CN110192381B

CN110192381B - Key transmission method and device

Info

Publication number: CN110192381B
Application number: CN201780082724.7A
Authority: CN
Inventors: 衣强; 何岳
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2017-09-15
Filing date: 2017-09-15
Publication date: 2021-02-09
Anticipated expiration: 2037-09-15
Also published as: CN110192381A; WO2019051776A1

Abstract

The embodiment of the invention relates to a method and a device for transmitting a secret key, wherein the method comprises the following steps: the network equipment obtains a discovery key for the remote terminal to discover the relay terminal; acquiring a first key and general bootstrap architecture (GPI) or acquiring an authentication vector AV; generating a third key according to the first key or a second key in the AV, and encrypting first information by adopting the third key, wherein the first information comprises the discovery key; the encrypted first information and GPI are sent to the remote terminal through the relay terminal, or the encrypted first information, RAND information in AV and AUTN information are sent to the remote terminal through the relay terminal; and the RAND information and the AUTN information in the GPI or AV are used for the remote terminal to generate a symmetric key of a third key, the encrypted first information is decrypted by adopting the symmetric key of the third key, a discovery key is obtained, and the discovery key is safely sent to the legal remote terminal by adopting the scheme.

Description

Key transmission method and device

Technical Field

The embodiment of the application relates to the technical field of communication, in particular to a secret key transmission method and secret key transmission equipment.

Background

The smart phone industry is mature, the market is about to saturate, the access and data card market is slipped down, and wearable devices are one of the future strategic directions of companies. Watches are currently marketed which can be fitted with a SIM card so that the watch can be connected directly to the network. It is a future trend that wearable devices are directly connected to a network.

At present, high-performance mobile phones exist around wearable devices, and the mobile phones and the wearable devices are in network communication respectively. It is desirable that the wearable device is connected to the network through the mobile phone, so that the power of the wearable device can be saved, and the transmission efficiency of the wearable device can be increased. Wherein, we can refer to the mobile phone as a relay terminal and the wearable device as a remote terminal.

Before the remote terminal is connected to the network through the relay terminal, the remote terminal is required to discover the relay terminal and establish a trust relationship with the relay terminal under the condition that the relay terminal allows so as to obtain authorization, and the relay terminal can be discovered when the remote terminal approaches the relay terminal again. However, in the prior art, the discovery process of an authorized remote terminal discovering a relay terminal is specifically as follows: the relay terminal sends the encrypted broadcast message, and after receiving the broadcast message sent by the relay terminal, the remote terminal needs to discover a key (or called a decryption key) to decrypt the content of the broadcast message, thereby discovering the relay terminal. The discovery key may be obtained from the network device for the remote terminal. However, in the process of dynamically establishing the trust relationship between the remote terminal and the relay terminal, the remote terminal cannot directly connect to the network device, and therefore cannot obtain the discovery key for discovering the specified relay terminal from the network device.

Disclosure of Invention

The embodiment of the application provides a key transmission method and device, and the network device sends the found key to the remote terminal in the process of establishing the trust relationship between the remote terminal and the relay terminal, so that the found key for finding the specified relay terminal is safely sent to the legal remote terminal, and the remote terminal further completes the finding of the relay terminal.

In a first aspect, an embodiment of the present invention provides a key transmission method, where the method is used for a network device to which a relay terminal belongs, and the method includes:

the network equipment obtains a discovery key, and the discovery key is used for the remote terminal to discover the relay terminal;

the network equipment acquires a first key and general guide architecture (GPI), or acquires an authentication vector AV;

the network equipment generates a third key according to the first key or a second key in the AV, and encrypts first information by adopting the third key, wherein the first information comprises a discovery key;

the network equipment sends the encrypted first information and GPI to the remote terminal through the relay terminal, or the network equipment sends the encrypted first information, RAND information in AV and AUTN information to the remote terminal through the relay terminal; and the RAND information and the AUTN information in the GPI or AV are used for the remote terminal to generate a symmetric key of a third key, and the encrypted first information is decrypted by adopting the symmetric key of the third key to obtain a discovery key.

In the process of establishing the trust connection between the remote terminal and the relay terminal, the embodiment of the invention authenticates the remote terminal to access the network through the relay terminal through the network equipment, encrypts the generated discovery key, and safely transmits the encrypted discovery key to the legal remote terminal for the subsequent discovery of the relay terminal by the remote terminal.

With reference to the first aspect, in a first possible implementation manner of the first aspect, the method further includes:

the network equipment generates a fourth key according to the first key or a second key in the AV, and adopts the fourth key to perform integrity protection on at least the first information to generate MAC information;

the network device sends the encrypted first information and the GPI to the remote terminal through the relay terminal, or the network device sends the encrypted first information, the RAND information in the AV, and the AUTN information to the remote terminal through the relay terminal, further comprising:

the network equipment sends MAC information to the remote terminal through the relay terminal; and the RAND information and the AUTN information in the GPI or the AV are also used for the remote terminal to generate a symmetric key of a fourth key, and the symmetric key of the fourth key is adopted to verify the integrity of the information at least containing the first information according to the MAC information.

The remote terminal performs integrity protection on the discovery key, or at least the discovery key, so that the safety of transmitting the information comprising the discovery key is improved.

With reference to the first aspect or the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the network device generates a third key according to the first key or the second key in the AV, and the network device generates a fourth key according to the first key or the second key in the AV, and the generating the third key or the fourth key further includes:

at least one item of identification information of the relay terminal, identification information of the remote terminal and identification information of the network equipment is used as an input parameter for generating the third key or the fourth key.

With reference to the first aspect, or any one of the foregoing possible implementation manners of the first aspect, in a third possible implementation manner of the first aspect, the first key is a key generated based on a generic bootstrapping architecture GBA push manner.

With reference to the first aspect, or any one of the foregoing possible implementation manners of the first aspect, in a fourth possible implementation manner of the first aspect, the first information further includes: at least one of identification information of the network device, identification information of the relay terminal, a code word of the broadcast, and a communication root key of the remote terminal and the relay terminal for communication.

In a second aspect, an embodiment of the present invention provides a method for transmitting a key, where the method includes:

the remote terminal receives a first message sent by the relay terminal, wherein the first message comprises encrypted first information and general bootstrap push information GPI, or the first message comprises encrypted first information and RAND information and AUTN information in an authentication vector AV, and the first information comprises a discovery key;

the remote terminal generates a first secret key according to the GPI or the RAND information and the AUTN information, generates a second secret key based on the first secret key, and decrypts the encrypted first information by using the second secret key.

The remote terminal receives the safely transmitted discovery key in the process of establishing the trust connection relationship between the remote terminal and the relay terminal, so that the subsequent remote terminal discovers the relay terminal.

With reference to the second aspect, in a first possible implementation manner of the second aspect, the first message further includes MAC information; the method further comprises the following steps:

the remote terminal generates a third key based on the first key and verifies the MAC information using the third key, thereby verifying the integrity of the information containing at least the first information. With reference to the second aspect, in a second possible implementation manner of the second aspect, generating a second key based on the first key, and generating a third key based on the first key includes:

at least one item of identification information of the relay terminal, identification information of the remote terminal and identification information of the network equipment is used as an input parameter for generating the second key or the third key.

In a third aspect, an embodiment of the present invention provides a method for transmitting a key, where the method includes:

the method comprises the steps that first equipment receives a first message sent by a relay terminal, wherein the first message comprises identification information of a remote terminal;

the first equipment authenticates the communication connection established by the remote terminal through the relay terminal according to the first message;

if the authentication is passed, the first equipment acquires a root key of the remote terminal;

the first equipment generates a first key according to the root key, and encrypts first information by adopting the first key, wherein the first information comprises a discovery key;

the first device sends the encrypted first information to the remote terminal through the relay terminal, so that the remote terminal generates a symmetric key of the first key according to a communication root key of the remote terminal, and decrypts the encrypted first information by using the symmetric key of the first key to obtain a discovery key.

In the process of establishing communication connection between the remote terminal and the relay terminal, the first equipment authenticates the communication connection established by the remote terminal through the relay terminal, encrypts the obtained discovery key and safely transmits the discovery key to the legal remote terminal so as to facilitate the subsequent remote terminal to discover the relay terminal.

With reference to the third aspect, in a first possible implementation manner of the third aspect, the method further includes:

the first equipment generates a second key according to the root key, and integrity protection is carried out on at least first information by adopting the second key to generate MAC information; the method further comprises the following steps:

the first device sends MAC information to the remote terminal through the relay terminal, and the MAC information is used for verifying the integrity of at least the first information by the remote terminal.

With reference to the first possible implementation manner of the third aspect, in a second possible implementation manner of the third aspect, the generating, by the first device, a first key according to the root key, and generating, by the first device, a second key according to the root key includes:

the first equipment generates a communication root key for the communication between the remote terminal and the relay terminal according to the root key;

the first device generates a first key and a second key from the communication root key.

With reference to the first possible implementation manner of the third aspect, in a third possible implementation manner of the third aspect, the generating, by the first device, a first key according to the root key, and generating, by the first device, a second key according to the root key includes:

the first equipment generates a session key for the communication between the remote terminal and the relay terminal according to the communication root key;

the first device generates a first key and a second key from the session key.

With reference to the third aspect or any one of the foregoing possible implementation manners of the third aspect, in a fourth possible implementation manner of the third aspect, the first device is a network device, and before the first device acquires the root key of the remote terminal, the method further includes:

the method comprises the steps that first equipment receives a trust connection establishment request message sent by a relay terminal, wherein the trust connection establishment request message comprises identification information of the relay terminal and identification information of a remote terminal;

the first equipment authenticates the remote terminal to access the network through the relay terminal according to the request message for establishing the trust connection;

if the authentication is passed, the first device generates a discovery key.

With reference to the second or third possible implementation manner of the third aspect, in a fifth possible implementation manner of the third aspect, the first device is a mobility management entity MME; before the first device integrity-protects the first information using the first key and the first device integrity-protects the first information using the second key, the method further comprises:

the first device obtains a discovery key.

