CN115334504A

CN115334504A - Key transmission method and device for temporary group, terminal and network side equipment

Info

Publication number: CN115334504A
Application number: CN202110507622.3A
Authority: CN
Inventors: 张玲; 梁亚从; 周巍
Original assignee: Datang Mobile Communications Equipment Co Ltd
Current assignee: Datang Mobile Communications Equipment Co Ltd
Priority date: 2021-05-10
Filing date: 2021-05-10
Publication date: 2022-11-11
Also published as: WO2022237421A1

Abstract

The embodiment of the invention provides a method, a device, a terminal and network side equipment for key transmission of a temporary group, wherein the method comprises the following steps: under the condition that a first request sent by a first terminal meets a first preset condition, sending a recombination request to a group management server GMS; the recombination request carries temporary group member identification information corresponding to the first request; receiving first response information sent by the GMS according to the recombination request; wherein the first response information carries a temporary group identifier; generating a random number corresponding to the temporary group identifier, wherein the random number is used for the first terminal and the second terminal to determine a session key corresponding to the first request; and the second terminal is a terminal corresponding to the temporary group member identification information. By the scheme, the problem that the prior art can only provide key distribution for the temporary group building process based on predefined dynamic recombination and is not suitable for the temporary group call flow in the Ad-hoc mode is solved, and the application range is wider.

Description

Key transmission method and device for temporary group, terminal and network side equipment

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, a terminal, and a network device for transmitting a key of a temporary group.

Background

MC (Mission Critical) Group services use a Group Key GMK (Group Master Key) to perform security protection on the content of each Group service, and each GMK is shared by the Group members. After a Group is created in a GMS (Group Management Server), the GMS needs to distribute the GMK of the Group to MC Service clients (Mission Critical Service clients) of corresponding Group members, where the MC Service clients are on MC Service UEs (Mission Critical Service User Equipment). After creating a group, the GMS grasps the relationship between a group and the group member users contained in the group, and the group member users are identified by MC Service ID.

The GMS requests the GMK and the identification GMK ID corresponding to the GMK to be used in a group from a KMS (Key Management Server), and the KMS is responsible for generating and configuring keys and related information and sending the keys and the related information to the GMS. The GMS encrypts the GMK and distributes it to the group members.

However, the prior art can only provide key distribution for the temporary group building process based on predefined dynamic reorganization, and is not suitable for the Ad-hoc mode temporary group call flow.

Disclosure of Invention

The invention aims to provide a secret key transmission method, a secret key transmission device, a terminal and network side equipment of a temporary group, and aims to solve the problem that the secret key transmission method in the prior art cannot be compatible with the temporary group call based on predefined dynamic recombination and the temporary group call in an Ad-hoc mode.

In order to achieve the above object, the present invention provides a method for transmitting a key of a temporary group, which is performed by a network side device, and includes:

under the condition that a first request sent by a first terminal meets a first preset condition, sending a recombination request to a group management server GMS; the restructuring request carries temporary group member identification information corresponding to the first request;

receiving first response information sent by the GMS according to the recombination request; wherein, the first response information carries a temporary group identifier;

generating a random number corresponding to the temporary group identifier, wherein the random number is used for the first terminal and the second terminal to determine a session key corresponding to the first request; and the second terminal is a terminal corresponding to the temporary group member identification information.

Wherein, before sending the reassembly request to the group management server GMS, the method further comprises:

sending a key material request to a key management server KMS;

receiving second response information sent by the KMS according to the key material request; wherein the second response information includes a temporary group key and a temporary group key identification.

Wherein the first request carries the temporary group member identification information.

Wherein the first preset condition is one of the following conditions:

the first request is a first group call request, and the call type corresponding to the first group call request is a temporary group call in an ad-hoc mode;

the first request is a predefined dynamic reassembly request.

Wherein, in case that the first request is a first group call request, after generating a random number corresponding to the temporary group identifier, the method further comprises:

sending a second group of call requests to the second terminal; the second group of calling requests carry the random number, the temporary group identifier and the calling type corresponding to the first group of calling requests;

receiving third response information sent by the second terminal according to the second group of calling requests; the third response information is used for indicating that the second terminal has joined the temporary group call corresponding to the first request;

sending fourth response information to the first terminal; the fourth response information is used for indicating that the establishment of the temporary group call corresponding to the first request is successful; the fourth response information carries a temporary group identifier and a random number.

Wherein, in case the first request is a predefined dynamic reassembly request, after generating a random number corresponding to the temporary group identity, the method further comprises:

sending the predefined dynamic reassembly request to the second terminal;

receiving fifth response information sent by the second terminal according to the predefined dynamic restructuring request;

establishing a group association relationship between the second terminal and the temporary group identifier;

sending a sixth response message to the first terminal; wherein the sixth response information carries a temporary group identifier and a random number.

Wherein the method further comprises:

receiving a third group of calling requests sent by the first terminal; wherein, the third group call request carries the temporary group identifier;

sending a fourth group calling request to the second terminal associated with the temporary group identifier; wherein, the fourth group of calling requests carries the random number and the temporary group identifier;

receiving seventh response information sent by the second terminal according to the predefined dynamic restructuring request; the seventh response message is used to indicate that the second terminal has joined the temporary group call corresponding to the first request;

sending eighth response information to the first terminal; the eighth response information carries a temporary group identifier, and the eighth response information is used to indicate that the temporary group call is successfully established.

Wherein the method further comprises:

encrypting the temporary group key and the temporary group key identification with a preset key while communicating with the GMS.

An embodiment of the present invention further provides a method for transmitting a key of a temporary group, where the method is executed by a first terminal, and the method includes:

sending a first request to network side equipment; wherein, the first request carries temporary group member identification information;

receiving a group configuration request sent by the GMS; the group configuration request carries a temporary group identifier, a temporary group key and a temporary group key identifier, the group configuration request is sent according to a reassembly request sent by a network side device, the reassembly request is sent by the network side device under the condition that the first request meets a first preset condition, and the reassembly request carries temporary group member identifier information, the temporary group key and the temporary group key identifier corresponding to the first request;

acquiring a random number; the random number corresponds to a temporary group identifier in first response information sent by the GMS, where the first response information is sent by the GMS according to a reassembly request sent by the network side device;

and determining a session key corresponding to the first request according to the temporary group identifier, the temporary group key identifier and the random number.

The first request is a first group calling request, and the calling type corresponding to the first group calling request is a temporary group calling in an ad-hoc mode; alternatively, the first and second liquid crystal display panels may be,

the first request is a predefined dynamic reassembly request.

Wherein, in case that the first request is a first group call request, the acquiring the random number includes:

receiving fourth response information sent by the network side equipment; the fourth response information is used for indicating that the temporary group call is successfully established corresponding to the first request; the fourth response information carries a temporary group identifier and a random number.

Wherein, in case that the first request is a predefined dynamic reassembly request, the obtaining a random number comprises:

receiving sixth response information sent by the network side equipment; wherein the sixth response information carries a temporary group identifier and a random number.

After receiving the sixth response information sent by the network-side device, the method further includes:

sending a third group of calling requests to the network side equipment; wherein, the third group call request carries the temporary group identifier;

receiving eighth response information sent by the network side equipment; the eighth response information carries a temporary group identifier, and the eighth response information is used for indicating that the establishment of the temporary group call is successful.

After receiving the group configuration request sent by the GMS, the method further includes:

sending tenth response information to the GMS according to the group configuration request; wherein the tenth response information is used to indicate that the first terminal has accepted the group configuration request.

An embodiment of the present invention further provides a method for transmitting a key of a temporary group, where the method is executed by a second terminal, and the method includes:

receiving a group configuration request sent by the GMS; the group configuration request carries a temporary group identifier, a temporary group key and a temporary group key identifier, the group configuration request is sent according to a reassembly request sent by a network side device, the reassembly request is sent by the network side device under the condition that a first request meets a first preset condition, and the reassembly request carries temporary group member identifier information, the temporary group key and the temporary group key identifier corresponding to the first request;

transmitting ninth response information to the GMS according to the group configuration request; wherein the ninth response information is used to indicate that the second terminal has accepted the group configuration request.

Wherein the obtaining the random number comprises:

receiving a second group of calling requests sent by the network side equipment; wherein the second group call request carries a random number, the temporary group identifier and a call type.

Wherein the method further comprises:

sending third response information to the network side equipment; and the third response information is used for indicating that the second terminal has joined the temporary group call corresponding to the first request.

Wherein the method further comprises:

receiving a predefined dynamic restructuring request sent by network side equipment;

and sending fifth response information to the network side equipment according to the predefined dynamic restructuring request.

Wherein the obtaining the random number includes:

receiving a fourth group of calling requests sent by the network side equipment; wherein the fourth group call request carries a random number and the temporary group identifier.

Wherein the method further comprises:

sending a seventh response message to the network side equipment according to the fourth group call request; and the seventh response message is used for indicating that the second terminal has joined the temporary group call corresponding to the first request.

The embodiment of the invention also provides a method for transmitting the key of the temporary group, which is executed by the GMS and comprises the following steps:

receiving a recombination request sent by network side equipment; the recombination request carries temporary group member identification information, a temporary group key and a temporary group key identification;

according to the recombination request, sending a group configuration request to a first terminal and a second terminal corresponding to the temporary group member identification information; wherein, the group configuration request carries a temporary group identifier, the temporary group key and the temporary group key identifier;

receiving ninth response information sent by the second terminal according to the group configuration request, and receiving tenth response information sent by the first terminal according to the group configuration request;

sending first response information to the network side equipment; wherein the first response information carries a temporary group identifier.

Wherein the method further comprises:

and encrypting the temporary group key and the temporary group key identification by using a preset key when communicating with the network side equipment.

The embodiment of the present invention further provides a key transmission method for a temporary group, which is executed by a KMS, and includes:

receiving a key material request sent by network side equipment;

sending second response information to the network side equipment; and the second response information comprises the temporary group key and the corresponding temporary group key identification thereof.

An embodiment of the present invention further provides a network side device, including a memory, a transceiver, and a processor:

a memory for storing a computer program; a transceiver for transceiving data under control of the processor; a processor for reading the computer program in the memory and performing the following:

sending a key material request to a key management server KMS;

Wherein the first preset condition is one of the following conditions:

the first request is a predefined dynamic reassembly request.

Wherein, in the event that the first request is a first group call request, after generating a random number corresponding to the temporary group identification, the processor is further configured to read the computer program in the memory and perform the following:

Wherein, in the event that the first request is a predefined dynamic reassembly request, after generating a random number corresponding to the temporary group identification, the processor is further configured to read the computer program in the memory and perform the following:

sending the predefined dynamic reassembly request to the second terminal;

sending sixth response information to the first terminal; wherein the sixth response information carries a temporary group identifier and a random number.

Wherein the processor is further configured to read the computer program in the memory and perform the following operations:

receiving a third group of calling requests sent by the first terminal; wherein the third group call request carries the temporary group identifier;

sending eighth response information to the first terminal; the eighth response information carries a temporary group identifier, and the eighth response information is used for indicating that the establishment of the temporary group call is successful.

The embodiment of the present invention further provides a device for transmitting a temporary group key, which is applied to a network side device, and includes:

the first request unit is used for sending a recombination request to the group management server GMS under the condition that a first request sent by the first terminal meets a first preset condition; the restructuring request carries temporary group member identification information corresponding to the first request;

a first receiving unit, configured to receive first response information sent by the GMS according to the reassembly request; wherein, the first response information carries a temporary group identifier;

An embodiment of the present invention further provides a terminal, where the terminal is a first terminal, and includes a memory, a transceiver, and a processor:

a memory for storing a computer program; a transceiver for transceiving data under control of the processor; a processor for reading the computer program in the memory and performing the following operations:

sending a first request to network side equipment; the first request carries temporary group member identification information;

The first request is a first group calling request, and the calling type corresponding to the first group calling request is a temporary group calling in an ad-hoc mode; alternatively, the first and second electrodes may be,

the first request is a predefined dynamic reassembly request.

Wherein, in the event that the first request is a first set of call requests, the processor is further configured to read the computer program in the memory and perform the following:

Wherein, in the case that the first request is a predefined dynamic reassembly request, the processor is further to read the computer program in the memory and perform the following:

Wherein, after receiving the sixth response information sent by the network-side device, the processor is further configured to read the computer program in the memory and perform the following operations:

Wherein, after receiving a group configuration request sent by the GMS, the processor is further configured to read the computer program in the memory and perform the following operations:

An embodiment of the present invention further provides a device for transmitting a key of a temporary group, which is applied to a first terminal, and includes:

the first calling unit is used for sending a first request to the network side equipment; the first request carries temporary group member identification information;

the first recombination unit is used for receiving a group configuration request sent by the GMS; the group configuration request carries a temporary group identifier, a temporary group key and a temporary group key identifier, the group configuration request is sent according to a reassembly request sent by a network side device, the reassembly request is sent by the network side device under the condition that the first request meets a first preset condition, and the reassembly request carries temporary group member identifier information, the temporary group key and the temporary group key identifier corresponding to the first request;

The embodiment of the present invention further provides a terminal, where the terminal is a second terminal, and the terminal includes a memory, a transceiver, and a processor:

a memory for storing a computer program; a transceiver for transceiving data under the control of the processor; a processor for reading the computer program in the memory and performing the following:

transmitting ninth response information to the GMS according to the group configuration request; wherein the ninth response information is used for indicating that the second terminal has accepted the group configuration request.

Wherein the processor is further configured to read the computer program in the memory and perform the following:

receiving a fourth group of calling requests sent by the network side equipment; wherein the fourth group of call requests carries a random number and the temporary group identifier.

The embodiment of the present invention further provides a device for transmitting a temporary group key, which is applied to a second terminal, and includes:

a second receiving unit, configured to receive a group configuration request sent by the GMS; the group configuration request carries a temporary group identifier, a temporary group key and a temporary group key identifier, the group configuration request is sent according to a reassembly request sent by a network side device, the reassembly request is sent by the network side device under the condition that a first request meets a first preset condition, and the reassembly request carries temporary group member identifier information, the temporary group key and the temporary group key identifier corresponding to the first request;

a second acquisition unit configured to acquire a random number; the random number corresponds to a temporary group identifier in first response information sent by the GMS, where the first response information is sent by the GMS according to a reassembly request sent by the network side device;

and a second determining unit, configured to determine a session key corresponding to the first request according to the temporary group identifier, the temporary group key identifier, and the random number.

The embodiment of the invention also provides a GMS, which comprises a memory, a transceiver and a processor:

sending a group configuration request to a first terminal and a second terminal corresponding to the temporary group member identification information according to the recombination request; wherein, the group configuration request carries a temporary group identifier, the temporary group key and the temporary group key identifier;

An embodiment of the present invention further provides a device for transmitting a key of a temporary group, which is applied to GMS, and includes:

a fourth receiving unit, configured to receive a reassembly request sent by a network side device; the recombination request carries temporary group member identification information, a temporary group key and a temporary group key identification;

a second sending unit, configured to send a group configuration request to the first terminal and the second terminal corresponding to the temporary group member identification information according to the reassembly request; wherein, the group configuration request carries a temporary group identifier, the temporary group key and the temporary group key identifier;

a fifth receiving unit, configured to receive ninth response information sent by the second terminal according to the group configuration request, and receive tenth response information sent by the first terminal according to the group configuration request;

a first response unit, configured to send first response information to the network side device; wherein the first response information carries a temporary group identifier.

The embodiment of the invention also provides a KMS, which comprises a memory, a transceiver and a processor:

receiving a key material request sent by network side equipment;

The embodiment of the present invention further provides a device for transmitting a key of a temporary group, which is applied to a KMS, and includes:

a third receiving unit, configured to receive a key material request sent by a network side device;

a second response unit, configured to send second response information to the network side device; and the second response information comprises the temporary group key and the corresponding temporary group key identification thereof.

An embodiment of the present invention further provides a processor-readable storage medium, where the processor-readable storage medium stores a computer program, and the computer program is configured to enable the processor to perform the method described above.

The technical scheme of the invention at least has the following beneficial effects:

according to the technical scheme of the embodiment of the invention, the temporary group service related safety information (the random number, the temporary group key and the temporary group key identification) is generated in the service control server, so that the temporary group service related safety information can be issued to the terminal in the subsequent group calling process without paying attention to whether a group calling object belongs to a group, the temporary group calling based on the predefined dynamic recombination and the temporary group calling based on the Ad-hoc mode can be compatible, and the application range is wider.

Drawings

Fig. 1 is a block diagram of a wireless communication system according to an embodiment of the present application;

FIG. 2 is a diagram of a 3GPP MC system architecture in the prior art;

FIG. 3 is a first flowchart illustrating a key transmission method according to an embodiment of the present invention;

fig. 4 is a flowchart illustrating a key transmission method according to an embodiment of the present invention, which is used for a temporary group call in an Ad-hoc mode;

FIG. 5 is a flowchart illustrating a key transmission method for predefined dynamic reassembly according to an embodiment of the present invention;

FIG. 6 is a second schematic diagram illustrating a key transmission method for predefined dynamic reassembly according to an embodiment of the present invention;

FIG. 7 is a flowchart illustrating a second key transmission method according to an embodiment of the present invention;

FIG. 8 is a flowchart of a key transmission method according to a third embodiment of the present invention;

FIG. 9 is a flowchart illustrating a fourth method for key transmission according to an embodiment of the present invention;

fig. 10 is a schematic flow chart of a key transmission method according to an embodiment of the present invention;

fig. 11 is a schematic diagram of a network-side device according to an embodiment of the present invention;

fig. 12 is a schematic diagram of a terminal structure according to an embodiment of the present invention;

FIG. 13 is a first schematic diagram illustrating a first exemplary embodiment of a key transmission apparatus for a temporary group;

FIG. 14 is a schematic diagram of a second embodiment of a key transmission apparatus for a temporary group;

FIG. 15 is a schematic diagram of a third exemplary embodiment of a key transmission apparatus for a temporary group;

FIG. 16 is a schematic diagram illustrating a fourth exemplary embodiment of a key transmission apparatus for a temporary group;

fig. 17 is a schematic structural diagram of a key transmission apparatus for temporary group according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.

In the embodiment of the present application, the term "and/or" describes an association relationship of associated objects, and means that there may be three relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.

In the embodiments of the present application, the term "plurality" means two or more, and other terms are similar thereto.

It is noted that the technical solutions provided in the embodiments of the present application can be applied to various systems, especially 5G systems. For example, the applicable system may be a global system for mobile communications (GMS) system, a Code Division Multiple Access (CDMA) system, a Wideband Code Division Multiple Access (WCDMA) General Packet Radio Service (GPRS) system, a long term evolution (long term evolution, LTE) system, an LTE frequency Division duplex (frequency Division duplex, FDD) system, an LTE Time Division Duplex (TDD) system, an LTE-a (long term evolution, LTE-a) system, a universal mobile system (universal mobile telecommunications system, UMTS), a Universal Mobile Telecommunications System (UMTS), a Worldwide Interoperability for Mobile Access (WiMAX) system, a New Radio Access (NR 5, new NR) system, etc. These various systems include terminals and network devices. The System may further include a core network portion, such as an Evolved Packet System (EPS), a 5G System (5 GS), and the like.

Fig. 1 shows a block diagram of a wireless communication system to which embodiments of the present application are applicable. The wireless communication system includes a terminal and a network device.

The terminal referred to in the embodiments of the present application may refer to a device providing voice and/or data connectivity to a user, a handheld device having a wireless connection function, or other processing device connected to a wireless modem. In different systems, the names of terminals may be different, for example, in a 5G system, a terminal may be called a User Equipment (UE). A wireless terminal, which may be a mobile terminal such as a mobile telephone (or "cellular" telephone) and a computer having a mobile terminal, for example, a portable, pocket, hand-held, computer-included, or vehicle-mounted mobile device, may communicate with one or more Core Networks (CNs) via a Radio Access Network (RAN). Examples of such devices include Personal Communication Service (PCS) phones, cordless phones, session Initiation Protocol (SIP) phones, wireless Local Loop (WLL) stations, and Personal Digital Assistants (PDAs). A wireless terminal may also be referred to as a system, a subscriber unit (subscriber unit), a subscriber station (subscriber station), a mobile station (mobile), a remote station (remote station), an access point (access point), a remote terminal (remote terminal), an access terminal (access terminal), a user terminal (user terminal), a user agent (user agent), and a user device (user device), which are not limited in this embodiment.

The network device according to the embodiment of the present application may be a base station, and the base station may include a plurality of cells for serving a terminal. A base station may also be referred to as an access point, or a device in an access network that communicates over the air-interface, through one or more sectors, with wireless terminals, or by other names, depending on the particular application. The network device may be configured to exchange received air frames with Internet Protocol (IP) packets as a router between the wireless terminal and the rest of the access network, which may include an Internet Protocol (IP) communication network. The network device may also coordinate attribute management for the air interface. For example, the network device according to the embodiment of the present application may be a Base Transceiver Station (BTS) in a Global System for Mobile communications (GMS) or a Code Division Multiple Access (CDMA), a network device (NodeB) in a Wideband Code Division Multiple Access (WCDMA), a evolved Node B (eNB) or an e-NodeB) in a Long Term Evolution (LTE) System, a 5G Base Station (gNB) in a 5G network architecture (next generation System), a Home evolved Node B (Home B, heNB), a relay Node (relay Node), a Home Base Station (femto), a pico Base Station (pico), and the like, which are not limited in the embodiments of the present application. In some network architectures, a network device may include a Centralized Unit (CU) node and a Distributed Unit (DU) node, which may also be geographically separated.

The network device and the terminal may each use one or more antennas for Multiple Input Multiple Output (MIMO) transmission, and the MIMO transmission may be Single User MIMO (SU-MIMO) or Multi-User MIMO (MU-MIMO). According to the form and the number of the root antenna combination, the MIMO transmission can be 2D-MIMO, 3D-MIMO, FD-MIMO or massive-MIMO, and can also be diversity transmission, precoding transmission, beamforming transmission, etc.

The following first introduces the contents related to the scheme provided in the embodiments of the present application.

Regarding the architecture and existing security scheme of 3GPP (3 rd Generation Partnership Project, international organization for standardization third Generation Partnership Project) MCPTT:

as shown in fig. 2, the architecture of a 3GPP MC Service system is shown, where a MC Service Server (Mission Critical Service Server) is responsible for MC Service control, including call establishment, associating a called user to a Group, and querying a Group member from a GMS (Group Management Server); the Client corresponding to the MC Service Server is an MC Service Client (MCPTT Server, MCvideo Server and MCData Server respectively correspond to the MCPTT Client, the MCvideo Client and the MCData Client), and the Client and the Server are communicated through MCPTT-1, MCvideo-1 and MCData-cap-1 interfaces respectively.

The GMS is responsible for group establishment and deletion; management and updating (i.e. adding, deleting and changing) of group members; the group configuration information is sent to the group members; the group key (GMK) is issued to the group members; group identifications (i.e., group IDs) are assigned and maintained. The corresponding Client of the GMS is a Group Management Client (GMC) and communicates with the GMS through a CSC-2 interface.

The KMS (Key Management Server) is responsible for providing the MC Service Server (through the CSC-9 interface) and the GMS (through the CSC-10 interface) with the group end-to-end encrypted keys and related security information. The corresponding Client of the KMS is Key Management Client (KMC) and is communicated with the KMS through a CSC-8 interface.

However, the temporary group key distribution scheme in the prior art requires the following restrictions:

key distribution only suitable for predefined dynamic restructuring, not suitable for other temporary groups;

the temporary group member needs to belong to an existing group in advance, and the terminal distributes a default group key GMK through the GMS;

the temporary group members must belong to a predefined default group, which is not suitable for initiating temporary group calling to users of different groups temporarily in emergency or special scenes, and the applicable scenes are relatively limited;

the terminal generates the security information (random number) of the group, which has higher security risk compared with the security information generated by the service control server and is easy to steal or tamper; according to the existing standard definition, only the single call condition can generate the safety information by the terminal side, thus not meeting the functional requirement of centralized control on the group service in the current architecture.

Based on the above, embodiments of the present application provide a method, an apparatus, a terminal and a network side device for key transmission of a temporary group, so as to solve a problem that a key transmission method in the prior art cannot be compatible with a temporary group call based on predefined dynamic reconfiguration and a temporary group call in an Ad-hoc mode.

The method, the device, the terminal and the network side equipment are based on the same application concept, and because the principles of solving the problems of the method, the device, the terminal and the network side equipment are similar, the implementation of the method, the device, the terminal and the network side equipment can be mutually referred, and repeated parts are not repeated.

As shown in fig. 3, a method for transmitting a key of a temporary group provided in an embodiment of the present application is executed by a network side device, and includes:

step 301: under the condition that a first request sent by a first terminal meets a first preset condition, sending a recombination request to a group management server GMS; wherein the reassembly request carries temporary group member identification information corresponding to the first request.

Optionally, the reassembly request further carries a temporary group key and a temporary group key identifier corresponding to the first request.

In this step, when the first request received by the network device satisfies the first preset condition, the generation and issuing process of the temporary group key (i.e., T-GMK), the temporary group identity (i.e., T-GID), and the random number (i.e., RAND) may be triggered. Therefore, as long as the first terminal sends the first request meeting the first preset condition to the network device, the generation and the issuing of the required safety information in the temporary group call can be completed by using the key transmission method of the temporary group in the embodiment of the invention, so that the method can be suitable for different temporary group call models.

Step 302: receiving first response information sent by the GMS according to the recombination request; wherein the first response information carries a temporary group identifier.

After receiving the reassembly request, the GMS may trigger a group key issuing process for the temporary group members, allocate a temporary group identifier (i.e., T-GID) to the temporary group, and send first response information (i.e., regroup notification response) to the network side device, where the first response information carries the T-GID.

Step 303: generating a random number corresponding to the temporary group identifier, wherein the random number is used for the first terminal and the second terminal to determine a session key corresponding to the first request; and the second terminal is a terminal corresponding to the temporary group member identification information.

The key transmission method provided by the embodiment of the application can directly trigger the generation and the issuing of the temporary group key, the random number and the temporary group identifier in the temporary group call establishment process, can be suitable for the existing temporary group call model (including Ad-hoc temporary group call and dynamic restructuring call), and has wider application range compared with the existing technical scheme.

In the embodiment of the application, the network side device may be an MCPTT Server, an MCVideo Server, or an MC Service Server. It should be noted that, when the network side device is the MCPTT Server, the corresponding terminal is the MCPTT Client, the corresponding temporary Group member identifier is the MCPTT ID, and the corresponding Group identifier is the MCPTT Group ID; when the network side equipment is an MCvideo Server, the corresponding terminal is an MCvideo Client, the corresponding temporary Group member identifier is an MCvideo ID, and the corresponding Group identifier is an MCvideo Group ID; when the network side equipment is an MC Service Server, the corresponding terminal is an MC Service Client, the corresponding temporary Group member identifier is an MC Service ID, and the corresponding Group identifier is an MC Service Group ID. In the embodiment of the present application, an example in which the network side device is an MCPTT Server and the terminal is an MCPTT Client is described.

It should be noted that, in the prior art, the GMC is located on the terminal, and the MCX Server does not have the logic function of the GMC. The network side device (MCPTT Server) in the embodiment of the present application may also logically include a Client logical entity of the GMS, that is, a Group Management Client (GMC).

In an embodiment of the present application, the first preset condition is one of the following:

the first request is a first group calling request, and the call type corresponding to the first group calling request is a temporary group call in an ad-hoc mode;

the first request is a predefined dynamic reassembly request.

In this embodiment, when the first request satisfies the first predetermined condition, the generation and issuing processes of the temporary group key (i.e., T-GMK), the temporary group identifier (i.e., T-GID), and the random number (i.e., RAND) may be triggered. Therefore, as long as the first terminal sends the first request meeting the first preset condition to the network device, the generation and the issuing of the required security information in the temporary group call can be completed by using the key transmission method of the temporary group in the embodiment of the invention, and the method can be suitable for different temporary group call models.

That is to say, in the embodiment of the present application, a network-side device (i.e., an MCX Server, such as an MCPTT Server, an MCVideo Server, or an MC Service Server) may directly trigger generation and distribution of a temporary key by a call request type. Or, the network side device may notify the GMS of the reassembly and trigger the GMS to issue the group key information to the MCX Client.

In this embodiment of the application, before sending the reassembly request to the group management server GMS, the method further includes:

sending a key material request to a key management server KMS;

In this embodiment, by sending a key material Request (i.e., request for key material) to the KMS, the KMS may be requested to generate a temporary group key (i.e., T-GMK) corresponding to the first Request, and a corresponding temporary key identifier (i.e., T-GMK ID), and may also generate configuration information (e.g., key update period, etc.) associated with the temporary group key. The KMS sends a response to the network device, that is, sends the second response information to the network device, which may carry the T-GMK and the T-GMK ID, and may also carry related configuration information.

In the embodiment of the application, a call control entity (i.e., an MCX Server, e.g., an MCPTT Server, an MCVideo Server, or an MC Service Server) determines session key related information (e.g., RAND), a key management entity (i.e., KMS) determines key information (i.e., T-GMK and T-GMK ID), and a group management entity (i.e., GMS) issues group security information (e.g., T-GID), so that the definition of the entity role by the existing architecture is met, the function of the existing entity can be reused to the maximum, the atomization function is clear, and the Service extensibility is strong.

The embodiment of the invention can be suitable for pulling any user into the temporary group, and the users do not need to be limited to belong to the same group, so that the range of the temporary group members in the embodiment of the invention is larger than that of the conventional scheme, and the requirement of more scenes (such as emergency calls) can be met.

In this embodiment of the present application, the first request carries the temporary group member identification information.

Here, the temporary group member identification information is identification information of a call object of the temporary group call corresponding to the first request.

In this embodiment of the application, when the first request is a first group call request, after generating a random number corresponding to the temporary group identifier, the method further includes:

In this embodiment, the network side device is adapted to the Ad-hoc mode temporary group call, and may perform group association (i.e., affinity user to group) between the temporary group member and the temporary group identifier (i.e., T-GID), i.e., establish a group association relationship between the second terminal and the T-GID. The MCPTT Server sends a second group calling request to the called temporary group member (namely the terminal corresponding to the identification information of the temporary group member), and the second group calling request carries RAND, T-GID and Call type. And when receiving the third response information sent by the second terminal, determining that the second terminal successfully joins the temporary group call. And sending fourth response information to the first terminal to inform the first terminal that the temporary group call corresponding to the first request is successfully established.

The following specifically exemplifies the scheme provided in the embodiments of the present application.

Fig. 4 is a schematic flow chart illustrating a key transmission method for Ad-hoc mode temporary group call according to an embodiment of the present invention.

In step 1, a first terminal (e.g., MCPTT Client 1) initiates a Group call request (i.e., a Group call request) by sending a first request to a network device (e.g., MCPTT Server). Wherein the first request carries temporary group member identification information (i.e., MCPTT ID list, i.e., user list shown in fig. 4) and a Call type (i.e., call type). Here, the MCPTT ID list is a group call object initiated temporarily, that is, a group call object corresponding to the first request, and the call type indicates that the call type of the call (that is, the first request) is a temporary group call in an ad-hoc mode.

Here, the network side device may be an MCPTT Server, an MCVideo Server, or an MC Service Server. It should be noted that, when the network side device is an MCPTT Server, the corresponding terminal is an MCPTT Client, the corresponding temporary Group member identifier is an MCPTT ID, and the corresponding Group identifier is an MCPTT Group ID; when the network side equipment is an MCvideo Server, the corresponding terminal is an MCvideo Client, the corresponding temporary Group member identifier is an MCvideo ID, and the corresponding Group identifier is an MCvideo Group ID; when the network side equipment is an MC Service Server, the corresponding terminal is an MC Service Client, the corresponding temporary Group member identifier is an MC Service ID, and the corresponding Group identifier is an MC Service Group ID. In the embodiment of the present application, an example in which the network side device is an MCPTT Server and the terminal is an MCPTT Client is described.

And 2, judging whether to trigger a safety flow by the MCPTT Server according to the call type. If the call type is the ad-hoc mode temporary group calling, the first request meets a first preset condition, and the MCPTT Server initiates a key request to the KMS.

Step 3, the MCPTT Server sends a key material Request (namely Request for key material, and initiates the key Request) to the KMS.

In step 4, the KMS generates a temporary group key (i.e., T-GMK), assigns a temporary key identifier (i.e., T-GMK ID) corresponding to the T-GMK, and generates configuration information (e.g., a key update period, etc.) associated with the temporary group key. The KMS sends a response (i.e., provisioning for key material) to the MCPTT Server to the key material request, i.e., sends second response information, which carries the above information (i.e., T-GMK and T-GMK ID, and possibly related configuration information).

And 5, the MCPTT Server sends a reorganization notice (i.e. Regroup notification) to the GMS, i.e. sends a reorganization request to the GMS, wherein the reorganization request carries a temporary group member identification list (MCPTT ID list), T-GMK and T-GMK ID. Here, the T-GMK and its related information may be encrypted with a pre-set key (e.g., a pre-existing shared key) between the MCPTT Server and the GMS.

Step 6, after the GMS receives the recombination request, the GMS can trigger the group key issuing process of the temporary group members and allocate a temporary group identifier (namely T-GID) to the temporary group. The GMS sends a group configuration request (i.e., notify group configuration request) to the first terminal (e.g., MCPTT Client 1) and the second terminal (e.g., MCPTT Client 2, MCPTT Client 3), as shown in fig. 4 at 6a, the group configuration request carries T-GID, T-GMK, and T-GMK ID. After receiving the group configuration request, the first terminal and the second terminal send a group configuration notification response (i.e., notify group configuration response) to the GMS, as shown in fig. 4 b.

And 7, the GMS responds and recombines to the MCPTT Server, namely sends first response information (i.e. group notification response) to the network side equipment, wherein the first response information carries the T-GID. The MCPTT Server generates a random number (RAND) for the temporary group call.

And 8, the MCPTT Server performs group association (namely affinity user to group) on the temporary group member and the T-GID, namely the MCPTT Server establishes a group association relation between the second terminal and the T-GID.

And 9, the MCPTT Server sends a group Call request (namely a second group calling request) to the called temporary group user (namely the terminal corresponding to the temporary group member identification information), wherein the second group calling request carries the RAND, the T-GID and the Call type.

Step 10, the client (i.e. terminal) informs the user that the temporary group call is about to be joined.

Step 11, the Client sends out a response (for example, the second terminal sends a third response message) which is used to indicate that the second terminal (for example, MCPTT Client 2, MCPTT Client 3) successfully joins the temporary group call.

In step 12, the MCPTT Server generates a random number (i.e., RAND) for deriving the group call session key, and sends a response to the MCPTT Client 1, carrying the T-GID and the RAND.

And step 13, the first terminal deduces a session key (namely a call session key) of the current temporary group call according to the T-GID, the T-GMK and the RAND of the second terminal, namely, determines the session key (namely the session key) corresponding to the first request.

In an embodiment of the present application, in a case that the first request is a predefined dynamic reassembly request, after generating a random number corresponding to the temporary group identifier, the method further includes:

sending the predefined dynamic reassembly request to the second terminal;

In an embodiment of the present application, the method further includes:

sending a fourth group calling request to the second terminal associated with the temporary group identifier; wherein, the fourth group call request carries the random number and the temporary group identifier;

In the embodiment of the present application, the MCX Server may generate key-related information (for example, a random number) for the temporary Group call, and issue the information to the MCX Client through a Group call request (Group call request).

In an embodiment of the present application, the method further includes: encrypting the temporary group key and the temporary group key identification with a preset key while communicating with the GMS.

For example, the T-GMK and its related information may be encrypted with a pre-existing shared key between the MCPTT Server and the GMS.

In an optional embodiment of the present invention, for a temporary group call dynamically recombined based on a predefined group, a key transmission method of the temporary group may be divided into the following two processes: a dynamic reorganization process of a predefined group, and a group call process.

As shown in fig. 6, the flow of dynamic reorganization of the predefined group is described as follows:

step 1, a first terminal (for example, MCPTT client 1) determines an MCPTT user identification list (namely MCPTT ID list, temporary Group member identification information) for dynamic recombination and a Group identification (namely MCPTT Group ID) for recombination.

Here, the user may be a part of or all of the users in the group identity.

In step 2, the MCPTT client 1 sends a predefined dynamic reorganization request (namely, a predefined reorganized group request) to a network side device (for example, the MCPTT server), namely, the MCPTT client 1 sends a first request to the MCPTT server, and the first request is the predefined dynamic reorganization request. Wherein, the predefined dynamic restructuring request carries temporary group member identification information.

Here, the network side device may be an MCPTT Server, an MCVideo Server, or an MC Service Server. It should be noted that, when the network side device is the MCPTT Server, the corresponding terminal is the MCPTT Client, the corresponding temporary Group member identifier is the MCPTT ID, and the corresponding Group identifier is the MCPTT Group ID; when the network side equipment is an MCvideo Server, the corresponding terminal is an MCvideo Client, the corresponding temporary Group member identifier is an MCvideo ID, and the corresponding Group identifier is an MCvideo Group ID; when the network side equipment is an MC Service Server, the corresponding terminal is an MC Service Client, the corresponding temporary Group member identification is an MC Service ID, and the corresponding Group identification is an MC Service Group ID. In the embodiment of the present application, an example in which the network side device is an MCPTT Server and the terminal is an MCPTT Client is described.

And 3, after receiving the predefined dynamic recombination request, the MCPTT Server triggers a security flow to the KMS, and the MCPTT Server checks whether the MCPTT client 1 has the authority to initiate the predefined dynamic recombination request.

And step 4, if the MCPTT Server determines that the MCPTT client 1 has the authority to initiate the predefined dynamic recombination, the MCPTT Server sends a key material Request (namely Request for key material) to the KMS.

In step 5, the KMS generates a temporary group key (i.e., T-GMK), assigns a temporary key identifier (i.e., T-GMK ID) corresponding to the T-GMK, and also generates configuration information (e.g., a key update period, etc.) associated with the temporary group key. The KMS sends a response (i.e., provisioning for key material) to the MCPTT Server to the key material request, i.e., sends second response information, which carries the above information (i.e., T-GMK and T-GMK ID, and possibly related configuration information).

And 6, the MCPTT Server sends a recombination notice (i.e. group notification) to the GMS, i.e. sends a recombination request to the GMS, wherein the recombination request carries a temporary group member identification list (MCPTT ID list), a T-GMK and a T-GMK ID. Here, the T-GMK and its related information may be encrypted by a pre-set key (e.g., a pre-existing shared key) between the MCPTT Server and the GMS.

Step 7, after the gms receives the reassembly request, it may trigger the group key issuing process to the temporary group members and assign a temporary group identity (T-GID) to the temporary group. The GMS sends a group configuration request (i.e., notify group configuration request) to the first terminal (e.g., MCPTT Client 1) and the second terminal (e.g., MCPTT Client 2, MCPTT Client 3), as shown in fig. 5 at 7a, the group configuration request carries T-GID, T-GMK, and T-GMK ID. After receiving the group configuration request, the first terminal and the second terminal send a group configuration notification response (i.e., notify group configuration response) to the GMS, as shown in fig. 5, 7b and 7 c.

And 8, the GMS responds and recombines to the MCPTT Server, namely sends first response information (i.e. group notification response) to the network side equipment, wherein the first response information carries the T-GID. The MCPTT Server generates a random number (RAND) for the temporary group call.

Step 9, the MCPTT Server generates a random number RAND for deriving the group call session key.

Step 10, the user (i.e. terminal) receiving the group configuration request confirms to join the dynamic reconfiguration.

And 11, optionally, receiving the dynamic restructuring request by the MCPTT clients receiving the request, and sending a response to the MCPTT server, namely, sending fifth response information by the second terminal according to the predefined dynamic restructuring request.

Step 12, the MCPTT server establishes a group association relation between the dynamically recombined user (namely, the second terminal) and the temporary group identifier;

and step 13, the MCPTT Server sends a predefined dynamic regrouping response (sixth response information) to the MCPTT client 1, wherein the predefined regrouping response carries the T-GID and the RAND.

And step 14, the first terminal (for example, MCPTT Client 1) and the second terminal (for example, MCPTT Client 2 and MCPTT Client 3) deduce a session key (namely, a call session key) for the subsequent temporary group calling according to the T-GID, the T-GMK and the RAND, namely, the session key (namely, the session key) corresponding to the first request is determined.

After the predefined dynamic reassembly is performed, the subsequent temporary group call process is shown in fig. 6, and the flow of the group call is described as follows:

in step 1, the MCPTT client 1 decides to initiate a Group call to the user (i.e. the second terminal, e.g. MCPTT client 2, MCPTT client 3) corresponding to the Group identifier (i.e. the MCPTT Group ID).

Step 2, the MCPTT client 1 sends a third Group calling request (namely a Group call request) to the MCPTT server based on a temporary Group identifier (namely T-GID) acquired in a predefined dynamic recombination process;

and 3, the MCPTT server resolves the group ID to GMS. It should be noted that this step is not involved in the temporary group call based on dynamic reconfiguration.

And 4, the MCPTT server forwards the group calling request to MCPTT clients corresponding to the temporary group identifier, namely, a fourth group calling request is sent to a second terminal associated with the temporary group identifier. The MCPTT Server may or may not carry the RAND through the fourth group of paging requests, and it should be noted that this RAND may be a RAND different from the RAND generated in the predefined dynamic reassembly procedure.

And step 5, the user receiving the call request confirms to join the temporary group call corresponding to the first request, namely, receives seventh response information which is sent by the second terminal and used for indicating that the second terminal has joined the temporary group call.

And step 6, the MCPTT clients receiving the call request receive the Group call request and send seventh response information to the MCPTT server, wherein the Group call response carries the T-GID and the optional RAND in the step 6.

And 7, the MCPTT server sends eighth response information to the MCPTT client 1 to indicate that the temporary group call is successfully established.

And 8, the first terminal deduces a session key (namely a call session key) of the current temporary group call according to the T-GID, the T-GMK and the RAND of the second terminal, namely, the session key (namely the session key) corresponding to the first request is determined.

And 9, performing service data transmission between the users in the temporary group (namely the first terminal and the second terminal related to the temporary group call).

According to the key transmission method provided by the embodiment of the application, the temporary group service related safety information is generated in the service control server (namely, the network side device) and is issued in the group call process, so that the definition of the entity role by the existing architecture is better met, the method can be suitable for the existing temporary group call model (including Ad-hoc temporary group call and dynamic restructuring call), and compared with the existing technical scheme, the application range is wider.

As shown in fig. 7, an embodiment of the present application further provides a method for transmitting a key of a temporary group, where the method is executed by a first terminal, and includes:

step 701: sending a first request to network side equipment; wherein the first request carries temporary group member identification information.

In this step, the first terminal initiates a Group call request (i.e., a Group call request) by sending a first request to a network device (e.g., an MCPTT Server).

Step 702: receiving a group configuration request sent by the GMS; the group configuration request carries a temporary group identifier, a temporary group key and a temporary group key identifier, the group configuration request is sent according to a reassembly request sent by a network side device, the reassembly request is sent by the network side device under the condition that the first request meets a first preset condition, and the reassembly request carries temporary group member identifier information, the temporary group key and the temporary group key identifier corresponding to the first request;

step 703: acquiring a random number; the random number corresponds to a temporary group identifier in first response information sent by the GMS, where the first response information is sent by the GMS according to a reassembly request sent by the network side device;

step 704: and determining a session key corresponding to the first request according to the temporary group identifier, the temporary group key identifier and the random number.

In the embodiment of the application, the network side device may be an MCPTT Server, an MCVideo Server, or an MC Service Server. It should be noted that, when the network side device is an MCPTT Server, the corresponding terminal is an MCPTT Client, the corresponding temporary Group member identifier is an MCPTT ID, and the corresponding Group identifier is an MCPTT Group ID; when the network side equipment is an MCvideo Server, the corresponding terminal is an MCvideo Client, the corresponding temporary Group member identifier is an MCvideo ID, and the corresponding Group identifier is an MCvideo Group ID; when the network side equipment is an MC Service Server, the corresponding terminal is an MC Service Client, the corresponding temporary Group member identification is an MC Service ID, and the corresponding Group identification is an MC Service Group ID. In the embodiment of the present application, an example in which the network side device is an MCPTT Server and the terminal is an MCPTT Client is described.

In the embodiment of the application, the first request is a first group call request, and the call type corresponding to the first group call request is a temporary group call in an ad-hoc mode; alternatively, the first request is a predefined dynamic reassembly request.

In this embodiment, the specific situation when the first request is a first group call request may be: a first terminal initiates a Group call request (i.e., a Group call request) by sending a first request to a network device (e.g., an MCPTT Server). Wherein the first request carries temporary group member identification information (i.e. MCPTT ID list) and a Call type (i.e. Call type). Here, the MCPTT ID list is a group call object initiated temporarily, i.e., a group call object corresponding to the first request, and the call type indicates that the call type of the call (i.e., the first request) is a temporary group call in an ad-hoc mode.

The specific case when the first request is a predefined dynamic reassembly request may be: the first terminal determines an MCPTT user identification list (i.e. MCPTT ID list, temporary Group member identification information) for dynamic reorganization and a Group identification (i.e. MCPTT Group ID) for reorganization. Here, the user may be a part of or all of the users in the group identity. The first terminal sends a predefined dynamic reassembly request (i.e., a Preconfigured reassembly request) to a network side device (e.g., an MCPTT server), that is, the first terminal sends a first request to the MCPTT server, where the first request is a predefined dynamic reassembly request. Wherein, the predefined dynamic restructuring request carries temporary group member identification information.

In this embodiment of the present application, in a case that the first request is a first group call request, the acquiring a random number includes:

receiving fourth response information sent by the network side equipment; the fourth response information is used for indicating that the temporary group call corresponding to the first request is successfully established; the fourth response information carries a temporary group identifier and a random number.

In an embodiment of the present application, in a case that the first request is a predefined dynamic reassembly request, the acquiring a random number includes:

In this embodiment of the present application, after receiving the sixth response information sent by the network side device, the method includes:

sending a third group of calling requests to the network side equipment; wherein the third group call request carries the temporary group identifier;

receiving eighth response information sent by the network side equipment; the eighth response information carries a temporary group identifier, and the eighth response information is used to indicate that the temporary group call is successfully established.

In this embodiment of the present application, after receiving a group configuration request sent by a GMS, the method further includes:

In this embodiment, after receiving the group configuration request, the first terminal sends a group configuration notification response (i.e., notify group configuration response) to the GMS, that is, sends tenth response information to the GMS, and informs the GMS that the second terminal has accepted the group configuration request.

According to the key transmission method provided by the embodiment of the application, the generation and issuing processes of the temporary group key, the temporary group identifier and the random number can be triggered by sending the first request meeting the first preset condition to the network side equipment, so that the method can be applied to the existing temporary group call model (including Ad-hoc temporary group call and dynamic restructuring call), and compared with the existing technical scheme, the application range is wider.

As shown in fig. 8, an embodiment of the present application further provides a method for transmitting a key of a temporary group, where the method is executed by a second terminal, and the method includes:

step 801: receiving a group configuration request sent by the GMS; the group configuration request carries a temporary group identifier, a temporary group key and a temporary group key identifier, the group configuration request is sent according to a reassembly request sent by a network side device, the reassembly request is sent by the network side device under the condition that a first request meets a first preset condition, and the reassembly request carries temporary group member identifier information, the temporary group key and the temporary group key identifier corresponding to the first request;

step 802: acquiring a random number; the random number corresponds to a temporary group identifier in first response information sent by the GMS, where the first response information is sent by the GMS according to a reassembly request sent by the network side device;

step 803: and determining a session key corresponding to the first request according to the temporary group identifier, the temporary group key identifier and the random number.

In this embodiment, the second terminal may determine the session key of the temporary group call by using the obtained temporary group identifier, the temporary group key identifier, and the random number, thereby implementing trunking communication with other terminals.

In this embodiment, after receiving the group configuration request, the second terminal sends a group configuration notification response (i.e., notify group configuration response) to the GMS, that is, sends a ninth response message to the GMS, and notifies the GMS that the second terminal has accepted the group configuration request.

In an embodiment of the present application, the obtaining a random number includes:

In an embodiment of the present application, the method further includes:

In this embodiment, the second terminal (e.g., MCPTT Client 2, MCPTT Client 3) may send the third response message, to notify the network side device that the second terminal successfully joins the temporary group call.

Wherein the method further comprises:

In this embodiment, the MCPTT clients that receive the predefined dynamic reassembly request may receive the dynamic reassembly request and send a response to the MCPTT server, that is, the second terminal sends the fifth response message according to the predefined dynamic reassembly request.

In an embodiment of the present application, the method further includes:

sending a seventh response message to the network side equipment according to the fourth group of calling requests; and the seventh response message is used for indicating that the second terminal has joined the temporary group call corresponding to the first request.

In this embodiment, the second terminal (e.g., MCPTT Client 2, MCPTT Client 3) may receive the group call request after receiving the call request, and send a seventh response message to the network side device to notify the network side device that the second terminal successfully joins the temporary group call.

The key transmission method provided by the embodiment of the application can determine the session key of the temporary group call by using the acquired temporary group identifier, the temporary group key identifier and the random number, thereby realizing cluster communication with other terminals.

As shown in fig. 9, an embodiment of the present application further provides a method for transmitting a key of a temporary group, where the method is performed by a GMS, and includes:

step 901: receiving a recombination request sent by network side equipment; the recombination request carries temporary group member identification information, a temporary group key and a temporary group key identification;

step 902: sending a group configuration request to a first terminal and a second terminal corresponding to the temporary group member identification information according to the recombination request; wherein the group configuration request carries a temporary group identifier, the temporary group key, and the temporary group key identifier.

In this step, after receiving the reassembly request (i.e., group notification), the GMS may trigger a group key (i.e., a temporary group key corresponding to the first request) issuing process for the temporary group members, and allocate a temporary group identifier (T-GID) to the temporary group. The GMS transmits a group configuration request (i.e., notify group configuration request) carrying the T-GID, the T-GMK and the T-GMK ID to the first terminal (e.g., MCPTT Client 1) and the second terminal (e.g., MCPTT Client 2, MCPTT Client 3). In this way, after receiving the group configuration request, the first terminal and the second terminal may send a group configuration notification response (i.e., notify group configuration response) to the GMS.

Step 903: receiving ninth response information sent by the second terminal according to the group configuration request, and receiving tenth response information sent by the first terminal according to the group configuration request.

In this step, after receiving the corresponding response information fed back by the first terminal and the second terminal according to the group configuration request, it may be determined that the terminal has accepted the group configuration request.

Step 904: sending first response information to the network side equipment; wherein the first response information carries a temporary group identifier.

In this step, the GMS performs response reassembly to a network side device (e.g., MCPTT Server), that is, sends first response information (i.e., a Regroup notification response) to the network side device, where the first response information carries the T-GID. The MCPTT Server generates a random number (RAND) for the temporary group call.

In an embodiment of the present application, the method further includes:

For example, the T-GMK and its related information may be encrypted with a pre-existing shared key between the GMS and the MCPTT Server.

The key transmission method provided by the embodiment of the application, in which the temporary group identifier is generated and issued in the GMS, better conforms to the definition of the existing architecture on the entity role, can be applied to the existing temporary group call model (including Ad-hoc temporary group call and dynamic reassembly call), and has a wider application range compared with the existing technical scheme.

As shown in fig. 10, an embodiment of the present application further provides a method for key transmission of a temporary group, which is performed by a KMS and includes:

step 1001: receiving a key material request sent by network side equipment;

step 1002: sending second response information to the network side equipment; and the second response information comprises the temporary group key and the corresponding temporary group key identification thereof.

In this embodiment of the present invention, after receiving a key material Request (i.e., request for key material) sent by a network side device, the KMS may generate a temporary group key (i.e., T-GMK), allocate a temporary key identifier (i.e., T-GMK ID) corresponding to the T-GMK, and may also generate configuration information (e.g., a key update period, etc.) related to the temporary group key, and send a response (i.e., provisioning for key material) to the MCPTT Server, i.e., send second response information, where the second response information carries the information (i.e., T-GMK and T-GMK ID, and may further include related configuration information).

According to the key transmission method provided by the embodiment of the application, the related safety information of the temporary group is generated in the KMS, the method better accords with the definition of the existing architecture on the entity role, can be suitable for the existing temporary group call model (including Ad-hoc temporary group call and dynamic reorganization call), and has a wider application range compared with the existing technical scheme.

As shown in fig. 11, an embodiment of the present application further provides a network-side device, which includes a memory 1101, a transceiver 1102, and a processor 1103:

a memory 1101 for storing a computer program; a transceiver 1102 for transceiving data under the control of the processor 1103; a processor 1103 configured to read the computer program in the memory 1101 and execute the following operations:

In particular, the transceiver 1102 is configured to receive and transmit data under the control of the processor 1103.

In fig. 11, among other things, the bus architecture may include any number of interconnected buses and bridges, with one or more processors, represented by the processor 1103, and various circuits, represented by the memory 1101, being linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 1102 may be a plurality of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium including wireless channels, wired channels, fiber optic cables, and the like. The processor 1103 is responsible for managing the bus architecture and general processing, and the memory 1101 may store data used by the processor 1103 in performing operations.

The processor 1103 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or a Complex Programmable Logic Device (CPLD), and the processor may also have a multi-core architecture.

sending a key material request to a key management server KMS;

Wherein the first preset condition is one of the following conditions:

the first request is a predefined dynamic reassembly request.

sending the predefined dynamic reassembly request to the second terminal;

According to the network side device provided by the embodiment of the application, the temporary group service related safety information is generated in the service control server (namely, the network side device) and is issued in the group call process, so that the definition of the existing architecture to the entity role is better met, the network side device can be suitable for the existing temporary group call model (including Ad-hoc temporary group call and dynamic reorganization call), and compared with the existing technical scheme, the application range is wider.

As shown in fig. 12, an embodiment of the present application further provides a terminal, which is a first terminal, and includes a memory 1220, a transceiver 1210, and a processor 1200:

a memory 1220 for storing computer programs; a transceiver 1210 for transceiving data under the control of the processor 1200; a processor 1200 for reading the computer program in the memory 1220 and performing the following operations:

In particular, the transceiver 1210, is used to receive and transmit data under the control of the processor 1200.

Where, in fig. 12, the bus architecture may include any number of interconnected buses and bridges, in particular one or more processors, represented by processor 1200, and various circuits, represented by memory 1220, linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 1210 may be a number of elements including a transmitter and receiver that provide a means for communicating with various other apparatus over a transmission medium including wireless channels, wired channels, fiber optic cables, and the like. For different user devices, the user interface 1230 may also be an interface capable of interfacing externally to a desired device, including but not limited to a keypad, display, speaker, microphone, joystick, etc.

The processor 1200 is responsible for managing the bus architecture and general processing, and the memory 1220 may store data used by the processor 600 in performing operations.

Alternatively, the processor 1200 may be a CPU (central processing unit), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array), or a CPLD (Complex Programmable Logic Device), and the processor may also adopt a multi-core architecture.

The processor is used for executing any one of the methods provided by the embodiment of the application according to the obtained executable instructions by calling the computer program stored in the memory. The processor and memory may also be physically separated.

The first request is a first group calling request, and the call type corresponding to the first group calling request is a temporary group call in an ad-hoc mode; alternatively, the first and second electrodes may be,

the first request is a predefined dynamic reassembly request.

Wherein, after receiving the sixth response message sent by the network-side device, the processor is further configured to read the computer program in the memory and perform the following operations:

The terminal provided by the embodiment of the application can trigger the generation and issuing processes of the temporary group key, the temporary group identifier and the random number by sending the first request meeting the first preset condition to the network side equipment, so that the terminal is applicable to the existing temporary group call model (including Ad-hoc temporary group call and dynamic restructuring call), and has a wider application range compared with the existing technical scheme.

As shown in fig. 12, an embodiment of the present application further provides a terminal, which is a second terminal, and includes a memory 1220, a transceiver 1210, and a processor 1200:

Where in fig. 12, the bus architecture may include any number of interconnected buses and bridges, with various circuits of one or more processors represented by processor 1200 and memory represented by memory 1220 being linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 1210 may be a number of elements including a transmitter and receiver that provide a means for communicating with various other apparatus over a transmission medium including wireless channels, wired channels, fiber optic cables, and the like. For different user devices, the user interface 1230 may also be an interface capable of interfacing with a desired device externally, including but not limited to a keypad, display, speaker, microphone, joystick, etc.

The processor is used for executing any method provided by the embodiment of the application according to the obtained executable instructions by calling the computer program stored in the memory. The processor and memory may also be physically separated.

The terminal provided by the embodiment of the application can determine the session key of the temporary group call by using the acquired temporary group identifier, the temporary group key identifier and the random number, so that trunking communication with other terminals is realized.

The embodiment of the present application further provides a GMS, which may adopt the same structure as that shown in fig. 11, and includes a memory 1101, a transceiver 1102, a processor 1103:

a memory 1101 for storing a computer program; a transceiver 1102 for transceiving data under the control of the processor 1103; a processor 1103 for reading the computer program in the memory 1101 and performing the following operations:

according to the recombination request, sending a group configuration request to a first terminal and a second terminal corresponding to the temporary group member identification information; the group configuration request carries a temporary group identifier, the temporary group key and the temporary group key identifier;

The GMS provided in the embodiment of the present application generates and issues the temporary group identifier in the GMS, better conforms to the definition of the existing architecture on the entity role, is applicable to the existing temporary group call model (including Ad-hoc temporary group call and dynamic reassembly call), and has a wider application scope compared to the existing technical solution.

The embodiment of the present application further provides a KMS, which may adopt the same structure as that shown in fig. 11, and includes a memory 1101, a transceiver 1102, a processor 1103:

receiving a key material request sent by network side equipment;

sending second response information to the network side equipment; the second response message includes a temporary group key and a corresponding temporary group key identifier.

In fig. 11, among other things, the bus architecture may include any number of interconnected buses and bridges, with one or more processors, represented by the processor 1103, and various circuits, represented by the memory 1101, linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 1102 may be a plurality of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium including wireless channels, wired channels, fiber optic cables, and the like. The processor 1103 is responsible for managing the bus architecture and general processing, and the memory 1101 may store data used by the processor 1103 in performing operations.

The KMS provided by the embodiment of the application generates the related safety information of the temporary group in the KMS, better conforms to the definition of the existing architecture to the entity role, can be suitable for the existing temporary group call model (including Ad-hoc temporary group call and dynamic reorganization call), and has wider application range compared with the existing technical scheme.

As shown in fig. 13, an embodiment of the present application further provides a key transmission apparatus, applied to a network device, including:

a first request unit 131, configured to send a reassembly request to the group management server GMS when a first request sent by the first terminal satisfies a first preset condition; the restructuring request carries temporary group member identification information corresponding to the first request;

a first receiving unit 132, configured to receive first response information sent by the GMS according to the reassembly request; wherein, the first response information carries a temporary group identifier;

a first generating unit 133, configured to generate a random number corresponding to the temporary group identifier, where the random number is used by the first terminal and the second terminal to determine a session key corresponding to the first request; and the second terminal is a terminal corresponding to the temporary group member identification information.

In this embodiment of the application, the key transmission apparatus further includes:

a key requesting unit for sending a key material request to the key management server KMS;

the key receiving unit is used for receiving second response information sent by the KMS according to the key material request; wherein the second response information includes a temporary group key and a temporary group key identification.

In an embodiment of the present application, the first preset condition is one of the following conditions:

the first request is a predefined dynamic reassembly request.

a second group calling unit, configured to send a second group calling request to the second terminal; the second group of calling requests carry the random number, the temporary group identifier and the calling type corresponding to the first group of calling requests;

a sixth receiving unit, configured to receive third response information sent by the second terminal according to the second group call request; the third response information is used for indicating that the second terminal has joined the temporary group call corresponding to the first request;

a first sending unit, configured to send fourth response information to the first terminal; the fourth response information is used for indicating that the temporary group call corresponding to the first request is successfully established; the fourth response information carries a temporary group identifier and a random number.

a reorganization request unit, configured to send the predefined dynamic reorganization request to the second terminal;

a seventh receiving unit, configured to receive fifth response information sent by the second terminal according to the predefined dynamic restructuring request;

the association establishing unit is used for establishing a group association relationship between the second terminal and the temporary group identifier;

a third sending unit, configured to send sixth response information to the first terminal; wherein the sixth response information carries a temporary group identifier and a random number.

In this embodiment, the key transmission apparatus further includes:

an eighth receiving unit, configured to receive a third group of call requests sent by the first terminal; wherein, the third group call request carries the temporary group identifier;

a fourth sending unit, configured to send a fourth group of paging requests to the second terminal associated with the temporary group identifier; wherein, the fourth group of calling requests carries the random number and the temporary group identifier;

a ninth receiving unit, configured to receive seventh response information sent by the second terminal according to the predefined dynamic reassembly request; the seventh response information is used to indicate that the second terminal has joined the temporary group call corresponding to the first request;

a fifth sending unit, configured to send eighth response information to the first terminal; the eighth response information carries a temporary group identifier, and the eighth response information is used for indicating that the establishment of the temporary group call is successful.

In this embodiment, the key transmission apparatus further includes:

a first encryption unit, configured to encrypt the temporary group key and the temporary group key identifier by using a preset key when communicating with the GMS.

It should be noted that the apparatus provided in the embodiment of the present application can implement all the method steps implemented in the embodiment of the method for transmitting a key of a network device, and can achieve the same technical effects, and detailed descriptions of the same parts and beneficial effects as in the embodiment of the method are omitted here.

According to the key transmission device provided by the embodiment of the application, the related safety information of the temporary group service is generated in the service control server (namely, the network side equipment) and is issued in the group call process, so that the definition of the existing architecture on the entity role is better met, the key transmission device can be suitable for the existing temporary group call model (including Ad-hoc temporary group call and dynamic reorganization call), and compared with the existing technical scheme, the application range is wider.

As shown in fig. 14, an embodiment of the present application further provides a key transmission apparatus, applied to a first terminal, including:

a first calling unit 141, configured to send a first request to a network-side device; wherein, the first request carries temporary group member identification information;

a first recombining unit 142, configured to receive a group configuration request sent by the GMS; the group configuration request carries a temporary group identifier, a temporary group key and a temporary group key identifier, the group configuration request is sent according to a reassembly request sent by a network side device, the reassembly request is sent by the network side device under the condition that the first request meets a first preset condition, and the reassembly request carries temporary group member identifier information, the temporary group key and the temporary group key identifier corresponding to the first request;

a first acquisition unit 143 configured to acquire a random number; the random number corresponds to a temporary group identifier in first response information sent by the GMS, where the first response information is sent by the GMS according to a reassembly request sent by the network side device;

a first determining unit 144, configured to determine a session key corresponding to the first request according to the temporary group identifier, the temporary group key identifier, and the random number.

In the embodiment of the application, the first request is a first group calling request, and the call type corresponding to the first group calling request is a temporary group call in an ad-hoc mode; alternatively, the first request is a predefined dynamic reassembly request.

In this embodiment, the first obtaining unit 143 includes:

a first receiving subunit, configured to receive fourth response information sent by the network side device; the fourth response information is used for indicating that the temporary group call is successfully established corresponding to the first request; the fourth response information carries a temporary group identifier and a random number.

In this embodiment, the first obtaining unit 143 includes:

a second receiving subunit, configured to receive sixth response information sent by the network side device; wherein the sixth response information carries a temporary group identifier and a random number.

In this embodiment, the key transmission apparatus further includes:

a sixth sending unit, configured to send a third group call request to the network side device; wherein, the third group call request carries the temporary group identifier;

a tenth receiving unit, configured to receive eighth response information sent by the network side device; the eighth response information carries a temporary group identifier, and the eighth response information is used to indicate that the temporary group call is successfully established.

In this embodiment, the key transmission apparatus further includes:

a seventh sending unit, configured to send tenth response information to the GMS according to the group configuration request; wherein the tenth response information is used to indicate that the first terminal has accepted the group configuration request.

It should be noted that, the apparatus provided in this embodiment of the present application can implement all the method steps implemented by the key transmission method embodiment at the first terminal side, and can achieve the same technical effect, and details of the same parts and beneficial effects as those of the method embodiment in this embodiment are not repeated herein.

According to the key transmission method provided by the embodiment of the application, the generation and issuing processes of the temporary group key, the temporary group identifier and the random number can be triggered by sending the first request meeting the first preset condition to the network side equipment, so that the method can be applied to the existing temporary group call model (including Ad-hoc temporary group call and dynamic reorganization call), and compared with the existing technical scheme, the application range is wider.

As shown in fig. 15, an embodiment of the present application further provides a key transmission apparatus, applied to a second terminal, including:

a second receiving unit 151, configured to receive a group configuration request sent by the GMS; the group configuration request carries a temporary group identifier, a temporary group key and a temporary group key identifier, the group configuration request is sent according to a reassembly request sent by a network side device, the reassembly request is sent by the network side device under the condition that a first request meets a first preset condition, and the reassembly request carries temporary group member identifier information, the temporary group key and the temporary group key identifier corresponding to the first request;

a second acquisition unit 152 for acquiring a random number; the random number corresponds to a temporary group identifier in first response information sent by the GMS, where the first response information is sent by the GMS according to a reassembly request sent by the network side device;

a second determining unit 153, configured to determine a session key corresponding to the first request according to the temporary group identifier, the temporary group key identifier, and the random number.

an eighth sending unit, configured to send ninth response information to the GMS according to the group configuration request; wherein the ninth response information is used to indicate that the second terminal has accepted the group configuration request.

In this embodiment, the second obtaining unit 152 includes:

the second receiving subunit is used for receiving a second group of calling requests sent by the network side equipment; wherein the second group call request carries a random number, the temporary group identifier and a call type.

a ninth sending unit, configured to send third response information to the network side device; and the third response information is used for indicating that the second terminal has joined the temporary group call corresponding to the first request.

an eleventh receiving unit, configured to receive a predefined dynamic reassembly request sent by a network side device;

a tenth sending unit, configured to send fifth response information to the network side device according to the predefined dynamic reassembly request.

In this embodiment of the application, the second obtaining unit 152 includes:

the third receiving subunit is used for receiving a fourth group of calling requests sent by the network side equipment; wherein the fourth group call request carries a random number and the temporary group identifier.

an eleventh sending unit, configured to send a seventh response message to the network side device according to the fourth group of paging requests; and the seventh response message is used for indicating that the second terminal has joined the temporary group call corresponding to the first request.

It should be noted that the apparatus provided in this embodiment of the present application can implement all the method steps implemented in the embodiment of the key transmission method at the second terminal side, and can achieve the same technical effects, and detailed descriptions of the same parts and beneficial effects as in the embodiment of the method are omitted here.

As shown in fig. 16, an embodiment of the present application further provides a key transmission apparatus, which is applied to a GMS, and includes:

a fourth receiving unit 161, configured to receive a reassembly request sent by a network side device; the recombination request carries temporary group member identification information, a temporary group key and a temporary group key identification;

a second sending unit 162, configured to send a group configuration request to the first terminal and the second terminal corresponding to the identifier information of the temporary group member according to the reassembly request; the group configuration request carries a temporary group identifier, the temporary group key and the temporary group key identifier;

a fifth receiving unit 163, configured to receive a ninth response message sent by the second terminal according to the group configuration request, and receive a tenth response message sent by the first terminal according to the group configuration request;

a first response unit 164, configured to send first response information to the network-side device; wherein the first response information carries a temporary group identifier.

and the second encryption unit is used for encrypting the temporary group key and the temporary group key identification by using a preset key when the network side equipment is communicated.

It should be noted that, the apparatus provided in this embodiment of the present application can implement all the method steps implemented by the key transmission method embodiment on the GMS side, and can achieve the same technical effect, and details of the same parts and beneficial effects as those of the method embodiment in this embodiment are not described herein again.

The key transmission device provided by the embodiment of the application, in which the temporary group identifier is generated and issued in the GMS, better conforms to the definition of the existing architecture to the entity role, can be applied to the existing temporary group call model (including Ad-hoc temporary group call and dynamic reassembly call), and has a wider application range compared with the existing technical scheme.

As shown in fig. 17, an embodiment of the present application further provides a key transmission device applied to a KMS, including:

a third receiving unit 171, configured to receive a key material request sent by a network-side device;

a second response unit 172, configured to send second response information to the network-side device; and the second response information comprises the temporary group key and the corresponding temporary group key identification thereof.

It should be noted that, the apparatus provided in the embodiment of the present application can implement all the method steps implemented by the embodiment of the key transmission method on the KMS side, and can achieve the same technical effect, and details of the same parts and beneficial effects as those of the embodiment of the method are not described herein again.

According to the key transmission device provided by the embodiment of the application, the related safety information of the temporary group is generated in the KMS, the device better accords with the definition of the existing architecture to the entity role, can be suitable for the existing temporary group call model (including Ad-hoc temporary group call and dynamic reorganization call), and has a wider application range compared with the existing technical scheme.

It should be noted that the division of the unit in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation. In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented as a software functional unit and sold or used as a stand-alone product, may be stored in a processor readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.

An embodiment of the present application further provides a processor-readable storage medium, where the processor-readable storage medium stores a computer program, and the computer program is configured to enable the processor to execute the key transmission method on the network-side device side; alternatively, the computer program is configured to cause the processor to execute the key transmission method on the KMS side; or, the computer program is configured to cause the processor to execute the key transmission method on the first terminal side; or, the computer program is configured to cause the processor to execute the key transmission method on the second terminal side; alternatively, the computer program is configured to cause the processor to execute the above-described key transmission method on the GMS side.

The processor-readable storage medium can be any available medium or data storage device that can be accessed by a processor, including, but not limited to, magnetic memory (e.g., floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc.), optical memory (e.g., CDs, DVDs, BDs, HVDs, etc.), and semiconductor memory (e.g., ROMs, EPROMs, EEPROMs, non-volatile memories (NAND FLASH), solid State Disks (SSDs)), etc.

The implementation embodiments of the key transmission method on the network side device side, the KMS side, the first terminal side, the second terminal side, or the GMS side are all applicable to the embodiment of the processor-readable storage medium, and the same technical effects can be achieved.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-executable instructions. These computer-executable instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These processor-executable instructions may also be stored in a processor-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the processor-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These processor-executable instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims

1. A key transmission method of a temporary group is executed by a network side device, and is characterized by comprising the following steps:

2. Method according to claim 1, characterized in that before sending a reassembly request to a group management server GMS, the method further comprises:

sending a key material request to a key management server KMS;

3. The method of claim 1, wherein the first request carries the temporary group member identification information.

4. The method according to claim 1, wherein the first preset condition is one of the following:

the first request is a predefined dynamic reassembly request.

5. The method of claim 4, wherein in the case that the first request is a first group call request, after generating the random number corresponding to the temporary group identity, the method further comprises:

6. The method of claim 4, wherein in the case that the first request is a predefined dynamic reassembly request, after generating the random number corresponding to the temporary group identification, the method further comprises:

sending the predefined dynamic restructure request to the second terminal;

7. The method of claim 6, further comprising:

8. The method of claim 2, further comprising:

9. A method for transmitting a key of a temporary group, performed by a first terminal, comprising:

10. The method of claim 9,

the first request is a predefined dynamic reassembly request.

11. The method of claim 10, wherein in the case that the first request is a first group call request, the obtaining a random number comprises:

12. The method according to claim 10, wherein in the case that the first request is a predefined dynamic reassembly request, the obtaining a random number comprises:

13. The method according to claim 12, wherein after receiving the sixth response message sent by the network-side device, the method further comprises:

14. The method of claim 9, wherein after receiving the group configuration request sent by the GMS, the method further comprises:

15. A key transmission method for a temporary group, performed by a second terminal, comprising:

16. The method of claim 15, wherein after receiving the group configuration request sent by the GMS, the method further comprises:

17. The method of claim 15, wherein obtaining the random number comprises:

18. The method of claim 17, further comprising:

19. The method of claim 15, further comprising:

20. The method of claim 15, wherein obtaining the random number comprises:

21. The method of claim 20, further comprising:

22. A method for key transmission of a temporary group performed by a GMS, comprising:

23. The method of claim 22, further comprising:

24. A network-side device, comprising a memory, a transceiver, a processor:

25. The network-side device of claim 24, wherein the first preset condition is one of the following:

the first request is a predefined dynamic reassembly request.

26. A key transmission device of a temporary group is applied to a network side device, and is characterized by comprising:

the first request unit is used for sending a recombination request to the group management server GMS under the condition that a first request sent by a first terminal meets a first preset condition; the restructuring request carries temporary group member identification information corresponding to the first request;

a first generating unit, configured to generate a random number corresponding to the temporary group identifier, where the random number is used by the first terminal and the second terminal to determine a session key corresponding to the first request; and the second terminal is a terminal corresponding to the temporary group member identification information.

27. A terminal, the terminal being a first terminal comprising a memory, a transceiver, a processor:

28. The terminal of claim 27,

the first request is a first group call request, and the call type corresponding to the first group call request is a temporary group call in an ad-hoc mode; alternatively, the first and second electrodes may be,

the first request is a predefined dynamic reassembly request.

29. A key transmission apparatus for a temporary group, applied to a first terminal, comprising:

a first acquisition unit configured to acquire a random number; the random number corresponds to a temporary group identifier in first response information sent by the GMS, where the first response information is sent by the GMS according to a reassembly request sent by the network side device;

a first determining unit, configured to determine a session key corresponding to the first request according to the temporary group identifier, the temporary group key identifier, and the random number.

30. A terminal, the terminal being a second terminal, comprising a memory, a transceiver, a processor:

a memory for storing a computer program; a transceiver for transceiving data under the control of the processor; a processor for reading the computer program in the memory and performing the following operations:

31. A key transmission apparatus of a temporary group, applied to a second terminal, comprising:

a second determining unit, configured to determine a session key corresponding to the first request according to the temporary group identifier, the temporary group key identifier, and the random number.

32. A GMS comprising a memory, a transceiver, a processor:

33. A key transmission apparatus for temporary group applied to GMS, comprising:

a second sending unit, configured to send a group configuration request to the first terminal and the second terminal corresponding to the identifier information of the temporary group member according to the reassembly request; wherein, the group configuration request carries a temporary group identifier, the temporary group key and the temporary group key identifier;

34. A processor-readable storage medium, wherein the processor-readable storage medium stores a computer program for causing a processor to perform the method of any one of claims 1 to 8; or the computer program is for causing the processor to perform the method of any of claims 9 to 14; or, the computer program is for causing the processor to perform the method of any of claims 15 to 21; alternatively, the computer program is operative to cause the processor to perform the method of any of claims 22 to 23.