meets the condition of D2D communication between the second user equipment and the first user equipment.

The condition of D2D communication is satisfied between the second user equipment and the first user equipment. I.e. D2D communication between the second user equipment and the first user equipment is possible. Specific conditions for satisfying D2D communication refer to the related art, and the embodiments of the present invention are not limited thereto. The first user equipment is any one of two user equipment capable of D2D communication, and the second user equipment is the other one of two user equipment capable of D2D communication. The network device may be a combination of one or more of a base station, a core network, and the like, or may be other network devices, and the embodiment of the present invention is not limited.

The network device obtains a first parameter sent to the first user device.

The first parameter is used to indicate an initial key of the second user equipment. Then, the network device needs to obtain the initial key of the second user device first, and the method for the network device to obtain the initial key of the second user device may be that the network device obtains from its own storage module, or obtains from the second device, which is not limited in the embodiment of the present invention. Reference may be made to the related art, which is not described herein in detail.

For example, the first parameter includes an initial key of the second user equipment, that is, the first parameter may be the initial key of the second user equipment, and the first parameter may further include others besides the initial key of the second user equipment, which is not limited in the embodiment of the present invention.

For example, the first parameter includes an initial key of the second user equipment and a random number generated by the network device, that is, the first parameter may be the initial key of the second user equipment and the random number generated by the network device, and the first parameter may also include others besides the initial key of the second user equipment and the random number generated by the network device, which is not limited in the embodiment of the present invention. The random numbers generated by the network device may refer to the related art, and are not described herein.

For example, the first parameter includes a key factor, and the key factor is obtained by the network device according to the initial key of the second user equipment and the random number generated by the network device, that is, the first parameter may be the key factor, and the first parameter may include other parameters besides the key factor, which is not limited in the embodiment of the present invention. Illustratively, the key factor is generated by the network device using the a algorithm according to the initial key of the second user equipment and the random number generated by the network device. The algorithm a is an encryption algorithm, and reference may be made to the related art specifically, which is not described in detail in the embodiments of the present invention.

For example, the initial key of the ue may be stored in a Subscriber Identity Module (SIM) or a Universal Subscriber Identity Module (USIM) or an Embedded Subscriber Identity Module (ESIM) on the ue side. The initial key of the first user equipment is different from the initial key of the second user equipment. The initial keys of different user devices are different. The initial key of the user equipment can be stored in a storage module of the network equipment at the network equipment side.

The network device sends the first parameter to the first user equipment.

The first parameter is used for the first user equipment to generate a first transmission key by adopting a first algorithm according to an initial key of the first user equipment and the first parameter, wherein the initial key of the first user equipment is different from the initial key of the second user equipment.

The first user equipment receives the first parameter sent by the network equipment.

Step 202, generating a first transmission key by using a first algorithm according to an initial key and a first parameter of the first user equipment.

The initial key of the first user equipment is different from the initial key of the second user equipment.

The first algorithm is an encryption algorithm, which may be an A8 algorithm for example, and the embodiments of the present invention are not limited, and specific reference is made to the related art, and details of the embodiments of the present invention are not repeated.

For example, taking the first parameter as the key factor, the first user equipment generates the first transmission key by using the A8 algorithm according to the initial key and the key factor of the first user equipment.

The first user equipment generates the first transmission key by the method of the above step 201 and step 202, and similarly, the second user equipment may also generate the first transmission key according to the method of the above step 201 and step 202. That is, two user equipments capable of D2D communication may generate the same transmission key according to the same parameters by using the same algorithm, and then both encrypt and decrypt the communication data by using the same transmission key, so as to realize secure and effective transmission of the communication data between the two user equipments.

Illustratively, in conjunction with fig. 2, as shown in fig. 3(a) or fig. 3(b), in order to improve the confidentiality of the transmission key, after step 202, the method for generating a key by D2D communication according to the embodiment of the present invention may further include step 203a or steps 203b-203c described below.

Step 203a, generating a second transmission key by using a second algorithm according to the first transmission key.

In order to improve the security of the transmission key, the first transmission key is encrypted once by adopting a second algorithm. The second algorithm may be the same as or different from the first algorithm, and the embodiment of the present invention is not limited. The specific second algorithm may refer to the related art, and the embodiment of the present invention is not limited.

Step 203b, acquiring a radio frame number.