With reference to the fifth possible implementation manner of the third aspect, in a sixth possible implementation manner of the third aspect, the obtaining, by the first device, the discovery key includes:

the first equipment receives inserted user data information sent by a Home Subscriber Server (HSS), wherein the inserted user data information comprises a discovery key, and the HSS obtains the discovery key from a proximity service server or a proximity service key management function (PKMF) entity.

In a fourth aspect, an embodiment of the present invention provides a method for transmitting a key, where the method includes:

the remote terminal receives a first message sent by the relay terminal, wherein the first message comprises encrypted first information, and the first information comprises a discovery key;

the remote terminal generates a first key from the root key and decrypts the encrypted first information using the first key to obtain a discovery key.

And the remote terminal receives the safely transmitted discovery key in the process of establishing the communication connection between the remote terminal and the relay terminal so as to be used for the subsequent remote terminal to discover the relay terminal.

With reference to the fourth aspect, in a first possible implementation manner of the fourth aspect, the first message further includes MAC information; the method further comprises the following steps:

the remote terminal generates a second key from the root key and verifies the MAC information using the second key, thereby verifying the integrity of the information of at least the first information.

With reference to the first possible implementation manner of the fourth aspect, in a second possible implementation manner of the fourth aspect, the generating, by the remote terminal, a first key according to the root key, and generating, by the remote terminal, a second key according to the root key includes:

the remote terminal generates a communication root key for the communication between the remote terminal and the relay terminal according to the root key;

the remote terminal generates a first key and a second key from the communication root key.

With reference to the first possible implementation manner of the fourth aspect, in a third possible implementation manner of the fourth aspect, the generating, by the remote terminal, a first key according to the root key, and generating, by the remote terminal, a second key according to the root key includes:

the remote terminal generates a session key for the communication between the remote terminal and the relay terminal according to the communication root key;

the remote terminal generates a first key and a second key from the session key.

With reference to the fourth aspect, the second aspect, or the third possible implementation manner of the fourth aspect, in a fourth possible implementation manner of the fourth aspect, the first message is a direct security mode command message or a direct communication accept message, and the direct security mode command message or the direct communication accept message includes the discovery key indication information.

In a fifth aspect, an embodiment of the present invention provides a method for transmitting a key, where the method includes:

the first equipment authenticates the remote terminal to access the network through the relay terminal according to the first message;

and if the authentication is passed, the first equipment sends a second message to the relay terminal, wherein the second message comprises first information, and the first information comprises a discovery key for the remote terminal to discover the relay terminal, so that the relay terminal sends the first information to the remote terminal.

With reference to the fifth aspect, in a first possible implementation manner of the fifth aspect, the first device is a network device, and before the first device receives the first message sent by the relay terminal, the method further includes:

if the authentication is passed, the first device generates a discovery key.

With reference to the fifth aspect, in a second possible implementation manner of the fifth aspect, the first device is a mobility management entity MME; before the first device receives the first message sent by the relay terminal, the method further includes:

the first device obtains a discovery key.

With reference to the second possible implementation manner of the fifth aspect, in a third possible implementation manner of the fifth aspect, the acquiring, by the first device, a discovery key includes:

the first equipment receives inserted user data information sent by a Home Subscriber Server (HSS), the inserted user data information comprises a discovery key, and the HSS obtains the discovery key from a proximity service server or a proximity service key management function (PKMF) entity.

In a sixth aspect, an embodiment of the present invention provides a method for transmitting a key, where the method includes:

the relay terminal receives a first message sent by first equipment, wherein the first message comprises first information, and the first information comprises a discovery key used for a remote terminal to discover the relay terminal;

the relay terminal encrypts the first information using an encryption key in communication with the remote terminal;

the relay terminal sends a second message to the remote terminal, the second message including the encrypted first information.

The embodiment of the invention encrypts the discovery key through the relay terminal and sends the discovery key to the remote terminal so as to be used for discovering the relay terminal by the subsequent remote terminal.

With reference to the sixth aspect, in a first possible implementation manner of the sixth aspect, the second message is a direct security mode command message or a direct communication acceptance message, and the direct security mode command message or the direct communication acceptance message includes the discovery key indication information.

In a seventh aspect, an embodiment of the present invention provides a device, where the device is a network device to which a relay terminal belongs, and the network device includes:

a processor for obtaining a discovery key, the discovery key being used by a remote terminal to discover a relay terminal;

the processor is further configured to acquire the first key and the generic bootstrapping architecture push information GPI, or the network device acquires the authentication vector AV;

the processor is further configured to generate a third key according to the first key or a second key in the AV, and encrypt the first information with the third key, where the first information includes the discovery key;

the transmitter is used for transmitting the encrypted first information and the GPI to the remote terminal through the relay terminal, or the network equipment transmits the encrypted first information, the RAND information in the AV and the AUTN information to the remote terminal through the relay terminal; and the RAND information and the AUTN information in the GPI or AV are used for the remote terminal to generate a symmetric key of a third key, and the encrypted first information is decrypted by adopting the symmetric key of the third key to obtain a discovery key.

With reference to the fourth aspect, in a first possible implementation manner of the seventh aspect, the processor is further configured to generate a fourth key according to the first key or a second key in the AV, and perform integrity protection on at least the first information by using the fourth key to generate the MAC information;

the transmitter transmits the encrypted first information and the GPI to the remote terminal through the relay terminal, or the network device transmits the encrypted first information, the RAND information in the AV, and the AUTN information to the remote terminal through the relay terminal, further comprising:

the transmitter transmits the MAC information to the remote terminal through the relay terminal; and the RAND information and the AUTN information in the GPI or the AV are also used for the remote terminal to generate a symmetric key of a fourth key, and the symmetric key of the fourth key is adopted to verify the integrity of the information at least containing the first information according to the MAC information.

With reference to the seventh aspect or the first possible implementation manner of the seventh aspect, in a second possible implementation manner of the seventh aspect, the processor generates a third key according to the first key or the second key in the AV, and the processor generates a fourth key according to the first key or the second key in the AV, and the generating the third key or the fourth key further includes:

With reference to the seventh aspect, or any one of the foregoing possible implementation manners of the seventh aspect, in a third possible implementation manner of the seventh aspect,

the first key is a key generated based on a Generic Bootstrapping Architecture (GBA) push mode.

With reference to the seventh aspect, or any one of the foregoing possible implementation manners of the seventh aspect, in a fourth possible implementation manner of the seventh aspect, the first information further includes:

at least one of identification information of the network device, identification information of the relay terminal, a code word of the broadcast, and a communication root key of the remote terminal and the relay terminal for communication.

In an eighth aspect, an embodiment of the present invention provides an apparatus, where the apparatus is a remote terminal, and the remote terminal includes:

the receiver is configured to receive a first message sent by the relay terminal, where the first message includes encrypted first information and generic bootstrapping architecture push information GPI, or the first message includes encrypted first information and RAND information and AUTN information in an authentication vector AV, where the first information includes a discovery key;

and the processor is used for generating a first secret key according to the GPI or the RAND information and the AUTN information, generating a second secret key based on the first secret key, and decrypting the encrypted first information by using the second secret key.

With reference to the eighth aspect, in a first possible implementation manner of the eighth aspect, the first message further includes MAC information;

the processor is further configured to generate a third key based on the first key and verify the MAC information using the third key, thereby verifying integrity of information including at least the first information.

With reference to the eighth aspect, in an eighth possible implementation manner of the eighth aspect, the generating a second key based on the first key, and generating a third key based on the first key includes:

In a ninth aspect, an embodiment of the present invention provides an apparatus, where the apparatus includes:

the receiver is used for receiving a first message sent by the relay terminal, wherein the first message comprises identification information of the remote terminal;

the processor is used for authenticating the communication connection established by the remote terminal through the relay terminal according to the first message;

if the authentication is passed, the processor acquires a root key of the remote terminal;

the processor is further used for generating a first key according to the root key and encrypting first information by adopting the first key, wherein the first information comprises a discovery key;

and the transmitter is used for transmitting the encrypted first information to the remote terminal through the relay terminal so that the remote terminal generates a symmetric key of the first key according to the communication root key of the remote terminal, and decrypts the encrypted first information by using the symmetric key of the first key to obtain the discovery key.

In the process of establishing communication connection between the remote terminal and the relay terminal, the equipment authenticates the communication connection established by the remote terminal through the relay terminal, encrypts the obtained discovery key and safely transmits the discovery key to the legal remote terminal so as to facilitate the subsequent remote terminal to discover the relay terminal.

With reference to the ninth aspect, in a first possible implementation manner of the ninth aspect,

the processor is further used for generating a second key according to the root key, and performing integrity protection on at least the first information by adopting the second key to generate MAC information; the method further comprises the following steps:

With reference to the first possible implementation manner of the ninth aspect, in a second possible implementation manner of the ninth aspect, the generating, by the processor, a first key according to the root key, and generating, by the processor, a second key according to the root key includes:

the processor generates a communication root key for the communication between the remote terminal and the relay terminal according to the root key;

the processor generates a first key and a second key from the communication root key.

With reference to the first possible implementation manner of the ninth aspect, in a third possible implementation manner of the ninth aspect, the generating, by the processor, a first key according to the root key, and generating, by the processor, a second key according to the root key includes:

the processor generates a session key for the communication between the remote terminal and the relay terminal according to the communication root key;

the processor generates a first key and a second key from the session key.

With reference to the ninth aspect or any one of the foregoing possible implementation manners of the ninth aspect, in a fourth possible implementation manner of the ninth aspect, the device is a network device, and before the processor acquires the root key of the remote terminal,

the receiver is also used for receiving a trust connection establishment request message sent by the relay terminal, wherein the trust connection establishment request message comprises identification information of the relay terminal and identification information of the remote terminal;

the processor authenticates the remote terminal to access the network through the relay terminal according to the request message for establishing the trust connection;

if the authentication passes, the processor generates a discovery key.

