CN108521641A - A method, device and system for generating a key in D2D communication - Google Patents

Abstract

The methods, devices and systems for generating key are communicated the embodiment of the invention discloses a kind of D2D, it is related to field of communication technology, D2D communications are not suitable for which the safety of the communication data of D2D communications can not be improved to the key that the method for solving the problem of the generation key of prior art offer generates.This method includes：First user equipment receives the first parameter that the network equipment is sent, and the first parameter is used to indicate the initial key of second user equipment, and the condition of D2D communications is met between second user equipment and the first user equipment；First user equipment generates the first transmission key, the initial key of the first user equipment is different from the initial key of second user equipment according to the initial key and the first parameter of the first user equipment using the first algorithm.The present invention is applied to D2D communication encryptions.

Description

A method, device and system for generating a key in D2D communication

technical field

The embodiments of the present invention relate to the technical field of communication, and in particular to a method, device and system for generating a key for D2D communication.

Background technique

With the continuous evolution of wireless communication systems, the wireless spectrum resources of mobile communication systems have gradually been unable to meet the development needs of wireless communication. In order to improve the utilization of wireless spectrum resources, the device-to-device (D2D for short) communication based on the cellular network is introduced, or Proximity Service (ProSe for short), which means that user data can The equipment transfers and directly transmits between user equipments (User Equipment, UE for short).

The traditional method of generating keys for cellular communication is that the first user equipment and the second user equipment capable of cellular communication generate different first transmission keys and second transmission keys, and the network equipment adopts the method generated by the first user equipment respectively. The same parameters (including the initial key and random number, etc.) and algorithm of the first transmission key are used to generate the first transmission key, and the same parameters (including the second transmission key) generated by the second user equipment are used (2) an initial key and a random number of the user equipment, etc.) and an algorithm to generate a second transmission key. Therefore, the communication data between the first user equipment and the second user equipment can be transferred through the network equipment for safe and effective transmission.

However, the method of encrypting communication data with a key generated by traditional cellular communication is not suitable for D2D communication, so a safe and effective method of generating a key is needed to generate a key to encrypt and decrypt communication data in D2D communication, so as to improve Security of communication data for D2D communication.

Contents of the invention

Embodiments of the present invention provide a method, device, and system for generating a key for D2D communication, so as to solve the problem that the key generated by the method for generating a key provided by the prior art is not suitable for D2D communication, thereby failing to improve communication data security of D2D communication. security issues.

In order to solve the problems of the technologies described above, the present invention is achieved in that:

In a first aspect, an embodiment of the present invention provides a method for generating a key for device-to-device D2D communication, which is applied to a first user equipment, and the method includes:

Receive a first parameter sent by the network device, where the first parameter is used to indicate the initial key of the second user equipment, and the D2D communication condition is satisfied between the second user equipment and the first user equipment;

A first transmission key is generated by using a first algorithm according to the initial key of the first user equipment and the first parameter, and the initial key of the first user equipment is different from the initial key of the second user equipment.

In the second aspect, an embodiment of the present invention provides a method for generating a key for device-to-device D2D communication, which is applied to a network device, and the method includes:

Obtain a first parameter, where the first parameter is used to indicate the initial key of the second user equipment, and the D2D communication condition is satisfied between the second user equipment and the first user equipment;

Sending a first parameter to the first user equipment, the first parameter is used by the first user equipment to generate a first transmission key by using a first algorithm according to the initial key of the first user equipment and the first parameter, and the initial key of the first user equipment The key is different from the initial key of the second user equipment.

In a third aspect, an embodiment of the present invention provides a first user equipment, including: a receiving module and a generating module;

The receiving module is configured to receive the first parameter sent by the network device, the first parameter is used to indicate the initial key of the second user equipment, and the D2D communication condition is satisfied between the second user equipment and the first user equipment;

A generating module, configured to generate a first transmission key by using a first algorithm according to the initial key of the first user equipment and the first parameter received by the receiving module, the initial key of the first user equipment and the initial key of the second user equipment keys are different.

In a fourth aspect, an embodiment of the present invention provides a network device, including: an acquisition module and a sending module;

An obtaining module, configured to obtain a first parameter, the first parameter is used to indicate the initial key of the second user equipment, and the D2D communication condition is satisfied between the second user equipment and the first user equipment;

A sending module, configured to send the first parameter acquired by the acquiring module to the first user equipment, where the first parameter is used by the first user equipment to generate a first transmission using a first algorithm according to the initial key and the first parameter of the first user equipment Key, the initial key of the first user equipment is different from the initial key of the second user equipment.

In the fifth aspect, the embodiment of the present invention provides a first user equipment, including a processor, a memory, and a computer program stored on the memory and operable on the processor, and the computer program is implemented when executed by the processor. The steps of the method for generating a key for device-to-device D2D communication in the first aspect.

In a sixth aspect, an embodiment of the present invention provides a network device, including a processor, a memory, and a computer program stored in the memory and operable on the processor. When the computer program is executed by the processor, the following Steps in the method for generating a key for device-to-device D2D communication in the second aspect.

In a seventh aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the device-to- Steps of a method for generating a key for device D2D communication.

In an eighth aspect, an embodiment of the present invention provides a wireless communication system, including: a first user equipment and a network device;

The first user equipment includes the first user equipment according to the third aspect, and the network device includes the network device according to the fourth aspect;

Alternatively, the first user equipment includes the first user equipment according to the fifth aspect, and the network device includes the network device according to the sixth aspect.

In this embodiment of the present invention, the first user equipment receives the first parameter sent by the network device, the first parameter is used to indicate the initial key of the second user equipment, and the D2D communication between the second user equipment and the first user equipment satisfies Condition: the first user equipment uses the first algorithm to generate the first transmission key according to the initial key of the first user equipment and the first parameter, and the initial key of the first user equipment is different from the initial key of the second user equipment. Through this scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment. key and the initial key of the second user equipment to generate the first transmission key, that is to say, the first user equipment and the second user equipment that can perform D2D communication generate the same transmission key, and the same transmission key can be generated according to the same Encrypt or decrypt data using the transmission key. The key generated by the key generation method of this scheme is used to encrypt and decrypt the communication data, which improves the security of the communication data of D2D communication, thereby solving the problem that the key generated by the method of generating the key provided by the prior art is not suitable for Due to D2D communication, the security of the communication data of D2D communication cannot be improved.

Description of drawings

FIG. 1 is a schematic diagram of a network architecture of D2D communication provided by an embodiment of the present invention;

FIG. 2 is one of the flowcharts of the method for generating a key for D2D communication provided by an embodiment of the present invention;

Figure 3(a) is the second flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 3(b) is the third flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 4(a) is the fourth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 4(b) is the fifth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 4(c) is the sixth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 5(a) is the seventh flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 5(b) is the eighth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 5(c) is the ninth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 6 is the tenth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 7 is the eleventh flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 8 is the twelfth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 9(a) is the thirteenth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 9(b) is the fourteenth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 10(a) is the fifteenth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 10(b) is the sixteenth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 10(c) is the seventeenth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

Figure 11(a) is the eighteenth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

Fig. 11(b) is the nineteenth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 11(c) is the twentyth flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 12 is the twenty-first flowchart of the method for generating a key for D2D communication provided by an embodiment of the present invention;

FIG. 13 is one of the schematic structural diagrams of user equipment provided by an embodiment of the present invention;

FIG. 14 is a second structural schematic diagram of user equipment provided by an embodiment of the present invention;

FIG. 15 is a third structural schematic diagram of user equipment provided by an embodiment of the present invention;

FIG. 16 is a schematic diagram of hardware of a user equipment provided by an embodiment of the present invention;

FIG. 17 is a schematic structural diagram of a network device provided by an embodiment of the present invention;

FIG. 18 is a schematic diagram of hardware of a network device provided by an embodiment of the present invention.

Detailed ways

The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

The terms "first", "second", "third" and "fourth" in the specification and claims of the present invention are used to distinguish different objects, rather than to describe a specific order of objects. For example, the first input, the second input, the third input, and the fourth input are used to distinguish different inputs, rather than describing a specific sequence of inputs.

In the embodiments of the present invention, words such as "exemplary" or "for example" are used as examples, illustrations or illustrations. Any embodiment or design solution described as "exemplary" or "for example" in the embodiments of the present invention shall not be construed as being more preferred or more advantageous than other embodiments or design solutions. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete manner.

In the description of the embodiments of the present invention, unless otherwise specified, "multiple" means two or more, for example, multiple processing units refer to two or more processing units; multiple elements Refers to two or more elements, etc.

An embodiment of the present invention provides a method for generating a key for D2D communication. The first user equipment receives the first parameter sent by the network device. The first parameter is used to indicate the initial key of the second user equipment. The second user equipment and the first The conditions for D2D communication are met between the user equipments; the first user equipment uses the first algorithm to generate the first transmission key according to the initial key of the first user equipment and the first parameter, and the initial key of the first user equipment and the second The initial keys of the user devices are different. Through this scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment. key and the initial key of the second user equipment to generate the first transmission key, that is to say, the first user equipment and the second user equipment that can perform D2D communication generate the same transmission key, and the same transmission key can be generated according to the same Encrypt or decrypt data using the transmission key. The key generated by the key generation method of this scheme is used to encrypt and decrypt the communication data, which improves the security of the communication data of D2D communication, thereby solving the problem that the key generated by the method of generating the key provided by the prior art is not suitable for Due to D2D communication, the security of the communication data of D2D communication cannot be improved.

The user equipment in this embodiment of the present invention may be a user equipment or a non-user equipment. The user equipment may be a mobile phone, a tablet computer, a notebook computer, a handheld computer, a vehicle terminal, a wearable device, an ultra-mobile personal computer (ultra-mobile personal computer, UMPC), a netbook, or a personal digital assistant (personal digital assistant, PDA), etc. The non-user equipment may be a personal computer (personal computer, PC), a television (television, TV), a teller machine or a self-service machine, etc.; the embodiment of the present invention does not specifically limit it.

The execution subject of the method for D2D communication key generation provided by the embodiment of the present invention may be the above-mentioned user equipment, or may be a functional module and/or a functional entity in the user equipment capable of implementing the control method. Specifically, it may be based on actual use Requirements are determined, and the embodiments of the present invention are not limited. The method for generating a key for D2D communication provided by an embodiment of the present invention is exemplarily described below by taking a user equipment as an example.

The network architecture of D2D communication is significantly different from the network architecture of traditional cellular communication. As shown in Figure 1, the dotted line in the figure represents the network architecture of traditional cellular communication, and the solid line represents the architecture of D2D communication network. In the D2D communication mode, user data is directly transmitted between UEs, which avoids the link gain caused by the transfer and transmission of user data through the network in cellular communication; secondly, the resources of D2D communication and cellular communication can be reused, which can generate Resource multiplexing gain: Through link gain and resource multiplexing gain, the utilization rate of wireless spectrum resources can be improved, thereby improving network throughput.

Embodiment one

Referring to FIG. 2 , an embodiment of the present invention provides a method for generating a key for D2D communication, the method is applied to a first user equipment, and the method may include the following steps 201 - 202 .

Step 201. Receive a first parameter sent by a network device.

The first parameter is used to indicate the initial key of the second user equipment, and the condition of D2D communication is satisfied between the second user equipment and the first user equipment.

A condition for D2D communication is satisfied between the second user equipment and the first user equipment. That is, D2D communication can be performed between the second user equipment and the first user equipment. For specific conditions for satisfying D2D communication, refer to existing related technologies, which are not limited in this embodiment of the present invention. The first user equipment is any one of the two user equipments capable of D2D communication, and the second user equipment is the other of the two user equipments capable of D2D communication. The network device may be, for example, a combination of one or more of base stations, core networks, etc., or other devices, which are not limited in this embodiment of the present invention.

The network device acquires the first parameter sent to the first user equipment.

The first parameter is used to indicate the initial key of the second user equipment. Then the network device first needs to obtain the initial key of the second user equipment. The method for the network device to obtain the initial key of the second user equipment can be obtained by the network device from its own storage module or from the second device. Yes, the embodiments of the present invention are not limited. For details, reference may be made to existing related technologies, which will not be repeated here.

Exemplarily, the first parameter includes the initial key of the second user equipment, that is, the first parameter may be the initial key of the second user equipment, and the first parameter may also include other Yes, the embodiments of the present invention are not limited.

Exemplarily, the first parameter includes the initial key of the second user equipment and the random number generated by the network device, that is, the first parameter may be the initial key of the second user equipment and the random number generated by the network device, and the first parameter may also be Other than the initial key of the second user equipment and the random number generated by the network device may be included, which is not limited in this embodiment of the present invention. For the random number generated by the network device, reference may be made to existing related technologies, which will not be repeated here.

Exemplarily, the first parameter includes a key factor, and the key factor is obtained by the network device according to the initial key of the second user equipment and a random number generated by the network device, that is, the first parameter may be the key factor, and the first parameter Others besides the key factor may also be included, which is not limited in this embodiment of the present invention. Exemplarily, the key factor is generated by the network device using the A algorithm according to the initial key of the second user equipment and a random number generated by the network device. Algorithm A is an encryption algorithm. For details, reference may be made to existing related technologies, and details are not described in this embodiment of the present invention.

Exemplarily, the initial key of the user equipment may be stored on the user equipment side in a Subscriber Identification Module (SIM for short) or a Universal Subscriber Identity Module (USIM for short) or an embedded Subscriber Identity Module (embedded SubscriberIdentity Module, referred to as ESIM). The initial key of the first user equipment is different from the initial key of the second user equipment. Different user equipments have different initial keys. The initial key of the user equipment may be stored in a storage module of the network equipment on the network equipment side.

The network device sends the first parameter to the first user equipment.

The first parameter is used by the first user equipment to generate the first transmission key by using the first algorithm according to the initial key of the first user equipment and the first parameter, and the initial key of the first user equipment and the initial encryption key of the second user equipment keys are different.

The first user equipment receives the first parameter sent by the network equipment.

Step 202: According to the initial key of the first user equipment and the first parameter, a first transmission key is generated by using a first algorithm.

The initial key of the first user equipment is different from the initial key of the second user equipment.

The first algorithm is an encryption algorithm, for example, the A8 algorithm, which is not limited in the embodiment of the present invention, and is specifically referred to in the existing related technologies, and will not be described in detail in the embodiment of the present invention.

Exemplarily, the first parameter is the key factor as an example for illustration, and the first user equipment generates the first transmission key by using the A8 algorithm according to the initial key and the key factor of the first user equipment.

The first user equipment generates the first transmission key through the method of step 201 and step 202 above, and the second user equipment can also generate the first transmission key according to the method of step 201 and step 202 above. That is to say, two user equipments capable of D2D communication can use the same algorithm to generate the same transmission key according to the same parameters, and then use the same transmission key to encrypt and decrypt the communication data, so as to realize both Safe and efficient transmission of communication data between them.

Exemplarily, referring to FIG. 2, as shown in FIG. 3(a) or FIG. 3(b), in order to improve the confidentiality of the transmission key, after step 202, the method for generating a key for D2D communication provided by the embodiment of the present invention The following step 203a or steps 203b-203c may also be included.

Step 203a: Generate a second transmission key by using a second algorithm according to the first transmission key.

In order to improve the confidentiality of the transmission key, the second algorithm is used to perform an encryption operation on the first transmission key. The second algorithm may be the same as or different from the first algorithm, which is not limited in this embodiment of the present invention. For the specific second algorithm, reference may be made to existing related technologies, which are not limited in this embodiment of the present invention.

Step 203b, acquire the wireless frame number.

Exemplarily, the method for the first user equipment to obtain the radio frame number may be that the first user equipment generates the radio frame number itself, or that the first user equipment receives the radio frame number sent by the second user equipment. It should be noted that: in order to ensure that the transmission keys generated by the first user equipment and the second user equipment are the same, they need to use the same radio frame number. Then one of the first user equipment and the second user equipment uses the radio frame number generated by itself, and the other uses the radio frame number sent by the other party. For example, the first user equipment uses the radio frame number generated by itself, and the second user equipment uses the radio frame number sent by the first user equipment; or the first user equipment uses the radio frame number sent by the second user equipment, and the second user equipment uses The wireless frame number generated by itself.

Exemplarily, the wireless frame number may be a TDMA frame number or other frame numbers, which is not limited in this embodiment of the present invention.

Step 203c, according to the first transmission key and the radio frame number, use a second algorithm to generate a second transmission key.

In order to improve the confidentiality of the transmission key, an encryption operation is performed on the first transmission key and the wireless frame number by using the second algorithm. The second algorithm may be the same as or different from the first algorithm, which is not limited in this embodiment of the present invention. For the specific second algorithm, reference may be made to existing related technologies, which are not limited in this embodiment of the present invention.

The application scenario of the method for generating a key for D2D communication provided by the embodiment of the present invention may be a situation where the first user equipment and the second device need to perform data communication, that is, after the key is generated, the communication data must be encrypted and decrypted using the key; It may also be the case that the first user equipment and the second equipment do not need to perform data communication, that is, after the key is generated, the communication data may be encrypted and decrypted without using the key.

Exemplarily, referring to FIG. 2, as shown in FIG. 4(a), after step 202, the method for generating a key for D2D communication provided by the embodiment of the present invention may further include the following step 204a.

Step 204a, using the first transmission key to encrypt the data to be sent or decrypt the received data.

The first user equipment uses the first transmission key to encrypt the data to be sent, and then sends it to the second user equipment, or the first user equipment receives the data sent by the second user equipment, and then uses the first transmission key to encrypt the received data The data is decrypted. Specifically, for the encryption and decryption process, reference may be made to existing related technologies, and details are not described in this embodiment of the present invention.

Exemplarily, with reference to FIG. 3(a), as shown in FIG. 4(b), after step 203a, the method for generating a key for D2D communication provided by the embodiment of the present invention may further include the following step 204b; with reference to FIG. 3 (b), as shown in FIG. 4(c), after step 203c, the method for generating a key for D2D communication provided by the embodiment of the present invention may further include the following step 204b.

Step 204b: Use the second transmission key to encrypt the data to be sent or decrypt the received data.

The first user equipment uses the second transmission key to encrypt the data to be sent, and then sends it to the second user equipment, or the first user equipment receives the data sent by the second user equipment, and then uses the second transmission key to encrypt the received data The data is decrypted. Specifically, for the encryption and decryption process, reference may be made to existing related technologies, and details are not described in this embodiment of the present invention.

Exemplarily, in combination with Figure 4(a), as shown in Figure 5(a), or in combination with Figure 4(b), as shown in Figure 5(b), or in combination with Figure 4(c), as shown in Figure 5(c ), before step 201, the method for generating a key for D2D communication provided by the embodiment of the present invention may further include the following step 205.

Step 205: Receive resource indication information sent by the network device, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for D2D communication between the first user equipment and the second user equipment.

The network device allocates the first radio resource for the first user equipment. The first radio resource is used for D2D communication between the first user equipment and the second user equipment. Specific unlimited resources may include communication channels, frequency resources, time resources, code domain resources, space resources, and power resources, etc., which are not limited in this embodiment of the present invention.

The network device sends resource indication information to the first user equipment, where the resource indication information is used to indicate the first radio resource.

The first user equipment receives the resource indication information sent by the network device, and uses the first radio resource indicated by the resource indication information to perform D2D communication with the second user equipment.

An embodiment of the present invention provides a method for generating a key for D2D communication. The first user equipment receives the first parameter sent by the network device. The first parameter is used to indicate the initial key of the second user equipment. The second user equipment and the second user equipment A D2D communication condition is satisfied between user equipments; the first user equipment uses a first algorithm to generate a first transmission key according to the initial key and the first parameter of the first user equipment, and the initial key of the first user equipment and the first parameter The initial keys of the two user equipments are different. Through this scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment. key and the initial key of the second user equipment to generate the first transmission key, that is to say, the first user equipment and the second user equipment that can perform D2D communication generate the same transmission key, and the same transmission key can be generated according to the same Encrypt or decrypt data using the transmission key. The key generated by the key generation method of this scheme is used to encrypt and decrypt the communication data, which improves the security of the communication data of D2D communication, thereby solving the problem that the key generated by the method of generating the key provided by the prior art is not suitable for Due to D2D communication, the security of the communication data of D2D communication cannot be improved.

Embodiment two

Referring to FIG. 6 , an embodiment of the present invention provides a method for generating a key for D2D communication, which is applied to a network device, and the method may include the following steps 301 - 302 .

Step 301. Acquire a first parameter.

The first parameter is used to indicate the initial key of the second user equipment, and the condition of D2D communication is satisfied between the second user equipment and the first user equipment.

The first parameter includes the initial key of the second user equipment; or, the first parameter includes the initial key of the second user equipment and a random number generated by the network device; or, the first parameter includes a key factor, and the key factor is the network The device obtains it according to the initial key of the second user device and the random number generated by the network device.

For details, reference may be made to the relevant description of step 201 in Embodiment 1, which will not be repeated here.

Step 302. Send the first parameter to the first user equipment.

The first parameter is used by the first user equipment to generate the first transmission key by using the first algorithm according to the initial key of the first user equipment and the first parameter, and the initial key of the first user equipment and the initial encryption key of the second user equipment keys are different.

For details, reference may be made to the relevant description of step 201 in Embodiment 1, which will not be repeated here.

Exemplarily, referring to FIG. 6 , as shown in FIG. 7 , before step 301 , the method for generating a key for D2D communication provided by the embodiment of the present invention may further include the following steps 303 - 304 .

Step 303. Allocate a first radio resource for the first user equipment.

The first radio resource is used for D2D communication between the first user equipment and the second user equipment. Specific unlimited resources may include communication channels, frequency resources, time resources, code domain resources, space resources, and power resources, etc., which are not limited in this embodiment of the present invention.

Step 304: Send resource indication information to the first user equipment, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for D2D communication between the first user equipment and the second user equipment.

The first user equipment receives the resource indication information sent by the network device, and uses the first radio resource indicated by the resource indication information to perform D2D communication with the second user equipment.

For details, reference may be made to related descriptions in Embodiment 1, and details are not repeated here.

An embodiment of the present invention provides a method for generating a key for D2D communication. The first user equipment receives the first parameter sent by the network device. The first parameter is used to indicate the initial key of the second user equipment. The second user equipment and the second user equipment A D2D communication condition is satisfied between user equipments; the first user equipment uses a first algorithm to generate a first transmission key according to the initial key and the first parameter of the first user equipment, and the initial key of the first user equipment and the first parameter The initial keys of the two user equipments are different. Through this scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment. key and the initial key of the second user equipment to generate the first transmission key, that is to say, the first user equipment and the second user equipment that can perform D2D communication generate the same transmission key, and the same transmission key can be generated according to the same Encrypt or decrypt data using the transmission key. The key generated by the key generation method of this scheme is used to encrypt and decrypt the communication data, which improves the security of the communication data of D2D communication, thereby solving the problem that the key generated by the method of generating the key provided by the prior art is not suitable for Due to D2D communication, the security of the communication data of D2D communication cannot be improved.

Embodiment three

Referring to FIG. 8 , an embodiment of the present invention provides a method for generating a key for D2D communication, and the method may include the following steps 101 - 103 .

Step 101, the network device acquires the first parameter sent to the first user equipment.

A condition for D2D communication is satisfied between the second user equipment and the first user equipment. That is, D2D communication can be performed between the second user equipment and the first user equipment. For specific conditions for satisfying D2D communication, refer to existing related technologies, which are not limited in this embodiment of the present invention. The first user equipment is any one of the two user equipments capable of D2D communication, and the second user equipment is the other of the two user equipments capable of D2D communication. The network device may be, for example, a combination of one or more of base stations, core networks, etc., or other devices, which are not limited in this embodiment of the present invention.

The first parameter is used to indicate the initial key of the second user equipment. Then the network device first needs to obtain the initial key of the second user equipment. The method for the network device to obtain the initial key of the second user equipment can be obtained by the network device from its own storage module or from the second device. Yes, the embodiments of the present invention are not limited. For details, reference may be made to existing related technologies, which will not be repeated here.

Exemplarily, the first parameter includes the initial key of the second user equipment, that is, the first parameter may be the initial key of the second user equipment, and the first parameter may also include other Yes, the embodiments of the present invention are not limited.

Exemplarily, the first parameter includes the initial key of the second user equipment and the random number generated by the network device, that is, the first parameter may be the initial key of the second user equipment and the random number generated by the network device, and the first parameter may also be Other than the initial key of the second user equipment and the random number generated by the network device may be included, which is not limited in this embodiment of the present invention. For the random number generated by the network device, reference may be made to existing related technologies, which will not be repeated here.

Exemplarily, the first parameter includes a key factor, and the key factor is obtained by the network device according to the initial key of the second user equipment and a random number generated by the network device, that is, the first parameter may be the key factor, and the first parameter Others besides the key factor may also be included, which is not limited in this embodiment of the present invention. Exemplarily, the key factor is generated by the network device using the A algorithm according to the initial key of the second user equipment and a random number generated by the network device. Algorithm A is an encryption algorithm. For details, reference may be made to existing related technologies, and details are not described in this embodiment of the present invention.

Exemplarily, the initial key of the user equipment may be stored on the user equipment side in a Subscriber Identification Module (SIM for short) or a Universal Subscriber Identity Module (USIM for short) or an embedded Subscriber Identity Module (embedded SubscriberIdentity Module, referred to as ESIM). The initial key of the first user equipment is different from the initial key of the second user equipment. Different user equipments have different initial keys. The initial key of the user equipment may be stored in a storage module of the network equipment on the network equipment side.

Step 102, the network device sends the first parameter to the first user equipment.

The first parameter is used by the first user equipment to generate the first transmission key by using the first algorithm according to the initial key of the first user equipment and the first parameter, and the initial key of the first user equipment and the initial encryption key of the second user equipment keys are different.

The first user equipment receives the first parameter sent by the network device.

Step 103, the first user equipment generates a first transmission key by using a first algorithm according to the initial key of the first user equipment and the first parameter.

The first algorithm is an encryption algorithm, for example, the A8 algorithm, which is not limited in the embodiment of the present invention, and is specifically referred to in the existing related technologies, and will not be described in detail in the embodiment of the present invention.

Exemplarily, the first parameter is the key factor as an example for illustration, and the first user equipment generates the first transmission key by using the A8 algorithm according to the initial key and the key factor of the first user equipment.

The first user equipment generates the first transmission key through the above method of step 101-step 103, similarly the second user equipment may also generate the first transmission key according to the above method of step 101-step 103. That is to say, two user equipments capable of D2D communication can use the same algorithm to generate the same transmission key according to the same parameters, and then use the same transmission key to encrypt and decrypt the communication data, so as to realize both Safe and efficient transmission of communication data between them.

Exemplarily, referring to FIG. 8, as shown in FIG. 9(a) or FIG. 9(b), in order to improve the confidentiality of the transmission key, after step 103, the method for generating a key for D2D communication provided by the embodiment of the present invention The following step 104a or steps 104b-104c may also be included.

Step 104a, the first user equipment generates a second transmission key by using a second algorithm according to the first transmission key.

In order to improve the confidentiality of the transmission key, the second algorithm is used to perform an encryption operation on the first transmission key. The second algorithm may be the same as or different from the first algorithm, which is not limited in this embodiment of the present invention. For the specific second algorithm, reference may be made to existing related technologies, which are not limited in this embodiment of the present invention.

Step 104b, the first user equipment obtains the radio frame number.

Exemplarily, the method for the first user equipment to obtain the radio frame number may be that the first user equipment generates the radio frame number itself, or that the first user equipment receives the radio frame number sent by the second user equipment. It should be noted that: in order to ensure that the transmission keys generated by the first user equipment and the second user equipment are the same, they need to use the same radio frame number. Then one of the first user equipment and the second user equipment uses the radio frame number generated by itself, and the other uses the radio frame number sent by the other party. For example, the first user equipment uses the radio frame number generated by itself, and the second user equipment uses the radio frame number sent by the first user equipment; or the first user equipment uses the radio frame number sent by the second user equipment, and the second user equipment uses The wireless frame number generated by itself.

Exemplarily, the wireless frame number may be a TDMA frame number or other frame numbers, which is not limited in this embodiment of the present invention.

Step 104c, the first user equipment generates a second transmission key by using a second algorithm according to the first transmission key and the radio frame number.

In order to improve the confidentiality of the transmission key, an encryption operation is performed on the first transmission key and the wireless frame number by using the second algorithm. The second algorithm may be the same as or different from the first algorithm, which is not limited in this embodiment of the present invention. For the specific second algorithm, reference may be made to existing related technologies, which are not limited in this embodiment of the present invention.

The application scenario of the method for generating a key for D2D communication provided by the embodiment of the present invention may be a situation where the first user equipment and the second device need to perform data communication, that is, after the key is generated, the communication data must be encrypted and decrypted using the key; It may also be the case that the first user equipment and the second equipment do not need to perform data communication, that is, after the key is generated, the communication data may be encrypted and decrypted without using the key.

Exemplarily, referring to FIG. 8, as shown in FIG. 10(a), after step 103, the method for generating a key for D2D communication provided by the embodiment of the present invention may further include the following step 105a.

Step 105a, the first user equipment encrypts the data to be sent or decrypts the received data by using the first transmission key.

The first user equipment uses the first transmission key to encrypt the data to be sent, and then sends it to the second user equipment, or the first user equipment receives the data sent by the second user equipment, and then uses the first transmission key to encrypt the received data The data is decrypted. Specifically, for the encryption and decryption process, reference may be made to existing related technologies, and details are not described in this embodiment of the present invention.

Exemplarily, referring to FIG. 9(a), as shown in FIG. 10(b), after step 104a, the method for generating a key for D2D communication provided by the embodiment of the present invention may further include the following step 105b; referring to FIG. 9 (b), as shown in FIG. 10(c), after step 104c, the method for generating a key for D2D communication provided by the embodiment of the present invention may further include the following step 105b.

Step 105b, the first user equipment encrypts the data to be sent or decrypts the received data by using the second transmission key.

The first user equipment uses the second transmission key to encrypt the data to be sent, and then sends it to the second user equipment, or the first user equipment receives the data sent by the second user equipment, and then uses the second transmission key to encrypt the received data The data is decrypted. Specifically, for the encryption and decryption process, reference may be made to existing related technologies, and details are not described in this embodiment of the present invention.

Exemplarily, in combination with Figure 10(a), as shown in Figure 11(a), or in combination with Figure 10(b), as shown in Figure 11(b), or in combination with Figure 10(c), as shown in Figure 11(c ), before step 101, the method for generating a key for D2D communication provided by the embodiment of the present invention may further include the following steps 106-107.

Step 106, the network device allocates the first radio resource to the first user equipment.

The first radio resource is used for D2D communication between the first user equipment and the second user equipment. Specific unlimited resources may include communication channels, frequency resources, time resources, code domain resources, space resources, and power resources, etc., which are not limited in this embodiment of the present invention.

Step 107, the network device sends resource indication information to the first user equipment, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for D2D communication between the first user equipment and the second user equipment.

The first user equipment receives the resource indication information sent by the network device, and uses the first radio resource indicated by the resource indication information to perform D2D communication with the second user equipment.

Referring to FIG. 12 , taking UE1 and UE2 as user equipment and base station as network equipment as an example, a specific example is provided to illustrate the method for generating a key for D2D communication provided by an embodiment of the present invention.

When the network device confirms that UE1 and UE2 can perform D2D communication, it can use the random data generator to generate a set of random data RAND for encryption, and this set of random data RAND is also used in the process of UE1 and UE2 generating keys. The network device uses the A algorithm to generate a set of parameters Ki1&RAND used by UE2 to generate the key with the random data RAND and the initial key Ki1 of UE1, and the network device uses the A algorithm to generate a set of random data RAND and the initial key Ki2 of UE2 The parameter Ki2&RAND used by UE1 to generate a key. Remarks: Ki1&RAND, Ki2&RAND represent the data after algorithm operation.

The network device sends the parameter Ki2&RAND to the terminal UE1, and sends the parameter Ki1&RAND to the terminal UE2.

UE1 receives the parameter Ki2&RAND issued by the network device, uses the parameter Ki2&RAND and the initial key Ki1 of UE1, and uses the A8 algorithm to generate an intermediate key KC1', KC1' is composed of the initial key of UE1, the initial key of UE2 and the random number RAND generated by calculation.

UE2 receives the parameter Ki1&RAND issued by the network device, uses the parameter Ki1&RAND and the initial key Ki2 of UE2 to generate the key intermediate KC2' using the A8 algorithm, and KC2' is composed of the initial key of UE1, the initial key of UE2 and the random number RAND. generated by the operation.

Then KC1' and KC2' generated above are the same.

The network equipment UE1 and UE2 allocate wireless resources, UE1 generates a wireless frame number TDMA frame number, uses the wireless resources allocated by the network equipment to send the TDMA frame number to UE2, and makes UE2 synchronize with UE1.

UE1 uses the TDMA frame number and the intermediate key KC1' to generate the key KC1 using the A5 algorithm, and UE2 uses the TDMA frame number and the intermediate key KC2' to generate the key KC2 using the A5 algorithm.

In summary, the key KC1 and the key KC2 are generated using the same parameters (the initial key Ki1 of UE1, the initial key Ki2 of UE2, the same random number RAND and the same TDMA frame number information), and the same algorithm, Key KC1 is therefore identical to key KC2. It can be used for decryption and encryption between UE1 and UE2.

UE1 encrypts the data to be sent with the key KC1 and sends it, UE2 decrypts the received data with the key KC2; UE2 encrypts the data to be sent with the key KC2 and sends it, and UE1 uses the key KC1 to receive the data decrypt.

An embodiment of the present invention provides a method for generating a key for D2D communication. The first user equipment receives the first parameter sent by the network device. The first parameter is used to indicate the initial key of the second user equipment. The second user equipment and the second user equipment A D2D communication condition is satisfied between user equipments; the first user equipment uses a first algorithm to generate a first transmission key according to the initial key and the first parameter of the first user equipment, and the initial key of the first user equipment and the first parameter The initial keys of the two user equipments are different. Through this scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment. key and the initial key of the second user equipment to generate the first transmission key, that is to say, the first user equipment and the second user equipment that can perform D2D communication generate the same transmission key, and the same transmission key can be generated according to the same Encrypt or decrypt data using the transmission key. The key generated by the key generation method of this scheme is used to encrypt and decrypt the communication data, which improves the security of the communication data of D2D communication, thereby solving the problem that the key generated by the method of generating the key provided by the prior art is not suitable for Due to D2D communication, the security of the communication data of D2D communication cannot be improved.

Embodiment Four

As shown in FIG. 13 , an embodiment of the present invention provides a first user equipment 120, including: a receiving module 121 and a generating module 122;

The receiving module 121 is configured to receive a first parameter sent by the network device, the first parameter is used to indicate the initial key of the second user equipment, and the D2D communication condition is satisfied between the second user equipment and the first user equipment;

The generating module 122 is configured to generate a first transmission key by using a first algorithm according to the initial key of the first user equipment and the first parameter received by the receiving module 121, and the initial key of the first user equipment is the same as that of the second user equipment. The initial keys are different.

Optionally, the first parameter includes the initial key of the second user equipment; or, the first parameter includes the initial key of the second user equipment and a random number generated by the network device; or, the first parameter includes a key factor, and the key The key factor is obtained by the network device according to the initial key of the second user equipment and a random number generated by the network device.

Optionally, the generating module 122 is further configured to, after using the first algorithm to generate the first transmission key according to the initial key of the first user equipment and the first parameter received by the receiving module 121, according to the first transmission key, A second transmission key is generated using a second algorithm.

Optionally, referring to FIG. 13 , as shown in FIG. 14 , the user equipment 120 further includes: an acquisition module 123; the acquisition module 123 is configured to generate a second transmission key using a second algorithm on the first user equipment according to the first transmission key. Before the key, the wireless frame number is obtained; the generating module 122 is specifically configured to generate a second transmission key by using a second algorithm according to the first transmission key and the wireless frame number obtained by the obtaining module.

Optionally, referring to FIG. 14 , as shown in FIG. 15 , the user equipment 120 further includes: an encryption and decryption module 124; the encryption and decryption module 124 is configured to use the generation module 122 to generate Encrypt the data to be sent or decrypt the received data with the first transmission key; or use the second transmission key generated by the generation module 122 to encrypt the data to be sent Encrypt or decrypt received data.

Optionally, the receiving module 121 is also configured to receive resource indication information sent by the network device before receiving the first parameter sent by the network device, the resource indication information is used to indicate the first wireless resource, and the first wireless resource is used for the first The user equipment performs D2D communication with the second user equipment.

The user equipment provided by the embodiments of the present invention can implement the processes shown in any one of FIG. 2 to FIG. 5 or any one of FIG. 8 to FIG. 12 in the above method embodiments. To avoid repetition, details are not repeated here.

An embodiment of the present invention provides a first user equipment. The first user equipment receives a first parameter sent by a network device. The first parameter is used to indicate the initial key of the second user equipment. The second user equipment and the first user equipment meet the conditions of D2D communication; the first user equipment uses the first algorithm to generate the first transmission key according to the initial key of the first user equipment and the first parameter, and the initial key of the first user equipment and the second user equipment different initial keys. Through this scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment. key and the initial key of the second user equipment to generate the first transmission key, that is to say, the first user equipment and the second user equipment that can perform D2D communication generate the same transmission key, and the same transmission key can be generated according to the same Encrypt or decrypt data using the transmission key. The key generated by the key generation method of this scheme is used to encrypt and decrypt the communication data, which improves the security of the communication data of D2D communication, thereby solving the problem that the key generated by the method of generating the key provided by the prior art is not suitable for Due to D2D communication, the security of the communication data of D2D communication cannot be improved.

Fig. 16 is a schematic diagram of a hardware structure of a user equipment implementing various embodiments of the present invention. The user equipment is taken as the first user equipment as an example for description. As shown in Figure 16, the user equipment 100 includes but is not limited to: a radio frequency unit 101, a network module 102, an audio output unit 103, an input unit 104, a sensor 105, a display unit 106, a user input unit 107, an interface unit 108, and a memory 109 , processor 110, and power supply 111 and other components. Those skilled in the art can understand that the structure of the user equipment shown in FIG. 16 does not constitute a limitation on the user equipment, and the user equipment may include more or less components than those shown in the figure, or combine certain components, or different components. layout. In the embodiment of the present invention, the user equipment includes, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a vehicle-mounted user equipment, a wearable device, and a pedometer.

Wherein, the radio frequency unit 101 is configured to receive the first parameter sent by the network device, the first parameter is used to indicate the initial key of the second user equipment, and the D2D communication condition is satisfied between the second user equipment and the first user equipment;

The processor 110 is configured to generate a first transmission key by using a first algorithm according to an initial key of the first user equipment and a first parameter, where the initial key of the first user equipment is different from that of the second user equipment.

In the user equipment provided by the embodiment of the present invention, the first user equipment receives the first parameter sent by the network device, the first parameter is used to indicate the initial key of the second user equipment, and the D2D is satisfied between the second user equipment and the first user equipment. Communication conditions: the first user equipment uses the first algorithm to generate the first transmission key according to the initial key of the first user equipment and the first parameter, and the initial key of the first user equipment and the initial key of the second user equipment different. Through this scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment. key and the initial key of the second user equipment to generate the first transmission key, that is to say, the first user equipment and the second user equipment that can perform D2D communication generate the same transmission key, and the same transmission key can be generated according to the same Encrypt or decrypt data using the transmission key. The key generated by the key generation method of this scheme is used to encrypt and decrypt the communication data, which improves the security of the communication data of D2D communication, thereby solving the problem that the key generated by the method of generating the key provided by the prior art is not suitable for Due to D2D communication, the security of the communication data of D2D communication cannot be improved.

It should be understood that, in the embodiment of the present invention, the radio frequency unit 101 can be used for receiving and sending signals during sending and receiving information or during a call. Specifically, after receiving the downlink data from the base station, the processor 110 processes it; Uplink data is sent to the base station. Generally, the radio frequency unit 101 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the radio frequency unit 101 can also communicate with the network and other devices through a wireless communication system.

The user equipment provides users with wireless broadband Internet access through the network module 102, such as helping users send and receive emails, browse web pages, and access streaming media.

The audio output unit 103 may convert audio data received by the radio frequency unit 101 or the network module 102 or stored in the memory 109 into an audio signal and output as sound. Also, the audio output unit 103 may also provide audio output related to a specific function performed by the user equipment 100 (eg, call signal reception sound, message reception sound, etc.). The audio output unit 103 includes a speaker, a buzzer, a receiver, and the like.

The input unit 104 is used to receive audio or video signals. The input unit 104 may include a graphics processing unit (Graphics Processing Unit, GPU) 1041 and a microphone 1042, and the graphics processing unit 1041 is used for still pictures or video images obtained by an image capture device (such as a camera) in a video capture mode or an image capture mode. The data is processed. The processed image frames may be displayed on the display unit 106 . The image frames processed by the graphics processor 1041 may be stored in the memory 109 (or other storage media) or sent via the radio frequency unit 101 or the network module 102 . The microphone 1042 can receive sound and can process such sound into audio data. The processed audio data can be converted into a format that can be sent to a mobile communication base station via the radio frequency unit 101 for output in the case of a phone call mode.

The user equipment 100 also includes at least one sensor 105, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor includes an ambient light sensor and a proximity sensor, wherein the ambient light sensor can adjust the brightness of the display panel 1061 according to the brightness of the ambient light, and the proximity sensor can turn off the display panel 1061 and the / or backlighting. As a kind of motion sensor, the accelerometer sensor can detect the magnitude of acceleration in various directions (usually three axes), and can detect the magnitude and direction of gravity when it is stationary, and can be used to identify the posture of the user device (such as horizontal and vertical screen switching, related games, etc.) , magnetometer posture calibration), vibration recognition-related functions (such as pedometer, knocking), etc.; the sensor 105 can also include fingerprint sensors, pressure sensors, iris sensors, molecular sensors, gyroscopes, barometers, hygrometers, thermometers, Infrared sensors, etc., will not be repeated here.

The display unit 106 is used to display information input by the user or information provided to the user. The display unit 106 may include a display panel 1061, and the display panel 1061 may be configured in the form of a liquid crystal display (Liquid Crystal Display, LCD), an organic light-emitting diode (Organic Light-Emitting Diode, OLED), or the like.

The user input unit 107 can be used to receive input numbers or character information, and generate key signal input related to user settings and function control of the user equipment. Specifically, the user input unit 107 includes a touch panel 1071 and other input devices 1072 . The touch panel 1071, also referred to as a touch screen, can collect touch operations of the user on or near it (for example, the user uses any suitable object or accessory such as a finger or a stylus on the touch panel 1071 or near the touch panel 1071). operate). The touch panel 1071 may include two parts, a touch detection device and a touch controller. Among them, the touch detection device detects the user's touch orientation, and detects the signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts it into contact coordinates, and sends it to the For the processor 110, receive the command sent by the processor 110 and execute it. In addition, the touch panel 1071 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic wave. In addition to the touch panel 1071 , the user input unit 107 may also include other input devices 1072 . Specifically, other input devices 1072 may include, but are not limited to, physical keyboards, function keys (such as volume control keys, switch keys, etc.), trackballs, mice, and joysticks, which will not be repeated here.

Further, the touch panel 1071 can be covered on the display panel 1061, and when the touch panel 1071 detects a touch operation on or near it, it will be sent to the processor 110 to determine the type of the touch event, and then the processor 110 can The type of event provides a corresponding visual output on the display panel 1061 . Although in FIG. 16 , the touch panel 1071 and the display panel 1061 are used as two independent components to realize the input and output functions of the user equipment, in some embodiments, the touch panel 1071 and the display panel 1061 can be integrated. The implementation of the input and output functions of the user equipment is not specifically limited here.

The interface unit 108 is an interface for connecting an external device to the user equipment 100 . For example, an external device may include a wired or wireless headset port, an external power (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device with an identification module, audio input/output (I/O) ports, video I/O ports, headphone ports, and more. The interface unit 108 may be used to receive input from an external device (eg, data information, power, etc.) and transmit the received input to one or more elements within the user device 100 or may be used to interface transfer data between devices.

The memory 109 can be used to store software programs as well as various data. The memory 109 can mainly include a program storage area and a data storage area, wherein the program storage area can store an operating system, at least one application program required by a function (such as a sound playback function, an image playback function, etc.) etc.; Data created by the use of mobile phones (such as audio data, phonebook, etc.), etc. In addition, the memory 109 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage devices.

The processor 110 is the control center of the user equipment, and uses various interfaces and lines to connect various parts of the entire user equipment, by running or executing software programs and/or modules stored in the memory 109, and calling data stored in the memory 109 , executing various functions of the user equipment and processing data, so as to monitor the user equipment as a whole. The processor 110 may include one or more processing units; optionally, the processor 110 may integrate an application processor and a modem processor, wherein the application processor mainly processes the operating system, user interface and application programs, etc., and the modem The tuner processor mainly handles wireless communication. It can be understood that the foregoing modem processor may not be integrated into the processor 110 .

The user equipment 100 may also include a power supply 111 (such as a battery) for supplying power to various components. Optionally, the power supply 111 may be logically connected to the processor 110 through a power management system, so as to manage charging, discharging, and power consumption through the power management system. Management and other functions.

In addition, the user equipment 100 includes some unshown functional modules, which will not be repeated here.

Embodiment five

The embodiment of the present invention also provides a first user equipment, which may include the above-mentioned processor 110 as shown in FIG. When the program is executed by the processor 110, the various processes of the method for generating keys for D2D communication shown in any one of Figures 2 to 5 or any one of Figures 8 to 12 in the above method embodiments are implemented, and the same technology can be achieved Effect, in order to avoid repetition, it is not repeated here.

Embodiment six

As shown in FIG. 17 , an embodiment of the present invention provides a network device 130, the network device 130 includes: an acquisition module 131 and a sending module 132;

The acquiring module 131 is configured to acquire a first parameter, the first parameter is used to indicate the initial key of the second user equipment, and the condition of D2D communication is satisfied between the second user equipment and the first user equipment;

The sending module 132 is configured to send the first parameter acquired by the acquiring module 131 to the first user equipment, and the first parameter is used by the first user equipment to generate the first parameter according to the initial key of the first user equipment and the first parameter using a first algorithm. A transmission key, the initial key of the first user equipment is different from the initial key of the second user equipment.

Optionally, the first parameter includes the initial key of the second user equipment; or, the first parameter includes the initial key of the second user equipment and a random number generated by the network device; or, the first parameter includes a key factor, and the key The key factor is obtained by the network device according to the initial key of the second user equipment and a random number generated by the network device.

Optionally, the sending module is further configured to send resource indication information to the first user equipment, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for D2D communication between the first user equipment and the second user equipment.

The user equipment provided by the embodiment of the present invention can implement each process shown in FIG. 6 or FIG. 7, or any one of FIG. 8 to FIG. 12 in the above method embodiment. To avoid repetition, details are not repeated here.

An embodiment of the present invention provides a network device. The first user equipment receives the first parameter sent by the network device. The first parameter is used to indicate the initial key of the second user equipment. Between the second user equipment and the first user equipment Satisfy the conditions of D2D communication; the first user equipment uses the first algorithm to generate the first transmission key according to the initial key of the first user equipment and the first parameter, and the initial key of the first user equipment and the initial key of the second user equipment The keys are different. Through this scheme, the first user equipment generates the first transmission key according to the initial key of the first user equipment and the initial key of the second user equipment. key and the initial key of the second user equipment to generate the first transmission key, that is to say, the first user equipment and the second user equipment that can perform D2D communication generate the same transmission key, and the same transmission key can be generated according to the same Encrypt or decrypt data using the transmission key. Therefore, the communication data is encrypted and decrypted using the key generated by the method for generating the key, which improves the security of the communication data in the D2D communication.

Embodiment seven

Referring to FIG. 18, an embodiment of the present invention also provides a network device, including a processor 141, a memory 142, and a computer program stored in the memory 142 and operable on the processor 141. The computer program is executed by the processor. 141 implements each process of the D2D communication key generation method shown in Figure 6 or Figure 7 in the above method embodiment, or any one of Figure 8 to Figure 12 when executed, and can achieve the same technical effect. In order to avoid repetition, I won't repeat them here.

Embodiment eight

An embodiment of the present invention also provides a computer-readable storage medium. A computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, the method shown in any one of Fig. 2 to Fig. 12 in the above method embodiment is implemented. Each process of the method for generating a key for D2D communication can achieve the same technical effect, and will not be repeated here to avoid repetition. Wherein, the computer-readable storage medium is, for example, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a magnetic disk or an optical disk, and the like.

Embodiment nine

An embodiment of the present invention also provides a wireless communication system, including: a first user equipment and a network device;

The first user equipment includes the first user equipment described in Embodiment 2, and the network device includes the network device described in Embodiment 4;

Alternatively, the first user equipment includes the first user equipment described in Embodiment 3, and the network device includes the network device described in Embodiment 5.

The embodiment of the present application also provides a computer-readable storage medium. A computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, each implementation described by the server in the above-mentioned embodiment of the web page resource acquisition method is realized. process, and can achieve the same technical effect, in order to avoid repetition, it will not be repeated here. Wherein, the computer-readable storage medium is, for example, a read-only memory (Read-Only Memory, ROM for short), a random access memory (Random Access Memory, RAM for short), a magnetic disk or an optical disk, and the like.

It should be noted that, in this document, the term "comprising", "comprising" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article or apparatus comprising a set of elements includes not only those elements, It also includes other elements not expressly listed, or elements inherent in the process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not preclude the presence of additional identical elements in the process, method, article, or apparatus comprising that element.

Through the description of the above embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus a necessary general-purpose hardware platform, and of course also by hardware, but in many cases the former is better implementation. Based on this understanding, the technical solution of the present invention can be embodied in the form of a software product in essence or the part that contributes to the prior art, and the computer software product is stored in a storage medium (such as ROM/RAM, disk, CD) contains several instructions to enable a user equipment (which may be a mobile phone, computer, server, air conditioner, or network equipment, etc.) to execute the methods of various embodiments of the present invention.

Embodiments of the present invention have been described above in conjunction with the accompanying drawings, but the present invention is not limited to the above-mentioned specific implementations, and the above-mentioned specific implementations are only illustrative, rather than restrictive. Those of ordinary skill in the art will Under the enlightenment of the present invention, many forms can also be made without departing from the gist of the present invention and the protection scope of the claims, all of which belong to the protection of the present invention.

Claims (21)

1. A method for device-to-device D2D communication to generate a key, applied to a first user equipment, characterized in that the method comprises: receiving a first parameter sent by a network device, where the first parameter is used to indicate an initial key of a second user equipment, and a condition for D2D communication is satisfied between the second user equipment and the first user equipment; Using a first algorithm to generate a first transmission key according to the initial key of the first user equipment and the first parameter, the initial key of the first user equipment and the initial key of the second user equipment different. 2. The method of claim 1, wherein, The first parameter includes an initial key of the second user equipment; or, The first parameter includes the initial key of the second user equipment and a random number generated by the network device; or, The first parameter includes a key factor, and the key factor is obtained by the network device according to the initial key of the second user equipment and a random number generated by the network device. 3. The method according to claim 1, characterized in that, after the first transmission key is generated using a first algorithm according to the initial key of the first user equipment and the first parameter, further comprising: According to the first transmission key, a second algorithm is used to generate a second transmission key. 4. The method according to claim 3, wherein, before using a second algorithm to generate a second transmission key according to the first transmission key, further comprising: Get the wireless frame number; According to the first transmission key, using the second algorithm to generate the second transmission key includes: Generate the second transmission key by using the second algorithm according to the first transmission key and the wireless frame number. 5. The method according to any one of claims 1 to 4, further comprising: Encrypting data to be sent or decrypting received data by using the first transmission key; Alternatively, the second transmission key is used to encrypt data to be sent or to decrypt received data. 6. The method according to any one of claims 1 to 4, characterized in that before receiving the first parameter sent by the network device, further comprising: and receiving resource indication information sent by the network device, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for D2D communication between the first user equipment and the second user equipment. 7. A method for device-to-device D2D communication to generate a key, which is applied to a network device, wherein the method comprises: Obtain a first parameter, where the first parameter is used to indicate the initial key of the second user equipment, and the D2D communication condition is satisfied between the second user equipment and the first user equipment; sending the first parameter to the first user equipment, the first parameter is used by the first user equipment to generate The first transmission key, the initial key of the first user equipment is different from the initial key of the second user equipment. 8. The method of claim 7, wherein, The first parameter includes an initial key of the second user equipment; or, The first parameter includes the initial key of the second user equipment and a random number generated by the network device; or, The first parameter includes a key factor, and the key factor is obtained by the network device according to the initial key of the second user equipment and a random number generated by the network device. 9. The method according to claim 7 or 8, characterized in that the method further comprises: sending resource indication information to the first user equipment, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for the first user equipment to perform D2D communication with the second user equipment. 10. A first user equipment, comprising: a receiving module and a generating module; The receiving module is configured to receive the first parameter sent by the network device, the first parameter is used to indicate the initial key of the second user equipment, and the D2D between the second user equipment and the first user equipment is satisfied conditions of communication; The generating module is configured to use a first algorithm to generate a first transmission key according to the initial key of the first user equipment and the first parameter received by the receiving module, and the initial key of the first user equipment The key is different from the initial key of the second user equipment. 11. The first user equipment according to claim 10, characterized in that, The first parameter includes an initial key of the second user equipment; or, The first parameter includes the initial key of the second user equipment and a random number generated by the network device; or, The first parameter includes a key factor, and the key factor is obtained by the network device according to the initial key of the second user equipment and a random number generated by the network device. 12. The first user equipment according to claim 10, characterized in that, The generating module is further configured to, after using a first algorithm to generate a first transmission key according to the initial key of the first user equipment and the first parameter received by the receiving module, according to the first A transmission key, using a second algorithm to generate a second transmission key. 13. The first user equipment according to claim 12, further comprising: an acquisition module; The obtaining module is configured to obtain a wireless frame number before the first user equipment generates a second transmission key using a second algorithm according to the first transmission key; The generating module is specifically configured to generate the second transmission key by using the second algorithm according to the first transmission key and the wireless frame number obtained by the obtaining module. 14. The first user equipment according to any one of claims 10 to 13, wherein the user equipment further comprises: an encryption and decryption module; The encryption and decryption module is configured to use the first transmission key generated by the generation module to encrypt the data to be sent or decrypt the received data after the first transmission key is generated by using the first algorithm ; or after the second transmission key is generated by using the second algorithm, the data to be sent is encrypted or the received data is decrypted by using the second transmission key generated by the generating module. 15. The first user equipment according to any one of claims 10 to 13, characterized in that, The receiving module is further configured to receive resource indication information sent by the network device before receiving the first parameter sent by the network device, the resource indication information is used to indicate a first wireless resource, and the first wireless resource uses performing D2D communication between the first user equipment and the second user equipment. 16. A network device, comprising: an acquisition module and a sending module; The acquiring module is configured to acquire a first parameter, the first parameter is used to indicate the initial key of the second user equipment, and the condition of D2D communication is satisfied between the second user equipment and the first user equipment; The sending module is configured to send the first parameter obtained by the obtaining module to the first user equipment, and the first parameter is used by the first user equipment according to the initial password of the first user equipment. Key and the first parameter, using a first algorithm to generate a first transmission key, the initial key of the first user equipment is different from the initial key of the second user equipment. 17. The network device of claim 16, wherein: The first parameter includes an initial key of the second user equipment; or, The first parameter includes the initial key of the second user equipment and a random number generated by the network device; or, The first parameter includes a key factor, and the key factor is obtained by the network device according to the initial key of the second user equipment and a random number generated by the network device. 18. The network device according to claim 16 or 17, characterized in that, The sending module is further configured to send resource indication information to the first user equipment, where the resource indication information is used to indicate a first radio resource, and the first radio resource is used for the first user equipment and the The second user equipment performs D2D communication. 19. A first user equipment, characterized by comprising a processor, a memory, and a computer program stored on the memory and operable on the processor, when the computer program is executed by the processor, it realizes the Steps in the method for generating a key for device-to-device D2D communication described in any one of requirements 1 to 6. 20. A network device, characterized by comprising a processor, a memory, and a computer program stored on the memory and operable on the processor, when the computer program is executed by the processor, the computer program according to claim 7 is implemented. Steps in the method for generating a key for device-to-device D2D communication described in any one of 10 to 10. 21. A wireless communication system, comprising: a first user equipment and a network device; The first user equipment comprises the first user equipment according to any one of claims 10 to 15 and the network device comprises the network device according to any one of claims 16 to 18; Alternatively, the first user equipment includes the first user equipment according to claim 19 and the network device includes the network device according to claim 20 .