For example, the method for the first user equipment to obtain the radio frame number may be that the first user equipment generates the radio frame number itself, or that the first user equipment receives the radio frame number sent by the second user equipment. It should be noted that: in order to ensure that the transmission keys generated by the first user equipment and the second user equipment are the same, the same radio frame number is used by the first user equipment and the second user equipment. Then one of the first user equipment and the second user equipment adopts the radio frame number generated by itself, and the other one adopts the radio frame number sent by the other party. For example, the first user equipment adopts a radio frame number generated by the first user equipment, and the second user equipment adopts a radio frame number sent by the first user equipment; or the first user equipment adopts the radio frame number sent by the second user equipment, and the second user equipment adopts the radio frame number generated by the second user equipment.

For example, the radio frame number may be a TDMA frame number, or may be another frame number, and the embodiment of the present invention is not limited thereto.

And 203c, generating a second transmission key by adopting a second algorithm according to the first transmission key and the radio frame number.

In order to improve the security of the transmission key, a second algorithm is adopted to carry out encryption operation on the first transmission key and the radio frame number. The second algorithm may be the same as or different from the first algorithm, and the embodiment of the present invention is not limited. The specific second algorithm may refer to the related art, and the embodiment of the present invention is not limited.

The scenario of the application of the method for generating the secret key through D2D communication provided by the embodiment of the present invention may be a situation that the first user equipment and the second device need to perform data communication, that is, after the secret key is generated, the secret key is used to encrypt and decrypt communication data; the first user equipment and the second equipment do not need to perform data communication, that is, after the key is generated, the communication data may be encrypted and decrypted without using the key.

Illustratively, in conjunction with fig. 2, as shown in fig. 4(a), after step 202, the method for generating a key by D2D communication according to an embodiment of the present invention may further include step 204a described below.

Step 204a, encrypting the data to be transmitted or decrypting the received data by using the first transmission key.

The first user equipment encrypts data to be sent by adopting the first transmission key and then sends the data to the second user equipment, or the first user equipment receives the data sent by the second user equipment and then decrypts the received data by adopting the first transmission key. Specifically, the encryption and decryption processes may refer to the related art, and the embodiment of the present invention is not described in detail.

Illustratively, in conjunction with fig. 3(a), as shown in fig. 4(b), after step 203a, the method for generating a key by D2D communication according to the embodiment of the present invention may further include the following step 204 b; in conjunction with fig. 3(b), after step 203c as shown in fig. 4(c), the method for generating a key by D2D communication according to the embodiment of the present invention may further include step 204b described below.

And step 204b, encrypting the data to be transmitted or decrypting the received data by adopting the second transmission key.

The first user equipment encrypts the data to be sent by adopting the second transmission key and then sends the data to the second user equipment, or the first user equipment receives the data sent by the second user equipment and then decrypts the received data by adopting the second transmission key. Specifically, the encryption and decryption processes may refer to the related art, and the embodiment of the present invention is not described in detail.

Illustratively, in conjunction with fig. 4(a), as shown in fig. 5(a), or in conjunction with fig. 4(b), as shown in fig. 5(b), or in conjunction with fig. 4(c), as shown in fig. 5(c), before step 201, the method for generating a key by D2D communication according to the embodiment of the present invention may further include step 205 described below.

Step 205, receiving resource indication information sent by the network device, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for D2D communication between the first user equipment and the second user equipment.

The network device allocates a first radio resource to the first user equipment. The first radio resource is used for D2D communication between the first user equipment and the second user equipment. The specific infinite resource may include a communication channel, a frequency resource, a time resource, a code domain resource, a space resource, a power resource, and the like, and the embodiment of the present invention is not limited.

The network equipment sends resource indication information to the first user equipment, wherein the resource indication information is used for indicating the first wireless resource.

The first user equipment receives the resource indication information sent by the network equipment, and performs D2D communication with the second user equipment by using the first radio resource indicated by the resource indication information.

The embodiment of the invention provides a method for generating a secret key in D2D communication, wherein a first user equipment receives a first parameter sent by a network device, the first parameter is used for indicating an initial secret key of a second user equipment, and the condition of D2D communication is met between the second user equipment and the first user equipment; the first user equipment generates a first transmission key by adopting a first algorithm according to an initial key and a first parameter of the first user equipment, wherein the initial key of the first user equipment is different from the initial key of the second user equipment. Through the scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment, and similarly, the second user equipment can also generate the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment, that is, the first user equipment and the second user equipment which can perform D2D communication generate the same transmission key, and can perform encryption or decryption of data according to the same transmission key. The secret key generated by the secret key generating method in the scheme is used for encrypting and decrypting the communication data, so that the safety of the communication data of D2D communication is improved, and the problem that the secret key generated by the secret key generating method provided by the prior art is not suitable for D2D communication, and the safety of the communication data of D2D communication cannot be improved is solved.

Example two

Referring to fig. 6, an embodiment of the present invention provides a method for generating a key for D2D communication, which is applied to a network device and may include steps 301 to 302 described below.

Step 301, obtaining a first parameter.

The first parameter comprises an initial key of the second user equipment; or the first parameter comprises an initial key of the second user equipment and a random number generated by the network equipment; alternatively, the first parameter includes a key factor, and the key factor is obtained by the network device according to the initial key of the second user equipment and a random number generated by the network device.

Specifically, reference may be made to the related description of step 201 in the first embodiment, and details are not described herein again.

Step 302, sending the first parameter to the first user equipment.

Illustratively, in conjunction with fig. 6, as shown in fig. 7, before step 301, the method for generating a key by D2D communication according to an embodiment of the present invention may further include steps 303 to 304 described below.

Step 303, allocating a first radio resource to the first user equipment.

The first radio resource is used for D2D communication between the first user equipment and the second user equipment. The specific infinite resource may include a communication channel, a frequency resource, a time resource, a code domain resource, a space resource, a power resource, and the like, and the embodiment of the present invention is not limited.

Step 304, sending resource indication information to the first user equipment, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for D2D communication between the first user equipment and the second user equipment.

For details, reference may be made to the related description in the first embodiment, and details are not described herein again.

EXAMPLE III

Referring to fig. 8, an embodiment of the present invention provides a method for generating a key for D2D communication, which may include steps 101 to 103 described below.

Step 101, a network device acquires a first parameter sent to a first user device.

The condition of D2D communication is satisfied between the second user equipment and the first user equipment. I.e. D2D communication between the second user equipment and the first user equipment is possible. Specific conditions for satisfying D2D communication refer to the related art, and the embodiments of the present invention are not limited. The first user equipment is any one of two user equipment capable of D2D communication, and the second user equipment is the other one of two user equipment capable of D2D communication. The network device may be a combination of one or more of a base station, a core network, and the like, or may be other network devices, and the embodiment of the present invention is not limited.

Step 102, the network device sends the first parameter to the first user equipment.

Step 103, the first user equipment generates a first transmission key by adopting a first algorithm according to the initial key and the first parameter of the first user equipment.

The first user equipment generates the first transmission key by the method of the above steps 101 to 103, and similarly, the second user equipment may also generate the first transmission key by the method of the above steps 101 to 103. That is, two user equipments capable of D2D communication may generate the same transmission key according to the same parameters by using the same algorithm, and then both encrypt and decrypt the communication data by using the same transmission key, so as to realize secure and effective transmission of the communication data between the two user equipments.

Illustratively, in conjunction with fig. 8, as shown in fig. 9(a) or fig. 9(b), in order to improve the confidentiality of the transmission key, after step 103, the method for generating a key by D2D communication according to the embodiment of the present invention may further include step 104a or steps 104b to 104c described below.

And 104a, the first user equipment generates a second transmission key by adopting a second algorithm according to the first transmission key.

And 104b, the first user equipment acquires the radio frame number.

And step 104c, the first user equipment generates a second transmission key by adopting a second algorithm according to the first transmission key and the radio frame number.

Illustratively, in conjunction with fig. 8, as shown in fig. 10(a), after step 103, the method for generating a key by D2D communication according to the embodiment of the present invention may further include step 105a described below.

And 105a, the first user equipment encrypts the data to be transmitted or decrypts the received data by adopting the first transmission key.

Illustratively, in conjunction with fig. 9(a), as shown in fig. 10(b), after step 104a, the method for generating a key by D2D communication according to the embodiment of the present invention may further include the following step 105 b; with reference to fig. 9(b), after step 104c as shown in fig. 10(c), the method for generating a key by D2D communication according to the embodiment of the present invention may further include step 105b described below.

And 105b, the first user equipment encrypts the data to be transmitted or decrypts the received data by adopting the second transmission key.

Illustratively, in conjunction with fig. 10(a), as shown in fig. 11(a), or in conjunction with fig. 10(b), as shown in fig. 11(b), or in conjunction with fig. 10(c), as shown in fig. 11(c), before step 101, the method for generating a key by D2D communication according to the embodiment of the present invention may further include steps 106 to 107 described below.

Step 106, the network device allocates a first radio resource to the first user equipment.

Step 107, the network device sends resource indication information to the first user equipment, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for D2D communication between the first user equipment and the second user equipment.

Referring to fig. 12, taking user equipments as UE1 and UE2 and a network equipment as a base station as an example, a specific example is provided to illustrate the method for generating the key for D2D communication according to the embodiment of the present invention.

The network device may generate a set of random data RAND for encryption using the random data generator, in case it is confirmed that the UE1 and the UE2 can perform D2D communication, and the set of random data RAND is simultaneously used for the process of generating keys by the UE1 and the UE 2. The network equipment generates parameters Ki1& RAND used by a group of UE2 to generate keys by using an A algorithm between random data RAND and an initial key Ki1 of UE1, and generates parameters Ki2& RAND used by a group of UE1 to generate keys by using an A algorithm between random data RAND and an initial key Ki2 of UE 2. Remarking: ki1& RAND, Ki2& RAND represent data after arithmetic operation.

The network device sends parameters Ki2& RAND to terminal UE1 and parameters Ki1& RAND to terminal UE 2.

The UE1 receives a parameter Ki2& RAND issued by the network equipment, generates a middle key KC1 'by adopting an A8 algorithm with the parameter Ki2& RAND and an initial key Ki1 of the UE1, and the KC 1' is generated by the initial key of the UE1, the initial key of the UE2 and a random number RAND through operation.

The UE2 receives the parameters Ki1& RAND issued by the network equipment, and generates a key intermediate KC2 'by the parameters Ki1& RAND and the initial key Ki2 of the UE2 by adopting an A8 algorithm, wherein the KC 2' is generated by the initial key of the UE1, the initial key of the UE2 and the random number RAND through operation.

The KC1 'and KC 2' generated above are the same.

The network equipment UE1 and UE2 allocate radio resources, the UE1 generates a TDMA frame number, and sends the TDMA frame number to the UE2 by using the radio resources allocated by the network equipment, and synchronizes the UE2 with the UE 1.

The UE1 generates the key KC1 by using the A5 algorithm with the TDMA frame number and the intermediate key KC1 ', and the UE2 generates the key KC2 by using the A5 algorithm with the TDMA frame number and the intermediate key KC 2'.

In summary, the generation key KC1 and the key KC2 employ the same parameters (initial key Ki1 for UE1, initial key Ki2 for UE2, the same random number RAND and the same TDMA frame number information), and the same algorithm, so the key KC1 is the same as the key KC 2. May be used for decryption and encryption of UE1 and UE2 with respect to each other.

The UE1 encrypts and transmits data to be transmitted by using a key KC1, and the UE2 decrypts the received data by using a key KC 2; the UE2 encrypts and transmits data to be transmitted with the key KC2, and the UE1 decrypts received data with the key KC 1.

Example four

As shown in fig. 13, an embodiment of the present invention provides a first user equipment 120, including: a receiving module 121 and a generating module 122;

a receiving module 121, configured to receive a first parameter sent by a network device, where the first parameter is used to indicate an initial key of a second user equipment, and a condition that D2D communication is satisfied between the second user equipment and a first user equipment;

a generating module 122, configured to generate a first transmission key by using a first algorithm according to the initial key of the first user equipment and the first parameter received by the receiving module 121, where the initial key of the first user equipment is different from the initial key of the second user equipment.

Optionally, the first parameter includes an initial key of the second user equipment; or the first parameter comprises an initial key of the second user equipment and a random number generated by the network equipment; alternatively, the first parameter includes a key factor, and the key factor is obtained by the network device according to the initial key of the second user equipment and a random number generated by the network device.

Optionally, the generating module 122 is further configured to generate a second transmission key according to the first transmission key and by using a second algorithm after generating the first transmission key according to the initial key of the first user equipment and the first parameter received by the receiving module 121 by using the first algorithm.

Optionally, with reference to fig. 13, as shown in fig. 14, the user equipment 120 further includes: an acquisition module 123; an obtaining module 123, configured to obtain a radio frame number before the first user equipment generates a second transmission key according to the first transmission key by using a second algorithm; the generating module 122 is specifically configured to generate a second transmission key by using a second algorithm according to the first transmission key and the radio frame number acquired by the acquiring module.

Optionally, with reference to fig. 14, as shown in fig. 15, the user equipment 120 further includes: an encryption/decryption module 124; the encryption and decryption module 124 is configured to encrypt the data to be transmitted or decrypt the received data with the first transmission key generated by the generation module 122 after the first transmission key is generated with the first algorithm; or after the second transmission key is generated by using the second algorithm, the second transmission key generated by the generation module 122 is used to encrypt the data to be transmitted or decrypt the received data.

Optionally, the receiving module 121 is further configured to receive resource indication information sent by the network device before receiving the first parameter sent by the network device, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for the first user equipment to perform D2D communication with the second user equipment.

The user equipment provided in the embodiment of the present invention is capable of implementing each process shown in any one of fig. 2 to 5 or any one of fig. 8 to 12 in the above method embodiment, and is not described here again to avoid repetition.

The embodiment of the invention provides a first user equipment, wherein the first user equipment receives a first parameter sent by a network device, the first parameter is used for indicating an initial key of a second user equipment, and a condition of D2D communication is met between the second user equipment and the first user equipment; the first user equipment generates a first transmission key by adopting a first algorithm according to an initial key and a first parameter of the first user equipment, wherein the initial key of the first user equipment is different from the initial key of the second user equipment. Through the scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment, and similarly, the second user equipment can also generate the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment, that is, the first user equipment and the second user equipment which can perform D2D communication generate the same transmission key, and can perform encryption or decryption of data according to the same transmission key. The secret key generated by the secret key generating method in the scheme is used for encrypting and decrypting the communication data, so that the safety of the communication data of D2D communication is improved, and the problem that the secret key generated by the secret key generating method provided by the prior art is not suitable for D2D communication, and the safety of the communication data of D2D communication cannot be improved is solved.

Fig. 16 is a schematic hardware structure diagram of a user equipment implementing various embodiments of the present invention. The description will be given by taking the user equipment as the first user equipment. As shown in fig. 16, the user equipment 100 includes but is not limited to: radio frequency unit 101, network module 102, audio output unit 103, input unit 104, sensor 105, display unit 106, user input unit 107, interface unit 108, memory 109, processor 110, and power supply 111. Those skilled in the art will appreciate that the user equipment configuration shown in fig. 16 does not constitute a limitation of the user equipment, which may include more or fewer components than shown, or some components may be combined, or a different arrangement of components. In the embodiment of the present invention, the user equipment includes, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted user equipment, a wearable device, a pedometer, and the like.

The radio frequency unit 101 is configured to receive a first parameter sent by a network device, where the first parameter is used to indicate an initial key of a second user equipment, and a condition for D2D communication is satisfied between the second user equipment and a first user equipment;

the processor 110 is configured to generate a first transmission key by using a first algorithm according to an initial key of a first user equipment and a first parameter, where the initial key of the first user equipment is different from an initial key of a second user equipment.

In the ue provided in the embodiment of the present invention, the first ue receives a first parameter sent by the network device, where the first parameter is used to indicate an initial key of the second ue, and a condition of D2D communication is satisfied between the second ue and the first ue; the first user equipment generates a first transmission key by adopting a first algorithm according to an initial key and a first parameter of the first user equipment, wherein the initial key of the first user equipment is different from the initial key of the second user equipment. Through the scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment, and similarly, the second user equipment can also generate the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment, that is, the first user equipment and the second user equipment which can perform D2D communication generate the same transmission key, and can perform encryption or decryption of data according to the same transmission key. The secret key generated by the secret key generating method in the scheme is used for encrypting and decrypting the communication data, so that the safety of the communication data of D2D communication is improved, and the problem that the secret key generated by the secret key generating method provided by the prior art is not suitable for D2D communication, and the safety of the communication data of D2D communication cannot be improved is solved.

It should be understood that, in the embodiment of the present invention, the radio frequency unit 101 may be used for receiving and sending signals during a message transmission or call process, and specifically, after receiving downlink data from a base station, the downlink data is processed by the processor 110; in addition, the uplink data is transmitted to the base station. Typically, radio frequency unit 101 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the radio frequency unit 101 can also communicate with a network and other devices through a wireless communication system.

The user device provides wireless broadband internet access to the user via the network module 102, such as assisting the user in sending and receiving e-mails, browsing web pages, and accessing streaming media.

The audio output unit 103 may convert audio data received by the radio frequency unit 101 or the network module 102 or stored in the memory 109 into an audio signal and output as sound. Also, the audio output unit 103 may also provide audio output related to a specific function performed by the user equipment 100 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 103 includes a speaker, a buzzer, a receiver, and the like.

The input unit 104 is used to receive an audio or video signal. The input Unit 104 may include a Graphics Processing Unit (GPU) 1041 and a microphone 1042, and the Graphics processor 1041 processes image data of a still picture or video obtained by an image capturing device (e.g., a camera) in a video capturing mode or an image capturing mode. The processed image frames may be displayed on the display unit 106. The image frames processed by the graphic processor 1041 may be stored in the memory 109 (or other storage medium) or transmitted via the radio frequency unit 101 or the network module 102. The microphone 1042 may receive sound and may be capable of processing such sound into audio data. The processed audio data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 101 in case of a phone call mode.

The user device 100 also includes at least one sensor 105, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor includes an ambient light sensor that can adjust the brightness of the display panel 1061 according to the brightness of ambient light, and a proximity sensor that can turn off the display panel 1061 and/or the backlight when the user device 100 is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used to identify the user equipment posture (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration identification related functions (such as pedometer, tapping), and the like; the sensors 105 may also include fingerprint sensors, pressure sensors, iris sensors, molecular sensors, gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc., which are not described in detail herein.

The display unit 106 is used to display information input by a user or information provided to the user. The Display unit 106 may include a Display panel 1061, and the Display panel 1061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.

The user input unit 107 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the user device. Specifically, the user input unit 107 includes a touch panel 1071 and other input devices 1072. Touch panel 1071, also referred to as a touch screen, may collect touch operations by a user on or near the touch panel 1071 (e.g., operations by a user on or near touch panel 1071 using a finger, stylus, or any suitable object or attachment). The touch panel 1071 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 110, and receives and executes commands sent by the processor 110. In addition, the touch panel 1071 may be implemented in various types, such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 1071, the user input unit 107 may include other input devices 1072. Specifically, other input devices 1072 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described in detail herein.

Further, the touch panel 1071 may be overlaid on the display panel 1061, and when the touch panel 1071 detects a touch operation thereon or nearby, the touch panel 1071 transmits the touch operation to the processor 110 to determine the type of the touch event, and then the processor 110 provides a corresponding visual output on the display panel 1061 according to the type of the touch event. Although in fig. 16, the touch panel 1071 and the display panel 1061 are two separate components to implement the input and output functions of the user equipment, in some embodiments, the touch panel 1071 and the display panel 1061 may be integrated to implement the input and output functions of the user equipment, and is not limited herein.

The interface unit 108 is an interface for connecting an external device to the user equipment 100. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 108 may be used to receive input (e.g., data information, power, etc.) from an external device and transmit the received input to one or more elements within the user equipment 100 or may be used to transmit data between the user equipment 100 and the external device.

The memory 109 may be used to store software programs as well as various data. The memory 109 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 109 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The processor 110 is a control center of the user equipment, connects various parts of the entire user equipment using various interfaces and lines, performs various functions of the user equipment and processes data by running or executing software programs and/or modules stored in the memory 109 and calling data stored in the memory 109, thereby performing overall monitoring of the user equipment. Processor 110 may include one or more processing units; alternatively, the processor 110 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 110.

The user equipment 100 may further include a power supply 111 (such as a battery) for supplying power to various components, and optionally, the power supply 111 may be logically connected to the processor 110 through a power management system, so as to implement functions of managing charging, discharging, and power consumption through the power management system.

In addition, the user equipment 100 includes some functional modules that are not shown, and are not described in detail here.

EXAMPLE five

An embodiment of the present invention further provides a first user equipment, which may include the processor 110 shown in fig. 16, the memory 109, and a computer program stored on the memory 109 and operable on the processor 110, where the computer program, when executed by the processor 110, implements each process of the method for generating a key through D2D communication shown in any one of fig. 2 to fig. 5 or fig. 8 to fig. 12 in the foregoing method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not described here.

EXAMPLE six

As shown in fig. 17, an embodiment of the present invention provides a network device 130, where the network device 130 includes: an acquisition module 131 and a sending module 132;

an obtaining module 131, configured to obtain a first parameter, where the first parameter is used to indicate an initial key of the second user equipment, and a condition that D2D communication is satisfied between the second user equipment and the first user equipment;

a sending module 132, configured to send the first parameter obtained by the obtaining module 131 to the first user equipment, where the first parameter is used for the first user equipment to generate the first transmission key according to the initial key of the first user equipment and the first parameter by using a first algorithm, and the initial key of the first user equipment is different from the initial key of the second user equipment.

Optionally, the sending module is further configured to send resource indication information to the first user equipment, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for the first user equipment to perform D2D communication with the second user equipment.

The user equipment provided in the embodiment of the present invention is capable of implementing each process shown in fig. 6 or fig. 7, or any one of fig. 8 to fig. 12 in the foregoing method embodiment, and is not described here again to avoid repetition.

The embodiment of the invention provides a network device, wherein a first user device receives a first parameter sent by the network device, the first parameter is used for indicating an initial key of a second user device, and a condition of D2D communication is met between the second user device and the first user device; the first user equipment generates a first transmission key by adopting a first algorithm according to an initial key and a first parameter of the first user equipment, wherein the initial key of the first user equipment is different from the initial key of the second user equipment. Through the scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment, and similarly, the second user equipment can also generate the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment, that is, the first user equipment and the second user equipment which can perform D2D communication generate the same transmission key, and can perform encryption or decryption of data according to the same transmission key. Therefore, the communication data is encrypted and decrypted by the key generated by the key generation method, and the safety of the communication data of D2D communication is improved.

EXAMPLE seven

Referring to fig. 18, an embodiment of the present invention further provides a network device, which includes a processor 141, a memory 142, and a computer program stored in the memory 142 and capable of running on the processor 141, where the computer program, when executed by the processor 141, implements each process of the method for generating a key through D2D communication shown in fig. 6 or fig. 7 or any one of fig. 8 to fig. 12 in the foregoing method embodiments, and can achieve the same technical effect, and in order to avoid repetition, the details are not repeated here.

Example eight

An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements each process of the method for generating a key through D2D communication shown in any one of fig. 2 to fig. 12 in the foregoing method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not described here again. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.

Example nine

An embodiment of the present invention further provides a wireless communication system, including: a first user equipment and a network equipment;

the first user equipment comprises the first user equipment according to the second embodiment and the network equipment comprises the network equipment according to the fourth embodiment;

alternatively, the first user equipment includes the first user equipment according to embodiment three, and the network equipment includes the network equipment according to embodiment five.

The embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when executed by a processor, the computer program implements each process implemented by the server in the foregoing method for acquiring a web resource, and can achieve the same technical effect, and in order to avoid repetition, the details are not repeated here. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a user equipment (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.

While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

Claims

1. A method for generating a key in device-to-device D2D communication, applied to a first user equipment, the method comprising:

receiving a first parameter sent by a network device, wherein the first parameter is used for indicating an initial key of a second user device, and a condition of D2D communication is satisfied between the second user device and the first user device;

and generating a first transmission key by adopting a first algorithm according to the initial key of the first user equipment and the first parameter, wherein the initial key of the first user equipment is different from the initial key of the second user equipment.

2. The method of claim 1,

the first parameter comprises an initial key of the second user equipment; or,

the first parameter comprises an initial key of the second user equipment and a random number generated by the network equipment; or,

the first parameter includes a key factor, which is obtained by the network device according to an initial key of the second user equipment and a random number generated by the network device.

3. The method of claim 1, wherein after generating the first transmission key according to the initial key of the first user equipment and the first parameter by using the first algorithm, the method further comprises:

and generating a second transmission key by adopting a second algorithm according to the first transmission key.

4. The method of claim 3, further comprising, prior to generating a second transmission key using a second algorithm based on the first transmission key:

acquiring a radio frame number;

generating a second transmission key using a second algorithm according to the first transmission key comprises:

and generating the second transmission key by adopting the second algorithm according to the first transmission key and the radio frame number.

5. The method according to any one of claims 1 to 4, further comprising, after the generating the first transmission key using the first algorithm or the generating the second transmission key using the second algorithm:

encrypting data to be transmitted or decrypting received data by adopting the first transmission key;

or, the second transmission key is adopted to encrypt the data to be transmitted or decrypt the received data.

6. The method according to any one of claims 1 to 4, wherein the receiving the first parameter sent by the network device further comprises:

receiving resource indication information sent by the network device, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for D2D communication between the first user equipment and the second user equipment.

7. A method for generating a key in device-to-device (D2D) communication, applied to a network device, the method comprising:

acquiring a first parameter, wherein the first parameter is used for indicating an initial key of second user equipment, and a condition of D2D communication is satisfied between the second user equipment and first user equipment;

and sending the first parameter to the first user equipment, wherein the first parameter is used for generating a first transmission key by the first user equipment according to an initial key of the first user equipment and the first parameter by adopting a first algorithm, and the initial key of the first user equipment is different from the initial key of the second user equipment.

8. The method of claim 7,

the first parameter comprises an initial key of the second user equipment; or,

9. The method according to claim 7 or 8, characterized in that the method further comprises:

and sending resource indication information to the first user equipment, wherein the resource indication information is used for indicating a first wireless resource, and the first wireless resource is used for D2D communication between the first user equipment and the second user equipment.

10. A first user device, comprising: a receiving module and a generating module;

the receiving module is configured to receive a first parameter sent by a network device, where the first parameter is used to indicate an initial key of a second user equipment, and a condition of D2D communication is satisfied between the second user equipment and the first user equipment;

the generating module is configured to generate a first transmission key by using a first algorithm according to the initial key of the first user equipment and the first parameter received by the receiving module, where the initial key of the first user equipment is different from the initial key of the second user equipment.

11. The first user device of claim 10,

the first parameter comprises an initial key of the second user equipment; or,

the first parameter includes a key factor, which is obtained by the network device according to the initial key of the second user equipment and the random number generated by the network device.

12. The first user device of claim 10,

the generating module is further configured to generate a first transmission key according to a first algorithm based on the initial key of the first user equipment and the first parameter received by the receiving module, and then generate a second transmission key according to the first transmission key and a second algorithm.

13. The first user device of claim 12, wherein the user device further comprises: an acquisition module;

the obtaining module is configured to obtain a radio frame number before the first user equipment generates a second transmission key by using a second algorithm according to the first transmission key;

the generating module is specifically configured to generate the second transmission key by using the second algorithm according to the first transmission key and the radio frame number acquired by the acquiring module.

14. The first user equipment according to any of claims 10 to 13, wherein the user equipment further comprises: an encryption and decryption module;

the encryption and decryption module is configured to encrypt data to be transmitted or decrypt received data by using the first transmission key generated by the generation module after the first transmission key is generated by using the first algorithm; or after the second transmission key is generated by the second algorithm, the second transmission key generated by the generation module is used for encrypting the data to be transmitted or decrypting the received data.

15. The first user equipment according to any of claims 10 to 13,

the receiving module is further configured to receive, before the receiving of the first parameter sent by the network device, resource indication information sent by the network device, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for the first user equipment to perform D2D communication with the second user equipment.

16. A network device, comprising: the device comprises an acquisition module and a sending module;

the obtaining module is configured to obtain a first parameter, where the first parameter is used to indicate an initial key of a second user equipment, and a condition of D2D communication is satisfied between the second user equipment and a first user equipment;

the sending module is configured to send the first parameter obtained by the obtaining module to the first user equipment, where the first parameter is used for the first user equipment to generate a first transmission key by using a first algorithm according to an initial key of the first user equipment and the first parameter, and the initial key of the first user equipment is different from an initial key of the second user equipment.

17. The network device of claim 16,

the first parameter comprises an initial key of the second user equipment; or,

18. The network device of claim 16 or 17,

the sending module is further configured to send resource indication information to the first user equipment, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for D2D communication between the first user equipment and the second user equipment.

19. A first user device, comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method of device-to-device D2D communication generation of a key according to any one of claims 1 to 6.

20. A network device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method of device-to-device D2D communication generation of a key according to any one of claims 7 to 10.

21. A wireless communication system, comprising: a first user equipment and a network equipment;

the first user equipment comprises the first user equipment of any of claims 10 to 15 and the network equipment comprises the network equipment of any of claims 16 to 18;

alternatively, the first user equipment comprises the first user equipment of claim 19 and the network equipment comprises the network equipment of claim 20.