With reference to the second or third possible implementation manner of the ninth aspect, in a fifth possible implementation manner of the ninth aspect, the device is a mobility management entity MME; before the processor encrypts the first information using the first key and the processor integrity-protects the first information using the second key

A discovery key is obtained.

With reference to the fifth possible implementation manner of the ninth aspect, in a sixth possible implementation manner of the ninth aspect, the obtaining a discovery key includes:

the receiver receives inserted user data information sent by a Home Subscriber Server (HSS), wherein the inserted user data information comprises a discovery key, and the HSS obtains the discovery key from a proximity service server or a proximity service key management function (PKMF) entity.

In a tenth aspect, an embodiment of the present invention provides an apparatus, where the apparatus is a remote terminal, and the remote terminal includes:

the receiver is used for receiving a first message sent by the relay terminal, wherein the first message comprises encrypted first information, and the first information comprises a discovery key;

and the processor is used for generating a first key according to the root key and decrypting the encrypted first information by using the first key to obtain the discovery key.

With reference to the tenth aspect, in a first possible implementation manner of the tenth aspect, the first message further includes MAC information;

the processor is further configured to generate a second key based on the root key and verify the MAC information using the second key, thereby verifying the integrity of the information of at least the first information.

With reference to the first possible implementation manner of the tenth aspect, in a second possible implementation manner of the tenth aspect, the generating, by the processor, a first key according to the root key, and the generating, by the remote terminal, a second key according to the root key includes:

With reference to the first possible implementation manner of the tenth aspect, in a third possible implementation manner of the tenth aspect, the generating, by the processor, a first key according to the root key, and generating, by the processor, a second key according to the root key includes:

the processor generates a first key and a second key from the session key.

With reference to the tenth aspect, the second possible implementation manner of the tenth aspect, or the third possible implementation manner of the tenth aspect, in a fourth possible implementation manner of the tenth aspect, the first message is a direct security mode command message or a direct communication accept message, and the direct security mode command message or the direct communication accept message includes the discovery key indication information.

In an eleventh aspect, an embodiment of the present invention provides an apparatus, where the apparatus includes:

the processor is used for authenticating the remote terminal to access the network through the relay terminal according to the first message;

and if the authentication is passed, the transmitter transmits a second message to the relay terminal, wherein the second message comprises first information, and the first information comprises a discovery key for the remote terminal to discover the relay terminal, so that the relay terminal transmits the first information to the remote terminal.

With reference to the eleventh aspect, in a first possible implementation manner of the eleventh aspect, the device is a network device, and before the receiver receives the first message sent by the relay terminal,

if the authentication passes, the processor generates a discovery key.

With reference to the eleventh aspect, in a second possible implementation manner of the eleventh aspect, the device is a mobility management entity MME; before the receiver receives the first message sent by the relay terminal,

a discovery key is obtained.

With reference to the second possible implementation manner of the eleventh aspect, in a third possible implementation manner of the eleventh aspect, the obtaining a discovery key includes:

the receiver receives the inserted user data information sent by the Home Subscriber Server (HSS), the inserted user data information comprises a discovery key, and the HSS obtains the discovery key from the proximity service server or a proximity service key management function (PKMF) entity.

In a twelfth aspect, an embodiment of the present invention provides an apparatus, where the apparatus is a relay terminal, and the relay terminal includes:

the relay terminal comprises a receiver and a relay terminal, wherein the receiver is used for receiving a first message sent by first equipment, the first message comprises first information, and the first information comprises a discovery key used for a remote terminal to discover the relay terminal;

a processor for encrypting the first information using an encryption key in communication with the remote terminal;

a transmitter for transmitting a second message to the remote terminal, the second message including the encrypted first information.

With reference to the twelfth aspect, in a first possible implementation manner of the twelfth aspect, the second message is a direct security mode command message or a direct communication acceptance message, and the direct security mode command message or the direct communication acceptance message includes the discovery key indication information.

In a thirteenth aspect, embodiments of the present invention provide a computer program product comprising instructions for executing any one of the above-mentioned first to sixth aspects or any one of the possible implementation methods/steps when the instructions are run on a computer.

In a fourteenth aspect, embodiments of the present application provide a computer-readable storage medium for storing instructions that, when executed on a computer, perform the method/steps of any one of the first to sixth aspects or any one of the possible implementations of any aspect.

Drawings

Fig. 1 is a flowchart of a key transmission method according to an embodiment of the present invention;

fig. 2 is a flowchart of another key transmission method according to an embodiment of the present invention;

fig. 3 is a flowchart of a key transmission method according to an embodiment of the present invention;

FIG. 4 is a flowchart of a method for dynamically establishing a trust relationship according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of a network device according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of a remote terminal according to an embodiment of the present invention;

FIG. 7 is a schematic structural diagram of an apparatus according to an embodiment of the present invention;

fig. 8 is a schematic structural diagram of a remote terminal according to an embodiment of the present invention;

FIG. 9 is a schematic structural diagram of an apparatus according to an embodiment of the present invention;

fig. 10 is a schematic structural diagram of a relay terminal according to an embodiment of the present invention.

Detailed Description

In order to securely send a discovery key to a legal remote terminal for the remote terminal to discover a designated relay terminal, embodiments of the present application provide a method for sending and receiving a key, a network device, and a remote terminal.

The embodiment of the application can complete the sending of the key through two schemes. The first scheme is as follows: in the process of establishing a trust relationship between the remote terminal and the relay terminal, sending the found key to the remote terminal; scheme II: and on the basis that the trust relationship is established between the remote terminal and the relay terminal, the found key is sent to the remote terminal in the process of establishing communication connection between the remote terminal and the relay terminal.

In the embodiment of the present invention, the remote terminal may be referred to as a remote user equipment (user equipment), which is referred to as remote UE or eRemote UE for short, and the relay terminal may be referred to as a relay user equipment, which is referred to as relay UE or eRelay UE for short.

The short-range communication connection established between the eRemote UE and the eRelay UE is a communication connection established based on D2D communication of a cellular network. In the following description of the embodiments, the connections established between the eRemote UE and the eRelay UE are simply referred to as PC5 connections. The technical solution of the embodiment of the present invention is explained below with reference to the accompanying drawings.

It should be noted that, in the following description of the embodiments, the "first key", "second key", "third key", "first information", "second information", and the "first message", "second message", and "third" in the "first message", "second message", and "third message" are used to distinguish the keys, information, or messages, and do not limit the keys, information, or messages themselves.

It should be further noted that, in the embodiment of the present invention, the network device mentioned below provides a Proximity Service (Proximity Service) device for the eRemote UE and the eRelay UE, such as a Proximity Service key management function (PKMF) entity, or a Proximity Service function (Proximity function) device, or a functional entity combining the two.

Fig. 1 is a transmission method of a key according to an embodiment of the present application. As shown in fig. 1, the method may include the steps of:

s110, the network device obtains the discovery key.

If the eRelay UE only needs to discover the authorized eRelay UE, the eRelay UE cannot automatically discover the eRelay UE under the condition that the eRelay UE and the eRelay UE do not establish a trust relationship, and the eRelay UE need to be manually matched by a user to complete trust connection. Therefore, the eRemote UE may discover the eRelay UE through open discovery (open discovery), and in the process, establish a trust relationship with the eRelay UE.

In the process of establishing a trust relationship between an eRemote UE and an eRelay UE, a network device obtains a discovery key for restricted discovery (restricted discovery). The discovery key of limited discovery referred to herein is a key used by only an authorized eRemote UE to discover the eRelay UE, which is allowed to establish a trust relationship. In the embodiment of the present invention, the discovery key may be a root key (root key) for restricted discovery or an encryption key, an integrity key, and a scrambling key used in a restricted discovery process, such as a secret key (DUCK) of a discovery relay, an integrity key (DUIK) of a discovery relay, and a scrambling key (DUSK) of a discovery relay.

S120, the network device obtains a first key of the remote terminal and general purpose bootstrapping architecture push information (GPI) of the remote terminal, or the network device obtains an eRemote UE Authentication Vector (AV).

The network device should first obtain identification information of the eRemote UE to obtain the information, where the identification information of the eRemote UE is an International Mobile Subscriber Identity (IMSI) of the eRemote UE, and the IMSI information is obtained by the network device according to the identification information of the eRemote UE (e.g., a proximity service discovery UE identification) carried in the request for establishing the information relationship.

In an embodiment of the present invention, a network device obtains a first key and a GPI of an eRemote UE according to identification information of the eRemote UE. The first key is Ks (_ int/ext) _ NAF, which is generated based on a Generic Bootstrapping Architecture (GBA) push manner, and the key associated with the GPI information may be used for security protection in communication between the eRemote UE and the network device, such as a key used in the process of establishing HTTPS.

In another embodiment of the present invention, the network device may obtain an AV of the eRemote UE, where the AV includes information such as a second key Kasme, a random data (RAND), and an authentication token (AUTN). The network device may use Kasme in the AV as a first key, and generate a key for encrypting the first information and a key for integrity-protecting at least the first information based on the first key, the same first information referring to information including the discovery key.

The GPI or the combination of RAND and AUTN in the AV is used for the subsequent eRemote UE to generate a symmetric key of a key for encrypting the first information, so as to decrypt the first information to obtain a discovery key for the subsequent eRemote UE and eRelay UE to discover.

In another optional embodiment, if other keys of the eRemote UE are stored in the network device, the network device obtains the key, and generates a key for encrypting the first information based on the key of the eRemote UE, where the key is a key for protecting communication between the eRemote UE and the network device that is already in communication with the network device before the eRemote UE establishes a trust relationship with the eRelay UE, and the key is stored in the network device, or the key may also be a root key pre-allocated to the eRemote UE for relaying, for example, a proximity service relay user key of the eRemote UE.

Other information may also be included in the first information, for example, when the discovery key is a root key for restricted discovery, then metadata information on how to protect the discovery (discovery) message, such as one or more of encryption, integrity protection, and scrambling, is also included in the first information, so that the UE generates the encryption key, the integrity protection key, and the scrambling key according to the root key.

S130, the network equipment generates a third key according to the first key or the second key in the AV, and encrypts the first information by adopting the third key.

The network equipment generates a third key PF _ enc for encrypting the first information according to the first key Ks (_ int/ext) _ NAF or the second key Kasme, and encrypts the first information by adopting the PF _ enc.

Optionally, in this embodiment of the present invention, the network device may further be configured to generate a fourth key PF _ int for integrity protection according to the first key Ks (_ int/ext) _ NAF or the second key Kasme in the AV, and perform integrity protection on at least the first information using the fourth key PF _ int, to generate Message Authentication Code (MAC) information, where the MAC information may also be referred to as a message integrity check code (MIC).

In an embodiment, the network device generates a key for integrity protection according to Ks (_ int/ext) _ NAF, and performs integrity protection on at least first information by using the key to generate MAC information, where the MAC information is used for a subsequent eRemote UE to generate a symmetric key for the integrity protection key according to GPI, that is, to generate a MAC ' information, and compares the MAC ' information with the MAC information generated by the network device, and if the MAC ' information is consistent with the MAC information generated by the network device, the integrity of the information at least including the first information may be determined.

In another embodiment, the network device generates a key for integrity protection according to Kasme, and performs integrity protection on at least the first information by using the key to generate MAC information, where the MAC information is used for a subsequent eRemote UE to generate a symmetric key for the integrity protection key according to the RAND information and AUTN in the AV, that is, to generate a MAC ' information, and compares the MAC ' information with the MAC information generated by the network device, and if the MAC ' information and the RAND information are consistent, the integrity of the information at least including the first information may be determined.

In this step, in another optional implementation manner, the network device obtains the stored secret key of the eRemote UE, as described in S120, generates a third secret key and a fourth secret key based on the secret key, encrypts the first information with the third secret key, and performs integrity protection on at least the first information with the fourth secret key.

It should be noted that, in the embodiment of the present invention, the sequence of encrypting the first information and performing integrity protection on at least the first information is not limited, for example, the first information may be encrypted first, and then integrity protection is performed on at least the encrypted first information; or at least the first information may be integrity protected first and then encrypted. In the embodiment of the present invention, the sequence of encrypting the first information and integrity protecting the first information only affects whether the eRemote UE decrypts the encrypted and integrity protected first information first and then verifies the integrity or the sequence of verifying the integrity first and then decrypting the integrity after receiving the encrypted and integrity protected first information. If the network device encrypts the first information first and then performs integrity protection, the eRemote UE verifies integrity a priori after receiving the encrypted and integrity protected first information, and then decrypts the first information.

In the embodiment of the present invention, the parameters used for generating PF _ enc and PF _ int may include one or more items of identification information of eRemote UE, identification information of eRelay UE, identification information of network device, and the like, in addition to Ks (_ int/ext) _ NAF or Kasme.

In order to prevent replay attack, the input information at least protecting integrity of the first information further includes fresh information, where the fresh information may be time information or counter information commonly stored in the network device and the eRemote UE, and after the eRemote UE receives the first information and verifies the MAC information, the eRemote UE needs to verify the received fresh information to ensure that the first information is legitimate and not the first information of replay attack by an attacker.

Specifically, the input information of the MAC information generated by the network device includes fresh information in addition to the information that includes PF _ int and at least the first information.

In this embodiment of the present invention, the first information may further include at least one of identification information of the eRelay UE, identification information of the network device, a broadcasted codeword, and a communication root key for communication between the eRemote UE and the eRelay UE. The identification information is information for uniquely determining an eRelay UE, an eRemote UE or a network device. The identity information of the eRemote UE and the identity information of the eRelay UE may be identity information of 3GPP or identity information allocated by the network device, respectively. The identification information of the network device may be a Full Qualified Domain Name (FQDN), the broadcast codeword used for discovery is a codeword broadcast by the eRelay UE in the relay discovery process, and the root key for communication between the eRemote UE and the eRelay UE is a key generated by the network device according to the restricted communication key and used for generating and protecting communication data between the eRemote UE and the eRelay UE, which will be described later. And S140, the network equipment sends the encrypted first information and GPI to the remote terminal through the relay terminal, or the network equipment sends the encrypted first information, and RAND and AUTN in AV to the remote terminal through the relay terminal.

Optionally, in this embodiment of the present invention, the network device may further send the MAC information and the fresh information to the remote terminal through the relay terminal. It should be noted that, the MAC information mentioned here may be information for integrity protecting the unencrypted first information, or information for integrity protecting the encrypted first information.

In S140, the combination of RAND and AUTN in GPI or AV sent by the network device to the remote terminal is used by the eRemote UE to generate symmetric keys of PF _ int and PF _ enc, where the symmetric keys include a key for decrypting the first information and a key for verifying integrity of information including at least the first information.

In the embodiment of the present invention, in the process of establishing a trusted connection between an eRemote UE and an ereplay UE, a specific process of a network device sending encrypted first information, GPI, and MAC information to the eRemote UE through the ereplay UE, or a specific process of a network device sending encrypted first information, RAND in AV, and AUTN, and MAC information to the eRemote UE through the eRelay UE may be:

in one embodiment, the network device sends a trust relationship establishment response (trust relationship response) message to the eRelay UE, where the response message includes the encrypted first information, GPI, and MAC information, or the response message includes the encrypted first information, RAND, AUTN, and MAC information in AV; the eRelay UE sends the encrypted first information, GPI and MAC information to the eRemote UE through a binding acknowledgement (binding acknowledgement) message, or the eRelay UE sends the encrypted first information, RAND and AUTN in the AV and MAC information to the eRemote UE through the binding acknowledgement message.

It should be noted that, in the embodiment of the present invention, in the information transmission process from the network device to the eRelay UE and from the eRelay UE to the eRemote UE, the protocol type and the signaling message used by the information may be different.

The trust relationship establishment response message may further include other information, such as identification information of the remote UE, ciphering selected by the network device for ciphering the first information, and/or integrity protection algorithm selected by the integrity protection, and the information for integrity protection by the network device may include the above information in addition to the first information, and the selected algorithm will be described in detail later.

In another optional implementation, the network device sends the encrypted first information and the saved key identifier obtained by the network device to the remote terminal through the relay terminal, where the key identifier is used for the remote terminal eRemote UE to obtain a corresponding key on the eRemote UE, and generates symmetric keys of PF _ int and PF _ enc based on the key, where the symmetric keys include a key for decrypting the first information and a key for verifying integrity of information at least including the first information.

S150, the remote terminal generates a PF _ enc symmetric key according to the GPI, decrypts and obtains the first information, or the remote terminal generates the PF _ enc symmetric key according to the RAND and the AUTN in the AV, decrypts and obtains the first information.

Optionally, in this embodiment of the present invention, the remote terminal generates a symmetric key of PF _ int according to GPI, or generates a symmetric key of PF _ int according to RAND and AUTN in AV, and verifies the integrity of information at least including the first information according to the received MAC information.

In one embodiment, the eRemote UE receives the GPI, generates Ks (_ int/ext) _ NAF according to the GPI, and generates symmetric keys of PF _ int and PF _ enc according to Ks (_ int/ext) _ NAF for decrypting the first information and verifying integrity of information at least including the first information to obtain a discovery key, so that the eRemote UE can discover the eRelay UE. Among them, it is prior art that eRemote UE generates Ks (_ int/ext) _ NAF according to GPI, and it is not stated herein. The method for generating PF _ int and PF _ enc by eRemote UE is the same as the generation method of the network device in step S130.

Or, in another embodiment, the eRemote UE generates a symmetric key Kasme of the second key according to the RAND and the AUTN in the AV, generates symmetric keys of the PF _ int and the PF _ enc based on the Kasme, decrypts the first information, and verifies integrity of information at least including the first information to obtain a discovery key, and then the eRemote UE may discover the eRelay UE. The symmetric key Kasme, in which the eRemote UE generates the second key from the RAND and AUTN in the AV, is prior art and is not further stated herein. The method for generating PF _ int and PF _ enc by eRemote UE is the same as the generation method of the network device in step S130. According to the method in step 140, since the network device can perform integrity protection on the unencrypted or encrypted first information, generate integrity-protected MAC information, and send the MAC and the encrypted first information to the eRemote UE, the sequence of decrypting and verifying the integrity of the discovery key is not limited at the eRemote UE side, and according to different implementation methods of the network side, the eRemote UE side can decrypt first information to obtain the discovery key, and then verify the integrity of information at least including the decrypted first information; or the integrity of the first information at least containing the encryption can be verified, and then the first information is decrypted to obtain the discovery key.

In another embodiment, the remote device obtains a corresponding key of the eRemote UE according to the obtained key identifier, generates a symmetric key of PF _ enc, decrypts and obtains the first information, generates a symmetric key of PF _ int based on the obtained key, and verifies the integrity of information at least including the first information according to the received MAC information.

In the step, after the eRemote UE acquires the first information and verifies the MAC information, the eRemote UE needs to verify that the fresh information acquired simultaneously with the first information is valid, and the specific verification method is that when the fresh information is time information, the time difference between the eRemote UE verification time and the network equipment is within an allowable range, the fresh information is considered to be valid; when the fresh information is the counter value, the network equipment compares that the received counter value is larger than the counter value stored by the network equipment, the received fresh information is considered to be valid, and the validity of the received first information can be further determined.

By adopting the key sending and receiving method provided by the embodiment of the invention, the discovered key is safely sent to the remote terminal, so that the remote terminal can discover the appointed relay terminal.

In this embodiment of the present invention, as shown in fig. 1, before the network device obtains the discovery key, the method further includes:

and S160, the relay terminal receives a binding request for establishing the trust relationship sent by the remote terminal.

The remote terminal, that is, the eRemote UE, discovers a relay terminal, that is, the eRelay UE, through open discovery (open discovery) under the user cooperation condition, and further sends a binding request, where the binding request includes identification information of the eRemote UE.

S170, the network equipment receives the request message for establishing the trust relationship sent by the relay terminal.

The request message for establishing the trust relationship is sent after the relay terminal receives the binding request sent by the remote terminal, wherein the binding request includes the identification information of the eRelay UE and the identification information of the eRemote UE.

And S180, the network equipment authenticates the remote terminal.

After receiving the request for establishing the trust relationship, the network device determines whether the eRemote UE can access the network through the eRelay UE, and if the authentication is passed, the network device obtains the discovery key, that is, S110 is executed.

After obtaining the discovery key, the network equipment sends a trust relationship establishment response (trust relationship response) message to the eRelay UE; the eRelay UE sends a binding acknowledgement (binding acknowledgement) message to the eRelay UE so as to complete the establishment of the trust relationship between the eRelay UE and the eRelay UE.

By the key sending and receiving method provided by the embodiment of the invention, the found key is safely sent to the legal remote terminal in the process of establishing the trust relationship between the remote terminal and the relay terminal, and then the remote terminal can find the relay terminal in a limited finding mode.

In step 130, the algorithm selected by the network device to encrypt the first information may be a preset algorithm, and similarly, the algorithm is also preset at the eRemote UE side, or the network device selects an algorithm supported by the network device and having a high priority according to an algorithm supported in the eRemote UE subscription information, and sends the selected algorithm identifier to the eRemote UE through step 140, where the algorithm identifier should not be encrypted, or the binding request message and the establishing trust connection request message in steps 160 and 170 include an algorithm supported by the eRemote UE, and the network entity selects an algorithm having a highest priority supported by the network device according to the received algorithm, and sends the selected algorithm identifier to the eRemote UE through step 140. In step 150, corresponding to different algorithm schemes selected by the network side, the eRemote UE may decrypt the first information according to a preset algorithm to obtain the first information, or determine an algorithm for decrypting the first information and verifying the integrity of the information according to the algorithm identifier received in step 140 to obtain the first information.

The method for the network device to perform the integrity protection determination algorithm on the information at least including the first information is consistent with the encryption algorithm, and is not described herein again.

Optionally, the selected algorithm may also be applied to the network device and the eRemote UE to generate the ciphering key PF _ enc according to the first key or the second key, or to generate the integrity key PF _ int according to the first key or the second key.

Optionally, in an embodiment of the present invention, the obtaining, by the network device, the first key and the GPI, or AV includes:

the network device to which the Relay UE belongs obtains a first key and a GPI from a BSF (Bootstrapping Server Function) according to the identification information of the eRemote UE, or generates the first key and the GPI by the network device after obtaining an authentication vector from a Home Subscriber Server (HSS) according to the identification of the eRemote UE.

Optionally, in an embodiment of the present invention, when an eRemote UE has attached and registered to a network device, if the eRemote UE and the eRemote UE belong to the same network device, the network device of the eRemote UE obtains a first key and a GPI, or the AV is consistent with the above method, and if the eRemote UE and the eRemote UE belong to different network devices, the network device belonging to the eRemote UE determines, according to identification information of the eRemote UE, the network device to which the eRemote UE belongs, and sends a request message to the network device to which the eRemote UE belongs, where the request message includes identification information of the eRemote UE to request Ks (_ int/ext) _ GPI and the NAF, or the AV. After receiving the request message, the network device to which the eRemote UE belongs acquires Ks (_ int/ext) _ NAF and GPI, or AV, and returns a response message to the network device to which the eRelay UE belongs.

It should be noted that, in the embodiment of the present invention, a request message sent by a network device to which an eRelay UE belongs to a network device to which the eRelay UE belongs may be referred to as a key request message, and also referred to as another name.

Optionally, in an embodiment of the present invention, after receiving the request message for establishing a trust relationship sent by the relay terminal, the network device may generate a communication root key for performing 1:1 communication between the eRemote UE and the eRelay UE in the following manner, that is, to protect signaling and data in a communication process between the eRemote UE and the eRelay UE.

The process of generating the communication root key may specifically be: during the process of establishing communication connection between the remote terminal and the relay terminal, the remote terminal and the relay terminal derive a session key for communication between the eRemote UE and the eRelay UE by using a root key of the limited discovery key, or the DUCK and the DUIK, as the root key, and deriving a session key for communication between the eRemote UE and the eRelay UE by using the root key or the DUCK and the DUIK, for example, derive a session key for communication between the eRemote UE and the eRelay UE by using PSDK, derive a session key by using the DUCK/DUIK, derive a session key for encryption and integrity protection by using the session key, or directly derive a session key for encryption and integrity protection of communication by using the DUCK/DUIK.

In other words, after the network device receives the request message for establishing trust relationship sent by the relay terminal, the method may further include:

the network equipment generates a communication root key for the communication between the remote terminal and the relay terminal according to the found key; the network device sends the communication root key to the remote terminal through the relay terminal.

In an embodiment of the present invention, the network device may send the communication root key and the discovery key together to the remote terminal.

Fig. 1 depicts a technical solution for securely sending a discovery key to a legitimate eRemote UE in a process of establishing a trusted connection between an eRemote UE and an eRelay UE. The following describes, with reference to fig. 2 to fig. 4, a technical solution for sending a discovery key to a legitimate eRemote UE securely in a process of establishing a communication connection between the eRemote UE and the eRelay UE.

Fig. 2 is a flowchart of a method for sending a key according to an embodiment of the present invention. As shown in fig. 2, the method may include the steps of:

s201, the first device receives a first message sent by the relay terminal.

In the embodiment of the present invention, the first device may be a network device or a mobile network management entity.

The eRemote UE discovers the eRelay UE, a trust relationship is established between the eRemote UE and the eRelay UE, then the eRemote UE sends a communication request message to the eRelay UE to request for establishing communication connection between the eRemote UE and the eRelay UE, and after receiving the communication request message, the eRelay UE sends a first message to first equipment, wherein the first message comprises identification information of the eRemote UE and identification information of the eRelay UE.

In this embodiment of the present invention, the first message may be referred to as an authentication request (authorization request) message or a key request message, and may also be referred to as another name, which is not limited in this embodiment of the present invention.

S202, the first equipment authenticates the communication connection established by the remote terminal through the relay terminal according to the first message.

And after receiving the first message, the first equipment verifies whether the eRemote UE is allowed to access the network through the eRelay UE. If it is

If the authentication is passed, the first equipment executes subsequent operation to establish communication connection between eRemote UE and eRelay UE, and sends a discovery key to the eRemote UE in the process of establishing the communication connection; and if the authentication is not passed, terminating the establishment of the communication connection.

S203, the first device acquires a root key of the remote terminal.

And when the first equipment authenticates the eRemote UE through the eRelay UE access network and the authentication is passed, the first equipment acquires the root key of the eRemote UE.

When the first device is a network device, the root key of the eRemote UE may be a root key proximity service Relay User key pruk (prose Relay User key) of the eRemote UE preset on the network device, or a key Ks (_ int/ext) _ NAF stored in the network device and used for protecting communication between the eRemote UE and the network device.

When the first device is a mobile network management entity, the root key of the eRemote UE is a root key in a security context of the eRemote UE, such as Kasme.

S204, the first device generates a first key according to the root key, and encrypts first information by using the first key, wherein the first information comprises a discovery key.

In this embodiment of the present invention, the first information may further include identification information of the eRemote UE, identification information of the eRelay UE, identification information of the first device, and the like. The identification information is information for uniquely identifying the eRemote UE, the eRelay UE, and the first device.

Optionally, in an embodiment of the present invention, the first device may further generate a second key for integrity protecting at least the first information according to the root key.

In the embodiment of the present invention, after obtaining the root key of the eRemote UE, the first device may further generate a communication root key for communication between the eRemote UE and the eRelay UE by using the root key of the eRemote UE.

In an optional embodiment of the invention, the first device generating a first key for encrypting the first information and generating a second key for integrity protecting at least the first information, comprises: after the first device generates a communication root key for communication between the eRemote UE and the eRelay UE based on the root key of the eRemote UE, a first key for encrypting first information and a second key for integrity protection of at least the first information are generated according to the communication root key for communication between the eRemote UE and the eRelay UE, wherein the first device generates the communication root key for communication between the eRemote UE and the eRelay UE based on the root key of the eRemote UE belongs to the prior art, and is not stated herein.

Optionally, in another optional embodiment of the present invention, after the first device generates a communication root key for communication between the eRemote UE and the eRelay UE based on the root key of the eRemote UE, the first device may further derive a session key for communication between the eRemote UE and the eRelay UE according to the communication root key for communication between the eRemote UE and the eRelay UE, and then generate a first key for encrypting the first information and a second key for integrity protection of at least the first information according to the session key, where the first device generates the communication root key for communication between the eRemote UE and the eRelay UE based on the root key of the eRemote UE, and further derives that the session key belongs to the prior art, and is not further stated herein.

The first device encrypts the first information by using the generated first key; and the first equipment at least performs integrity protection on the first information by using the second key to generate the MAC information.

It should be noted that, in this transmission embodiment, the MAC information generated by the first device indicates that at least the first information that is encrypted or unencrypted is obtained after integrity protection is performed on the first information, and in this embodiment of the present invention, the order in which the first device performs encryption and integrity is not limited.

S205, the first device transmits the encrypted first information to the remote terminal through the relay terminal.

In this embodiment of the present invention, the sending, by the first device, the encrypted first information to the eRemote UE through the eRelay UE may specifically be: the first device sends a response message of the first message, which may be an authentication response (authentication response) message, to the eRelay UE. The encrypted first information may be included in the response message and sent to the eRemote UE by the eRelay UE through a direct security mode command message or a direct communication accept message.

Optionally, in an embodiment of the present invention, the first device may further send the MAC information to the remote terminal through the relay terminal. The MAC information is transmitted together with the encrypted first information.

S206, the remote terminal decrypts the encrypted first information to obtain the discovery key.

The eRemote UE generates a symmetric key of the first key in the same way as the first device, that is, the eRemote UE obtains its own root key, which may be PRUK or Ks (_ int/ext) _ NAF or Kasme in the security context of the eRemote UE, generates symmetric keys of the first key and the second key based on the root key, decrypts the encrypted first information by using the symmetric key of the first key, and verifies the MAC to verify the integrity of the information at least containing the first information, thereby obtaining a discovery key, and thus the eRemote UE can discover the eRelay UE in a limited discovery way.

And the eRemote UE generates MAC 'information according to the symmetric key of the second key, the eRemote UE compares the MAC' information generated by the eRemote UE with the received MAC information sent by the first equipment, and if the eRemote UE is the same, the information at least containing the first information is not tampered.

The method for generating the first key and the second key by the eRemote UE is the same as the method for generating the first key and the second key by the first device, that is, the eRemote UE may generate the symmetric keys of the first key and the second key based on different methods corresponding to different methods of the first device.

As in the embodiment shown in fig. 1, the eRemote UE does not limit the sequence of decrypting the encrypted first information and verifying the integrity of at least the first information, and according to a different implementation method of the first device, the eRemote UE may first decrypt the encrypted first information to obtain the discovery key, and then verify the integrity of the decrypted first information, or may first verify the integrity of the encrypted first information and then decrypt the encrypted first information to obtain the discovery key.

By adopting the scheme of the embodiment of the invention, the found key is safely sent to the legal eRemote UE in the process of establishing the communication connection between the eRemote UE and the eRelay UE, so that the eRemote UE can find the eRelay UE to find the eRelay UE in a limited discovery mode.

The embodiment of the present invention may also send the found key to the legitimate eRemote UE securely by another method for sending the key, as shown in fig. 3. The embodiment shown in fig. 3 is different from the embodiment shown in fig. 2 in that after the first device acquires the discovery key, the discovery key is included in the first information and sent to the eRelay UE, after the eRelay UE establishes a communication connection with the eRelay UE, the eRelay UE encrypts and integrity-protects the first information including the discovery key based on the encryption and integrity protection keys used by the communication link between the eRelay UE and the eRelay UE, and sends the encrypted and integrity-protected discovery key to the eRelay UE through the communication link with the eRelay UE. This embodiment is described in detail below with reference to fig. 3.

S301, the first device receives a first message sent by the relay terminal.

The first message includes identification information of the remote terminal.

S302, the first device authenticates the remote terminal to access the network through the relay terminal.

And after receiving the first message, the first equipment verifies whether the eRemote UE is allowed to access the network through the eRelay UE. And if the authentication is passed, the first equipment executes subsequent operation to establish communication connection between the eRemote UE and the eRelay UE, and sends the discovery key to the eRemote UE in the process of establishing the communication connection.

S303, the first device sends a second message to the relay terminal, where the second message includes the first information, and the first information includes a discovery key used for the remote terminal to discover the relay terminal.

The second message is a response message to the first message.

The first information may further include one or more items of identification information of the eRemote UE, identification information of the eRelay UE, and identification information of the first device.

S304, the relay terminal encrypts the first information.

After receiving the second message sent by the first device, the relay terminal negotiates with the eRemote UE to generate an encryption key and an integrity protection key for communication between the eRemote UE and the eRelay UE, so as to protect signaling and data between the eRemote UE and the eRelay UE, and the relay terminal generates the encryption key and the integrity protection key for communication between the eRemote UE and the eRelay UE in the prior art.

When the relay terminal sends the first information to the remote terminal through the signaling message, for example, the first information is sent to the remote terminal through the direct security mode command message, at this time, the relay terminal at least performs integrity protection on the first information by using an integrity protection key for communication between the remote terminal and the relay terminal to generate an MAC, and encrypts the first information by using an encryption key for communication between the remote terminal and the relay terminal; after the key agreement between the remote terminal and the relay terminal is completed, the relay terminal may also send the first information through other signaling plane messages, such as a direct communication acceptance message, which should be encrypted and integrity protected using the encryption and integrity protection key for the communication between the remote terminal and the relay terminal.

In another optional implementation, after the relay terminal completes key agreement with the remote terminal and establishes a communication link, the relay terminal sends the first information to the remote terminal through user plane data, and in this case, the relay terminal encrypts the first information including the discovery key using an encryption key for communication between the eRemote UE and the eRelay UE, and performs integrity protection on at least the first information using an integrity protection key for communication between the eRemote UE and the eRelay UE to generate the MAC.

In another optional embodiment, after generating or obtaining a root key for communicating with the remote terminal, the relay terminal may generate an encryption key based on the root key for communicating with the remote terminal, where the encryption key is used to encrypt the first information, optionally, generate an integrity protection key based on the root key for communicating with the remote terminal, where the integrity protection key is used to perform integrity protection on at least the first information, after the relay terminal generates the encryption key and the integrity protection key, the first information may be sent to the remote terminal through a signaling message or user plane data, and after receiving the first information, the remote terminal generates the encryption key and the integrity protection key in the same manner as the relay terminal, so as to verify the integrity of the information at least including the first information and decrypt the first information.

When the relay terminal sends the first message through the signaling message or the user plane data, the signaling message or the user plane data should include the indication information of the found key, so that after the remote terminal identifies the indication information of the found key, the first message is decrypted by using the encryption key of the communication between the remote terminal and the relay terminal or the symmetric key of the encryption key used for encrypting the first message, thereby obtaining the first message.

S305, the relay terminal transmits the encrypted first information to the remote terminal.

S306, the remote terminal decrypts to obtain the discovery key.

The eRemote UE and the eRelay UE negotiate to generate a symmetric key of an encryption key and an integrity protection key which are communicated with the eRelay UE.

Whether the eRelay UE sends the first information through the signaling message or the data, the eRemote UE decrypts the received signaling or the data by using the symmetric key of the encryption key to obtain the first information, and verifies the integrity of the first information or the information at least containing the first information by using the symmetric key of integrity protection, so as to obtain the discovery key.

Before the first device receives the first message sent by the relay terminal, as shown in fig. 4, a process of dynamically establishing a trust relationship between an eRemote UE and an eRelay UE is further included. The process can be concretely as follows:

s407, the relay terminal receives a binding request for establishing a trust relationship sent by the remote terminal.

The eRemote UE discovers the eRelay UE through open discovery (open discovery), and sends a binding request (binding request) to the eRelay UE to request to establish a trusted connection relationship with the eRelay UE. The request for establishing the binding information comprises identification information of eRemote UE.

S408, the network equipment receives the request message for establishing the trust relationship sent by the relay terminal.

The trust relationship establishing request message is sent by the relay terminal after receiving the binding request sent by the remote terminal, and the trust relationship establishing request message comprises the identification information of the relay terminal and the identification information of the remote terminal.

S409, the network equipment verifies that the remote terminal can access the network through the relay terminal.

After receiving the request message for establishing the trust relationship, the network equipment verifies that the remote terminal can access the network through the relay terminal.

And S410, if the authentication is passed, the network equipment obtains the discovery key.

Optionally, in an embodiment of the present invention, as shown in fig. 4, the method may further include: and the network equipment sends the discovery key to the MME to which the relay terminal belongs. In an embodiment of the present invention, the network device may send the discovery key to the MME through a Home Subscriber Server (HSS), and the specific process may be:

s413, the network device sends an update proximity service policy data (updata policy data) message to the HSS.

The updata probe policy data message includes a discovery key and other parameter information for discovery.

S414, the HSS sends the inserted user data information to the MME.

After receiving the message for updating the proximity service policy data, the HSS sends an inserted user data message to an MME to which the eRelay UE belongs, where the inserted user data message includes a discovery key and other parameter information used for discovery, such as a codeword used for discovery broadcast by the eRelay UE;

s415, the MME sends an insert data confirm message to the HSS.

After receiving the inserted user data information, the MME saves the discovery key and other parameters for discovery in the context of the eRelay UE, and returns an inserted user data acknowledgement (insert subscriber data ACK) information to the HSS.

Fig. 1 to 4 describe a key transmission method, and the following describes, with reference to fig. 5 to 10, devices including a network device, an MME, a remote terminal, and a relay terminal according to an embodiment of the present invention.

Fig. 5 is a network device according to an embodiment of the present invention, where the network device is a network device to which a relay terminal belongs. As shown in fig. 5, the network device may include a processor 510 and a transmitter 520.

Processor 510 is configured to obtain a discovery key for a remote terminal to discover relay terminals.

The processor 510 is further configured to obtain the first key and the generic bootstrapping architecture push information GPI, or the network device obtains the authentication vector AV.

The processor 510 is further configured to generate a third key according to the first key or the second key in the AV, and encrypt the first information with the third key, where the first information includes the discovery key.

A transmitter 520, configured to send the encrypted first information and the GPI to the remote terminal through the relay terminal, or send the encrypted first information, the RAND information in the AV, and the AUTN information to the remote terminal through the relay terminal; and the RAND information and the AUTN information in the GPI or AV are used for the remote terminal to generate a symmetric key of a third key, and the encrypted first information is decrypted by adopting the symmetric key of the third key to obtain a discovery key.

When the remote terminal and the relay terminal do not establish a trust connection relationship, a user is required to manually cooperate to complete the trust connection between the remote terminal and the relay terminal. In the process of establishing the trust connection, the remote terminal is required to send a binding request for establishing the trust relationship to the relay terminal so as to trigger the relay terminal to send a request message for establishing the trust relationship to the network equipment, and establish the trust connection relationship between the remote terminal and the relay terminal.

After receiving the request message for establishing trust relationship sent by the relay terminal, the network device authenticates the remote terminal, and if the authentication is passed, the network device generates a discovery key for the remote terminal to discover the specified relay terminal, wherein the discovery key may be a root key for limited discovery or an encryption key, an integrity key and a scrambling key used in the limited discovery process, such as DUCK, DUIK and DUSK.

Processor 510 obtains a first key Ks (_ int/ext) _ NAF and GPI information from HSS, where Ks (_ int/ext) _ NAF is a key for communication between the network device and the remote terminal, and Ks (_ int/ext) _ NAF is a key generated based on GBA push method. Or processor 510 obtains authentication vector AV to complete the encryption of the discovery key.

If the processor 510 obtains Ks (_ int/ext) _ NAF and GPI information, a third key PF _ enc that encrypts the first information is generated according to Ks (_ int/ext) _ NAF. If the processor 510 acquires the AV, a third key PF _ enc is generated according to the second key Kasme in the AV. Processor 510 then encrypts the first information, including the discovery key, using PF enc.

Optionally, in this embodiment of the present invention, the processor 510 may further perform integrity protection on the information of the at least first information.

The processor 510 generates a fourth key PF _ int according to Ks (_ int/ext) _ NAF or Kasme, and performs integrity protection on at least the first information using PF _ int to generate MAC information.

Optionally, in this embodiment of the present invention, the parameter for generating PF _ enc and PF _ int may include one or more items of identification information of the remote terminal, identification information of the relay terminal, identification information of the network device, and the like, in addition to Ks (_ int/ext) _ NAF or Kasme.

In the embodiment of the present invention, the first information may further include other information, such as at least one of identification information of the network device, identification information of the relay terminal, a code word of the broadcast, and a communication root key for the remote terminal and the relay terminal to communicate. For example, when the discovery key is a root key for restricted discovery, the first information may further include metadata information on how to protect the discovery (discovery) message, such as one or more of encryption, integrity protection, and scrambling codes, so that the remote terminal generates an encryption key, an integrity protection key, and a scrambling code key according to the root key.

After the processor 510 encrypts the first information including the discovery key, the transmitter 520 transmits the encrypted first information to the remote terminal through the relay terminal. The specific process comprises the following steps: the transmitter 520 transmits the encrypted first information, the GPI information, and the MAC information to the relay terminal, or the transmitter 520 transmits the encrypted first information, the RAND and AUTN in the AV, and the MAC information to the relay terminal, and then the relay terminal transmits the received information to the remote terminal. After receiving the information, the remote terminal generates a key for decrypting the encrypted first information according to the GPI or the combination of the RAND and the AUTN in the AV and a key for performing complete protection verification on at least the first information.

By adopting the scheme provided by the embodiment of the invention, in the process of establishing the trust connection between the remote terminal and the relay terminal, the network equipment safely sends the discovery key to the legal remote terminal so as to realize the discovery of the relay terminal by the subsequent remote terminal.

Optionally, in an embodiment of the present invention, after the network device receives the request message for establishing a trust relationship sent by the relay terminal, a communication root key for the remote terminal and the relay terminal to perform 1:1 communication may be generated as follows, that is, the communication root key is used to protect signaling and data in the communication process between the remote terminal and the relay terminal. The communication root key may be sent to the remote terminal along with the discovery key.

Optionally, in an embodiment of the invention, a receiver and a memory. The receiver is used for receiving information sent by a device communicating with the receiver, such as a resume trust relationship request message sent by the relay terminal to the network device. The memory is used to store instructions or data, such as discovery keys.

Fig. 6 is a remote terminal according to an embodiment of the present invention. The remote terminal may include a receiver 610 and a processor 620.

The receiver 610 is configured to receive a first message sent by the relay terminal, where the first message includes encrypted first information and generic bootstrapping architecture push information GPI, or the first message includes encrypted first information and RAND information and AUTN information in the authentication vector AV, where the first information includes a discovery key.

And a processor 620, configured to generate a first key according to the GPI, or the RAND information and the AUTN information, generate a second key based on the first key, and decrypt the encrypted first information using the second key.

In the process of establishing the trust link relationship between the remote terminal and the relay terminal, the receiver 610 of the remote terminal receives a first message sent by the relay terminal, where the first message may be a response message of a binding request for establishing the trust relationship. The first message comprises encrypted first information, GPI information, or the first message comprises encrypted first information and RAND and AUTN in AV.

The processor 620 generates a key for decrypting the encrypted first information according to the GPI or according to the RAND and AUTN in the AV, and decrypts the encrypted first information to obtain the discovery key.

Optionally, in this embodiment of the present invention, the first message may further include MAC information for integrity protecting information of at least the first information. The processor 620 may further generate a key for performing integrity verification on the information of the at least first information according to the GPI or according to the RAND and the AUTN in the AV, and generate the MAC 'information based on the key, and the processor 620 compares the received MAC information with the generated MAC' information to verify the integrity of the information of the at least first information.

Optionally, in this embodiment of the present invention, the processor 620 generates a key for decrypting the encrypted first information and input parameters of the key for integrity protecting at least information of the first information, which may include at least one of identification information of the relay terminal, identification information of the remote terminal, and identification information of the network device, in addition to the GPI, or the RAND and AUTN in the AV.

Optionally, in the implementation of the present invention, the remote terminal may further include a transmitter and a memory. The transmitter is configured to send information to a device in communication with or connected to the transmitter, for example, the remote terminal sends a binding request for establishing a trust relationship to the relay terminal. The memory is used to store instructions and data, such as discovery keys.

Fig. 7 is a diagram of an apparatus according to an embodiment of the present invention, which may include a receiver 710, a processor 720, and a transmitter 730.

The receiver 710 is configured to receive a first message sent by the relay terminal, where the first message includes identification information of the remote terminal.

And a processor 720, configured to authenticate the remote terminal to establish the communication connection through the relay terminal according to the first message.

If the authentication is passed, processor 720 obtains the root key of the remote terminal.

The processor 720 is further configured to generate a first key according to the root key, and encrypt first information with the first key, where the first information includes the discovery key.

A transmitter 730, configured to transmit the encrypted first information to the remote terminal through the relay terminal, so that the remote terminal generates a symmetric key of the first key according to the communication root key of the remote terminal, and decrypts the encrypted first information using the symmetric key of the first key to obtain the discovery key.

The remote terminal finds the relay terminal and establishes a trust relationship with the relay terminal, the remote terminal sends a communication request message to the relay terminal to establish a communication link between the remote terminal and the relay terminal, and the relay terminal sends a first message to the first device after receiving the communication request message, wherein the first message can be an authentication request message or a key request message, and the message comprises identification information of the remote terminal and identification information of the relay terminal.

After the receiver 710 receives the first message, it authenticates the communication connection established by the remote terminal through the relay terminal according to the identification information of the remote terminal in the first message, and if the authentication is passed, the processor 720 obtains the root key of the remote terminal.

In the embodiment of the present invention, the root key of the remote terminal may be Ks (_ int/ext) _ NAF, or Kasme in the eRemote UE security context. The processor 720 generates a key for encrypting the first information, which includes the discovery key, according to Ks (_ int/ext) _ NAF or Kasme, and encrypts the first information.

Optionally, in an embodiment of the present invention, the processor 720 may generate a communication root key for the remote terminal to communicate with the relay terminal according to Ks (_ int/ext) _ NAF or Kasme, and generate a key for encrypting the first information and a key for integrity protecting at least the first information according to the communication root key.

Alternatively, in another embodiment of the present invention, the processor 720 may generate a communication root key for the remote terminal to communicate with the relay terminal according to Ks (_ int/ext) _ NAF or Kasme, generate a session key for the remote terminal to communicate with the relay terminal according to the communication root key, and generate the session key according to the session key. A key for encrypting the first information and a key for integrity protecting at least the first information.

Optionally, in this embodiment of the present invention, the processor 720 may further generate a key for integrity protecting at least the first information according to Ks (_ int/ext) _ NAF or Kasme, and generate the MAC information. After the processor 720 encrypts the first information and integrity-protects at least the first information, the transmitter 730 transmits the encrypted first information, the root key of the remote terminal, and the MAC information to the relay terminal, and then transmits the encrypted first information, the root key of the remote terminal, and the MAC information to the remote terminal via the relay terminal, so that the remote terminal decrypts the encrypted first information after receiving the information, verifies the integrity of at least the first information, ensures the security of the information, and obtains the discovery key.

By adopting the equipment of the embodiment of the invention, the found secret key is safely sent to the legal remote terminal in the process of establishing communication connection between the remote terminal and the relay terminal.

Alternatively, in the embodiment of the present invention, the device may be a network device, before the processor acquires the root key of the remote terminal,

the receiver 710 is further configured to receive a request message for establishing a trusted connection sent by the relay terminal, where the request message for establishing a trusted connection includes identification information of the relay terminal and identification information of the remote terminal. Processor 720 authenticates the remote terminal accessing the network through the relay terminal based on the establish trusted connection request message. If the authentication is passed, processor 720 generates a discovery key.

Optionally, in this embodiment of the present invention, the device may be a mobility management entity MME; the discovery key is obtained before the processor 720 encrypts the first information using the key that encrypts the first information and the processor integrity protects at least the first information using the key that integrity protects at least the first information.

In this embodiment of the present invention, acquiring the discovery key may include:

the receiver 710 receives the inserted subscriber data information sent by the home subscriber server HSS, where the inserted subscriber data information includes a discovery key, and the HSS obtains the discovery key from the proximity service server or a proximity service key management function PKMF entity.

Fig. 8 is a remote terminal according to an embodiment of the present invention, where the remote terminal may include a receiver 810 and a processor 820.

The receiver 810 is configured to receive a first message sent by the relay terminal, where the first message includes encrypted first information, and the first information includes a discovery key.

A processor 820 configured to generate a first key according to the root key, and decrypt the encrypted first information using the first key to obtain a discovery key.

Optionally, in this embodiment of the present invention, the processor 820 may further generate a key for integrity protecting at least the first information according to the root key, and integrity protect at least the first information using the key to generate MAC information, so as to verify the integrity of the information of at least the first information.

In one embodiment of the invention, the processor 820 generates a communication root key for the remote terminal to communicate with the relay terminal according to the root key, generates a key for encrypting the first information according to the communication root key, and generates a key for integrity protecting at least the first information.

In another embodiment of the present invention, the processor 820 generates a communication root key for the remote terminal to communicate with the relay terminal from the root key, generates a communication session key for the remote terminal to communicate with the relay terminal from the communication root key, generates a key for encrypting the first information from the session key, and generates a key for integrity protecting at least the first information.

Optionally, in this embodiment of the present invention, the first message may be a direct security mode command message or a direct communication acceptance message, where the direct security mode command message or the direct communication acceptance message includes the discovery key indication information. Optionally, in the embodiment of the present invention, the remote terminal may further include a transmitter and a memory. The transmitter is used for transmitting a message of a connection establishment request to the relay terminal when the remote terminal establishes communication connection with the relay terminal so as to trigger the relay terminal to establish communication connection; the memory is used to store instructions and data, such as discovery keys and the like.

Fig. 9 is a diagram of another apparatus according to an embodiment of the present invention, which may include a receiver 910, a processor 920, and a transmitter 930.

The receiver 910 is configured to receive a first message sent by the relay terminal, where the first message includes identification information of the remote terminal.

And a processor 920, configured to authenticate the remote terminal accessing the network through the relay terminal according to the first message.

If the authentication is passed, the transmitter 930 transmits a second message to the relay terminal, the second message including first information including a discovery key for the remote terminal to discover the relay terminal, so that the relay terminal transmits the first information to the remote terminal.

After the receiver 910 receives the first message, the processor 920 authenticates the communication connection established by the relay terminal through the remote terminal according to the identification information of the remote terminal in the first message, and if the authentication is successful, the transmitter 930 transmits a second message to the relay terminal, where the second message is a response message of the first message. The second message comprises first information, and the first information comprises a discovery key.

And after receiving the second message, the relay terminal sends the first information including the discovery key in the second message to the remote terminal.

Optionally, in an embodiment of the present invention, the device may be a network device, and before the receiver 910 receives the first message sent by the relay terminal, the receiver 910 is further configured to receive a request message for establishing a trusted connection sent by the relay terminal, where the request message for establishing a trusted connection includes identification information of the relay terminal and identification information of the remote terminal; the processor 920 authenticates the remote terminal to access the network through the relay terminal according to the request message for establishing the trusted connection; if the authentication is passed, the processor 920 generates a discovery key.

Optionally, in another embodiment of the present invention, the apparatus is a mobility management entity MME; the discovery key is acquired before the receiver 910 receives the first message transmitted by the relay terminal.

In the embodiment of the present invention, acquiring the discovery key includes:

the receiver 910 receives the inserted subscriber data information sent by the home subscriber server HSS, where the inserted subscriber data information includes a discovery key, and the HSS obtains the discovery key from the proximity service server or a proximity service key management function PKMF entity.

Fig. 10 is a relay terminal according to an embodiment of the present invention, where the relay terminal may include a receiver 1010, a processor 1020, and a transmitter 1030.

A receiver 1010, configured to receive a first message sent by a first device, where the first message includes first information, and the first information includes a discovery key used for a remote terminal to discover a relay terminal;

a processor 1020 for encrypting the first information using an encryption key for communication with the remote terminal;

a transmitter 1030 for transmitting a second message to the remote terminal, the second message comprising the encrypted first information.

In this embodiment of the present invention, after the receiver 1010 receives the first information sent by the first device, the processor 1020 encrypts the first information and sends the encrypted first information to the remote terminal, so as to ensure the security of the discovery key included in the first information.

In an embodiment of the present invention, the processor 1020 may send the first information to the remote terminal through a signaling message, for example, a direct security mode command message, where the relay terminal performs integrity protection on at least the first information by using an integrity protection key for communication between the remote terminal and the relay terminal to generate a MAC, and encrypts the first information by using an encryption key for communication between the remote terminal and the relay terminal; after the key agreement between the remote terminal and the relay terminal is completed, the relay terminal may also send the first information through other signaling plane messages, such as a direct communication acceptance message, which should be encrypted and integrity protected using the encryption and integrity protection key for the communication between the remote terminal and the relay terminal.

In another embodiment of the present invention, the processor 1020 transmits the first information to the remote terminal through the user plane data by the transmitter 1030 after the key agreement with the remote terminal is established, in which case the processor 1020 encrypts the first information including the discovery key using an encryption key for the remote terminal to communicate with the relay terminal, and integrity-protects at least the first information using an integrity-protection key for the remote terminal to communicate with the relay terminal to generate the MAC.

So that the remote terminal, after receiving the second message sent by the transmitter 1030, decrypts the first information included in the second message according to the conventional method to obtain the discovery key.

Optionally, in this embodiment of the present invention, the second message may be a direct security mode command message or a direct communication acceptance message, where the direct security mode command message or the direct communication acceptance message includes the discovery key indication information.

Optionally, in this embodiment of the present invention, the first device may be a network device or an MME.

Embodiments of the present invention also provide a computer program product including instructions for performing any one of the methods/steps described above with reference to fig. 1 to 4 when the instructions are executed on a computer.

Embodiments of the present invention also provide a computer-readable storage medium for storing instructions, which when executed on a computer, perform any one of the methods/steps that may be implemented in fig. 1 to 4.

In the various embodiments of the invention described above, implementation may be in whole or in part via software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk), among others.

The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims

1. A method for transmitting a key, which is used for a network device to which a relay terminal belongs, the method comprising:

the network equipment obtains a discovery key, and the discovery key is used for a remote terminal to discover the relay terminal based on a limited mode;

the network equipment acquires an authentication vector AV;

the network equipment generates a third key according to a second key Kasme in the AV, and encrypts first information by adopting the third key, wherein the first information comprises the discovery key;

the network equipment sends encrypted first information, RAND information in the AV and AUTN information to a remote terminal through a relay terminal; and the RAND information and the AUTN information in the AV are used for the remote terminal to generate a symmetric key of the third key, and the encrypted first information is decrypted by adopting the symmetric key of the third key to obtain the discovery key.

2. The method of claim 1, further comprising:

the network equipment generates a fourth key according to a second key Kasme in the AV, and adopts the fourth key to perform integrity protection on at least the first information to generate MAC information;

the network device sends the encrypted first information, the RAND information in the AV, and the AUTN information to the remote terminal through the relay terminal, and further includes:

the network equipment sends the MAC information to a remote terminal through a relay terminal; the RAND information and the AUTN information in the AV are also used for the remote terminal to generate a symmetric key of the fourth key, and the integrity of information at least including the first information is verified according to the MAC information by using the symmetric key of the fourth key.

3. The method of claim 2, wherein the network device generates a third key based on the second key in the AV, and wherein the network device generates a fourth key based on the second key in the AV, and wherein the generating the third key or the fourth key further comprises:

at least one of the identification information of the relay terminal, the identification information of the remote terminal and the identification information of the network equipment is used as an input parameter for generating the third key or the fourth key.

4. The method of any of claims 1 to 3, wherein the first information further comprises:

at least one of identification information of the network device, identification information of the relay terminal, a broadcasted codeword, and a communication root key for communication between the remote terminal and the relay terminal.

5. A method for transmitting a key, the method comprising:

the remote terminal receives a first message sent by the relay terminal, wherein the first message comprises encrypted first information, a key identifier, and RAND information and AUTN information in an authentication vector AV, and the first information comprises a discovery key;

and the remote terminal determines a first key according to the key identifier, generates a second key Kasme by combining the first key according to the RAND information and the AUTN information, and decrypts the encrypted first information by using the second key Kasme.

6. The method of claim 5, wherein the first message further comprises MAC information; the method further comprises the following steps:

the remote terminal generates a third key based on the first key and verifies the MAC information using the third key, thereby verifying the integrity of information containing at least the first information.

7. The method of claim 6, wherein the generating a second key, Kasme, in combination with the first key based on the RAND information and the AUTN information, and wherein the generating a third key based on the first key comprises:

and at least one item of identification information of the relay terminal, identification information of the remote terminal and identification information of network equipment is used as an input parameter for generating the second key Kasme or the third key.

8. A key transmission device, wherein the device is a network device to which a relay terminal belongs, and the network device includes:

a processor configured to obtain a discovery key for a remote terminal to discover the relay terminal based on a restricted manner;

the processor is further configured to acquire the network device acquisition authentication vector AV;

the processor is further configured to generate a third key according to a second key Kasme in the AV, and encrypt first information using the third key, where the first information includes the discovery key;

a transmitter for transmitting the encrypted first information, the RAND information in the AV, and the AUTN information to a remote terminal through a relay terminal; and the RAND information and the AUTN information in the AV are used for the remote terminal to generate a symmetric key of the third key, and the encrypted first information is decrypted by adopting the symmetric key of the third key to obtain the discovery key.

9. The apparatus of claim 8,

the processor is further configured to generate a fourth key according to a second key Kasme in the AV, and perform integrity protection on at least the first information by using the fourth key to generate MAC information;

the transmitter transmits the encrypted first information, RAND information in the AV, and AUTN information to the remote terminal through the relay terminal, and further includes:

the transmitter transmits the MAC information to a remote terminal through a relay terminal; the RAND information and the AUTN information in the AV are also used for the remote terminal to generate a symmetric key of the fourth key, and the integrity of information at least including the first information is verified according to the MAC information by using the symmetric key of the fourth key.

10. The apparatus of claim 9, wherein the processor generates a third key based on a second key in the AV, Kasme, and wherein the processor generates a fourth key based on the second key in the AV, and wherein generating the third key or the fourth key further comprises:

11. The apparatus of any of claims 8 to 10, wherein the first information further comprises:

12. A device for transmitting a secret key, wherein the device is a remote terminal, and the remote terminal comprises:

the receiver is configured to receive a first message sent by a relay terminal, where the first message includes encrypted first information, a key identifier, and RAND information and AUTN information in an authentication vector AV, and the first information includes a discovery key;

and the processor is used for determining a first key according to the key identification, generating a second key Kasme by combining the first key according to the RAND information and the AUTN information, and decrypting the encrypted first information by using the second key Kasme.

13. The apparatus of claim 12, wherein the first message further comprises MAC information;

14. The apparatus of claim 13, wherein the generating a second key Kasme in combination with the first key based on the RAND information and the AUTN information, and wherein the generating a third key based on the first key comprises: