CN112584379A - Direct connection communication security key negotiation method based on 5G D2D technology - Google Patents
Direct connection communication security key negotiation method based on 5G D2D technology Download PDFInfo
- Publication number
- CN112584379A CN112584379A CN202011410828.6A CN202011410828A CN112584379A CN 112584379 A CN112584379 A CN 112584379A CN 202011410828 A CN202011410828 A CN 202011410828A CN 112584379 A CN112584379 A CN 112584379A
- Authority
- CN
- China
- Prior art keywords
- terminal
- network
- security
- communication
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 63
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000005516 engineering process Methods 0.000 title claims abstract description 19
- 230000000977 initiatory effect Effects 0.000 claims abstract description 13
- 238000012790 confirmation Methods 0.000 claims abstract description 8
- 230000008569 process Effects 0.000 claims description 4
- 230000004044 response Effects 0.000 claims description 4
- 238000013439 planning Methods 0.000 claims description 3
- 238000012913 prioritisation Methods 0.000 claims description 3
- 230000015556 catabolic process Effects 0.000 description 3
- 238000006731 degradation reaction Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/18—Selecting a network or a communication service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a direct connection communication security key negotiation method based on 5G D2D technology, which comprises the following steps: s100, after authentication and confirmation are completed, negotiation of a D2D terminal center network is carried out on two terminals of D2D communication; s200, the originating terminal D2D terminal sends a request for obtaining a D2D communication secret key to a central network node, wherein the secret key request carries the equipment ID of the target D2D terminal, and the central network generates a security secret key after receiving the request and sends the information of the security secret key to the originating terminal D2D terminal and the target D2D terminal; s300, the D2D secure direct communication is carried out between the D2D terminal at the initiating terminal and the D2D terminal at the target terminal through the security keys. According to the invention, the secret key assignment management of the D2D terminal can be completed by means of the central network, the safe communication of the D2D terminal is realized, and the user safety experience is increased.
Description
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a direct connection communication security key negotiation method based on a 5G D2D technology.
Background
5G D2D (Device-to-Device) terminal direct technology means that nearby terminals can perform data transmission by direct communication within a short distance without forwarding through a base station. Due to the advantages of short distance and direct connection, the D2D technology can improve the utilization efficiency of wireless resources and expand the network coverage, so a great deal of research is carried out in the construction of 5G, and the D2D technology can be applied to more scenes in the future. The 5G D2D communication technology is essentially end-to-end communication technology of terminals, and encryption between end-to-end communication is generally that both communication parties negotiate an encryption algorithm and parameters to complete secure communication between terminals. The negotiation in this way mainly consists in the negotiation between the two communication parties, and if the negotiation process is monitored or tampered, security risks can be brought.
In summary, there is a need for a method that can solve the above-mentioned technical problem, by using the same network with the highest priority connected by both communication parties as a central network, the central network node generates a security key after receiving a request, and terminals perform direct communication through the security key, thereby overcoming the above-mentioned problem.
Disclosure of Invention
In view of the foregoing disadvantages of the prior art, an object of the present invention is to provide a method for negotiating a security key for direct communication based on the 5G D2D technology, which aims to solve the problem that security risk may be caused if the security key is monitored or tampered during negotiation between two communication parties in the prior art.
In order to achieve the purpose, the invention adopts the following technical scheme:
a direct connection communication security key negotiation method based on 5G D2D technology is characterized by comprising the following steps:
s100, D2D terminal center network negotiation is carried out after authentication and confirmation are completed by two terminals of D2D communication, wherein the negotiation process is that the initiating terminal D2D terminal obtains network list information of the current resident of the local machine and carries the network list information in an RCN request message to be sent to a target D2D terminal, the target D2D terminal obtains the current resident network of the local machine after receiving the RCN request message, outputs the same network list of the resident of the two terminals, carries out priority planning according to network security levels, selects the network type with the highest priority as a center network of negotiation, and the target D2D terminal responds to the initiating terminal D2D terminal through an RSCN response message;
s200, the originating terminal D2D terminal sends a request for obtaining a D2D communication secret key to a central network node, wherein the secret key request carries the equipment ID of the target D2D terminal, and the central network generates a security secret key after receiving the request and sends the information of the security secret key to the originating terminal D2D terminal and the target D2D terminal;
s300, the D2D secure direct communication is carried out between the D2D terminal at the initiating terminal and the D2D terminal at the target terminal through the security keys.
Preferably, the central network generates the security key and passes it to the D2D terminal, which then clears the information and does not record or save it.
Preferably, the central network node is determined according to the selected central network, and the central network comprises a base station or a wifi ap hotspot or an MME or an MSC or an AMF.
Preferably, the secure key has a time limit, and if the validity period of the secure key is expired, a new secure key is obtained again.
Preferably, when the Cell IDs of the mobile networks are different, the D2D terminal performs degradation processing on the security level of the access network, where the network type with the highest priority is selected as the negotiated central network for prioritization according to the network security level.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides a direct connection communication security key negotiation method based on 5G D2D technology, which comprises the following steps: s100, after authentication and confirmation are completed, negotiation of a D2D terminal center network is carried out on two terminals of D2D communication; s200, the originating terminal D2D terminal sends a request for obtaining a D2D communication secret key to a central network node, wherein the secret key request carries the equipment ID of the target D2D terminal, and the central network generates a security secret key after receiving the request and sends the information of the security secret key to the originating terminal D2D terminal and the target D2D terminal; s300, the D2D secure direct communication is carried out between the D2D terminal at the initiating terminal and the D2D terminal at the target terminal through the security keys. By the method and the system, the security key assignment management of the D2D terminal can be completed by means of the central network, the secure communication of the D2D terminal is realized, and the user security experience is increased.
Drawings
FIG. 1 is a flow chart of a preferred embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and effects of the present invention clearer and clearer, the present invention is further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1, the method for negotiating security keys for direct connection communication based on the 5G D2D technology provided by the present invention includes the following steps:
s100, D2D terminal center network negotiation is carried out after authentication and confirmation are completed by two terminals of D2D communication, wherein the negotiation process is that the initiating terminal D2D terminal obtains network list information of the current resident of the local machine and carries the network list information in an RCN request message to be sent to a target D2D terminal, the target D2D terminal obtains the current resident network of the local machine after receiving the RCN request message, outputs the same network list of the resident of the two terminals, carries out priority planning according to network security levels, selects the network type with the highest priority as a center network of negotiation, and the target D2D terminal responds to the initiating terminal D2D terminal through an RSCN response message;
s200, the originating terminal D2D terminal sends a request for obtaining a D2D communication secret key to a central network node, wherein the secret key request carries the equipment ID of the target D2D terminal, and the central network generates a security secret key after receiving the request and sends the information of the security secret key to the originating terminal D2D terminal and the target D2D terminal;
s300, the D2D secure direct communication is carried out between the D2D terminal at the initiating terminal and the D2D terminal at the target terminal through the security keys.
Specifically, the D2D communication terminal manages the D2D session communication key through the central network, and the D2D terminal performs encrypted and decrypted D2D secure communication through the key assigned by the central network. The determination of the central network requires negotiation determination between the two communication parties of D2D, and the basic principle is that the same network with the highest priority connected by the two communication parties is used as the central network, where the central network refers to the same network with the highest priority connected by the current D2D terminal determined after negotiation of the current D2D terminal, and may be a WiFi network, a cellular network, or the like. After the authentication and confirmation of the two terminals in D2D communication are completed, negotiation of a D2D terminal center network is carried out, the initiating terminal D2D terminal obtains the current resident network list information of the local computer, and further obtains network information according to different network requirements, such as SSID of a WiFi network and an authentication mode; the mobile network needs to carry cell ID and the like, the D2D originating terminal carries the resident network list and the corresponding network information in an RCN (request central network) message and sends the message to the target D2D terminal, after the target D2D terminal receives the request message, the current resident network of the local machine is simultaneously obtained, the same resident network lists of the two parties are output, priority is drawn according to the network security level, the network type with the highest priority is selected as the negotiated target central network, and the message is responded to the originating terminal D2D through an RSCN (response central network). After receiving the negotiation-completed message, the sending end D2D sends a request for obtaining a D2D communication key to the central network node on the target network, where the request carries the Device ID of the target D2D terminal UE2, and after receiving the request, the central network node generates a security key in a random manner or in another key production manner, and simultaneously sends the information to the D2D communication terminal, and the subsequent D2D communication terminal uses the security key to complete the subsequent D2D secure direct communication. Wherein, the originating terminal D2D terminal carries the Device IDs of the local and target D2D terminals, the value is related to the target central network, the Device IDs belonging to the network identification, such as WiFi network, the Device ID is MAC address, the Device ID in the mobile cellular network is IMSI, etc. The specific algorithm of the secure encryption or integrity protection can be determined according to the negotiation of the D2D direct communication.
In some embodiments, the central network, after generating the security keys and passing them to the D2D terminal, clears the information, does not record or save it, and is then handled entirely by the D2D communications terminal.
In some embodiments, the central network node is determined according to a selected central network comprising a base station or a wifi ap hotspot or MME or MSC or AMF.
In some embodiments, the secure key has a lifetime, and if the security key validity period expires, the new secure key is retrieved.
In some embodiments, when the center network that performs prioritization according to network security levels and selects the network type with the highest priority as the negotiation center network differs between Cell IDs of mobile networks, the D2D terminal performs degradation processing on the security level of the access network. If Cell IDs of mobile networks are different, the UE performs degradation processing on the security level of the access network, because the UE does not reside in the same Cell ID, the network element that allocates the key in the central network is raised, and if the UE resides in the same Cell, the base station may complete generation and transmission of the key.
In summary, the working principle of the invention is as follows:
the invention provides a direct connection communication security key negotiation method based on 5G D2D technology, which comprises the following steps: s100, after authentication and confirmation are completed, negotiation of a D2D terminal center network is carried out on two terminals of D2D communication; s200, the originating terminal D2D terminal sends a request for obtaining a D2D communication secret key to a central network node, wherein the secret key request carries the equipment ID of the target D2D terminal, and the central network generates a security secret key after receiving the request and sends the information of the security secret key to the originating terminal D2D terminal and the target D2D terminal; s300, the D2D secure direct communication is carried out between the D2D terminal at the initiating terminal and the D2D terminal at the target terminal through the security keys. After the two communication parties of the D2D complete authentication and security confirmation, direct communication of the D2D can be carried out. And then, the two communication parties of the D2D carry out negotiation of the central network, the central network acquires the security key of the D2D communication from the central network after the central network is confirmed, the central network generates the key and distributes the key to the corresponding D2D communication terminal after receiving the request, and the subsequent D2D terminal carries out encryption and decryption communication by using the key.
It should be understood that equivalents and modifications of the technical solution and inventive concept thereof may occur to those skilled in the art, and all such modifications and alterations should fall within the scope of the appended claims.
Claims (5)
1. A direct connection communication security key negotiation method based on 5G D2D technology is characterized by comprising the following steps:
s100, D2D terminal center network negotiation is carried out after authentication and confirmation are completed by two terminals of D2D communication, wherein the negotiation process is that the initiating terminal D2D terminal obtains network list information of the current resident of the local machine and carries the network list information in an RCN request message to be sent to a target D2D terminal, the target D2D terminal obtains the current resident network of the local machine after receiving the RCN request message, outputs the same network list of the resident of the two terminals, carries out priority planning according to network security levels, selects the network type with the highest priority as a center network of negotiation, and the target D2D terminal responds to the initiating terminal D2D terminal through an RSCN response message;
s200, the originating terminal D2D terminal sends a request for obtaining a D2D communication secret key to a central network node, wherein the secret key request carries the equipment ID of the target D2D terminal, and the central network generates a security secret key after receiving the request and sends the information of the security secret key to the originating terminal D2D terminal and the target D2D terminal;
s300, the D2D secure direct communication is carried out between the D2D terminal at the initiating terminal and the D2D terminal at the target terminal through the security keys.
2. The direct communication security key negotiation method based on 5G D2D technology of claim 1, wherein the central network generates security keys and passes the security keys to the D2D terminal before clearing the information and not recording or saving the information.
3. The direct communication security key negotiation method based on 5G D2D technology of claim 1 wherein the central network node is determined according to the selected central network, the central network comprising a base station or a wifi ap hotspot or MME or MSC or AMF.
4. The direct communication security key negotiation method based on 5G D2D technology of claim 1, wherein the security key has a lifetime, and if the validity period of the security key is expired, a new security key is obtained again.
5. The direct connection communication security key negotiation method according to claim 1, based on 5G D2D technology, wherein when the Cell IDs of the mobile networks are different, the D2D terminal downgrades the security level of the access network in the central network that performs prioritization and selects the network type with the highest priority according to the network security level as the negotiation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011410828.6A CN112584379A (en) | 2020-12-04 | 2020-12-04 | Direct connection communication security key negotiation method based on 5G D2D technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011410828.6A CN112584379A (en) | 2020-12-04 | 2020-12-04 | Direct connection communication security key negotiation method based on 5G D2D technology |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112584379A true CN112584379A (en) | 2021-03-30 |
Family
ID=75127340
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011410828.6A Pending CN112584379A (en) | 2020-12-04 | 2020-12-04 | Direct connection communication security key negotiation method based on 5G D2D technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112584379A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150222612A1 (en) * | 2012-09-06 | 2015-08-06 | Koninklijke Kpn N.V. | Establishing A Device-To-Device Communication Session |
CN106471834A (en) * | 2014-06-30 | 2017-03-01 | 英特尔Ip公司 | Receive the technology of the important traffic content being associated with important traffic service for safety |
US20180084497A1 (en) * | 2015-03-24 | 2018-03-22 | Lg Electronics Inc. | Communication method performed by terminal in wireless communication system and terminal using method |
CN108521875A (en) * | 2015-01-14 | 2018-09-11 | 三星电子株式会社 | Method and system for establishing secure communication between long-range UE and relaying UE in device-to-device communication network |
-
2020
- 2020-12-04 CN CN202011410828.6A patent/CN112584379A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150222612A1 (en) * | 2012-09-06 | 2015-08-06 | Koninklijke Kpn N.V. | Establishing A Device-To-Device Communication Session |
CN106471834A (en) * | 2014-06-30 | 2017-03-01 | 英特尔Ip公司 | Receive the technology of the important traffic content being associated with important traffic service for safety |
CN108521875A (en) * | 2015-01-14 | 2018-09-11 | 三星电子株式会社 | Method and system for establishing secure communication between long-range UE and relaying UE in device-to-device communication network |
US20180084497A1 (en) * | 2015-03-24 | 2018-03-22 | Lg Electronics Inc. | Communication method performed by terminal in wireless communication system and terminal using method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220029975A1 (en) | Authentication and authorization in proximity based service communication using a group key | |
US20180026958A1 (en) | Fast-accessing method and apparatus | |
US9942210B2 (en) | Key derivation method and apparatus for local access under control of a cellular network | |
WO2017091959A1 (en) | Data transmission method, user equipment and network side device | |
US10320754B2 (en) | Data transmission method and apparatus | |
US20200099697A1 (en) | Secure group creation in proximity based service communication | |
US20210306381A1 (en) | Method and Apparatus for Determining Security Protection Mode | |
JP2014511168A (en) | Mobile communication network and method | |
EP1972125A2 (en) | Apparatus and method for protection of management frames | |
CN108307389A (en) | Data security protection method, network access equipment and terminal | |
CN101621434A (en) | Wireless mesh network system and method for key distribution | |
CN109768861B (en) | Massive D2D anonymous discovery authentication and key agreement method | |
CN112804680B (en) | Mobile terminal equipment safety authentication method and system based on chaotic mapping | |
CN102036230A (en) | Method for implementing local route service, base station and system | |
WO2016062075A1 (en) | Method and device for managing device-to-device (d2d) communication group | |
US20240244681A1 (en) | Communication method, apparatus, and system | |
CN115604700A (en) | Network distribution method based on Wi-Fi perception, embedded chip system and medium | |
TW201505457A (en) | Wireless communication system and authentication method thereof | |
WO2010124569A1 (en) | Method and system for user access control | |
WO2014183569A1 (en) | Method for realizing secure communications among machine type communication devices and network entity | |
WO2016134543A1 (en) | Cell access method, convergence terminal and access terminal | |
CN112584379A (en) | Direct connection communication security key negotiation method based on 5G D2D technology | |
WO2017169957A1 (en) | Communication unit, extension, and base unit | |
KR102627393B1 (en) | Method and apparatus for preventing wireless intrusion | |
US20240224048A1 (en) | Neighbor awareness networking pairing termination |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210330 |
|
WD01 | Invention patent application deemed withdrawn after publication |