CN114079918B - Information processing method, device, equipment and readable storage medium - Google Patents

Information processing method, device, equipment and readable storage medium Download PDF

Info

Publication number
CN114079918B
CN114079918B CN202010810605.2A CN202010810605A CN114079918B CN 114079918 B CN114079918 B CN 114079918B CN 202010810605 A CN202010810605 A CN 202010810605A CN 114079918 B CN114079918 B CN 114079918B
Authority
CN
China
Prior art keywords
key
proximity communication
communication function
interface
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010810605.2A
Other languages
Chinese (zh)
Other versions
CN114079918A (en
Inventor
毕晓宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN202010810605.2A priority Critical patent/CN114079918B/en
Priority to PCT/CN2021/111296 priority patent/WO2022033405A1/en
Publication of CN114079918A publication Critical patent/CN114079918A/en
Application granted granted Critical
Publication of CN114079918B publication Critical patent/CN114079918B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Abstract

The invention discloses an information processing method, an information processing device, information processing equipment and a readable storage medium, and relates to the technical field of communication so as to ensure the safety of User Equipment (UE) in the process of executing ProSe configuration. The method comprises the following steps: acquiring first information; determining an application layer protection method of a PC3 interface between the proximity communication function and the UE according to the first information; wherein the first information includes: subscription information of the UE, application security policy of the network, one item of request information of the UE; the application layer protection method comprises the following steps: AKMA. The embodiment of the invention can ensure the safety of the UE when executing the ProSe configuration.

