CN116582825A - Sidelink communication broadcasting method and device and electronic equipment - Google Patents

Abstract

The application provides a method and a device for broadcasting a Sidelink communication and electronic equipment. The method for broadcasting the Sidelink communication applied to the UE at the transmitting end comprises the following steps: respectively extracting second key parameters from the plurality of key responses, and verifying each second key parameter, and determining that a receiving end UE corresponding to the second key parameter is trusted when the second key parameter is true; generating a broadcast message protected by security, wherein the broadcast message protected by security records a plurality of encrypted broadcast session keys, and each encrypted broadcast session key is encrypted according to a second key parameter corresponding to a receiving end UE determined to be trusted; and sending out the broadcast message which is protected by security. Thus, the problem that secure broadcast communication is difficult to perform between the Sidelink communication terminals outside the coverage area of the cellular network can be solved.

Description

Sidelink communication broadcasting method and device and electronic equipment

Technical Field

The application relates to the technical field of mobile communication, in particular to a method and a device for broadcasting Sidelink communication and electronic equipment.

Background

The new wireless (NR) Sidelink communication technology is a communication technology under a cellular network communication mechanism, and can implement direct communication from user equipment (UserEquipment, UE) to user equipment, that is, UE to UE.

The current broadcast security protection mechanism in the Sidelink communication cannot provide security guarantee capability for broadcast communication between the Sidelink communication terminals outside the coverage range of the cellular network. In order to better meet the broadcast communication requirements between the sip link communication terminals outside the coverage of the cellular network, it is necessary to provide customized broadcast communication security services in conjunction with application scenarios.

Disclosure of Invention

The application provides a method, a device, electronic equipment and a medium for broadcasting Sidelink communication, which are used for solving the problem that broadcasting communication is difficult to carry out between Sidelink communication terminals which are out of a cellular network coverage range in the related technology.

The first aspect of the present application provides a method for broadcasting a sip link communication, which is applied to a transmitting UE, and includes:

respectively extracting second key parameters from the plurality of key responses, and verifying each second key parameter, and determining that a receiving end UE corresponding to the second key parameter is trusted when the second key parameter is true;

generating a broadcast message protected by security, wherein the broadcast message protected by security records a plurality of encrypted broadcast session keys, and each encrypted broadcast session key is encrypted according to a second key parameter corresponding to a receiving end UE determined to be trusted;

And sending out the broadcast message which is protected by security.

As a possible implementation manner of the first aspect, before extracting the second key parameters from the plurality of key responses, the method further includes:

and sending a key request to receive a key response, wherein the key request records a first key parameter, and the first key parameter comprises a public key of the sending end UE and a public key certificate of the sending end UE.

As a possible implementation manner of the first aspect, before the generating the broadcast message with security protection, the method further includes: when the second key parameter is true, storing the second key parameter locally;

the generating a security-protected broadcast message includes: encrypting a preset broadcast session key by using the second key parameters corresponding to the receiving end UE which are locally stored and determined to be trusted, so as to obtain an encrypted broadcast session key;

encrypting the broadcast information by using the preset broadcast session key and the preset random number to obtain encrypted broadcast information;

and combining the encrypted broadcast session key corresponding to each receiving end UE determined to be trusted and the encrypted broadcast information into a broadcast vector as a broadcast message protected by security.

As a possible implementation manner of the first aspect, the security-protected broadcast message is sent out in a frequency band shared with the base station; or (b)

And sending the broadcast message which is protected by security in a special frequency band of the Sidelink communication.

The second aspect of the present application provides a method for broadcasting a sip link communication, which is applied to a receiving UE, and includes:

respectively extracting first key parameters from a plurality of key requests, verifying each first key parameter, and determining that a transmitting end UE corresponding to the first key parameters is trusted when the first key parameters are true;

receiving a broadcast message which is determined to be credible and sent by a UE at a sending end and is protected by security;

processing a broadcast message of the received secured broadcast messages.

As a possible implementation manner of the second aspect, the securely protected broadcast message records an encrypted broadcast session key, where the encrypted broadcast session key is encrypted according to a second key parameter of the receiving UE;

the broadcast information protected by the security records encrypted broadcast information, and the encrypted broadcast information is encrypted by using a preset broadcast session key and a preset random number;

the processing of the broadcast message in the security protected broadcast message comprises:

Decrypting the encrypted broadcast session key by using a second key parameter of the receiving end UE to obtain the preset broadcast session key;

decrypting the encrypted broadcast information by using the preset broadcast session key to obtain the preset random number and the decrypted broadcast information;

and when the preset random number is not stored in the local of the receiving end UE, processing the decrypted broadcast information.

As a possible implementation manner of the second aspect, before receiving the secured broadcast message sent by the sender UE determined to be trusted, the method further includes:

and sending out a key response, wherein the key response records a second key parameter, and the second key parameter comprises a public key of the receiving end UE and a public key certificate of the receiving end UE.

As one possible implementation manner of the second aspect, receiving a security-protected broadcast message sent by the UE at the transmitting end determined to be trusted in a frequency band shared with the base station; or (b)

And receiving the broadcast message which is confirmed to be sent by the trusted sending end UE and is protected by security by using the special frequency band of the Sidelink communication.

A third aspect of the present application provides a sip link communication device, applied to a transmitting UE, including:

The trusted receiving end UE determining module is configured to extract second key parameters from the plurality of key responses respectively, verify each second key parameter, and determine that the receiving end UE corresponding to the second key parameter is trusted when the second key parameter is true;

the system comprises a secure broadcast message generation module, a secure broadcast message generation module and a secure broadcast message generation module, wherein the secure broadcast message records a plurality of encrypted broadcast session keys, and each encrypted broadcast session key is encrypted according to a second key parameter corresponding to a receiving end UE which is determined to be trusted;

a broadcast message issuing module configured to issue the security-protected broadcast message.

A fourth aspect of the present application provides a sip link communication device, applied to a receiving UE, including:

the trusted transmitting terminal UE determining module is configured to extract first key parameters from a plurality of key requests respectively, verify each first key parameter, and determine that the transmitting terminal UE corresponding to the first key parameter is trusted when the first key parameter is true;

the system comprises a secure broadcast message receiving module, a secure broadcast message sending module and a secure broadcast message receiving module, wherein the secure broadcast message receiving module is configured to receive a secure broadcast message sent by a transmitting end UE which is determined to be trusted;

A broadcast message processing module configured to process the received secured broadcast message.

A fifth aspect of the present application provides an electronic device, comprising: a memory for storing executable instructions; the method comprises the steps of,

a processor, configured to connect to the memory, and execute the executable instructions to complete the operation of the sidlink communication broadcasting method described in the first aspect;

or to execute the executable instructions to perform the operations of the Sidelink communication broadcasting method described in the second aspect above.

A sixth aspect of the present application provides a computer-readable storage medium storing computer-readable instructions that, when executed by a processor, cause the processor to perform the sidlink communication broadcasting method as described in the first aspect or the sidlink communication broadcasting method as described in the second aspect.

These and other aspects of the application will be apparent from and elucidated with reference to the embodiment(s) described hereinafter.

Drawings

The various features of the application and the connections between the various features are further described below with reference to the figures. The figures are exemplary, some features are not shown in actual scale, and some features that are conventional in the art to which the application pertains and that are not essential to the application may be omitted from some figures, or additional features that are not essential to the application may be shown, and combinations of the various features shown in the figures are not intended to limit the application. In addition, throughout the specification, the same reference numerals refer to the same. The specific drawings are as follows:

Fig. 1 is an application scenario schematic diagram of a method for broadcasting a sip link communication according to an embodiment of the present application;

fig. 2 is a schematic diagram of a scenario in which a method for broadcasting a sip link communication according to an embodiment of the present application is applied to a plurality of sip link communication terminals without coverage of a mobile network;

fig. 3 is a schematic flow chart of an application of the method for broadcasting a sip link communication in the embodiment of the present application to a transmitting UE;

fig. 4 is a schematic flow chart of an application of the method for broadcasting a sip link communication in a receiving UE according to an embodiment of the present application;

fig. 5 is a schematic flow chart of the method for broadcasting a sip link communication according to an embodiment of the present application when the method is applied to a sip link communication terminal;

FIG. 6 is a flow chart of another method of Sidelink communication broadcasting;

fig. 7 is a schematic diagram of a component of a sip link communication device applied to a transmitting UE according to an embodiment of the present application;

fig. 8 is a schematic diagram of a component of a sip communication device applied to a receiving UE according to an embodiment of the present application;

fig. 9 is a schematic diagram of an electronic device according to an embodiment of the application.

Detailed Description

Various exemplary embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present application unless it is specifically stated otherwise. Meanwhile, it should be understood that the sizes of the respective parts shown in the drawings are not drawn in actual scale for convenience of description. The following description of at least one exemplary embodiment is merely exemplary in nature and is in no way intended to limit the application, its application, or uses.

Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.

It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.

In addition, the technical solutions of the embodiments of the present application may be combined with each other, but it is necessary to be based on the fact that those skilled in the art can implement the technical solutions, and when the technical solutions are contradictory or cannot be implemented, the combination of the technical solutions should be considered as not existing, and not falling within the scope of protection claimed by the present application.

The proximity services function (Proximity Service, proSe) in the 3GPP standard defines a corresponding air interface, i.e. the PC5 interface, and an air interface technical specification, i.e. the Sidelink specification. Based on a long term evolution (Long Time Evolution, LTE) frame structure, the Sidelink specification adds a discovery channel for mutual discovery between terminals, and realizes synchronization between terminals through a synchronization signal, while the LTE standard is extended for a control channel and a traffic channel. Thus, the Sidelink air interface specification supports direct communication between terminals within and outside a cell, and the terminals may self-network.

Thus, the Sidelink communication can be regarded as an additional function of the LTE communication terminal, is a near field communication technology in which the UE performs information direct connection through the PC5 interface between the UE and the UE, can provide information interaction not only in the coverage service range of the E-UTRAN, but also in places without the coverage of the E-UTRAN.

Synchronization of the Sidelink communications is from UE to UE. Specifically, for inter-UE sip communications that are not within E-UTRAN coverage, the source UE broadcasts system messages to the other UEs(s) over the sip broadcast channel (Sidelink Broadcast Control Channel, SBCCH), i.e., the source UE synchronizes the other UEs over the SBCCH broadcast and synchronization signals.

In summary, compared with bluetooth (bluetooth), wireless local area network (Wireless Local Area Network, WLAN), wireless ad hoc network and other early terminal direct communication (D2D) communication technologies, the sidlink communication has a unique authorized frequency band (such as an ITS frequency band of 5.9 GHz), which not only supports the user to communicate in the coverage area of the base station by the network side uniform scheduling resource, but also supports the user outside the coverage area of the base station to autonomously select the resource for communication.

The public land mobile network (Public Land Mobile Network, abbreviated PLMN) can uniquely identify a communications carrier, which consists of a mobile country code (Mobile Country Code, abbreviated MCC) and a mobile network code (Mobile Network Code, MNC).

When the symmetric key is encrypted and decrypted, both sides commonly hold the same key. Specifically, the sender encrypts the data according to a specified algorithm by using the key and then sends out the encrypted data; the receiving party decrypts the received data with this key to obtain the actual data. Since both parties hold the same key, the key is called a symmetric key.

As shown in fig. 1, the application scenarios of the sidlink communication generally include the following three types: the communication terminals (such as A1, A2 and A3) are all located within the coverage area of the network; the communication terminals (such as B1 and B2, or C1 and C2) are partially positioned within the coverage area of the network; the communication terminals (e.g., D1, D2, and D3) are all outside the network coverage.

Referring to the foregoing description, as shown in the left side of fig. 1, when the sip link communication terminals (e.g., A1, A2, and A3) are all within the coverage of the network, the sip link communication terminal (hereinafter referred to as a communication terminal, a sip link communication terminal, or a terminal) may directly communicate with the service network, establish a secure channel with the network, and the network may serve to establish a connection between the communication terminals. As shown in the middle part of fig. 1, when part of the communication terminals (such as B1 and B2, or C1 and C2) are located within the coverage area of the network, the communication terminals can establish a secure connection with a service network or a secure channel with the network through a communication manner forwarded directly (such as B1 and B2) or by a relay (such as C1 and C2), and the network can serve the connection between the terminals. As shown in the right side of fig. 1, when all the communication terminals (e.g., D1, D2, and D3) are out of the network coverage, the communication terminal (e.g., D1, D2, or D3) cannot communicate with the service network, cannot acquire the sip link communication resources of the service network, and can only establish connection with other communication terminals by means of its own capabilities.

During the establishment of a communication connection or during the acquisition of communication service resources, a sidlink communication terminal may interact with multiple terminals in the surrounding environment that establish a connection with the communication terminal with many identical communication resources, such as a public key of the terminal, a security capability of the terminal, and so on. In order to reduce the consumption of communication resources and reduce the overhead, the Sidelink communication terminal can perform information transmission in a broadcast or multicast mode. For example, after the sending UE sends the broadcast message, if all the registered receiving UEs near the sending UE use the same physical distance range or side link service as the sending UE, the broadcast message may be received. Therefore, in various application scenarios, a sip broadcast communication is required between terminals.

However, the broadcast/multicast message may include private data of the user, such as positioning capability of the terminal and positioning auxiliary data of the terminal, where the data is transmitted in a plaintext form in the air interface without being subjected to security protection treatment, so that the private data such as location information of the terminal is easily stolen by an attacker through means of eavesdropping, replay, etc., thus threatening communication security of the sidlink communication terminal and having serious potential safety hazard.

Typically, the security protection mechanism of the Sidelink broadcast communication includes employing a pre-distributed symmetric key. The pre-distribution of symmetric keys requires not only the participation of the serving network but also the pre-knowledge of all participating UEs when using broadcast/multicast services such as Ranging/sip services. Typically, the UE may be moving continuously, and the UE sending the broadcast message cannot know the information of all UEs nearby exactly without network assistance, and thus cannot distribute the symmetric key in advance.

Thus, the security protection mechanism for such a Sidelink broadcast communication employing a pre-distributed symmetric key requires network-assisted negotiation or provision of a broadcast session key for the broadcast communication, and the protection mechanism is single and solid.

The application provides a method, a device and electronic equipment for secure broadcasting of a Sidelink without mobile network coverage, which are used for solving the problem that the conventional secure broadcasting protection mechanism of a Sidelink communication terminal cannot provide secure broadcasting communication service for the Sidelink communication terminal without mobile network coverage. According to the Sidelink security broadcasting method, the device and the electronic equipment, aiming at the scene that the terminal outside the coverage area of the mobile or cellular network still needs to realize multicasting, sidelink multicasting service is provided for the terminal outside the coverage area of the network, sufficient security guarantee capability is provided, and the risk of privacy leakage of users is reduced.

Referring to the foregoing description, as shown in fig. 1, 2, 5 and 6, the overall architecture of the sidlink communication includes the following three parts: a transmitting UE, a receiving UE and a 5G core network (5G Common Core,5GC). In view of the fact that the sip link communication is in a full duplex mode, the transmitting end UE and the receiving end UE may be simultaneously set in the same sip link communication terminal or different sip link communication terminals.

Any of the sidlink communication terminals (such as terminal 100 in fig. 2) may broadcast a message to the surroundings, in this case, in the architecture logic, at the transmitting terminal side or the transmitting UE; accordingly, other sip communication terminals in the surrounding environment (such as terminals 200 to 600 in fig. 2) may be located at the receiving terminal side or the receiving terminal UE. Referring to the foregoing description, the sip communication is in a full duplex mode, naturally, when any sip communication terminal does not need to broadcast a message externally, i.e., is on the receiving terminal side (such as terminals 200 to 600 in fig. 2); any of the sidlink communication terminals is located at the transmitting terminal side (e.g., terminal 100 in fig. 2) when it is required to broadcast messages externally. Any of the Sidelink communication terminals can be a mobile phone, an intelligent terminal, a multimedia device, a streaming media device and the like.

In order to facilitate understanding of the technical solution of the method for broadcasting a sip link communication provided by the embodiment of the present application, a scenario in which a plurality of sip link communication terminals communicate in a broadcast manner is described below in conjunction with fig. 2. It should be noted that the following application scenarios are only shown for facilitating understanding of the spirit and principles of the present application, and embodiments of the present application are not limited in this respect. Rather, embodiments of the application may be applied to any scenario where applicable.

In some embodiments, the method for broadcasting the sip link communication according to the embodiments of the present application may be applied to the internet of vehicles, for example, vehicle-to-anything (Vehicle to Everything, V2X) communication, long term evolution technology of workshop communication (Long Term Evolution-Vehicle, LTE-V), vehicle-to-Vehicle (Vehicle to Vehicle, V2V) communication, or the like, or may be applied to the fields of intelligent driving, intelligent network connection, and the like.

As shown in fig. 2, the terminal 100 is located at a transmitting terminal side, that is, a transmitting end UE; other sip communication terminals around the terminal 100 are located at the receiving terminal side, i.e. the receiving terminal UE. The terminal 100 broadcasts communication data such as its sidlink positioning capability, positioning assistance data, etc.; the terminals 200 to 600 constantly monitor and process the broadcast information transmitted from other surrounding sidlink communication terminals, for example, the communication data transmitted from the terminal 100.

In some embodiments, terminal 200 may be a computer; the terminal 300 may be a sidlink communication terminal in the internet of things; the terminal 400 may be a vehicle provided with a sidlink communication terminal; the terminal 500 may be a multimedia device or a streaming device provided with a sip link communication terminal; the terminal 600 may be an unmanned aerial vehicle provided with a sidlink communication terminal.

The following describes in detail the technical scheme of the sip link communication broadcasting method according to the embodiment of the present application with reference to fig. 3 to 9.

As shown in fig. 3, the method for broadcasting a sip communication according to the embodiment of the present application may include the following steps S110 to S130 when applied to a transmitting UE.

Step S110: respectively extracting second key parameters from the plurality of key responses, verifying each second key parameter, and determining that the receiving end UE corresponding to the second key parameter is trusted when the second key parameter is true;

step S120: generating a broadcast message protected by security, wherein the broadcast message protected by security records a plurality of encrypted broadcast session keys, and each encrypted broadcast session key is encrypted according to a second key parameter corresponding to a receiving end UE determined to be trusted;

step S130: and sending out the broadcast message protected by security.

In the above step S110, the transmitting UE extracts the second key parameters from the received multiple key responses, and verifies each second key parameter, and determines that the receiving UE corresponding to the second key parameter is trusted when the second key parameter is true. In this way, the transmitting UE can use the second key parameter corresponding to each receiving UE as the public key for asymmetric encryption. Thus, the public key for asymmetric encryption can be conveniently obtained, the efficiency is high, and the resource consumption is low.

In the above step S120, the transmitting end UE uses the second key parameters corresponding to the receiving end UE as the public key for asymmetric encryption, and generates the secured broadcast message, where the secured broadcast message records a plurality of encrypted broadcast session keys, and each encrypted broadcast session key is encrypted according to the second key parameters corresponding to the receiving end UE determined to be trusted. The transmitting UE uses the second key parameter corresponding to each receiving UE as the public key for asymmetric encryption at the transmitting UE, and encrypts the broadcast session key for session with each receiving UE. Therefore, the sending end UE can adopt different broadcasting session keys for different receiving end UEs, so that the privacy of the session is ensured, and the safety of broadcasting communication is improved.

In the above step S130, the transmitting UE sends out the security-protected broadcast message in a broadcast manner. Therefore, the sending end UE transmits information outwards in a broadcasting mode, and the broadcasting information protected by safety is directly broadcast without designating different receiving end UEs, so that the consumption of communication resources is reduced, and the cost is reduced.

In the above, the method for broadcasting the sip link communication according to the embodiment provides a technical solution for implementing secure broadcasting by using asymmetric encryption between sip link communication terminals, and only the public keys of the receiving end UE and the transmitting end UE need to be shared, and the public keys of the symmetric encryption need not to be acquired in a network-assisted manner; the sending end UE encrypts the broadcast session key aiming at the receiving end UE through the public key of the receiving end UE, and encrypts and protects the broadcast message needing to be safely protected based on the broadcast session key, thereby providing confidentiality and integrity for the broadcast message. Thus, the method for broadcasting the Sidelink communication can realize efficient and safe broadcasting communication service aiming at the broadcasting requirement of the Sidelink communication terminal without mobile network coverage.

When the transmitting end UE or the receiving end UE respectively serves as opposite communication parties for encrypting and decrypting the asymmetric Key, each communication party needs two keys, namely a public Key and a private Key, and one public Key corresponds to one private Key and is called a Key Pair (Key Pair). The public key in the key pair is disclosed to the outside, and confidentiality is not needed; the private key is held in the private key, and the private key must be kept and paid attention to confidentiality. The two keys of each communication party are mutually encrypted and decrypted, i.e. if one of the keys is used to encrypt data, only the corresponding key can be decrypted.

Typically, a key pair (comprising a public key and a private key) is sent to a certificate authority (Certificate Authority, CA) after being created, the public key comprising authentication information (e.g. the serial number of the device used). The CA centre creates and signs a certificate containing the public key and authentication information, i.e. a public key certificate, thereby ensuring the authenticity of the key, i.e. the public key. Thereafter, the authenticity of the public key can be verified using the public key certificate that verifies the authenticity.

In some embodiments, before extracting the second key parameters from the plurality of key responses, the transmitting UE further includes: and sending a key request to receive a key response, wherein the key request records a first key parameter, and the first key parameter comprises a public key of the sending end UE and a public key certificate of the sending end UE.

In the above, in the method for broadcasting the sip link communication according to the embodiment, the transmitting end UE sends the key request with the first key parameter recorded in the clear text, and does not need to encrypt the first key parameter, which has high efficiency and less resource consumption, and is beneficial to receiving as many key responses sent by the transmitting end UE in the clear text within the physical distance range as much as possible.

In some embodiments, prior to generating the secured broadcast message, further comprising: when the second key parameter is true, storing the second key parameter locally;

generating a security-protected broadcast message, comprising: encrypting a preset broadcast session key by using locally stored second key parameters corresponding to the receiving end UE determined to be trusted, so as to obtain an encrypted broadcast session key;

encrypting the broadcast information by using a preset broadcast session key and a preset random number to obtain encrypted broadcast information;

and combining the encrypted broadcast session key and the encrypted broadcast information corresponding to the receiving end UE determined to be trusted into a broadcast vector as a broadcast message protected by security.

As described above, in the method for broadcasting a sip link communication according to this embodiment, when the second key parameter is true, the transmitting UE locally stores the second key parameter to use as the public key for asymmetric encryption when generating a broadcast message to be secured.

In the above, in the method for broadcasting a sip link communication according to this embodiment, the transmitting UE encrypts the preset broadcast session key using the locally stored second key parameter corresponding to each receiving UE determined to be authentic, to obtain the encrypted broadcast session key, which is used as the broadcast session key for session with each receiving UE.

In the above, in the method for broadcasting a sip link communication according to the embodiment, the transmitting UE encrypts the broadcast information using the preset broadcast session key and the preset random number to obtain the encrypted broadcast information, so that the encrypted broadcast information is not targeted, and each trusted receiving UE may receive the encrypted broadcast information without difference.

In the above, in the method for broadcasting a sip link communication according to this embodiment, the transmitting UE combines the encrypted broadcast session key and the encrypted broadcast information corresponding to the receiving UE determined to be trusted as the broadcast vector, as the broadcast message to be secured. Therefore, the broadcast message under security protection takes the broadcast vector as a carrier and is sent out in the clear, different receiving end UE does not need to be designated, the broadcast message under security protection can be directly broadcast, the consumption of communication resources is reduced, and the cost is reduced.

In some embodiments, when the transmitting UE broadcasts in plaintext, the transmitting UE transmits a security-protected broadcast message in a frequency band shared with the base station; or send out the broadcast message protected by security in the exclusive frequency band of the Sidelink communication.

In this way, in the method for broadcasting the sip link communication in this embodiment, the sip link communication can share the same spectrum with the base station, so that higher spectrum efficiency is achieved, and precious authorized spectrum resources are saved; the Sidelink communication can use the authorized frequency band of the cellular internet of things network, so that the method has higher reliability; the two communication parties can directly exchange signaling and data through the Sidelink link, and user data does not need to be forwarded through the base station and the core network, so that higher speed and lower communication time delay can be realized; in the area without the coverage of the base station, the Sidelink communication can still be realized, so that the coverage blind area of the cellular communication can be made up, the coverage area of the cellular network communication can be effectively enlarged, and the deployment is flexible.

In summary, in the method for broadcasting the sip link communication in this embodiment, the sending UE broadcasts the key request and the broadcast message under security protection in a broadcast manner, so that the consumption of communication resources and overhead are reduced when the sip link communication terminals communicate with each other by using the sip link broadcast. The transmitting end UE adopts an asymmetric encryption method, encrypts a broadcast session key aiming at the receiving end UE through a public key of the receiving end UE, encrypts and protects a broadcast message needing to be safely protected based on the broadcast session key, and provides confidentiality and integrity for the broadcast message.

As shown in fig. 4, the method for broadcasting a sip communication according to the embodiment of the present application may include the following steps S210 to S230 when applied to a receiving UE.

Step S210: respectively extracting first key parameters from a plurality of key requests, verifying each first key parameter, and determining that a transmitting end UE corresponding to the first key parameters is trusted when the first key parameters are true;

step S220: receiving a broadcast message which is determined to be credible and sent by a UE at a sending end and is protected by security;

step S230: and processing the broadcast message in the received security protected broadcast messages.

In the above step S210, the receiving end UE extracts the first key parameters from the received plurality of key requests sent in plaintext, and verifies each first key parameter, and determines that the transmitting end UE corresponding to the first key parameter is trusted when the first key parameter is true.

In this way, the receiving UE verifies whether each receiving UE that sent the key request is authentic using the first key parameter extracted from the key request. And then the receiving end UE receives the broadcast message sent by the receiving end UE from the sending end UE determined to be trusted, and does not receive the broadcast message sent by the sending end UE determined to be not trusted, so that the security and the communication efficiency of the Sidelink communication are improved, and the cost of communication resources is reduced.

In the above step S220, the receiving end UE receives the security-protected broadcast message sent by the transmitting end UE determined to be trusted. By the method, the information transmission of the sending end UE is realized, the broadcast message which is protected by safety is directly broadcast in a plaintext mode, and the point-to-point communication of different receiving end UEs is not required to be designated, so that the consumption of communication resources can be reduced by the receiving end UE or the sending end UE, and the cost is reduced.

In the above step S230, the receiving end UE processes the received broadcast message with security protection to obtain the positioning capability, positioning assistance data, and other data including user privacy sent by the sending end UE.

Above, the method for the sip link communication broadcasting according to the embodiment provides a technical solution for implementing secure broadcasting by asymmetric encryption between sip link communication terminals, where the receiving end UE receives the first key parameter sent by each sending end UE in a plaintext manner, so as to determine a plurality of trusted sending end UEs in the surrounding environment. Then, the receiving end UE receives the broadcast message which is sent by each sending end UE and is protected by security in a plaintext way. Thus, the method for broadcasting the Sidelink communication can realize efficient and safe broadcasting communication service aiming at the broadcasting requirement of the Sidelink communication terminal without mobile network coverage.

With reference to the above description, the transmitting UE encrypts the aforementioned broadcast session key with the public key of the receiving UE, and accordingly, the receiving UE decrypts the aforementioned broadcast session key with the private key corresponding to the public key. In some embodiments, the secured broadcast message records an encrypted broadcast session key, the encrypted broadcast session key being encrypted according to a second key parameter of the receiving UE; recording encrypted broadcast information by the broadcast message protected by security, wherein the encrypted broadcast information is encrypted by using a preset broadcast session key and a preset random number;

processing a broadcast message of the secured broadcast messages, comprising: decrypting the encrypted broadcast session key by using a second key parameter of the receiving end UE to obtain a preset broadcast session key; decrypting the encrypted broadcast information by using a preset broadcast session key to obtain a preset random number and decrypted broadcast information; and when the preset random number is not stored in the local of the receiving end UE, processing the decrypted broadcast information.

The receiving end UE decrypts the encrypted broadcast session key by using the second key parameter of the receiving end UE to obtain the broadcast session key preset by the transmitting end UE.

The receiving end UE decrypts the encrypted broadcast information by using the preset broadcast session key to obtain the preset random number and the decrypted broadcast information.

When the preset random number is not stored in the local of the receiving end UE, the decrypted broadcast information is continuously processed, for example, according to the acquired positioning capability, positioning auxiliary data and the like sent by the transmitting end UE, the collision risk between the receiving end UE and the transmitting end UE is decided.

When the preset random number is stored locally in the receiving end UE, it is determined that the received broadcast message with security protection is a replay attack, and the decrypted broadcast message may be discarded or a processing step related to the decrypted broadcast message may be terminated.

Thus, the receiving terminal can judge whether the received broadcast message belongs to the replay message or not by checking the freshness of the received preset random number, thereby providing replay protection for the broadcast communication.

Specifically, the preset random number includes a random number R that is dynamically generated by the transmitting UE each time the transmitting UE performs security protection on the communication data to be broadcasted, which will be described later.

In this way, the method for broadcasting the Sidelink communication of the embodiment provides a technical scheme for realizing secure broadcasting by utilizing asymmetric encryption between the Sidelink communication terminals, and only public keys of the receiving end UE and the transmitting end UE need to be shared, and the public keys of the symmetric encryption do not need to be acquired in a network-assisted manner; the sending end UE encrypts the broadcast session key aiming at the receiving end UE through the public key of the receiving end UE, and encrypts and protects the broadcast message needing to be safely protected based on the broadcast session key, thereby providing confidentiality and integrity for the broadcast message. The receiving end UE decrypts the broadcast session key for the receiving end UE using its private key and decrypts the received security-protected broadcast message based on the broadcast session key. Aiming at the broadcasting requirement of the Sidelink communication terminal without mobile network coverage, the Sidelink communication broadcasting method of the embodiment can realize high-efficiency and safe broadcasting communication service.

In some embodiments, before receiving the broadcast message sent by the sender UE that is determined to be trusted and protected by security, or after determining that the sender UE corresponding to the first key parameter is trusted, the method further includes:

and sending out a key response, wherein the key response records a second key parameter, and the second key parameter comprises a public key of the receiving end UE and a public key certificate of the receiving end UE.

In the above, in the method for broadcasting a sip link communication according to this embodiment, the receiving UE sends out the key response with the second key parameter recorded in the plaintext; the second key parameter does not need to be encrypted, the efficiency is high, the resource consumption is low, and key response is favorably sent out to as many sending terminals UE as possible in the plaintext within the range of the physical distance as much as possible.

In some embodiments, the broadcast message sent by the sender UE determined to be trusted is received in a frequency band shared with the base station; or receiving the broadcast message which is confirmed to be sent by the trusted sending end UE and is protected by security and sent by the sending end UE in the special frequency band of the Sidelink communication.

In this way, in the method for broadcasting the sip link communication in this embodiment, the sip link communication can share the same spectrum with the base station, so that higher spectrum efficiency is achieved, and precious authorized spectrum resources are saved; the Sidelink communication can use the authorized frequency band of the cellular internet of things network, so that the method has higher reliability; the two communication parties can directly exchange signaling and data through the Sidelink link, and user data does not need to be forwarded through the base station and the core network, so that higher speed and lower communication time delay can be realized; in the area without the coverage of the base station, the Sidelink communication can still be realized, so that the coverage blind area of the cellular communication can be made up, the coverage area of the cellular network communication can be effectively enlarged, and the deployment is flexible.

In summary, in the method for broadcasting the sip link communication according to the embodiment, the receiving UE broadcasts the key response and receives the security-protected broadcast message in a broadcast manner, so that the consumption of communication resources and the overhead are reduced when the sip link communication terminals communicate with each other by using the sip link broadcast. The receiving end UE adopts an asymmetric encryption method, decrypts the broadcast session key aiming at the receiving end UE by utilizing the private key of the receiving end UE, decrypts the received broadcast message which is protected by security based on the broadcast session key, and achieves confidentiality and integrity of the Sidelink broadcast communication.

When the embodiment of the application generates the broadcast message under security protection, the sending end UE can select the corresponding random number to form a message vector together with the broadcast message, and the broadcast session key is utilized for encryption protection, and the receiving end terminal can judge whether the broadcast message belongs to the replay message or not by checking the freshness of the received random number, thereby providing replay protection for broadcast communication.

The following is based on the sip link communication scenario without mobile network coverage shown in fig. 2, taking SL positioning service signaling as an example of a broadcast message needing security protection, and referring to fig. 5, a method for applying the sip link communication broadcast method in an embodiment of the present application to a transmitting UE and a receiving UE is specifically described, where the method includes the following steps F10 to F50.

Step F10: the sending end UE sends out a key request.

And when the Sidelink communication terminal transmits the SL positioning service signaling in a multicast or broadcast mode, the Sidelink communication terminal is the transmitting end UE. Before the sending end UE sends the SL positioning service signaling in a multicast or broadcast mode, the sending end UE sends a key request, the key parameter of the key request is recorded in the key request, and the key parameter comprises a public key and a public key certificate.

In some embodiments, the key parameters include: public key of the sending end UE, public key certificate of the sending end UE and security capability data of the sending end UE.

Specifically, the transmitting UE sends a key request in a plaintext manner, for example, the key request is wirelessly transmitted to the surrounding environment as the sidlink communication data in a preset frequency band or a preset power. The method for sending the key request by the sending end UE in the clear may be implemented with reference to the prior art, and will not be described in detail.

Typically, the transmission range supported by a sidlink communication terminal includes a range from 20 meters to 1000 meters or 3000 meters therearound. The security capability of each Sidelink communication terminal is usually defaulted to meet the Sidelink communication requirement in the range of 20 meters to 1000 meters or 3000 meters around the Sidelink communication terminal, and the receiving end UE cannot audit the security capability data of the transmitting end UE. Therefore, the transmitting UE may choose to record or not record its security capability data in the key request.

Step F20: the receiving end UE sends out a key response.

After the receiving end UE acquires the key parameter of the transmitting end UE, judging whether the public key of the transmitting end UE is true according to the recorded public key certificate of the transmitting end UE; when the public key of the UE at the transmitting end is judged to be true, the public key of the UE at the transmitting end is stored locally; and when the public key of the UE at the transmitting end is judged to be true, determining that the UE at the transmitting end is credible.

In some embodiments, the receiving UE obtains the key parameter sent by the surrounding sending UE, which may include: the receiving end UE receives a key request sent by the sending end UE and extracts key parameters recorded in the key request, such as a public key of the sending end UE and a public key certificate of the sending end UE. Specifically, the method that the receiving end UE receives the key request sent by each surrounding sending end UE in a plaintext manner and extracts the key parameter recorded in the key request can be implemented with reference to the prior art, and will not be described in detail.

Specifically, the method for judging whether the public key of the transmitting UE is true according to the public key certificate of the transmitting UE may be implemented with reference to the prior art, and will not be described in detail.

After determining that there is a trusted sender UE in the surrounding environment, the receiver UE confirms whether to acquire a multicast/broadcast message of any trusted sender UE. If the receiving end UE needs to acquire the multicast/broadcast message, such as SL location service signaling, sent by the sending end UE later, a key response is generated, and the key response is wirelessly transmitted to the surrounding environment as the sip link communication data, so as to return the generated key response to the receiving end UE.

In some embodiments, the key response generated by the receiving UE describes its key parameters, such as the public key and public key certificate of the receiving UE. The key parameters include: public key of receiving terminal UE, public key certificate of receiving terminal UE, security capability data of receiving terminal UE.

In some embodiments, the receiving UE sends out the key response in a plaintext manner, for example, the key response is wirelessly transmitted to the surrounding environment as the sidlink communication data in a preset frequency band or a preset power. With reference to the foregoing description, the transmitting UE does not check the security capability data of the receiving UE. Therefore, the receiving UE may choose to record or not record its security capability data in the key response.

The receiving end UE sends out a key request before sending out a multicast/broadcast message; after the receiving end UE monitors the key parameter sent by the sending end UE, the receiving end UE may choose to send out a key response or not send out a key response.

In this way, the key parameter is sent out in the key response, so that the multicast/broadcast message is sent out by the Sidelink communication terminal which is determined to be trusted by adopting an asymmetric encryption method.

In some embodiments, after the receiving UE or the transmitting UE acquires the key parameters of the other terminal, authentication is performed, and whether the communication terminal is a trusted communication terminal is determined. The receiving end UE or the transmitting end UE sends out a key request or a key response in a plaintext and broadcasting mode. According to the security capability of the Sidelink communication terminal, the key response or key request which uses the preset frequency band or preset power as the wireless transmission of the Sidelink communication data to the surrounding environment is received by each Sidelink communication terminal in the transmission range supported by the Sidelink communication terminal by default and authentication processing is carried out.

Step F30: the transmitting UE generates a broadcast/multicast message.

In some embodiments, in the surrounding environment of the transmitting UE, at least two UEs send key responses within a preset response time (for example, 100ms or 40 mms), the transmitting UE determines that the transmitting UE is a response to the key request sent by the transmitting UE, and receives the key responses sent by the at least two UEs.

In some embodiments, the sending UE obtains the key parameter of the receiving UE, and determines whether the public key of the receiving UE is true according to the public key certificate of the receiving UE recorded therein; and when the public key of the receiving end UE is judged to be true, storing the public key of the receiving end UE locally.

The sending UE obtains key parameters sent by surrounding receiving UEs, which may include: the sending end UE receives key responses sent by a plurality of receiving end UEs, and extracts key parameters recorded in the key responses, such as a receiving end UE public key and a receiving end UE public key certificate.

Specifically, the method for judging whether the public key of the transmitting UE is true according to the public key certificate of the transmitting UE may be implemented with reference to the prior art, and will not be described in detail.

According to the Sidelink communication specification, each transmitting end UE or receiving end UE can pre-configure a public key and a public key certificate to provide k anonymity, so that the UE is prevented from being tracked by an attacker by always using the same public key. Therefore, the key parameters described in the key request and the key response have k anonymity. Therefore, in the above steps F10, F20 and F30, the transmitting end UE or the receiving end UE needs to perform public key authentication on the opposite party each time the multicast/broadcast message is transmitted or received or each time the multicast/broadcast message is transmitted or received at a preset time interval, and store the public key information determined to be authentic locally. In this way, any public key stored locally at the opposite end is dynamically updated.

According to the sidlink communication specification, the method for selecting one pair of the public key and the public key certificate from a group of the public key and the public key certificate when the sending end UE and the receiving end UE generate the key request or the key response can be realized by referring to the prior art, and will not be described in detail.

And if the sip link communication frequency band adopted by the transmitting UE or the receiving UE is a frequency band shared with the base station and the UE belongs to multiple PLMNs, a set of CA public keys of the trusted PLMNs may be preconfigured for each UE, or a PKI trust chain may be implemented to ensure that the UE can verify the public keys of other UEs.

In some embodiments, when generating a secure broadcast message, the sender UE selects the broadcast session key K for broadcast security and uses the public key PK stored locally at each receiver UE _{Reciving UEi} The broadcast session key K is encrypted, as a function operation is performed as shown in the following equation:wherein i is a positive integer, and an encrypted broadcast session key K is obtained _{Reciving UEi} . Subsequently, the encrypted broadcast session key K _{Reciving UEi} The broadcast session key K is obtained after decryption by using the private key of each receiving end UE.

Specifically, public key PK of each receiving end UE is utilized _{Reciving UEi} The method for encrypting the broadcast session key K may be implemented with reference to the prior art, and will not be described in detail.

In some embodiments, the transmitting UE further selects the random number R for anti-replay protection, and encrypts the broadcast message (such as positioning capability of SL and positioning assistance data) to be protected and the selected random number R according to the foregoing broadcast session key K, for example, performing a function operation as shown in the following formula: (SL positioning signalling, R) _K Wherein SL positioning signalling is used to indicate the positioning capability of SL, and obtain the encrypted broadcast message.

Specifically, the method for the transmitting UE to encrypt and protect the broadcast message to be protected and the selected random number R according to the broadcast session key K can be implemented with reference to the prior art, and will not be described in detail.

In some embodiments, the sender UE generates a security protected broadcast vector AV for a plurality of trusted receivers UE. When the content of the broadcast message is the positioning capability of the broadcast SL, i.e. the SL positon signalling message, the generated security protected broadcast vector AV is as follows:

wherein the plurality of trusted receiving end UE comprises the plurality of receiving end UE passing the authentication in the step F31,… the encrypted broadcast session key K corresponding to each of the plurality of receiving end UEs generated in the step F32 _{Reciving UEi} ；(SL positioning signalling,R) _K And the encrypted broadcast message obtained is obtained.

Step F40: and transmitting the broadcast message protected by security.

Specifically, the transmitting UE sends out the security-protected message by broadcasting, that is, the aforementioned broadcast vector AV. In this way, each receiving UE in the surrounding environment that determines that the transmitting UE is a viable receiving UE may receive and acquire the security protected broadcast message.

Step F50: the plurality of receiving end UEs process the received broadcast messages, respectively.

And when the Sidelink communication terminal receives SL positioning service signaling sent by other surrounding Sidelink communication terminals in a multicast or broadcast mode, the signaling is a receiving end UE. Referring to the foregoing step F20, before the receiving UE receives the SL location service signaling in a multicast or broadcast manner, the receiving UE sends a key response, where the key response records its key parameters, and the key parameters include a public key and a public key certificate.

In some embodiments, after receiving the broadcast message, the receiving UE decrypts the broadcast session key K for broadcast security by using the private key of the receiving UE, for example, performing the inverse operation of the function shown in the following formula:is the inverse of (a).

In some embodiments, decrypting the broadcast session key K for broadcast security using the private key of the receiving UE includes: extracting the encrypted broadcast session key K for the receiving end UE from the aforementioned broadcast vector AV _{Reciving UEi} And uses the private key of the receiving end UE to decrypt the broadcasting session key K for broadcasting security.

It should be understood that each receiving UE extracts the encrypted broadcast session key K for itself from the broadcast vector AV _{Reciving UEi} And ignoring the encrypted broadcast session key K for other receiving end UEs _{Reciving UEi} 。

In some embodiments, the secure broadcast message, such as SL positioning signaling message, and the corresponding random number R are obtained according to the decrypted broadcast session key K, as described above, such as by performing an inverse operation of the function shown in the following equation: (SL positioning signaling, R) _K 。

In some embodiments, it is determined whether the random number R is a local number, i.e., stored locally. If the random number has not been stored locally, the random number is stored locally. Thus, the local freshness of the random number R can be utilized to resist replay attack.

In some embodiments, the receiving UE may determine that the received broadcast message is a replay message if the random number is already stored locally. Accordingly, the receiving UE terminates the subsequent processing step for the extracted broadcast message, that is, discards the decrypted broadcast message received this time without processing.

When generating the broadcast message protected by security, the transmitting end UE selects the corresponding random number, forms a message vector together with the broadcast message, and performs encryption protection by using the broadcast session key, and the receiving end terminal can judge whether the broadcast message belongs to a replay message or not by checking the freshness of the received random number, thereby providing replay protection for broadcast communication.

In this way, the method for broadcasting the Sidelink communication in the embodiment of the application provides a secure broadcasting process applicable to the Sidelink communication terminals aiming at the broadcasting requirement of the Sidelink communication terminals without mobile network coverage, only public keys of the Sidelink communication terminals are shared, a dynamically updated broadcasting session key is encrypted through the public key of the receiving terminal UE, and the broadcasting message needing secure protection is encrypted and protected based on the broadcasting session key, so that confidentiality, integrity and replay protection are provided for the broadcasting message.

The Sidelink communication broadcasting method of the embodiment of the application selects the safe broadcasting session key at the transmitting end UE, encrypts and protects the broadcasting session key based on the public key of the receiving end, encrypts and protects the broadcasting message based on the broadcasting session key, and provides confidentiality and integrity protection for the broadcasting communication.

The Sidelink communication broadcasting method of the embodiment of the application is not only suitable for the safe broadcasting of the Sidelink communication terminal without mobile network coverage, but also suitable for the multicast safety; in multicast, when encrypting the broadcast session key, the public key of the receiving end UEs in the same specific group with the sending end UE is used for encryption protection, and confidentiality, integrity and replay protection can still be provided for multicast messages.

Usually, a Service-Based Architecture (SBA) architecture is adopted in the 5G core network, and based on a cloud primitive architecture design, the whole original multiple functions are split into multiple individuals with independent functions, and each individual realizes a respective micro Service. In the sip broadcast/multicast communication, a SL location key management function (Sidelink Positioning Key Management Function, SLPKMF) in the 5G core network may be used to manage keys of the sip user terminal, and secure communication is performed between the auxiliary terminals.

In the broadcast/multicast protection mode with the participation of the core network, the multicast privacy protection mode comprises that the core network provides a pre-configured security material for the UE belonging to a specific group so as to ensure the security of broadcast Sidelink positioning service signaling. By using pre-configured security materials, any UE in a particular group may send a confidentiality and integrity protected broadcast message, e.g., information related to SL location services, and other UEs in the same group may revoke protection of the received message after receiving the broadcast message.

The following describes a secure broadcasting method of a sip link communication terminal under coverage of a mobile network with reference to fig. 6 by taking broadcasting a sip link positioning service signaling in a positioning service group as an example, and the method specifically includes steps 0a, 0b, 1, 2, 3, 4 and 5.

Step 0a: the transmitting end UE is preconfigured.

Specifically, the transmitting UE pre-configures a Group ID (Group ID) of the SL location service in preparation for broadcast communication.

Step 0b: any receiving end UE is preconfigured.

Specifically, any receiving end UE in the Group pre-configures a Group ID (Group ID) of the SL location service in preparation for broadcast communication.

Step 1a: the sending end UE sends out a key request.

Specifically, after the sender UE completes mutual authentication with the service network, a secure connection is established with the slp kmf, and the sender UE sends a key request message to the slp kmf, where the key request message records a Group ID (Group ID) of the SL location service, and a security capability parameter Security Capabilities of the user, such as a security capability parameter of the sender UE.

Step 1b: the SLPKMF returns a key response to the transmitting end UE.

Specifically, as shown in fig. 6, before the SLPKMF returns a key response to the sender UE, or after receiving the key request, the SLPKMF detects whether the UE security capability is supported, which will not be described in detail

Specifically, the SLPKMF returns a key response message to the transmitting UE, the key response message recording the side SL locating Group key (Sidelink Positioning Group Key, SLPGK), the SL locating Group key ID, the validity period and the selected encryption and integrity algorithm (Integrity Algorithm) IDs, and the Group Member (Group Member) ID.

In general, the key response message may contain a plurality of SLPGK and SLPGK ID pairs having different validity periods, that is, SLPGKs and SLPGK IDs of a plurality of different validity periods.

The group member ID may be allocated by SLPKMF, or may be included in the key response message when the receiving UE and/or the transmitting UE generates that the group member ID is allocated by SLPKMF. When the receiving UE or the transmitting UE generates a group member ID, the UE randomly generates the group member ID to uniquely identify the ID in the group. In this way, the transmitting UE acquires security materials required for the broadcast message from the SLPKMF.

Step 2: after receiving the key response message, the transmitting UE derives a side link location traffic key (Sidelink Positioning Traffic Key, sltk) from the side SL location group key SLPGK using the group ID, the group member ID, and the sltk ID.

Wherein the sltk ID is generated by a counter of a unique value in the transmitting UE that has not been previously used with the same side SL locating group key SLPGK and the associated SLPGK ID.

The transmitting UE calculates an SL location encryption key (Sidelink Positioning Encryption Key, sltek) and an SL location integrity key (Sidelink Positioning Integrity Key, SLPIK) of the sltk using the selected algorithm ID, respectively.

Above, the SL location encryption key sltek and the SL location integrity key SLPIK as derived security keys may be used to send the secured multicast message. In this way, the transmitting UE derives the security key for encryption and integrity, and may send the security-protected multicast message.

Step 3: the sending end UE encrypts the multicast message by using the derived security key and sends the multicast message which is protected by security.

Step 4: any receiving end UE executes the K key request and response.

Specifically, the receiving UE similarly executes the key request procedure and the key response procedure described in step 1a and step 1b, and acquires security materials required for security protection in the received broadcast message and the revocation message from the SLPKMF.

Step 5: any receiving end UE derives the key and processes the received multicast message.

Specifically, after any receiving UE receives a message broadcast or multicast in a specific group (such as the foregoing positioning service group) and sent to the receiving UE, the receiving UE calculates a side link positioning traffic key sltk, an SL positioning encryption key slek, and an SL positioning integrity key slik as derived security keys.

The method of deriving the security key by the receiving UE is similar to the method of deriving the security key by the transmitting UE in step 2, except that the receiving UE uses the group ID, SLPGK ID, sltk ID, and group member ID (if included) in the key response message received in step 4 as input parameters for key derivation.

Then, the receiving end UE uses the derived security key to cancel the protection of the multicast message protected by security and verify the integrity of the message. Further processing may then be performed on the received multicast message, which is not described in detail.

Thus, the above-mentioned method for security protection of the sip link multicast communication needs service network assistance, and is only suitable for two application scenarios in which the terminal is wholly or partially within the network coverage, and cannot provide security protection capability for broadcasting by the terminal (e.g., D1, D2 or D3) outside the network coverage shown in fig. 1, so that the terminal (e.g., D1, D2 or D3) outside the network coverage does not depend on the core network and directly broadcasts or multicasts the network, thereby having a risk of disclosure of user privacy. Therefore, the protection mechanism of the Sidelink broadcast message is single and solidified, and an effective safety protection mechanism cannot be designed according to the application scene of the Sidelink communication terminal so as to meet the differentiated safety service requirements.

As shown in fig. 7, the sip communication device 300 according to the embodiment of the present application is applied to a transmitting UE, and includes:

a trusted receiving end UE determining module 310, configured to extract second key parameters from the plurality of key responses, and verify each second key parameter, and determine that the receiving end UE corresponding to the second key parameter is trusted when the second key parameter is true;

a secured broadcast message generating module 320 configured to generate a secured broadcast message, where the secured broadcast message records a plurality of encrypted broadcast session keys, each encrypted broadcast session key being encrypted according to a second key parameter corresponding to a receiving end UE determined to be trusted;

the broadcast message issuing module 330 is configured to issue a security-protected broadcast message.

The above trusted receiving UE determining module 310, the secured broadcast message generating module 320, and the broadcast message sending module 330 are specifically configured to implement the foregoing steps S110 to S130.

As shown in fig. 8, a sip communication device 400 according to an embodiment of the present application is applied to a receiving UE, and includes:

a trusted transmitting end UE determining module 410, configured to extract first key parameters from the plurality of key requests respectively, and verify each first key parameter, and determine that the transmitting end UE corresponding to the first key parameter is trusted when the first key parameter is true;

A secured broadcast message receiving module 420 configured to receive a secured broadcast message sent by the sender UE determined to be trusted;

the broadcast message processing module 430 is configured to process received security protected broadcast messages.

The above trusted sender UE determining module 410, the secured broadcast message receiving module 420 and the broadcast message processing module 430 are specifically configured to implement the foregoing steps S210 to S230.

As shown in fig. 9, an electronic device according to an embodiment of the present application includes: a memory for storing executable instructions; and a processor, configured to connect to the memory, to execute executable instructions to complete the operation of the above-described sidlink communication broadcasting method applied to the transmitting UE; or to execute the executable instructions to perform the operations of the above-described Sidelink communication broadcasting method applied to the receiving UE.

Fig. 9 is an example diagram of an electronic device 900. It will be appreciated by those skilled in the art that the schematic diagram 9 is merely an example of the electronic device 900 and is not meant to be limiting of the electronic device 900, and may include more or fewer components than shown, or may combine certain components, or different components, e.g., the electronic device 900 may also include input-output devices, network access devices, communication interfaces 930, buses, etc. It should be appreciated that the communication interface 930 in the electronic device 900 shown in fig. 9 may be used to communicate with other devices. For example, the memory 920 and the communication interface 930 may be connected to the processor 910 through a bus.

The processor 910 may be a central processing unit (Central Processing Unit, CPU), or may be another general purpose processor, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor 910 may be any conventional processor or the like, the processor 910 being a control center for the electronic device 900, with various interfaces and lines connecting various portions of the overall electronic device 900.

Memory 920 may be used to store computer readable instructions that processor 910 implements various functions of electronic device 900 by executing or executing computer readable instructions or modules stored within memory 920 and invoking data stored within memory 920. The memory 920 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like; the storage data area may store data created according to the use of the electronic device 900, etc. In addition, the Memory 920 may include a hard disk, a Memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card), at least one magnetic disk storage device, a Flash Memory device, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), or other nonvolatile/volatile storage devices.

The modules integrated with the electronic device 900 may be stored in a computer readable storage medium if implemented as software functional modules and sold or used as a stand-alone product. Based on such understanding, the present application may implement all or part of the flow of the method of the above-described embodiments, or may be implemented by means of computer readable instructions to instruct related hardware, where the computer readable instructions may be stored in a computer readable storage medium, where the computer readable instructions, when executed by a processor, implement the steps of the method embodiments described above.

The computer readable storage medium of the embodiment of the present application is configured to store computer readable instructions, where the instructions when executed by a processor cause the processor to execute the above-mentioned method for broadcasting a sip link communication applied to a transmitting UE or the method for broadcasting a sip link communication applied to a receiving UE.

Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.

Claims (11)

1. The Sidelink communication broadcasting method is characterized by being applied to a transmitting terminal UE and comprising the following steps:

respectively extracting second key parameters from the plurality of key responses, and verifying each second key parameter, and determining that a receiving end UE corresponding to the second key parameter is trusted when the second key parameter is true;

generating a broadcast message protected by security, wherein the broadcast message protected by security records a plurality of encrypted broadcast session keys, and each encrypted broadcast session key is encrypted according to a second key parameter corresponding to a receiving end UE determined to be trusted;

and sending out the broadcast message which is protected by security.

2. The method of claim 1, further comprising, prior to said extracting the second key parameter from the plurality of key responses, respectively:

and sending a key request to receive a key response, wherein the key request records a first key parameter, and the first key parameter comprises a public key of the sending end UE and a public key certificate of the sending end UE.

3. The method of claim 1, wherein,

before the generating the broadcast message protected by security, the method further comprises: when the second key parameter is true, storing the second key parameter locally;

The generating a security-protected broadcast message includes:

encrypting a preset broadcast session key by using the second key parameters corresponding to the receiving end UE which are locally stored and determined to be trusted, so as to obtain an encrypted broadcast session key;

encrypting the broadcast information by using the preset broadcast session key and the preset random number to obtain encrypted broadcast information;

and combining the encrypted broadcast session key corresponding to each receiving end UE determined to be trusted and the encrypted broadcast information into a broadcast vector as a broadcast message protected by security.

4. A method according to any one of claim 1 to 3,

transmitting the security-protected broadcast message in a frequency band shared with a base station; or (b)

And sending the broadcast message which is protected by security in a special frequency band of the Sidelink communication.

5. The Sidelink communication broadcasting method is characterized by being applied to a receiving end UE and comprising the following steps:

respectively extracting first key parameters from a plurality of key requests, verifying each first key parameter, and determining that a transmitting end UE corresponding to the first key parameters is trusted when the first key parameters are true;

receiving a broadcast message which is determined to be credible and sent by a UE at a sending end and is protected by security;

Processing a broadcast message of the received secured broadcast messages.

6. The method of claim 5, wherein,

the broadcast message protected by safety records an encrypted broadcast session key, and the encrypted broadcast session key is encrypted according to a second key parameter of the receiving end UE;

the broadcast information protected by the security records encrypted broadcast information, and the encrypted broadcast information is encrypted by using a preset broadcast session key and a preset random number;

the processing of the broadcast message in the security protected broadcast message comprises:

decrypting the encrypted broadcast session key by using a second key parameter of the receiving end UE to obtain the preset broadcast session key;

decrypting the encrypted broadcast information by using the preset broadcast session key to obtain the preset random number and the decrypted broadcast information;

and when the preset random number is not stored in the local of the receiving end UE, processing the decrypted broadcast information.

7. The method of claim 5, further comprising, prior to receiving the secured broadcast message sent by the sender UE determined to be authentic:

And sending out a key response, wherein the key response records a second key parameter, and the second key parameter comprises a public key of the receiving end UE and a public key certificate of the receiving end UE.

8. The method according to any one of claim 5 to 7,

receiving a broadcast message which is confirmed to be sent by a trusted sending end UE and is protected by security in a frequency band shared with a base station; or (b)

And receiving the broadcast message which is confirmed to be sent by the trusted sending end UE and is protected by security by using the special frequency band of the Sidelink communication.

9. The Sidelink communication device is characterized by being applied to a transmitting end UE, and comprises:

the trusted receiving end UE determining module is configured to extract second key parameters from the plurality of key responses respectively, verify each second key parameter, and determine that the receiving end UE corresponding to the second key parameter is trusted when the second key parameter is true;

the system comprises a secure broadcast message generation module, a secure broadcast message generation module and a secure broadcast message generation module, wherein the secure broadcast message records a plurality of encrypted broadcast session keys, and each encrypted broadcast session key is encrypted according to a second key parameter corresponding to a receiving end UE which is determined to be trusted;

A broadcast message issuing module configured to issue the security-protected broadcast message.

10. A sidlink communication apparatus, applied to a receiving UE, comprising:

the trusted transmitting terminal UE determining module is configured to extract first key parameters from a plurality of key requests respectively, verify each first key parameter, and determine that the transmitting terminal UE corresponding to the first key parameter is trusted when the first key parameter is true;

the system comprises a secure broadcast message receiving module, a secure broadcast message sending module and a secure broadcast message receiving module, wherein the secure broadcast message receiving module is configured to receive a secure broadcast message sent by a transmitting end UE which is determined to be trusted;

a broadcast message processing module configured to process the received secured broadcast message.

11. An electronic device, comprising:

a memory for storing executable instructions; the method comprises the steps of,

a processor coupled to the memory to execute the executable instructions to perform operations of the broadcast method of any of claims 1-4; or to execute the executable instructions to perform the operations of the broadcast method of any one of claims 5-8.