Description

Information processing method, device, equipment and readable storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an information processing method, an apparatus, a device, and a readable storage medium.
Background
Proximity communication is defined in the 3GPP standard as Proximity-based Services (ProSe), proximity-based Services. The service includes proximity discovery and proximity communication. ProSe discovery is a procedure of determining that ProSe-enabled UEs (User Equipment) are in proximity to each other. For a UE, a ProSe-capable UE may or may not be involved in a process of acknowledging that another ProSe-capable UE is nearby. For example, one ProSe-enabled UE (which may be referred to as a ProSe UE) may use the UE's capabilities or NR (New Radio) technology to discover another ProSe-enabled UE. ProSe communication is a service capable of establishing a new communication path between two or more ProSe-enabled UEs.
The use of ProSe requires authorization by the operator, who may also provide configuration data, e.g. proximity criteria, to ProSe-enabled UEs, available for ProSe discovery.
In the ProSe architecture, the PC3 interface is an interface between the UE end and the ProSe function end. The PC3 interface relies on the core network (i.e., IP-based interface). It is used to authorize ProSe direct discovery and ProSe discovery requirements of the core network, performing an allocation work of ProSe application codes, wherein the application codes are consistent with ProSe application IDs for ProSe direct discovery. The ProSe function provides configuration information of the ProSe function for the UE.
The network provides authorization and configuration information for ProSe UEs through the PC3 interface, and thus the data transferred over the PC3 interface needs to be integrity protected, confidentiality protected and replay protected.
In the proximity communication security protection of the prior art, the PC3 interface is protected by GBA (Generic Bootstrapping Architecture ), but the generic authentication framework of GBA/GAA (Generic Authentication Architecture ) is complex. Many types of terminals introduced by 5G networks, especially IOT (Internet of Thing, internet of things) devices with limited computing and processing capabilities, will not be able to operate this functionality or will consume significant resources. Therefore, the PC3 interface between ProSe function and UE cannot be effectively protected due to the failure to use GBA/GAA for this type of terminal equipment.
Disclosure of Invention
The embodiment of the invention provides an information processing method, an information processing device, information processing equipment and a readable storage medium, so as to ensure the safety of User Equipment (UE) in the process of executing ProSe configuration.
In a first aspect, an embodiment of the present invention provides an information processing method, which is applied to a proximity communication function, including:
acquiring first information;
determining an application layer protection method of a PC3 interface between the proximity communication function and the UE according to the first information;
wherein the first information includes: subscription information of the UE, application security policy of the network, one item of request information of the UE;
the application layer protection method comprises the following steps: AKMA (Authentication and Key Management for Applications, application layer authentication and key management).
Wherein if the first information includes subscription information of the UE, the method for determining an application layer protection method of a PC3 interface between a proximity communication function and a user equipment UE according to the first information includes:
acquiring the Prose subscription information of the UE from UDM (unified data management entity) (system Unified Data Management);
and if the subscription information of the UE indicates that the UE subscribes to Prose, determining that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA.
Wherein if the first information includes an application security policy of the network, the method for determining an application layer protection method of a PC3 interface between a proximity communication function and a user equipment UE according to the first information includes:
receiving a session request of the UE;
requesting an application security policy of a network from a PCF (Policy Control Function, policy control function entity) and receiving first information of the PCF;
and determining an application layer protection method of a PC3 interface between the proximity communication function and the UE as AKMA according to the first information.
Wherein if the first information includes an application security policy of the network, the method for determining an application layer protection method of a PC3 interface between a proximity communication function and a user equipment UE according to the first information includes:
receiving a session request of the UE;
and determining an application layer protection method of a PC3 interface between the proximity communication function and the UE as AKMA according to the session request and the application security policy of the pre-configured network.
Wherein if the first information includes request information of the UE, the method for protecting an application layer of a PC3 interface between a proximity communication function and a user equipment UE is determined according to the first information, including:
Receiving request information of the UE, wherein the request information carries a first indication, and the first indication is used for indicating that the UE supports AKMA;
if the proximity communication function is determined to support AKMA according to the request information and the application security policy of the pre-configured network, determining that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA;
if the proximity communication function does not support AKMA according to the request information and the pre-configured application security policy of the network, re-determining an application layer protection method of a PC3 interface between the proximity communication function and the UE, and informing the UE of the re-determined application layer protection method of the PC3 interface between the proximity communication function and the UE; or if the proximity communication function does not support AKMA according to the request information and the application security policy of the pre-configured network, sending a failure response to the UE.
Wherein the method further comprises:
an authentication key for proximity communication is determined.
Wherein the determining the authentication key for proximity communication includes:
receiving a registration request of the UE, wherein the registration request carries a second indication, and the second indication is used for indicating that the UE needs to pass through a first authentication key K AUSF Generating a first key of the PC3 interface;
and acquiring the first key from an AUSF (Authentication Server Function, authentication service function) according to the registration request, wherein the first key is calculated by the AUSF.
Wherein after the obtaining of the first key from the authentication service function AUSF, the method further comprises:
and acquiring a second key from the AUSF according to the registration request, wherein the registration request further comprises a third indication and a fourth indication, the third indication is used for indicating that the UE supports AKMA, the fourth indication is a proximity service indication, and the second key is a key for proximity communication.
Wherein the determining the authentication key for proximity communication includes:
obtaining a second authentication key K from a proximity server or AKMA anchor function AAnF AF The second authentication key is a first key of the PC3 interface.
Wherein the determining the authentication key for proximity communication includes:
acquisition of a second authentication key K from a proximity server or AAnF (AKMA Anchor Function ) AF The second authentication key is a PC3 interfaceIs a key to a key (a);
according to the second authentication key K AF A second key is calculated, the second key being a key for proximity communication.
Wherein, in accordance with the second authentication key K AF After calculating the second key, the method further comprises:
a third key is calculated, which is used for encryption and integrity protection of the PC3 interface.
In a second aspect, an embodiment of the present invention further provides an information processing method, applied to a UE, including:
transmitting request information to a proximity communication function, the request information being for causing the proximity communication function to determine an application layer protection method of a PC3 interface between the proximity communication function and a UE;
the application layer protection method comprises the following steps: AKMA.
Carrying a first indication in the request information, wherein the first indication is used for indicating that the UE supports AKMA; the method further comprises the steps of:
receiving an application layer protection method of a PC3 interface between a proximity communication function and the UE, which is redetermined by the proximity communication function, wherein the application layer protection method of the PC3 interface between the proximity communication function and the UE is redetermined by the proximity communication function without supporting AKMA;
or, receiving a failure response of the proximity communication function, wherein the failure response is transmitted by the proximity communication function without supporting AKMA.
Wherein after the sending of the request information to the proximity communication function, the method further comprises:
an authentication key for proximity communication is determined.
Wherein the determining the authentication key for proximity communication includes:
sending a registration request to the proximity communication function, wherein the registration request carries a second instruction, and the second instruction is used for indicating that the first authentication key K needs to be passed AUSF Generating a first key of the PC3 interface;
a first key is calculated.
Wherein the registration request further includes a third indication and a fourth indication, the third indication being used to indicate that the UE supports AKMA, and the fourth indication being a proximity services indication; after said computing the first key, the method further comprises:
a second key is calculated, the second key being a key for proximity communication.
Wherein the determining the authentication key for proximity communication includes:
generating a second authentication key K AF The second authentication key is a key of the PC3 interface; or alternatively
Obtaining a second authentication key K from AAnF AF The second authentication key is a key of the PC3 interface.
Wherein the method further comprises:
according to the second authentication key K AF Calculating a second key, wherein the second key is a key for proximity communication;
A third key is calculated, which is used for encryption and integrity protection of the PC3 interface.
In a third aspect, an embodiment of the present invention provides an information processing apparatus applied to a proximity communication function, including:
the first acquisition module is used for acquiring first information;
a first determining module, configured to determine an application layer protection method of a PC3 interface between the proximity communication function and the UE according to the first information;
wherein the first information includes: subscription information of the UE, application security policy of the network, one item of request information of the UE;
the application layer protection method comprises the following steps: AKMA.
In a fourth aspect, an embodiment of the present invention provides an information processing apparatus, applied to a UE, including:
a first transmitting module for transmitting request information to a proximity communication function, the request information being for causing the proximity communication function to determine an application layer protection method of a PC3 interface between the proximity communication function and a UE;
the application layer protection method comprises the following steps: AKMA.
In a fifth aspect, an embodiment of the present invention provides an information processing apparatus applied to a proximity communication function, including: a transceiver, a memory, a processor, and a program stored on the memory and executable on the processor; the processor is configured to read the program in the memory, and execute the following procedures:
Acquiring first information;
determining an application layer protection method of a PC3 interface between the proximity communication function and the UE according to the first information;
wherein the first information includes: subscription information of the UE, application security policy of the network, one item of request information of the UE;
the application layer protection method comprises the following steps: AKMA.
Wherein, if the first information includes subscription information of the UE, the processor is further configured to read a program in a memory, and execute the following procedure:
acquiring the sign-up information of the Prose of the UE from the UDM;
and if the subscription information of the UE indicates that the UE subscribes to Prose, determining that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA.
Wherein if the first information includes an application security policy of the network, the processor is further configured to read a program in a memory, perform the following:
receiving a session request of the UE;
requesting the PCF for applying the security policy of the network according to the session request, and receiving the first information of the PCF;
and determining an application layer protection method of a PC3 interface between the proximity communication function and the UE as AKMA according to the first information.
Wherein if the first information includes an application security policy of the network, the processor is further configured to read a program in a memory, perform the following:
receiving a session request of the UE;
and determining an application layer protection method of a PC3 interface between the proximity communication function and the UE as AKMA according to the session request and the application security policy of the pre-configured network.
Wherein if the first information includes request information of the UE, the processor is further configured to read a program in a memory, and perform the following procedure:
receiving request information of the UE, wherein the request information carries a first indication, and the first indication is used for indicating that the UE supports AKMA;
if the proximity communication function is determined to support AKMA according to the request information and the application security policy of the pre-configured network, determining that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA;
if the proximity communication function does not support AKMA according to the request information and the pre-configured application security policy of the network, re-determining an application layer protection method of a PC3 interface between the proximity communication function and the UE, and informing the UE of the re-determined application layer protection method of the PC3 interface between the proximity communication function and the UE; or if the proximity communication function does not support AKMA according to the request information and the application security policy of the pre-configured network, sending a failure response to the UE.
Wherein the processor is further configured to read the program in the memory, and perform the following procedures:
an authentication key for proximity communication is determined.
Wherein the processor is further configured to read the program in the memory, and perform the following procedures:
receiving a registration request of the UE, wherein the registration request carries a second indication, and the second indication is used for indicating that the UE needs to pass through a first authentication key K AUSF Generating a first key of the PC3 interface;
and acquiring the first key from an authentication service function AUSF according to the registration request, wherein the first key is obtained by AUSF calculation.
Wherein the processor is further configured to read the program in the memory, and perform the following procedures:
and acquiring a second key from the AUSF according to the registration request, wherein the registration request further comprises a third indication and a fourth indication, the third indication is used for indicating that the UE supports AKMA, the fourth indication is a proximity service indication, and the second key is a key for proximity communication.
Wherein the processor is further configured to read the program in the memory, and perform the following procedures:
obtaining a second authentication key K from a proximity server or AKMA anchor function AAnF AF The second authentication key is a first key of the PC3 interface.
Wherein the processor is further configured to read the program in the memory, and perform the following procedures:
obtaining a second authentication key K from a proximity server or from an AKMA anchor function AAnF AF The second authentication key is a key of the PC3 interface;
according to the second authentication key K AF A second key is calculated, the second key being a key for proximity communication.
Wherein the processor is further configured to read the program in the memory, and perform the following procedures:
a third key is calculated, which is used for encryption and integrity protection of the PC3 interface.
In a sixth aspect, an embodiment of the present invention provides an information processing apparatus, applied to a UE, including: a transceiver, a memory, a processor, and a program stored on the memory and executable on the processor; the processor is configured to read the program in the memory, and execute the following procedures:
transmitting request information to a proximity communication function, the request information being for causing the proximity communication function to determine an application layer protection method of a PC3 interface between the proximity communication function and a UE;
the application layer protection method comprises the following steps: AKMA.
Carrying a first indication in the request information, wherein the first indication is used for indicating that the UE supports AKMA; the processor is also used for reading the program in the memory and executing the following processes:
Receiving an application layer protection method of a PC3 interface between a proximity communication function and the UE, which is redetermined by the proximity communication function, wherein the application layer protection method of the PC3 interface between the proximity communication function and the UE is redetermined by the proximity communication function without supporting AKMA;
or, receiving a failure response of the proximity communication function, wherein the failure response is transmitted by the proximity communication function without supporting AKMA.
Wherein the processor is further configured to read the program in the memory, and perform the following procedures:
an authentication key for proximity communication is determined.
Wherein the processor is further configured to read the program in the memory, and perform the following procedures:
sending a registration request to the proximity communication function, wherein the registration request carries two indications, and the second indication is used for indicating that the first authentication key K needs to be passed AUSF Generating a first key of the PC3 interface;
a first key is calculated.
Wherein the registration request further includes a third indication and a fourth indication, the third indication being used to indicate that the UE supports AKMA, and the fourth indication being a proximity services indication; the processor is also used for reading the program in the memory and executing the following processes:
A second key is calculated, the second key being a key for proximity communication.
Wherein the processor is further configured to read the program in the memory, and perform the following procedures:
a third key is calculated, which is used for encryption and integrity protection of the PC3 interface.
In a seventh aspect, an embodiment of the present invention provides a readable storage medium storing a program which, when executed by a processor, implements the steps in the information processing method described above.
In the embodiment of the invention, for the UE which does not support GBA, the PC3 interface can be protected between the UE and the adjacent communication function in an AKMA mode and the like, so that the safety of the UE in the process of executing ProSe configuration can be ensured.
Drawings
FIG. 1 is one of the flowcharts of an information processing method provided by an embodiment of the present invention;
FIG. 2 is a second flowchart of an information processing method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating a process for negotiating an application layer protection method between a UE and a network device in the practice of the present invention;
FIG. 4 is a schematic diagram of a process for generating a key in the practice of the present invention;
FIG. 5 is a second schematic diagram of a process for generating a key in the practice of the present invention;
FIG. 6 is a third schematic diagram of a process for generating a key in the practice of the present invention;
FIG. 7 is a schematic diagram of a process for generating a key in the practice of the present invention;
fig. 8 is one of the block diagrams of the information processing apparatus provided by the embodiment of the present invention;
FIG. 9 is a second block diagram of an information processing apparatus according to an embodiment of the present invention;
fig. 10 is one of the block diagrams of the information processing apparatus provided by the embodiment of the present invention;
fig. 11 is a second block diagram of an information processing apparatus provided in an embodiment of the present invention.
Detailed Description
In the embodiment of the invention, the term "and/or" describes the association relation of the association objects, which means that three relations can exist, for example, a and/or B can be expressed as follows: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
The term "plurality" in the embodiments of the present application means two or more, and other adjectives are similar thereto.
The following description of the technical solutions in the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
Referring to fig. 1, fig. 1 is a flowchart of an information processing method according to an embodiment of the present invention, applied to a proximity communication function, as shown in fig. 1, including the steps of:
step 101, obtaining first information.
Wherein the first information includes: subscription information of the UE, application security policy of the network, and one of request information of the UE.
Step 102, determining an application layer protection method of a PC3 interface between the proximity communication function and the UE according to the first information.
The application layer protection method comprises the following steps: AKMA (Authentication and Key Management for Applications, application layer authentication and key management).
If the first information includes different contents, the proximity communication function may obtain the application layer protection method in different ways.
If the first information includes subscription information of the UE, a proximity communication function may acquire subscription information of a Prose of the UE from a UDM (unified data management entity, system Unified Data Management). And if the subscription information of the UE indicates that the UE subscribes to Prose, determining that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA.
The proximity communication function may receive a session request of the UE if the first information includes an application security policy of the network. According to the session request, the proximity communication function requests the PCF (Policy Control Function, policy control function entity) for applying security policy of the network, receives first information of the PCF, and determines that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA according to the first information.
If the first information includes an application security policy of the network, the proximity communication function may receive a session request of the UE, and determine that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA according to the session request and the pre-configured application security policy of the network.
If the first information includes request information of the UE, the proximity communication function may receive the request information of the UE, where the request information carries a first indication, where the first indication is used to indicate that the UE supports AKMA. If the proximity communication function is determined to support AKMA according to the request information and the application security policy of the pre-configured network, determining that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA;
if the proximity communication function does not support AKMA according to the request information and the pre-configured application security policy of the network, re-determining an application layer protection method of a PC3 interface between the proximity communication function and the UE, and informing the UE of the re-determined application layer protection method of the PC3 interface between the proximity communication function and the UE; or if the proximity communication function does not support AKMA according to the request information and the application security policy of the pre-configured network, sending a failure response to the UE. The redetermined application layer protection method may be any other protection method, which is not limited in the embodiment of the present invention.
In the embodiment of the invention, for the UE which does not support GBA, the PC3 interface can be protected between the UE and the adjacent communication function in an AKMA mode and the like, so that the safety of the UE in the process of executing ProSe configuration can be ensured.
Based on the above embodiment, to further enhance protection of the PC3 interface, the method according to the embodiment of the present invention may further include:
an authentication key for proximity communication is determined.
In an embodiment of the present invention, the authentication key of the proximity communication may include: a first key for the PC3 interface, a second key for proximity communication, and a third key for encryption and integrity protection of the PC3 interface, etc.
For the first key of the PC3 interface, the proximity communication function may receive a registration request of the UE, where the registration request carries a second indication, where the second indication is used to indicate that the first authentication key K needs to be passed AUSF Generating a first key of the PC3 interface, and acquiring the first key from the AUSF according to the registration request, wherein the first key is calculated by the AUSF. Wherein the AUSF can be based on K when calculating the first key AUSF The string "Prose" and SUPI (Subscription Permanent Identifier, subscription permanent identity).
On the basis of generating the first key, the proximity communication function may acquire a second key from the AUSF according to the registration request, where the registration request further includes a third indication and a fourth indication, the third indication is used to indicate that the UE supports AKMA, the fourth indication is a proximity service indication, and the second key is a key used for proximity communication. Wherein the AUSF can be based on K when calculating the second key AKMA A string "Prose", etc.
Optionally, for the first key of the PC3 interface, the proximity communication function may also obtain the second authentication key K from the proximity server or the AKMA anchor function AAnF AF And taking the second authentication key as a first key of the PC3 interface. Wherein the proximity server obtains the second authentication key K from AAnF AF And sends it to the proximity communication function. That is, the first key of the PC3 interface may pass the second authentication key K AF To realize the method.
Optionally, the proximity communication function may also be based on the second authentication key K AF A second key is calculated, the second key being a key for proximity communication. In calculating the second key, it may be based on K AF The character string "Prose" and AF ID (identification of Prose application function) are obtained.
In addition, the proximity communication function may also calculate a third key that is used for encryption and integrity protection of the PC3 interface.
For example, the proximity communication function may obtain a key for encryption of the PC3 interface based on the first key of the PC3 interface and the character string "enc" and obtain a key for integrity protection of the PC3 interface based on the first key of the PC3 interface and the character string "int".
Referring to fig. 2, fig. 2 is a flowchart of an information processing method provided in an embodiment of the present invention, which is applied to a UE, and as shown in fig. 2, includes the following steps:
step 201, sending request information to a proximity communication function, wherein the request information is used for enabling the proximity communication function to determine an application layer protection method of a PC3 interface between the proximity communication function and a UE;
the application layer protection method comprises the following steps: AKMA.
In the embodiment of the invention, for the UE which does not support GBA, the PC3 interface can be protected between the UE and the adjacent communication function in an AKMA mode and the like, so that the safety of the UE in the process of executing ProSe configuration can be ensured.
Optionally, after step 201, the method may further include:
carrying a first indication in the request information, wherein the first indication is used for indicating that the UE supports AKMA; the method further comprises the steps of:
Receiving an application layer protection method of a PC3 interface between a proximity communication function and the UE, which is redetermined by the proximity communication function, wherein the application layer protection method of the PC3 interface between the proximity communication function and the UE is redetermined by the proximity communication function without supporting AKMA;
or, receiving a failure response of the proximity communication function, wherein the failure response is transmitted by the proximity communication function without supporting AKMA.
Based on the above embodiment, to further enhance protection of the PC3 interface, the method according to the embodiment of the present invention may further include:
an authentication key for proximity communication is determined.
Alternatively, the UE may directThe proximity communication function sends a registration request, and the registration request carries a second instruction, wherein the second instruction is used for indicating that the first authentication key K needs to be passed AUSF A first key of the PC3 interface is generated and calculated. Specifically, the UE may be based on K AUSF The string "Prose" and SUPI obtain the first key.
The registration request further comprises a third indication and a fourth indication on the basis of the calculation of the first key, wherein the third indication is used for indicating that the UE supports AKMA, and the fourth indication is a proximity service indication. The UE may also calculate a second key, which is a key for proximity communication. In calculating the second key, it may be based on K AF The character string "Prose" and AF ID (identification of Prose application) are obtained.
Alternatively, the UE may also generate a second authentication key K AF The second authentication key is used as a first key of the PC3 interface; or obtain the second authentication key K from AAnF AF The second authentication key is used as a first key of the PC3 interface.
The UE calculates a second authentication key K AF At the same time, according to K AKMA And AF ID (identification of Prose application).
In addition, the UE can also use the second authentication key K AF A second key is calculated, the second key being a key for proximity communication, and a third key is calculated, the third key being used for encryption and integrity protection of the PC3 interface. In calculating the second key, it may be based on K AF The character string "Prose" and AF ID (identification of Prose application) are obtained.
For example, the UE may obtain a key for encryption of the PC3 interface based on the first key of the PC3 interface and the character string "enc", and obtain a key for integrity protection of the PC3 interface based on the first key of the PC3 interface and the character string "int".
Referring to fig. 3, fig. 3 is a schematic diagram illustrating a process of negotiating an application layer protection method between a UE and a network device in the implementation of the present invention. As shown in fig. 3, this embodiment may include:
Step 301, the UE initiates a session request of the PC3 to the ProSe function, and the application layer protection method used by the UE is not indicated in the session request.
Step 302, proSe Function requests the PCF (Policy Control Function ) to apply security policies for the network.
Step 303, the PCF makes a selection decision for a certain type of application by adopting an AKMA/GBA/other protection mode according to the UE information (UE capability information) and the subscription information of AF (Application Function ) stored in UDR (Unified Data Repository, unified data repository), that is, an application security policy, and decides an application layer protection method adopted for a PC3 interface of proximity communication. If the PCF selects to adopt an AKMA mode, the PCF instructs the Prose Function to adopt AKMA to carry out security protection of proximity discovery. The application security policy includes an application protection method and an application ID.
Step 304, proSe Function may also determine an application layer protection method for the UE according to a pre-configured network policy, for example, using GBA or AKMA or other protection methods.
Wherein steps 302-303 and 304 are two parallel implementations. Which way is specifically adopted in a specific application may depend on the final implementation.
Step 305, proSe Function informs the UE of the application layer protection method adopted in the session response, i.e. the security protection mode.
Referring to fig. 4, fig. 4 is a schematic diagram of a process for generating a key in the implementation of the present invention. As shown in fig. 4, this embodiment may include:
step 401, UE carries ProSe indication [ PAU ] in registration request]Indicating a desire to pass K in master authentication AUSF A key for the PC3 interface is generated to protect the PC3 interface.
Specifically, a session request with ProSe Function initiated at the UE indicates [ PAU ], informing ProSe Function that a key for protecting the PC3 interface needs to be acquired from the core network.
Step 402, proSe Function requests a key from AUSF (Authentication Server Function, authentication service Function) after receiving a session request of the UE.
Step 403, AUSF to UDM (Unified Data Management ) verifies the service authorization of ProSe of the UE. If AUSF confirms that the UE has subscribed to the Prose service, then K-based can be used AUSF Calculating the key of the PC3 interface, AUSF will calculate the key of the PC3 interface. The key may be calculated by the Pros App ID as a parameter.
Step 404, the AUSF sends the key of the PC3 interface to the ProSe Function.
The ProSe Function can save after receiving the key.
Step 405, proSe Function sends a registration accept (Registration Accept) message to the UE.
Step 406, the UE calculates a key of the PC3 interface.
Optionally, in the above process, if the UE adds a Prose service indication in addition to the AKMA indication carried in the registration request, it indicates that the UE wants to inform the AUSF of the AKMA-based K AKMA The key calculates the key of Prose. Then, after the AUSF calculates the private key of Prose, it is sent to Prose Function. The UE synchronously computes the private key of ProSe.
Referring to fig. 5, fig. 5 is a schematic diagram of a process for generating a key in the implementation of the present invention. As shown in fig. 5, this embodiment may include:
step 501, the UE initiates a discovery request of PC3 to ProSe Function.
Step 502, proSe Function confirms the subscription information of ProSe of the UE to the UDM. If the UE signs a contract with the Prose and the Prose Function decides to select AKMA as a method for protecting the PC3 interface, the Prose Function will request to the Prose Server that the AKMA key needs to be obtained, and send a [ PAK ] indication to the UE, indicating that the PC3 interface is protected by using the AKMA method.
Step 503, the UE will be K-based AUSF Calculation of K AKMA Further calculate K AF
Step 504, prose Server requests K from AAnF AF
Step 505, the ProSe Server sends K to the ProSe Function AF
K-based UE and ProSe Function AF Sharing as a set-up for TLS (Transport Layer Security )A key.
Referring to fig. 6, fig. 6 is a schematic diagram of a process for generating a key in the implementation of the present invention. As shown in fig. 6, this embodiment may include:
in step 601, the UE sends a session request to the ProSe Function, and if the session request carries an indication of AKMA, the UE indicates that ProSe protection by AKMA is desired, that is, a session request indication [ AKMA ] with ProSe Function initiated at the UE.
Step 602, proSe Function requests K calculated based on AKMA key from AAnF according to the indication AF And indicates confirmation of protection of the ProSe PC3 interface by the application key of AKMA.
Step 603, AAnF vs. K AF The key is sent to the Prose Function.
Step 604, if the network supports the AKMA service Function, the Prose Function sends a session response to the UE, and confirms that the PC3 is protected by using the AKMA method. If the network does not support the AKMA service Function or the AKMA subscription is about to expire, the Prose Function returns a session response failure to the UE, indicating that the UE cannot protect the PC3 interface in an AKMA manner, and step 605 will not be executed. The figure illustrates the case where the Prose Function sends a session response to the UE.
Step 605, UE calculates K AF Key and based on K AF PSK (pre-shared key) for TLS is established as ProSe PC3 interface.
Referring to fig. 7, fig. 7 is a schematic diagram of a process for generating a key in the implementation of the present invention. As shown in fig. 7, this embodiment may include:
in step 701, the UE sends a session request to the ProSe Function, and if the session request carries an indication of AKMA, the UE indicates that ProSe protection by AKMA is desired, that is, a session request indication [ AKMA ] with ProSe Function initiated at the UE.
Step 702, if the network supports the AKMA service Function, the ProSe Function requests the AAnF for the K calculated based on the AKMA key according to the indication AF And indicates to confirm protection of the ProSe PC3 interface by the application key of AKMA, while issuing ProSe parameters to the UE, so that the UE calculates the private key of the ProSe PC3 interface (the key for the PC3 interface) from the parameters. If the network is not branchedIf the AKMA service Function is held or the AKMA subscription is about to expire, the Prose Function returns a session response failure to the UE, and indicates that the UE cannot adopt an AKMA mode to protect the PC3 interface. Steps 703 to 706 will not be performed at this time. The figure illustrates an example of supporting an AKMA service function by a network.
Step 703, AAnF vs. K AF The key is sent to the Prose Function.
Step 704, the Prose Function sends a session response to the UE, informing the UE to calculate K AF
Step 705 ProSe Function based on K AF A private key of ProSe (key for ProSe communication) is calculated.
Step 706, UE K-based AF A private key of ProSe is calculated.
Optionally, the UE and ProSe Function calculate keys for encryption and integrity protection of the PC3 interface.
As can be seen from the above description, in the embodiment of the present invention, a security protection method for a UE with limited computing power or without supporting GBA functions in ProSe configuration is provided, so that security of the UE in ProSe configuration can be ensured.
The embodiment of the invention also provides an information processing device which is applied to the proximity communication function. Referring to fig. 8, fig. 8 is a block diagram of an information processing apparatus provided in an embodiment of the present invention. Since the principle of solving the problem of the information processing apparatus is similar to that of the information processing method in the embodiment of the present invention, the implementation of the information processing apparatus can refer to the implementation of the method, and the repetition is omitted.
As shown in fig. 8, the information processing apparatus 800 includes: a first obtaining module 801, configured to obtain first information; a first determining module 802, configured to determine an application layer protection method of a PC3 interface between the proximity communication function and the UE according to the first information;
Wherein the first information includes: subscription information of the UE, application security policy of the network, one item of request information of the UE;
the application layer protection method comprises the following steps: AKMA.
Optionally, if the first information includes subscription information of the UE, the first determining module 802 includes: a first obtaining sub-module, configured to obtain, from a UDM, subscription information of a Prose of the UE; and the first determining submodule is used for determining that an application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA if the subscription information of the UE indicates that the UE subscribes to Prose.
Optionally, if the first information includes an application security policy of the network, the first determining module 802 includes: a first receiving sub-module, configured to receive a session request of the UE; a first sending sub-module, configured to request, from a policy control function entity PCF, an application security policy of a network, and receive first information of the PCF; and the first determining submodule is used for determining that an application layer protection method of the PC3 interface between the adjacent communication function and the UE is AKMA according to the first information.
Optionally, if the first information includes an application security policy of the network, the first determining module 802 includes: a first receiving sub-module, configured to receive a session request of the UE; and the first determining submodule is used for determining that the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA according to the session request and the application security policy of the preconfigured network.
Optionally, if the first information includes request information of the UE, the first determining module 802 includes: a first receiving sub-module, configured to receive request information of the UE, where the request information carries a first indication, where the first indication is used to indicate that the UE supports AKMA; a first determining submodule, configured to determine that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA if it is determined that the proximity communication function supports AKMA according to the request information and an application security policy of a preconfigured network; a second determining sub-module, configured to, if it is determined that the proximity communication function does not support AKMA according to the request information and an application security policy of a preconfigured network, re-determine an application layer protection method of a PC3 interface between the proximity communication function and the UE, and notify the UE of the re-determined application layer protection method of the PC3 interface between the proximity communication function and the UE; or if the proximity communication function does not support AKMA according to the request information and the application security policy of the pre-configured network, sending a failure response to the UE.
Optionally, the apparatus may further include:
And the second determining module is used for determining the authentication key of the proximity communication.
Optionally, the second determining module includes: a first receiving sub-module, configured to receive a registration request of the UE, where the registration request carries a second indication, where the second indication is used to indicate that the UE needs to pass through a first authentication key K AUSF Generating a first key of the PC3 interface; and the first acquisition sub-module is used for acquiring the first key from the AUSF according to the registration request, wherein the first key is obtained by AUSF calculation.
Optionally, the apparatus may further include: the first obtaining module is configured to obtain a second key from the AUSF according to the registration request, where the registration request further includes a third indication and a fourth indication, the third indication is used to indicate that the UE supports AKMA, the fourth indication is a proximity service indication, and the second key is a key used for proximity communication.
Optionally, the second determining module is configured to obtain the second authentication key K from the proximity server or the AKMA anchor function AAnF AF The second authentication key is a first key of the PC3 interface.
Optionally, the apparatus may further include: a first calculation module for calculating a second authentication key K according to the second authentication key AF A second key is calculated, the second key being a key for proximity communication.
Optionally, the apparatus may further include: and the second calculation module is used for calculating a third key, and the third key is used for encryption and integrity protection of the PC3 interface.
The device provided by the embodiment of the present invention may execute the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein.
The embodiment of the invention also provides an information processing device which is applied to the UE. Referring to fig. 9, fig. 9 is a block diagram of an information processing apparatus provided in an embodiment of the present invention. Since the principle of solving the problem of the information processing apparatus is similar to that of the information processing method in the embodiment of the present invention, the implementation of the information processing apparatus can refer to the implementation of the method, and the repetition is omitted.
As shown in fig. 9, the information processing apparatus 900 includes: a first transmitting module 901, configured to transmit request information to a proximity communication function, where the request information is used to enable the proximity communication function to determine an application layer protection method of a PC3 interface between the proximity communication function and a UE;
the application layer protection method comprises the following steps: AKMA.
Optionally, a first indication is carried in the request information, where the first indication is used to indicate that the UE supports AKMA; the device may further comprise:
A first receiving module, configured to receive an application layer protection method of a PC3 interface between a proximity communication function and the UE, where the proximity communication function redetermines the application layer protection method of the PC3 interface between the proximity communication function and the UE without supporting AKMA; or, receiving a failure response of the proximity communication function, wherein the failure response is transmitted by the proximity communication function without supporting AKMA.
Optionally, the apparatus may further include: and the first determining module is used for determining the authentication key of the proximity communication.
Optionally, the first determining module includes: a first sending sub-module, configured to send a registration request to the proximity communication function, where the registration request carries a second indication, where the second indication is used to indicate that the first authentication key K needs to be passed AUSF Generating a first key of the PC3 interface; and the first computing sub-module is used for computing the first key.
Optionally, the registration request further includes a third indication and a fourth indication, where the third indication is used to indicate that the UE supports AKMA, and the fourth indication is a proximity services indication; the device may further comprise: and the second computing sub-module is used for computing a second key, wherein the second key is a key for proximity communication.
Optionally, the first determining module is configured to generate a second authentication key K AF The second authentication key is a key of the PC3 interface; alternatively, the second authentication key K is obtained from AAnF AF The second authentication key is a key of the PC3 interface.
Optionally, the apparatus may further include:
a first calculation module for calculating a second authentication key K according to the second authentication key AF Calculating a second key, wherein the second key is a key for proximity communication; and the second calculation module is used for calculating a third key, and the third key is used for encryption and integrity protection of the PC3 interface.
The device provided by the embodiment of the present invention may execute the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein.
It should be noted that, in the embodiment of the present application, the division of the units is schematic, which is merely a logic function division, and other division manners may be implemented in actual practice. In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a processor-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution, in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
As shown in fig. 10, an information processing apparatus of an embodiment of the present invention is applied to a proximity communication function, including: processor 1000, for reading the program in memory 1020, performs the following processes:
acquiring first information;
determining an application layer protection method of a PC3 interface between the proximity communication function and User Equipment (UE) according to the first information;
Wherein the first information includes: subscription information of the UE, application security policy of the network, one item of request information of the UE;
the application layer protection method comprises the following steps: AKMA.
A transceiver 1010 for receiving and transmitting data under the control of the processor 1000.
Wherein in fig. 10, a bus architecture may comprise any number of interconnected buses and bridges, and in particular one or more processors represented by the processor 1000 and various circuits of the memory, represented by the memory 1020, are chained together. The bus architecture may also link together various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are well known in the art and, therefore, will not be described further herein. The bus interface provides an interface. The transceiver 1010 may be a number of elements, i.e., including a transmitter and a receiver, providing a means for communicating with various other apparatus over a transmission medium. The processor 1000 is responsible for managing the bus architecture and general processing, and the memory 1020 may store data used by the processor 1000 in performing operations.
The processor 1010 may be a Central Processing Unit (CPU), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a Field programmable gate array (Field-Programmable Gate Array, FPGA) or a complex programmable logic device (Complex Programmable Logic Device, CPLD), or it may employ a multi-core architecture.
The processor 1000 is responsible for managing the bus architecture and general processing, and the memory 1020 may store data used by the processor 1000 in performing operations.
If the first information includes subscription information of the UE, the processor 1000 is further configured to read the program, and perform the following steps:
acquiring the sign-up information of the Prose of the UE from the UDM;
and if the subscription information of the UE indicates that the UE subscribes to Prose, determining that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA.
If the first information includes an application security policy of the network, the processor 1000 is further configured to read the program and perform the following steps:
receiving a session request of the UE;
requesting the PCF for applying the security policy of the network according to the session request, and receiving the first information of the PCF;
and determining an application layer protection method of a PC3 interface between the proximity communication function and the UE as AKMA according to the first information.
If the first information includes an application security policy of the network, the processor 1000 is further configured to read the program and perform the following steps:
receiving a session request of the UE;
and determining an application layer protection method of a PC3 interface between the proximity communication function and the UE as AKMA according to the session request and the application security policy of the pre-configured network.
If the first information includes the request information of the UE, the processor 1000 is further configured to read the program, and perform the following steps:
receiving request information of the UE, wherein the request information carries a first indication, and the first indication is used for indicating that the UE supports AKMA;
if the proximity communication function is determined to support AKMA according to the request information and the application security policy of the pre-configured network, determining that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA;
if the proximity communication function does not support AKMA according to the request information and the pre-configured application security policy of the network, re-determining an application layer protection method of a PC3 interface between the proximity communication function and the UE, and informing the UE of the re-determined application layer protection method of the PC3 interface between the proximity communication function and the UE; or if the proximity communication function does not support AKMA according to the request information and the application security policy of the pre-configured network, sending a failure response to the UE.
The processor 1000 is further configured to read the program and perform the following steps:
an authentication key for proximity communication is determined.
The processor 1000 is further configured to read the program and perform the following steps:
receiving a registration request of the UE, wherein the registration request carries a second indication, and the second indication is used for indicating that the UE needs to pass through a first authentication key K AUSF Generating a first key of the PC3 interface;
and acquiring the first key from an authentication service function AUSF according to the registration request, wherein the first key is obtained by AUSF calculation.
The processor 1000 is further configured to read the program and perform the following steps:
and acquiring a second key from the AUSF according to the registration request, wherein the registration request further comprises a third indication and a fourth indication, the third indication is used for indicating that the UE supports AKMA, the fourth indication is a proximity service indication, and the second key is a key for proximity communication.
The processor 1000 is further configured to read the program and perform the following steps:
obtaining a second authentication key K from a proximity server or AKMA anchor function AAnF AF The second authentication key is a first key of the PC3 interface.
The processor 1000 is further configured to read the program and perform the following steps:
obtaining a second authentication key K from a proximity server or from an AKMA anchor function AAnF AF The second authentication key is a key of the PC3 interface;
according to the second authentication key K AF A second key is calculated, the second key being a key for proximity communication.
The processor 1000 is further configured to read the program and perform the following steps:
a third key is calculated, which is used for encryption and integrity protection of the PC3 interface.
The device provided by the embodiment of the present invention may execute the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein.
As shown in fig. 11, an information processing apparatus of an embodiment of the present invention, applied to a UE, includes: the processor 1100, configured to read the program in the memory 1120, performs the following procedures:
transmitting request information to a proximity communication function, the request information being for causing the proximity communication function to determine an application layer protection method of a PC3 interface between the proximity communication function and a UE;
the application layer protection method comprises the following steps: AKMA.
A transceiver 1110 for receiving and transmitting data under the control of the processor 1100.
Wherein in fig. 11, a bus architecture may comprise any number of interconnected buses and bridges, and in particular one or more processors represented by processor 1100 and various circuits of memory represented by memory 1120, linked together. The bus architecture may also link together various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are well known in the art and, therefore, will not be described further herein. The bus interface provides an interface. The transceiver 1110 may be a number of elements, i.e., include a transmitter and a receiver, providing a means for communicating with various other apparatus over a transmission medium. The user interface 1130 may also be an interface capable of interfacing with an inscribed desired device for a different user device, including but not limited to a keypad, display, speaker, microphone, joystick, etc.
The processor 1100 is responsible for managing the bus architecture and general processing, and the memory 1120 may store data used by the processor 1100 in performing operations.
The processor 1110 may be a Central Processing Unit (CPU), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a Field programmable gate array (Field-Programmable Gate Array, FPGA) or a complex programmable logic device (Complex Programmable Logic Device, CPLD), or it may employ a multi-core architecture.
Carrying a first indication in the request information, wherein the first indication is used for indicating that the UE supports AKMA; the processor 1100 is further configured to read the program, and perform the following steps:
receiving an application layer protection method of a PC3 interface between a proximity communication function and the UE, which is redetermined by the proximity communication function, wherein the application layer protection method of the PC3 interface between the proximity communication function and the UE is redetermined by the proximity communication function without supporting AKMA;
or, receiving a failure response of the proximity communication function, wherein the failure response is transmitted by the proximity communication function without supporting AKMA.
The processor 1100 is further configured to read the program, and perform the following steps:
An authentication key for proximity communication is determined.
Sending a registration request to the proximity communication function, wherein the registration request carries a second instruction, and the second instruction is used for indicating that the first authentication key K needs to be passed AUSF Generating a first key of the PC3 interface;
a first key is calculated.
The processor 1100 is further configured to read the program, and perform the following steps:
a second key is calculated, the second key being a key for proximity communication.
The processor 1100 is further configured to read the program, and perform the following steps:
generating a second authentication key K AF The second authentication key is a key of the PC3 interface; or alternatively
Obtaining a second authentication key K from AAnF AF The second authentication key is a key of the PC3 interface.
The processor 1100 is further configured to read the program, and perform the following steps:
according to the second authentication key K AF Calculating a second key, wherein the second key is a key for proximity communication;
a third key is calculated, which is used for encryption and integrity protection of the PC3 interface.
The device provided by the embodiment of the present invention may execute the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein.
The embodiment of the invention also provides a readable storage medium, and a program is stored on the readable storage medium, and when the program is executed by a processor, the program realizes the processes of the embodiment of the information processing method, and can achieve the same technical effects, so that repetition is avoided, and the description is omitted here. The readable storage medium may be any available medium or data storage device that can be accessed by a processor, including, but not limited to, magnetic memories (e.g., floppy disks, hard disks, magnetic tapes, magneto-optical disks (MO), etc.), optical memories (e.g., CD, DVD, BD, HVD, etc.), semiconductor memories (e.g., ROM, EPROM, EEPROM, nonvolatile memories (NAND FLASH), solid State Disks (SSD)), etc.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. In light of such understanding, the technical solutions of the present invention may be embodied essentially or in part in the form of a software product stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal (which may be a cell phone, computer, server, air conditioner, or network device, etc.) to perform the methods described in the various embodiments of the present invention.
The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present invention and the scope of the claims, which are to be protected by the present invention.

Claims (38)

1. An information processing method applied to a proximity communication function, comprising:
acquiring first information;
determining an application layer protection method of a PC3 interface between the proximity communication function and User Equipment (UE) according to the first information;
wherein the first information includes: subscription information of the UE, application security policy of the network, one item of request information of the UE;
the application layer protection method comprises the following steps: application layer authentication and key management AKMA.
2. The method according to claim 1, wherein if the first information includes subscription information of the UE, the determining an application layer protection method of a PC3 interface between a proximity communication function and a user equipment UE according to the first information includes:
Acquiring the signing information of the Prose of the UE from a unified data management entity (UDM);
and if the subscription information of the UE indicates that the UE subscribes to the Prose service, determining that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA.
3. The method according to claim 1, wherein if the first information includes an application security policy of the network, the determining an application layer protection method of a PC3 interface between a proximity communication function and a user equipment UE according to the first information comprises:
receiving a session request of the UE;
according to the session request, requesting the PCF for applying the security policy of the network and receiving the first information of the PCF;
and determining an application layer protection method of a PC3 interface between the proximity communication function and the UE as AKMA according to the first information.
4. The method according to claim 1, wherein if the first information includes an application security policy of the network, the determining an application layer protection method of a PC3 interface between a proximity communication function and a user equipment UE according to the first information comprises:
receiving a session request of the UE;
And determining an application layer protection method of a PC3 interface between the proximity communication function and the UE as AKMA according to the session request and the application security policy of the pre-configured network.
5. The method according to claim 1, wherein if the first information includes request information of the UE, the application layer protection method for determining a PC3 interface between a proximity communication function and a user equipment UE according to the first information, comprises:
receiving request information of the UE, wherein the request information carries a first indication, and the first indication is used for indicating that the UE supports AKMA;
if the proximity communication function is determined to support AKMA according to the request information and the application security policy of the pre-configured network, determining that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA;
if the proximity communication function does not support AKMA according to the request information and the pre-configured application security policy of the network, re-determining an application layer protection method of a PC3 interface between the proximity communication function and the UE, and informing the UE of the re-determined application layer protection method of the PC3 interface between the proximity communication function and the UE; or if the proximity communication function does not support AKMA according to the request information and the application security policy of the pre-configured network, sending a failure response to the UE.
6. The method according to claim 1, wherein the method further comprises:
an authentication key for proximity communication is determined.
7. The method of claim 6, wherein the determining the authentication key for proximity communication comprises:
receiving a registration request of the UE, wherein the registration request carries a second indication, and the second indication is used for indicating that the UE needs to pass through a first authentication key K AUSF Generating a first key of the PC3 interface;
and acquiring the first key from an authentication service function AUSF according to the registration request, wherein the first key is obtained by AUSF calculation.
8. The method according to claim 7, characterized in that after said obtaining the first key from the authentication service function AUSF, the method further comprises:
and acquiring a second key from the AUSF according to the registration request, wherein the registration request further comprises a third indication and a fourth indication, the third indication is used for indicating that the UE supports AKMA, the fourth indication is a proximity service indication, and the second key is a key for proximity communication.
9. The method of claim 6, wherein the determining the authentication key for proximity communication comprises:
Obtaining a second authentication key K from a proximity server or AKMA anchor function AAnF AF The second authentication key is a first key of the PC3 interface.
10. The method of claim 9, wherein the determining the authentication key for the proximity communication comprises:
according to the second authentication key K AF A second key is calculated, the second key being a key for proximity communication.
11. The method according to claim 10, characterized in that, in said step of obtaining said second authentication key K AF After calculating the second key, the method further comprises:
a third key is calculated, which is used for encryption and integrity protection of the PC3 interface.
12. An information processing method applied to a UE, comprising:
transmitting request information to a proximity communication function, the request information being for causing the proximity communication function to determine an application layer protection method of a PC3 interface between the proximity communication function and a UE;
the application layer protection method comprises the following steps: AKMA.
13. The method according to claim 12, characterized in that a first indication is carried in the request information, the first indication being used to indicate that the UE supports AKMA; the method further comprises the steps of:
Receiving an application layer protection method of a PC3 interface between a proximity communication function and the UE, which is redetermined by the proximity communication function, wherein the application layer protection method of the PC3 interface between the proximity communication function and the UE is redetermined by the proximity communication function without supporting AKMA;
or, receiving a failure response of the proximity communication function, wherein the failure response is transmitted by the proximity communication function without supporting AKMA.
14. The method of claim 12, wherein after said sending the request information to the proximity communication function, the method further comprises:
an authentication key for proximity communication is determined.
15. The method of claim 14, wherein the determining the authentication key for the proximity communication comprises:
sending a registration request to the proximity communication function, wherein the registration request carries a second instruction, and the second instruction is used for indicating that the first authentication key K needs to be passed AUSF Generating a first key of the PC3 interface;
a first key is calculated.
16. The method of claim 15, wherein the registration request further comprises a third indication and a fourth indication, the third indication indicating that the UE supports AKMA, the fourth indication being a proximity services indication; after said computing the first key, the method further comprises:
A second key is calculated, the second key being a key for proximity communication.
17. The method of claim 14, wherein the determining the authentication key for the proximity communication comprises:
generating a second authentication key K AF The second authentication keyIs the first key of the PC3 interface.
18. The method of claim 17, wherein the method further comprises:
according to the second authentication key K AF Calculating a second key, wherein the second key is a key for proximity communication;
a third key is calculated, which is used for encryption and integrity protection of the PC3 interface.
19. An information processing apparatus applied to a proximity communication function, comprising:
the first acquisition module is used for acquiring first information;
a first determining module, configured to determine an application layer protection method of a PC3 interface between the proximity communication function and the UE according to the first information;
wherein the first information includes: subscription information of the UE, application security policy of the network, one item of request information of the UE;
the application layer protection method comprises the following steps: AKMA.
20. An information processing apparatus, applied to a UE, comprising:
A first transmitting module for transmitting request information to a proximity communication function, the request information being for causing the proximity communication function to determine an application layer protection method of a PC3 interface between the proximity communication function and a UE;
the application layer protection method comprises the following steps: AKMA.
21. An information processing apparatus applied to a proximity communication function, comprising: a transceiver, a memory, a processor, and a program stored on the memory and executable on the processor; the processor is used for reading the program in the memory and executing the following processes:
acquiring first information;
determining an application layer protection method of a PC3 interface between the proximity communication function and the UE according to the first information;
wherein the first information includes: subscription information of the UE, application security policy of the network, one item of request information of the UE;
the application layer protection method comprises the following steps: AKMA.
22. The apparatus of claim 21, wherein if the first information includes subscription information of the UE, the processor is further configured to read a program in a memory to perform the following procedure:
acquiring the sign-up information of the Prose of the UE from the UDM;
And if the subscription information of the UE indicates that the UE subscribes to Prose, determining that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA.
23. The apparatus of claim 21, wherein if the first information includes an application security policy of the network, the processor is further configured to read a program in a memory to perform the following:
receiving a session request of the UE;
requesting the PCF for applying the security policy of the network according to the session request, and receiving the first information of the PCF;
and determining an application layer protection method of a PC3 interface between the proximity communication function and the UE as AKMA according to the first information.
24. The apparatus of claim 21, wherein if the first information includes an application security policy of the network, the processor is further configured to read a program in a memory to perform the following:
receiving a session request of the UE;
and determining an application layer protection method of a PC3 interface between the proximity communication function and the UE as AKMA according to the session request and the application security policy of the pre-configured network.
25. The apparatus of claim 21, wherein if the first information includes request information of the UE, the processor is further configured to read a program in a memory to perform the following procedure:
Receiving request information of the UE, wherein the request information carries a first indication, and the first indication is used for indicating that the UE supports AKMA;
if the proximity communication function is determined to support AKMA according to the request information and the application security policy of the pre-configured network, determining that an application layer protection method of a PC3 interface between the proximity communication function and the UE is AKMA;
if the proximity communication function does not support AKMA according to the request information and the pre-configured application security policy of the network, re-determining an application layer protection method of a PC3 interface between the proximity communication function and the UE, and informing the UE of the re-determined application layer protection method of the PC3 interface between the proximity communication function and the UE; or if the proximity communication function does not support AKMA according to the request information and the application security policy of the pre-configured network, sending a failure response to the UE.
26. The apparatus of claim 21, wherein the processor is further configured to read a program in the memory to perform the following:
an authentication key for proximity communication is determined.
27. The apparatus of claim 26, wherein the processor is further configured to read a program in the memory to perform the following:
Receiving a registration request of the UE, wherein the registration request carries a second indication, and the second indication is used for indicating that the UE needs to pass through a first authentication key K AUSF Generating a first key of the PC3 interface;
and acquiring the first key from an authentication service function AUSF according to the registration request, wherein the first key is obtained by AUSF calculation.
28. The apparatus of claim 27, wherein the processor is further configured to read a program in the memory to perform the following:
and acquiring a second key from the AUSF according to the registration request, wherein the registration request further comprises a third indication and a fourth indication, the third indication is used for indicating that the UE supports AKMA, the fourth indication is a proximity service indication, and the second key is a key for proximity communication.
29. The apparatus of claim 26, wherein the processor is further configured to read a program in the memory to perform the following:
obtaining a second authentication key K from a proximity server or AKMA anchor function AAnF AF The second authentication key is a first key of the PC3 interface.
30. The apparatus of claim 29, wherein the processor is further configured to read a program in the memory to perform the following:
According to the second authentication key K AF A second key is calculated, the second key being a key for proximity communication.
31. The apparatus of claim 30, wherein the processor is further configured to read a program in the memory to perform the following:
a third key is calculated, which is used for encryption and integrity protection of the PC3 interface.
32. An information processing apparatus, applied to a UE, comprising: a transceiver, a memory, a processor, and a program stored on the memory and executable on the processor; the processor is used for reading the program in the memory and executing the following processes:
transmitting request information to a proximity communication function, the request information being for causing the proximity communication function to determine an application layer protection method of a PC3 interface between the proximity communication function and a UE;
the application layer protection method comprises the following steps: AKMA.
33. The apparatus of claim 32, wherein a first indication is carried in the request information, the first indication being used to indicate that the UE supports AKMA; the processor is also used for reading the program in the memory and executing the following processes:
Receiving an application layer protection method of a PC3 interface between a proximity communication function and the UE, which is redetermined by the proximity communication function, wherein the application layer protection method of the PC3 interface between the proximity communication function and the UE is redetermined by the proximity communication function without supporting AKMA;
or, receiving a failure response of the proximity communication function, wherein the failure response is transmitted by the proximity communication function without supporting AKMA.
34. The apparatus of claim 32, wherein the processor is further configured to read a program in the memory to perform the following:
an authentication key for proximity communication is determined.
35. The apparatus of claim 34, wherein the processor is further configured to read a program in the memory to perform the following:
sending a registration request to the proximity communication function, wherein the registration request carries a second instruction, and the second instruction is used for indicating that the first authentication key K needs to be passed AUSF Generating a first key of the PC3 interface;
a first key is calculated.
36. The apparatus of claim 35, wherein the registration request further comprises a third indication and a fourth indication, the third indication indicating that the UE supports AKMA, the fourth indication being a proximity services indication; the processor is also used for reading the program in the memory and executing the following processes:
A second key is calculated, the second key being a key for proximity communication.
37. The apparatus of claim 35, wherein the processor is further configured to read a program in the memory to perform the following:
a third key is calculated, which is used for encryption and integrity protection of the PC3 interface.
38. A readable storage medium storing a program, wherein the program when executed by a processor implements the steps in the information processing method according to any one of claims 1 to 18.
CN202010810605.2A 2020-08-11 2020-08-11 Information processing method, device, equipment and readable storage medium Active CN114079918B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010810605.2A CN114079918B (en) 2020-08-11 2020-08-11 Information processing method, device, equipment and readable storage medium
PCT/CN2021/111296 WO2022033405A1 (en) 2020-08-11 2021-08-06 Information processing method and apparatus, device, and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010810605.2A CN114079918B (en) 2020-08-11 2020-08-11 Information processing method, device, equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN114079918A CN114079918A (en) 2022-02-22
CN114079918B true CN114079918B (en) 2024-02-02

Family

ID=80247697

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010810605.2A Active CN114079918B (en) 2020-08-11 2020-08-11 Information processing method, device, equipment and readable storage medium

Country Status (2)

Country Link
CN (1) CN114079918B (en)
WO (1) WO2022033405A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105025478A (en) * 2014-04-30 2015-11-04 中兴通讯股份有限公司 D2D communication safe configuration method, and ProSe key management function entity, terminal and system
CN106797668A (en) * 2014-10-03 2017-05-31 交互数字专利控股公司 For the optimization processing of ProSe communications
CN111147231A (en) * 2018-11-05 2020-05-12 华为技术有限公司 Key agreement method, related device and system
WO2020152087A1 (en) * 2019-01-21 2020-07-30 Telefonaktiebolaget Lm Ericsson (Publ) Key revocation for the authentication and key management for applications feature in 5g

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ES2833292T3 (en) * 2013-10-30 2021-06-14 Nec Corp Device, system and method of secure direct communication in proximity-based services

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105025478A (en) * 2014-04-30 2015-11-04 中兴通讯股份有限公司 D2D communication safe configuration method, and ProSe key management function entity, terminal and system
CN106797668A (en) * 2014-10-03 2017-05-31 交互数字专利控股公司 For the optimization processing of ProSe communications
CN111147231A (en) * 2018-11-05 2020-05-12 华为技术有限公司 Key agreement method, related device and system
WO2020152087A1 (en) * 2019-01-21 2020-07-30 Telefonaktiebolaget Lm Ericsson (Publ) Key revocation for the authentication and key management for applications feature in 5g

Also Published As

Publication number Publication date
WO2022033405A1 (en) 2022-02-17
CN114079918A (en) 2022-02-22

Similar Documents

Publication Publication Date Title
US11824981B2 (en) Discovery method and apparatus based on service-based architecture
US10959092B2 (en) Method and system for pairing wireless mobile device with IoT device
US8595807B2 (en) Method, system, and device for implementing device addition in Wi-Fi device to device network
KR102332020B1 (en) Communication method and communication device
CN109428874B (en) Registration method and device based on service architecture
JP5468623B2 (en) Apparatus and method for protecting bootstrap messages in a network
JP6757845B2 (en) Behavior related to user devices that use secret identifiers
US8914066B2 (en) Field programming of a mobile station with subscriber identification and related information
JP2018532325A (en) User equipment UE access method, access device, and access system
CN110366159B (en) Method and equipment for acquiring security policy
US10158993B2 (en) Wireless communications
EP2922325B1 (en) Method and apparatus for communication security processing
CN116746182A (en) Secure communication method and apparatus
CN114079915A (en) Method, system and device for determining user plane security algorithm
US20220295276A1 (en) Mobile device authentication without electronic subscriber identity module (esim) credentials
US20240089728A1 (en) Communication method and apparatus
CN116530117A (en) WiFi security authentication method and communication device
CN114079918B (en) Information processing method, device, equipment and readable storage medium
CN111866870B (en) Key management method and device
CN116567590A (en) Authorization method and device
CN117135634A (en) Wireless network access method, device, system, storage medium and electronic equipment
CN116264688A (en) Key generation method, device, equipment and readable storage medium
CN117062073A (en) Security authentication method, device, computer equipment and storage medium
CN113556736A (en) Access method, server, terminal to be accessed, electronic device and storage medium
CN117378231A (en) Authentication method, authentication device, authentication medium and authentication chip

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant