CN117858028A

CN117858028A - Data transmission method, device and equipment

Info

Publication number: CN117858028A
Application number: CN202211216466.6A
Authority: CN
Inventors: 周巍
Original assignee: Datang Mobile Communications Equipment Co Ltd
Current assignee: Datang Mobile Communications Equipment Co Ltd
Priority date: 2022-09-30
Filing date: 2022-09-30
Publication date: 2024-04-09

Abstract

The application provides a data transmission method, a device and equipment, wherein the method is applied to a first terminal and comprises the following steps: generating a first relay discovery message according to the security material, wherein the first relay discovery message comprises at least one of an end-to-end discovery message, a relay service identification code RSC, first relay discovery message source indication information and an end-to-end discovery message security processing identifier; sending the first relay discovery message to a relay terminal; the RSC is used for indicating that the first relay discovery message is a discovery message related to relay discovery, the first relay discovery message source indication information is used for indicating that the first relay discovery message is sent out by the first terminal, and the end-to-end discovery message security processing identifier is used for indicating whether the end-to-end discovery message is subjected to protection processing or not. Privacy protection in the U2U relay communication is achieved.

Description

Data transmission method, device and equipment

Technical Field

The present disclosure relates to the field of communications technologies, and in particular, to a data transmission method, apparatus, and device.

Background

In the fifth generation mobile communication system (Fifth Generation Mobile Networks, 5G) proximity communication, a User Equipment (UE) to UE Relay (U2U Relay) communication scenario is supported, that is, a Source UE (Source UE) communicates with a Target UE (Target UE) through a Relay UE (Relay UE).

The U2U relay communication first involves discovery of the relay UE and the target UE by the source UE and establishes a communication channel accordingly. The UEs will obtain relevant information for the discovery process from the network device in the connected state, then discover each other in the offline state, and establish a relay communication channel to complete the U2U relay communication.

In the U2U relay communication, there may be a risk of privacy disclosure in a message interacted between the source UE and the target UE, a message interacted between the source UE and the relay UE, and a message interacted between the target UE and the relay UE, which adversely affects the U2U relay communication.

Disclosure of Invention

The application provides a data transmission method, a data transmission device and data transmission equipment, so as to realize privacy protection in U2U relay communication.

In a first aspect, the present application provides a data transmission method, applied to a first terminal, where the method includes:

generating a first relay discovery message according to the security material, wherein the first relay discovery message comprises at least one of an end-to-end discovery message, an RSC (reactive code generator), first relay discovery message source indication information and an end-to-end discovery message security processing identifier; the security material is a secret key and related parameters for performing security protection on the discovery message in the U2U relay discovery process;

Sending the first relay discovery message to a relay terminal;

the RSC is used for indicating that the first relay discovery message is a discovery message related to relay discovery, the first relay discovery message source indication information is used for indicating that the first relay discovery message is sent out by the first terminal, and the end-to-end discovery message security processing identifier is used for indicating whether the end-to-end discovery message is subjected to protection processing or not.

In one possible embodiment, the security material comprises at least one of:

end-to-end discovery of the sending security material;

end-to-end discovery of the receiving security material;

a relay discovery transmit security material, the relay discovery transmit security material being associated with the RSC;

a relay discovery receive security material associated with the RSC.

In one possible implementation manner, the generating the first relay discovery message according to the security material includes:

generating the first relay discovery message according to a security policy and the security material, wherein the security policy includes at least one of:

opening all end-to-end message security;

the end-to-end message security is not opened;

The partial end-to-end message security is opened.

In a possible implementation manner, the generating the first relay discovery message according to a security policy and the security material includes:

acquiring the end-to-end discovery message according to the security material and the security policy;

generating a first relay discovery message plaintext according to the end-to-end discovery message;

and carrying out protection processing on the plaintext of the first relay discovery message according to the relay discovery sending security material indicated by the RSC, and generating the first relay discovery message.

In a possible implementation manner, the obtaining the end-to-end discovery message according to the security material and the security policy includes:

generating an end-to-end discovery message plaintext;

determining a protection measure for the end-to-end discovery message according to the security policy;

and protecting the plaintext of the end-to-end discovery message according to the protection measure and the end-to-end discovery sending security material to obtain the end-to-end discovery message.

In one possible embodiment, the method further comprises:

and receiving the security material and the security policy sent by the network equipment.

In a second aspect, the present application provides a data transmission method, applied to a relay terminal, where the method includes:

receiving a first relay discovery message sent by a first terminal, wherein the first relay discovery message comprises at least one of an end-to-end discovery message, an RSC (received signal code), first relay discovery message source indication information and an end-to-end discovery message security processing identifier;

processing the first relay discovery message according to a security material to generate a second relay discovery message, wherein the second relay discovery message comprises at least one of the end-to-end discovery message, the RSC, second relay discovery message source indication information and the end-to-end discovery message security processing identifier; the security material is a secret key and related parameters for performing security protection on the discovery message in the U2U relay discovery process;

sending a second relay discovery message to a second terminal;

the RSC is configured to indicate that the first relay discovery message or the second relay discovery message is a discovery message related to relay discovery, the first relay discovery message source indication information is configured to indicate that the first relay discovery message is sent out by the first terminal, the end-to-end discovery message security processing identifier is configured to indicate whether the end-to-end discovery message is subjected to protection processing, and the second relay discovery message source indication information is configured to indicate that the second relay discovery message is sent out by the second terminal.

In one possible embodiment, the security material comprises at least one of:

a relay discovery receive security material associated with the RSC.

In a possible implementation manner, the processing the first relay discovery message according to the security material to generate a second relay discovery message includes:

determining that the first relay discovery message is a message to be processed by the relay terminal according to the first relay discovery message source indication information;

according to the relay discovery receiving security material associated with the RSC, performing deprotection processing on the first relay discovery message to obtain a first relay discovery message plaintext;

generating a second relay discovery message plaintext according to the first relay discovery message plaintext;

and carrying out protection processing on the plaintext of the second relay discovery message according to the relay discovery sending security material associated with the RSC, and generating the second relay discovery message.

In one possible embodiment, the method further comprises:

and receiving the security material sent by the network equipment.

In a third aspect, the present application provides a data transmission method, applied to a second terminal, where the method includes:

receiving a second relay discovery message sent by a relay terminal, wherein the second relay discovery message comprises at least one of an end-to-end discovery message, an RSC (received signal code), second relay discovery message source indication information and an end-to-end discovery message security processing identifier;

performing deprotection processing on the second relay discovery message according to a security material to obtain an end-to-end discovery message plaintext corresponding to the end-to-end discovery message; the security material is a secret key and related parameters for performing security protection on the discovery message in the U2U relay discovery process;

the RSC is configured to indicate that the second relay discovery message is a discovery message related to relay discovery, the end-to-end discovery message security processing identifier is configured to indicate whether the end-to-end discovery message is subjected to protection processing, and the second relay discovery message source indication information is configured to indicate that the second relay discovery message is sent by the second terminal.

In one possible embodiment, the security material comprises at least one of:

end-to-end discovery of the sending security material;

End-to-end discovery of the receiving security material;

a relay discovery receive security material associated with the RSC.

In a possible implementation manner, the performing deprotection processing on the second relay discovery message according to a security material to obtain an end-to-end discovery message plaintext corresponding to the end-to-end discovery message includes:

and performing deprotection processing on the second relay discovery message according to the security material and the security policy to obtain an end-to-end discovery message plaintext corresponding to the end-to-end discovery message, wherein the security policy comprises at least one of the following:

opening all end-to-end message security;

the end-to-end message security is not opened;

the partial end-to-end message security is opened.

In a possible implementation manner, the performing, according to the security material and the security policy, the deprotection processing on the second relay discovery message to obtain an end-to-end discovery message plaintext corresponding to the end-to-end discovery message includes:

determining that the second relay discovery message is a message to be processed by the second terminal according to the second relay discovery message source indication information;

Performing deprotection processing on the second relay discovery message according to the relay discovery receiving security material associated with the RSC to obtain a second relay discovery message plaintext, wherein the second relay discovery message plaintext comprises the end-to-end discovery message;

and according to the protection measures and the end-to-end discovery receiving security materials, carrying out deprotection processing on the end-to-end discovery message to obtain the plaintext of the end-to-end discovery message.

In one possible embodiment, the method further comprises:

In a fourth aspect, the present application provides a first terminal comprising a memory, a transceiver, and a processor;

a memory for storing a computer program; a transceiver for transceiving data under control of the processor; a processor for reading the computer program in the memory and performing the following operations:

Sending the first relay discovery message to a relay terminal;

In one possible embodiment, the security material comprises at least one of:

end-to-end discovery of the sending security material;

end-to-end discovery of the receiving security material;

a relay discovery receive security material associated with the RSC.

opening all end-to-end message security;

the end-to-end message security is not opened;

The partial end-to-end message security is opened.

generating an end-to-end discovery message plaintext;

In a possible implementation, the processor is further configured to read the computer program in the memory and perform the following operations:

In a fifth aspect, the present application provides a relay terminal, including a memory, a transceiver, and a processor;

sending a second relay discovery message to a second terminal;

In one possible embodiment, the security material comprises at least one of:

a relay discovery receive security material associated with the RSC.

And receiving the security material sent by the network equipment.

In a sixth aspect, the present application provides a second terminal comprising a memory, a transceiver, and a processor;

In one possible embodiment, the security material comprises at least one of:

end-to-end discovery of the sending security material;

end-to-end discovery of the receiving security material;

a relay discovery receive security material associated with the RSC.

opening all end-to-end message security;

the end-to-end message security is not opened;

the partial end-to-end message security is opened.

In a seventh aspect, the present application provides a data transmission apparatus, including:

a first processing module, configured to generate a first relay discovery message according to a security material, where the first relay discovery message includes at least one of an end-to-end discovery message, an RSC, first relay discovery message source indication information, and an end-to-end discovery message security processing identifier; the security material is a secret key and related parameters for performing security protection on the discovery message in the U2U relay discovery process;

The first transceiver module is used for sending the first relay discovery message to the relay terminal;

In one possible embodiment, the security material comprises at least one of:

end-to-end discovery of the sending security material;

end-to-end discovery of the receiving security material;

a relay discovery receive security material associated with the RSC.

In one possible implementation manner, the first processing module is specifically configured to:

opening all end-to-end message security;

the end-to-end message security is not opened;

The partial end-to-end message security is opened.

generating an end-to-end discovery message plaintext;

In one possible embodiment, the first transceiver module is further configured to:

In an eighth aspect, the present application provides a data transmission apparatus, including:

the receiving module is used for receiving a first relay discovery message sent by a first terminal, wherein the first relay discovery message comprises at least one of an end-to-end discovery message, an RSC (received signal code), first relay discovery message source indication information and an end-to-end discovery message security processing identifier;

The second processing module is used for processing the first relay discovery message according to the security material to generate a second relay discovery message, wherein the second relay discovery message comprises at least one of the end-to-end discovery message, the RSC, second relay discovery message source indication information and the end-to-end discovery message security processing identifier; the security material is a secret key and related parameters for performing security protection on the discovery message in the U2U relay discovery process;

a sending module, configured to send a second relay discovery message to a second terminal;

In one possible embodiment, the security material comprises at least one of:

a relay discovery receive security material associated with the RSC.

In a possible implementation manner, the second processing module is specifically configured to:

In a possible implementation manner, the receiving module is further configured to:

and receiving the security material sent by the network equipment.

In a ninth aspect, the present application provides a data transmission apparatus, including:

the second transceiver module is used for receiving a second relay discovery message sent by the relay terminal, wherein the second relay discovery message comprises at least one of an end-to-end discovery message, an RSC (received signal code), second relay discovery message source indication information and an end-to-end discovery message security processing identifier;

The third processing module is used for carrying out deprotection processing on the second relay discovery message according to the security material to obtain an end-to-end discovery message plaintext corresponding to the end-to-end discovery message; the security material is a secret key and related parameters for performing security protection on the discovery message in the U2U relay discovery process;

In one possible embodiment, the security material comprises at least one of:

end-to-end discovery of the sending security material;

end-to-end discovery of the receiving security material;

a relay discovery receive security material associated with the RSC.

In a possible implementation manner, the third processing module is specifically configured to:

opening all end-to-end message security;

the end-to-end message security is not opened;

the partial end-to-end message security is opened.

In one possible embodiment, the second transceiver module is further configured to:

In a tenth aspect, the present application provides a computer-readable storage medium storing a computer program for causing a computer to execute the data transmission method of any one of the first aspect, the second aspect, or the third aspect.

According to the data transmission method, device and equipment, first, a first terminal generates a first relay discovery message according to a security material, then sends the first relay discovery message to a relay terminal, processes the first relay discovery message according to the security material to generate a second relay discovery message, and finally receives the second relay discovery message sent by the relay terminal, and carries out deprotection processing on the second relay discovery message according to the security material to obtain an end-to-end discovery message plaintext corresponding to the end-to-end discovery message. Aiming at a U2U relay communication scene, a first relay discovery message transmitted between a first terminal and a relay terminal adopts corresponding message protection measures through a safety material, so that the first terminal sends an end-to-end discovery message to the relay terminal through the first relay discovery message, and a second relay discovery message transmitted between the relay terminal and a second terminal also adopts corresponding message protection measures through the safety material, so that the end-to-end discovery message is transmitted from the relay terminal to the second terminal, the second terminal carries out deprotection processing according to the safety material to obtain an end-to-end discovery message plaintext, and message protection in the U2U relay communication process is effectively realized through the protection processing of the safety material in the message transmission process, so that privacy leakage is avoided.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, a brief description will be given below of the drawings that are needed in the embodiments or the prior art descriptions, and it is obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a signaling diagram of a data transmission method provided in an embodiment of the present application;

fig. 2 is a signaling diagram of a relay discovery procedure in a proximity communication mode a according to an embodiment of the present application;

fig. 3 is a signaling diagram of a relay discovery security procedure in a proximity communication mode a according to an embodiment of the present application;

fig. 4 is a signaling diagram of a relay discovery procedure in a proximity communication mode B according to an embodiment of the present application;

fig. 5 is a signaling diagram of a security procedure for relay discovery in a near communication mode B according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of a first terminal according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of a relay terminal according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a second terminal according to an embodiment of the present application;

Fig. 9 is a schematic structural diagram of a data transmission device according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of a data transmission device according to an embodiment of the present disclosure;

fig. 11 is a schematic structural diagram of a data transmission device according to an embodiment of the present application.

Detailed Description

The U2U relay communication scenario refers to a process in which a source terminal communicates with a target terminal through a relay terminal. The U2U relay communication first involves discovery of the relay terminal and the target terminal by the source terminal, and establishes a communication channel accordingly. The terminals will obtain relevant information for the discovery process from the network device in the connected state, then discover each other in the offline state, and establish a relay communication channel to complete the U2U relay communication.

In the U2U relay communication, there may be a risk of privacy disclosure in a message interacted between a source terminal and a target terminal, a message interacted between a source terminal and a relay terminal, and a message interacted between a target terminal and a relay terminal, which adversely affects the U2U relay communication. Based on the above, the embodiment of the application provides a data transmission method to realize message protection in the process of the U2U relay communication and avoid privacy disclosure. The following will describe aspects of the present application with reference to the accompanying drawings.

Fig. 1 is a signaling diagram of a data transmission method provided in an embodiment of the present application, as shown in fig. 1, including:

s11, the first terminal generates a first relay discovery message according to the security material.

And the first terminal and the second terminal communicate through the relay terminal, wherein when the first terminal is a source terminal, the second terminal is a target terminal, and when the first terminal is a target terminal, the second terminal is a source terminal.

The security material is used for message protection in the process of the U2U relay communication. The security material refers to a key and related parameters for performing security protection on the discovery message in the U2U relay discovery process, where the security protection on the discovery message may include message confidentiality protection, integrity protection and replay attack protection, or other possible security protection, and the security material is a corresponding key and related parameters, and may include, for example, encryption key, integrity protection key, algorithm information, key validity period, and other information.

The first terminal may generate a first relay discovery message including at least one of an end-to-end discovery message, a relay service identification code (Relay Service Code, RSC), a first relay discovery message source indication information, and an end-to-end discovery message security handling identifier according to the security material.

Wherein the RSC identifies a particular relay service for indicating that the first relay discovery message is a discovery message related to relay discovery; the first relay discovery message source indication information is used for indicating that a first relay discovery message is sent out by a first terminal; the end-to-end discovery message security processing identifier is used for indicating whether the end-to-end discovery message is protected or not; the end-to-end discovery message is a message to be sent by the first terminal to the second terminal; the end-to-end discovery message needs to be forwarded through the relay terminal.

S12, the first terminal sends a first relay discovery message to the relay terminal.

The first terminal may transmit the first relay discovery message to the relay terminal after generating the first relay discovery message.

S13, the relay terminal processes the first relay discovery message according to the security material to generate a second relay discovery message.

The second relay discovery message includes at least one of an end-to-end discovery message, an RSC, second relay discovery message source indication information, and an end-to-end discovery message security handling identification. The RSC is used for indicating that the second relay discovery message is a discovery message related to relay discovery, the end-to-end discovery message security processing identifier is used for indicating whether the end-to-end discovery message is subjected to protection processing, and the second relay discovery message source indication information is used for indicating that the second relay discovery message is sent out by the second terminal.

S14, the relay terminal sends a second relay discovery message to the second terminal.

The relay terminal may transmit the second relay discovery message to the second terminal after generating the second relay discovery message.

And S15, the second terminal carries out deprotection processing on the second relay discovery message according to the security material to obtain an end-to-end discovery message plaintext corresponding to the end-to-end discovery message.

After receiving the second relay discovery message, the second terminal may perform deprotection processing on the second relay discovery message according to the security material to obtain an end-to-end discovery message plaintext, where the deprotection processing may include deprotection processing for the second relay discovery message to obtain the second relay discovery message plaintext, and may further include deprotection processing for the end-to-end discovery message to obtain the end-to-end discovery message plaintext.

According to the data transmission method provided by the embodiment of the application, first, a first terminal generates a first relay discovery message according to a security material, then sends the first relay discovery message to a relay terminal, processes the first relay discovery message according to the security material to generate a second relay discovery message, and finally the second terminal receives the second relay discovery message sent by the relay terminal, and carries out deprotection processing on the second relay discovery message according to the security material to obtain an end-to-end discovery message plaintext corresponding to the end-to-end discovery message. Aiming at a U2U relay communication scene, a first relay discovery message transmitted between a first terminal and a relay terminal adopts corresponding message protection measures through a safety material, so that the first terminal sends an end-to-end discovery message to the relay terminal through the first relay discovery message, and a second relay discovery message transmitted between the relay terminal and a second terminal also adopts corresponding message protection measures through the safety material, so that the end-to-end discovery message is transmitted from the relay terminal to the second terminal, the second terminal carries out deprotection processing according to the safety material to obtain an end-to-end discovery message plaintext, and message protection in the U2U relay communication process is effectively realized through the protection processing of the safety material in the message transmission process, so that privacy leakage is avoided.

On the basis of the above-described embodiments, the solution of the present application is further described below in connection with examples.

In proximity communication, a source terminal, a target terminal, and a relay terminal are involved. The source terminal is a communication initiator in a U2U relay communication scene. The source terminal may be a monitoring terminal in the proximity communication mode a or a finder terminal in the proximity communication mode B for different proximity communication modes. The target terminal is a non-communication initiator in the U2U relay communication scenario, and the source terminal may be an announcement terminal in the proximity communication mode a or a discoveree terminal in the proximity communication mode B for different proximity communication modes. The relay terminal is configured to receive a discovery request or response message of the source terminal or the target terminal, forward the corresponding message, and so on.

The data transmission method in the proximity communication mode a will be described with reference to the accompanying drawings.

Fig. 2 is a signaling diagram of a relay discovery process in a proximity communication mode a according to an embodiment of the present application, where, as shown in fig. 2, the signaling diagram includes:

s21, the notification terminal sends a broadcast message to the relay terminal.

The announcement terminal is a target terminal in the discovery process of the adjacent communication mode A, and broadcasts the existence of the announcement terminal through a broadcast message.

S22, the relay terminal sends a broadcast message to the monitoring terminal.

And after receiving the broadcast message, the relay terminal sends the broadcast message to the monitoring terminal, wherein the monitoring terminal is a source terminal in the discovery process of the adjacent communication mode A. After receiving the broadcast message, the monitoring terminal can find the existence of the notification terminal according to the broadcast message.

S23, the monitoring terminal initiates communication with the notification terminal.

After the monitoring terminal discovers the existence of the notification terminal, the monitoring terminal can initiate communication with the notification terminal.

In the embodiment of fig. 2, a relay discovery procedure in the proximity communication mode a is described, and a relay discovery security procedure in the proximity communication mode a is described below with reference to fig. 3. It should be noted that, in the relay discovery process in the proximity communication mode a, the notification terminal is a target terminal and is also a non-communication initiator, and corresponds to the first terminal in the above embodiment; the monitoring terminal is a source terminal and is also a communication initiator, and corresponds to the second terminal in the above embodiment.

Fig. 3 is a signaling diagram of a relay discovery security flow in a proximity communication mode a according to an embodiment of the present application, where, as shown in fig. 3, the signaling diagram includes:

and S31, the network equipment sends the security materials and the security policies to the first terminal, the relay terminal and the second terminal.

The network device may provide the security material (key and its related parameters) used in the discovery process and the relay message security policy (hereinafter referred to as security policy) to the terminal based on the role the terminal plays in the U2U relay discovery process. The safety material is used for carrying out safety protection on the discovery message in the U2U relay discovery process; the security policy is used to indicate whether or not to open the security of the end-to-end discovery message in the U2U relay discovery process, and to indicate the handling of the secure material.

The messages related to the embodiment of the application comprise an end-to-end discovery message and a relay discovery message, wherein the end-to-end discovery message is a message sent by a source terminal and a target terminal for discovering each other; the relay discovery message includes a message interacted between the source terminal and the relay terminal, and a message interacted between the target terminal and the relay terminal.

The security protection of the message comprises confidentiality protection, integrity protection, scrambling protection and other different security protection, and the corresponding security policy may comprise at least one of the following:

opening all end-to-end message security: when the source terminal or the target terminal sends the discovery message, the source terminal or the target terminal needs to carry out security protection on the message sent to the opposite terminal through the relay terminal. The security protection of the message may include confidentiality protection, integrity protection, scrambling protection, and the like. The opening of all end-to-end message security indicates that the terminal needs to open all security protection such as confidentiality protection, integrity protection, scrambling protection, etc.

End-to-end message security is not enabled: the source terminal or the target terminal does not need to perform some security protection on the message sent to the opposite terminal through the relay terminal when sending the discovery message.

Opening part of end-to-end message security: when the source terminal or the target terminal transmits the discovery message, the source terminal or the target terminal can decide to perform partial security protection on the message transmitted to the opposite terminal through the relay terminal according to the requirement. For example, only confidentiality protection may be turned on, only integrity protection may be turned on, only scrambling protection may be turned on, and so on.

The types of security materials used in the relay discovery process are:

end-to-end discovery sends security material: security material for protecting end-to-end discovery messages sent to an opposite end through a relay terminal.

End-to-end discovery of receiving security material: and the security material is used for releasing security protection on the end-to-end discovery message sent by the opposite end and received by the relay terminal.

Relay discovery transmits security material: security material for protecting the transmitted relay discovery message. The relay discovery transmit security material is associated with the RSC.

Relay discovery receives security material: security material for unsecure the received relay discovery message. The relay discovers that the received security material is associated with the RSC.

The type of security material for which the network device is configured is also different for different terminal roles. In the relay discovery process, the security material received by the source terminal may include at least one of an end-to-end discovery transmit security material, an end-to-end discovery receive security material, a relay discovery transmit security material, and a relay discovery receive security material; the security material received by the target terminal may include at least one of an end-to-end discovery transmit security material, an end-to-end discovery receive security material, a relay discovery transmit security material, and a relay discovery receive security material; the security material received by the relay terminal may include at least one of a relay discovery transmit security material and a relay discovery receive security material.

In the embodiment of the present application, the key in the security material may be a symmetric key or an asymmetric key, which is not limited in this embodiment.

S32, the first terminal generates a first relay discovery message according to the security material.

Optionally, the first terminal generates the first relay discovery message according to the security policy and the security material.

Optionally, the first terminal obtains the end-to-end discovery message according to the security material and the security policy. For example, the first terminal first generates the plaintext of the end-to-end discovery message, then determines the protection measure for the end-to-end discovery message according to the security policy, and performs protection processing on the end-to-end discovery message according to the end-to-end discovery sending security material to obtain the end-to-end discovery message.

After obtaining the end-to-end discovery message, the first terminal generates a first relay discovery message plaintext according to the end-to-end discovery message, wherein the first relay discovery message plaintext comprises at least one of the end-to-end discovery message, a relay service identification code RSC, first relay discovery message source indication information and an end-to-end discovery message security processing identifier.

Wherein, RSC: this is indicated as a discovery message related to relay discovery. It is also used to determine the relay discovery transmit/receive security material and the relay discovery transmit/receive security material that need to be used. Relay discovery message source indication information: it is possible to distinguish whether the relay discovery message is issued by the end terminal or by the relay terminal. The relay discovery message source indication information may be accomplished in a variety of ways, for example, if the message class can make such a distinction, then the message class may be used to accomplish this function; special parameters may also be used, this being achieved by assigning values to the parameters. Here should be set as: the message is generated by the end terminal. End-to-end discovery message security handling identification: whether the end-to-end discovery message is subject to security protection processing is described.

After obtaining the plaintext of the first relay discovery message, the first terminal may perform protection processing on the plaintext of the first relay discovery message according to the relay discovery sending security material indicated by the RSC, to generate the first relay discovery material.

S33, the first terminal sends a first relay discovery message to the relay terminal.

The first terminal may send a first relay discovery message to the relay terminal, where the first relay discovery message includes at least one of an end-to-end discovery message, an RSC, first relay discovery message source indication information, and an end-to-end discovery message security handling identifier.

And S34, the relay terminal processes the first relay discovery message according to the security material to generate a second relay discovery message.

Specifically, the relay terminal may determine, according to the first relay discovery message source indication information in the first relay discovery message, that the first relay discovery message is a message to be processed by the relay terminal. Then, the first relay discovery message is subjected to deprotection processing according to the relay discovery receiving security material associated with the RSC, a first relay discovery message plaintext is obtained, and an end-to-end discovery message security processing identifier in the first relay discovery message plaintext are further obtained.

And then, the relay terminal generates a second relay discovery message plaintext according to the first relay discovery message plaintext, and performs protection processing on the second relay discovery message plaintext according to a relay discovery transmitting security material associated with the RSC to generate a second relay discovery message, wherein the second relay discovery message comprises at least one of an end-to-end discovery message, the RSC, second relay discovery message source indication information and an end-to-end discovery message security processing identifier.

The RSC is used for indicating that the second relay discovery message is a discovery message related to relay discovery, the end-to-end discovery message security processing identifier is used for indicating whether the end-to-end discovery message is subjected to protection processing, and the second relay discovery message source indication information is used for indicating that the second relay discovery message is sent out by the second terminal.

S35, the relay terminal transmits a second relay discovery message to the second terminal.

The relay terminal may send a second relay discovery message to the second terminal, where the second relay discovery message includes at least one of an end-to-end discovery message, an RSC, second relay discovery message source indication information, and an end-to-end discovery message security handling identifier.

And S36, the second terminal carries out deprotection processing on the second relay discovery message according to the security material to obtain an end-to-end discovery message plaintext corresponding to the end-to-end discovery message.

First, the second terminal determines that the second relay discovery message is a message to be processed by the second terminal according to the second relay discovery message source indication information. And then, the second terminal carries out deprotection processing on the second relay discovery message according to the relay discovery receiving security material associated with the RSC to obtain a second relay discovery message plaintext, wherein the second relay discovery message plaintext comprises an end-to-end discovery message and an end-to-end discovery message security processing identifier.

And determining protective measures for the end-to-end discovery message according to the security policy. If the end-to-end discovery message security processing identifier indicates that the end-to-end discovery message is subjected to security processing, determining end-to-end discovery receiving security materials by utilizing information in the end-to-end discovery message, and performing deprotection operation on the end-to-end discovery message by utilizing the end-to-end discovery receiving security materials to obtain the plaintext of the end-to-end discovery message.

And S37, the second terminal initiates communication with the first terminal.

After obtaining the plaintext of the end-to-end discovery message, the second terminal can discover the existence of the first terminal, and then can initiate communication with the first terminal.

In summary, the embodiment of the application provides a data transmission method, in the U2U relay communication, protection of an interaction message between a notification terminal and a relay terminal, protection of an interaction message between a relay terminal and a monitoring terminal, and protection of an interaction message between a notification terminal and a monitoring terminal are implemented through a security material, so that protection of interaction privacy security in a proximity communication mode a is implemented.

The data transmission method in the proximity communication mode B will be described with reference to the accompanying drawings.

Fig. 4 is a signaling diagram of a relay discovery procedure in a proximity communication mode B according to an embodiment of the present application, as shown in fig. 4, including:

S41, the finder terminal transmits a broadcast message to the relay terminal.

The discoverer terminal is a source terminal in the discovery process of the adjacent communication mode B, and the discoverer terminal sends a broadcast message to the relay terminal for the discoverer terminal to be discovered.

S42, the relay terminal sends a broadcast message to the terminal of the found person.

S43, the discoveree terminal sends a response message of the broadcast message to the relay terminal.

The discoveree terminal is a target terminal in the discovery process of the adjacent communication mode B, and after receiving the broadcast message, the discoveree terminal can send a response message of the broadcast message to the relay terminal.

And S44, the relay terminal sends a response message of the broadcast message to the finder terminal.

After the relay terminal transmits the response message to the finder terminal, the finder terminal can learn about the existence of the finder terminal based on the response message.

S45, the finder terminal initiates communication with the finder terminal.

In the embodiment of fig. 4, a relay discovery procedure in the proximity communication mode B is described, and a relay discovery security procedure in the proximity communication mode B is described below with reference to fig. 5. In the relay discovery process in the adjacent communication mode B, the finder terminal is a source terminal and is also a communication initiator; the discoveree terminal is a target terminal and is also a non-communication initiator.

Fig. 5 is a signaling diagram of a relay discovery security flow in a proximity communication mode B according to an embodiment of the present application, as shown in fig. 5, including:

s51, the network equipment sends security materials and security policies to the discoverer terminal, the relay terminal and the discoveree terminal.

The network device may provide the security materials and the security policies used in the discovery process for the terminal based on the role played by the terminal in the U2U relay discovery process, and specifically, reference may be made to the content related to S31 in the foregoing embodiment, which is not described herein.

S52, the finder terminal generates a first relay discovery message according to the security material.

S53, the finder terminal transmits a first relay discovery message to the relay terminal.

S54, the relay terminal processes the first relay discovery message according to the security material to generate a second relay discovery message.

And S55, the relay terminal sends a second relay discovery message to the terminal of the found person.

And S56, the discoveree terminal carries out deprotection processing on the second relay discovery message according to the security material to acquire the end-to-end discovery message plaintext corresponding to the end-to-end discovery message.

The finder terminal in S52 to S56 corresponds to the first terminal in the above embodiment, and the finder terminal corresponds to the second terminal in the above embodiment. Thus, the process of S52 may be described with reference to the first terminal generating the first relay discovery message according to the security material in the embodiment of fig. 1 or the embodiment of fig. 3; the process of S53 may be referred to as introduction of the first terminal sending the first relay discovery message to the relay terminal in the embodiment of fig. 1 or the embodiment of fig. 3; the process of S54 may refer to the description of the embodiment of fig. 1 or the embodiment of fig. 3 that the relay terminal processes the first relay discovery message according to the security material to generate the second relay discovery message; the process of S55 may refer to the description that the relay terminal sends the second relay discovery message to the second terminal in the embodiment of fig. 1 or the embodiment of fig. 3; the process of S56 may refer to the above-mentioned embodiment of fig. 1 or the embodiment of fig. 3, where the second terminal performs the deprotection processing on the second relay discovery message according to the security material to obtain the description of the plaintext of the end-to-end discovery message corresponding to the end-to-end discovery message, which is not repeated herein.

S57, the discoveree terminal sends a relay discovery message response to the relay terminal.

And S58, the relay terminal sends a relay discovery message response to the finder terminal.

The discoveree terminal in S57 to S59 corresponds to the first terminal in the above embodiment, and actively transmits a relay discovery message response to the discoverer terminal through the relay terminal, and the discoverer terminal corresponds to the second terminal in the above embodiment.

The process of the discoveree terminal sending the relay discovery message response to the relay terminal in S57 can be seen in the above embodiment, in which the first terminal generates the first relay discovery message (corresponding to the relay discovery message response in S57) according to the security material, and sends the description of the relevant content of the first relay discovery message to the relay terminal; in the step S58, the process of the relay terminal sending the relay discovery response to the finder terminal may refer to the process of the relay terminal processing the first relay discovery message according to the security material in the above embodiment, generating the second relay discovery message, and sending the description of the related content of the second relay discovery message to the second terminal, which is not repeated herein.

S59, the finder terminal initiates communication with the finder terminal.

After receiving the relay discovery message response, the discoverer terminal can learn about the existence of the discoverer terminal, and can further initiate communication with the discoverer terminal.

In summary, the embodiment of the application provides a data transmission method, in the U2U relay communication, protection of an interaction message between a discoverer terminal and a relay terminal, protection of an interaction message between a relay terminal and a discoveree terminal, and protection of an interaction message between a discoverer terminal and a discoveree terminal are implemented through a security material, so that protection of interaction privacy security in a near communication mode B is implemented.

Fig. 6 is a schematic structural diagram of a first terminal according to an embodiment of the present application, as shown in fig. 6, where the first terminal includes a memory 620, a transceiver 600, and a processor 610, where:

a memory 620 for storing a computer program; a transceiver 600 for transceiving data under the control of the processor 610; a processor 610 for reading the computer program in the memory 620 and performing the following operations:

Sending the first relay discovery message to a relay terminal;

Wherein in fig. 6, a bus architecture may comprise any number of interconnected buses and bridges, and in particular one or more processors represented by processor 610 and various circuits of memory represented by memory 620, linked together. The bus architecture may also link together various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are well known in the art and, therefore, will not be described further herein. The bus interface provides an interface. Transceiver 600 may be a number of elements, including a transmitter and a receiver, providing a means for communicating with various other apparatus over a transmission medium, including wireless channels, wired channels, optical cables, etc. The user interface 630 may also be an interface capable of interfacing with an inscribed desired device for different user devices, including but not limited to a keypad, display, speaker, microphone, joystick, etc.

The processor 610 is responsible for managing the bus architecture and general processing, and the memory 620 may store data used by the processor 610 in performing operations.

In some embodiments, processor 610 may be a Central Processing Unit (CPU), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a Field programmable gate array (Field-Programmable Gate Array, FPGA) or a complex programmable logic device (Complex Programmable Logic Device, CPLD), which may also employ a multi-core architecture.

The processor is configured to execute any of the methods provided in the embodiments of the present application by invoking a computer program stored in a memory in accordance with the obtained executable instructions. The processor and the memory may also be physically separate.

In one possible embodiment, the security material comprises at least one of:

end-to-end discovery of the sending security material;

end-to-end discovery of the receiving security material;

a relay discovery receive security material associated with the RSC.

opening all end-to-end message security;

the end-to-end message security is not opened;

the partial end-to-end message security is opened.

generating an end-to-end discovery message plaintext;

In one possible implementation, the processor 610 is further configured to read the computer program in the memory and perform the following operations:

It should be noted that, the above first terminal provided in this embodiment of the present application can implement all the method steps implemented by the method embodiment in which the execution body is the first terminal, and can achieve the same technical effects, and detailed descriptions of the same parts and beneficial effects as those of the method embodiment in this embodiment are omitted herein.

Fig. 7 is a schematic structural diagram of a relay terminal according to an embodiment of the present application, as shown in fig. 7, where the first terminal includes a memory 720, a transceiver 700, and a processor 710, where:

a memory 720 for storing a computer program; a transceiver 700 for transceiving data under the control of the processor 710; a processor 710 for reading the computer program in the memory 720 and performing the following operations:

sending a second relay discovery message to a second terminal;

Wherein in fig. 7, a bus architecture may comprise any number of interconnected buses and bridges, and in particular one or more processors represented by processor 710 and various circuits of memory represented by memory 720, linked together. The bus architecture may also link together various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are well known in the art and, therefore, will not be described further herein. The bus interface provides an interface. Transceiver 700 may be a number of elements, including a transmitter and a receiver, providing a means for communicating with various other apparatus over a transmission medium, including wireless channels, wired channels, optical cables, etc. The user interface 730 may also be an interface capable of interfacing with an inscribed desired device for a different user device, including but not limited to a keypad, display, speaker, microphone, joystick, etc.

The processor 710 is responsible for managing the bus architecture and general processing, and the memory 720 may store data used by the processor 710 in performing operations.

In some embodiments, processor 710 may be a Central Processing Unit (CPU), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a Field programmable gate array (Field-Programmable Gate Array, FPGA) or a complex programmable logic device (Complex Programmable Logic Device, CPLD), which may also employ a multi-core architecture.

In one possible embodiment, the security material comprises at least one of:

a relay discovery receive security material associated with the RSC.

In one possible implementation, the processor 710 is further configured to read the computer program in the memory and perform the following operations:

and receiving the security material sent by the network equipment.

It should be noted that, the relay terminal provided in this embodiment of the present application can implement all the method steps implemented by the method embodiment in which the execution body is a relay terminal, and can achieve the same technical effects, and detailed descriptions of the same parts and beneficial effects as those of the method embodiment in this embodiment are omitted.

Fig. 8 is a schematic structural diagram of a second terminal according to an embodiment of the present application, as shown in fig. 8, where the second terminal includes a memory 820, a transceiver 800, and a processor 810, where:

a memory 820 for storing a computer program; a transceiver 800 for transceiving data under the control of the processor 810; a processor 810 for reading the computer program in the memory 820 and performing the following operations:

Wherein in fig. 8, a bus architecture may comprise any number of interconnected buses and bridges, and in particular one or more processors represented by processor 810 and various circuits of memory represented by memory 820, linked together. The bus architecture may also link together various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are well known in the art and, therefore, will not be described further herein. The bus interface provides an interface. Transceiver 800 may be a number of elements, including a transmitter and a receiver, providing a means for communicating with various other apparatus over a transmission medium, including wireless channels, wired channels, optical cables, etc. The user interface 830 may also be an interface capable of interfacing with an inscribed desired device for a different user device, including but not limited to a keypad, display, speaker, microphone, joystick, etc.

The processor 810 is responsible for managing the bus architecture and general processing, and the memory 820 may store data used by the processor 810 in performing operations.

In some embodiments, processor 810 may be a Central Processing Unit (CPU), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a Field programmable gate array (Field-Programmable Gate Array, FPGA), or a complex programmable logic device (Complex Programmable Logic Device, CPLD), which may also employ a multi-core architecture.

In one possible embodiment, the security material comprises at least one of:

end-to-end discovery of the sending security material;

end-to-end discovery of the receiving security material;

a relay discovery receive security material associated with the RSC.

opening all end-to-end message security;

the end-to-end message security is not opened;

The partial end-to-end message security is opened.

In one possible implementation, the processor 810 is further configured to read the computer program in the memory and perform the following operations:

It should be noted that, the second terminal provided in this embodiment of the present application can implement all the method steps implemented by the method embodiment in which the execution body is the second terminal, and can achieve the same technical effects, and specific details of the same parts and beneficial effects as those of the method embodiment in this embodiment are not repeated herein.

Fig. 9 is a schematic structural diagram of a data transmission device according to an embodiment of the present application, as shown in fig. 9, the data transmission device 90 includes:

a first processing module 91, configured to generate a first relay discovery message according to a security material, where the first relay discovery message includes at least one of an end-to-end discovery message, an RSC, a first relay discovery message source indication information, and an end-to-end discovery message security processing identifier; the security material is a secret key and related parameters for performing security protection on the discovery message in the U2U relay discovery process;

a first transceiver module 92, configured to send the first relay discovery message to a relay terminal;

In one possible embodiment, the security material comprises at least one of:

end-to-end discovery of the sending security material;

end-to-end discovery of the receiving security material;

a relay discovery receive security material associated with the RSC.

In one possible implementation, the first processing module 91 is specifically configured to:

opening all end-to-end message security;

the end-to-end message security is not opened;

the partial end-to-end message security is opened.

generating an end-to-end discovery message plaintext;

In one possible implementation, the first transceiver module 92 is further configured to:

Specifically, the data transmission device provided in the embodiment of the present application can implement all the method steps implemented by the method embodiment in which the execution body is the first terminal, and can achieve the same technical effects, and detailed descriptions of the same parts and beneficial effects as those of the method embodiment in the embodiment are omitted herein.

Fig. 10 is a second schematic structural diagram of a data transmission device according to an embodiment of the present application, as shown in fig. 10, the data transmission device 100 includes:

a receiving module 101, configured to receive a first relay discovery message sent by a first terminal, where the first relay discovery message includes at least one of an end-to-end discovery message, an RSC, first relay discovery message source indication information, and an end-to-end discovery message security processing identifier;

A second processing module 102, configured to process the first relay discovery message according to a security material, and generate a second relay discovery message, where the second relay discovery message includes at least one of the end-to-end discovery message, the RSC, second relay discovery message source indication information, and the end-to-end discovery message security processing identifier; the security material is a secret key and related parameters for performing security protection on the discovery message in the U2U relay discovery process;

a sending module 103, configured to send a second relay discovery message to a second terminal;

In one possible embodiment, the security material comprises at least one of:

a relay discovery receive security material associated with the RSC.

In one possible implementation, the second processing module 102 is specifically configured to:

In a possible implementation, the receiving module 101 is further configured to:

and receiving the security material sent by the network equipment.

Specifically, the data transmission device provided in the embodiment of the present application can implement all the method steps implemented by the method embodiment in which the execution body is a relay terminal, and can achieve the same technical effects, and the same parts and beneficial effects as those of the method embodiment in the embodiment are not described in detail herein.

Fig. 11 is a schematic diagram of a third structure of the data transmission device according to the embodiment of the present application, as shown in fig. 11, the data transmission device 110 includes:

a second transceiver module 111, configured to receive a second relay discovery message sent by a relay terminal, where the second relay discovery message includes at least one of an end-to-end discovery message, an RSC, second relay discovery message source indication information, and an end-to-end discovery message security processing identifier;

a third processing module 112, configured to perform deprotection processing on the second relay discovery message according to a security material, and obtain an end-to-end discovery message plaintext corresponding to the end-to-end discovery message; the security material is a secret key and related parameters for performing security protection on the discovery message in the U2U relay discovery process;

In one possible embodiment, the security material comprises at least one of:

End-to-end discovery of the sending security material;

end-to-end discovery of the receiving security material;

a relay discovery receive security material associated with the RSC.

In one possible implementation, the third processing module 112 is specifically configured to:

opening all end-to-end message security;

the end-to-end message security is not opened;

the partial end-to-end message security is opened.

In a possible implementation manner, the second transceiver module 111 is further configured to:

Specifically, the data transmission device provided in the embodiment of the present application can implement all the method steps implemented by the method embodiment in which the execution body is the second terminal, and can achieve the same technical effects, and detailed descriptions of the same parts and beneficial effects as those of the method embodiment in the embodiment are omitted herein.

It should be noted that the division of the units/modules in the embodiments of the present application is merely a logic function division, and other division manners may be implemented in practice. In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a processor-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution, in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

In some embodiments, there is also provided a computer-readable storage medium storing a computer program for causing a computer to execute the data transmission method provided by the above-described method embodiments.

Specifically, the computer readable storage medium provided in the embodiment of the present application can implement all the method steps implemented by the embodiments of the present application and achieve the same technical effects, and the parts and beneficial effects that are the same as those of the embodiments of the present application are not described in detail herein.

It should be noted that: the computer readable storage medium may be any available medium or data storage device that can be accessed by a processor including, but not limited to, magnetic memory (e.g., floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc.), optical memory (e.g., CD, DVD, BD, HVD, etc.), and semiconductor memory (e.g., ROM, EPROM, EEPROM, nonvolatile memory (NAND FLASH), solid State Disk (SSD)), etc.

In addition, it should be noted that: the terms "first," "second," and the like in the embodiments of the present application are used for distinguishing between similar objects and not for describing a particular sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the application are capable of operation in sequences other than those illustrated or otherwise described herein, and that the terms "first" and "second" are generally intended to be used in a generic sense and not to limit the number of objects, for example, the first object may be one or more.

In the embodiment of the application, the term "and/or" describes the association relationship of the association objects, which means that three relationships may exist, for example, a and/or B may be represented: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.

The term "plurality" in the embodiments of the present application means two or more, and other adjectives are similar thereto.

The technical scheme provided by the embodiment of the application can be suitable for various systems, in particular to a 5G system. For example, suitable systems may be global system for mobile communications (global system of mobile communication, GSM), code division multiple access (code division multiple access, CDMA), wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA) universal packet Radio service (general packet Radio service, GPRS), long term evolution (long term evolution, LTE), LTE frequency division duplex (frequency division duplex, FDD), LTE time division duplex (time division duplex, TDD), long term evolution-advanced (long term evolution advanced, LTE-a), universal mobile system (universal mobile telecommunication system, UMTS), worldwide interoperability for microwave access (worldwide interoperability for microwave access, wiMAX), 5G New air interface (New Radio, NR), and the like. Terminal devices and network devices are included in these various systems. Core network parts such as evolved packet system (Evloved Packet System, EPS), 5G system (5 GS) etc. may also be included in the system.

The terminal device according to the embodiments of the present application may be a device that provides voice and/or data connectivity to a user, a handheld device with a wireless connection function, or other processing device connected to a wireless modem, etc. The names of the terminal devices may also be different in different systems, for example in a 5G system, the terminal devices may be referred to as User Equipment (UE). The wireless terminal device may communicate with one or more Core Networks (CNs) via a radio access Network (Radio Access Network, RAN), which may be mobile terminal devices such as mobile phones (or "cellular" phones) and computers with mobile terminal devices, e.g., portable, pocket, hand-held, computer-built-in or vehicle-mounted mobile devices that exchange voice and/or data with the radio access Network. Such as personal communication services (Personal Communication Service, PCS) phones, cordless phones, session initiation protocol (Session Initiated Protocol, SIP) phones, wireless local loop (Wireless Local Loop, WLL) stations, personal digital assistants (Personal Digital Assistant, PDAs), and the like. The wireless terminal device may also be referred to as a system, subscriber unit (subscriber unit), subscriber station (subscriber station), mobile station (mobile), remote station (remote station), access point (access point), remote terminal device (remote terminal), access terminal device (access terminal), user terminal device (user terminal), user agent (user agent), user equipment (user device), and the embodiments of the present application are not limited.

The network device according to the embodiment of the present application may be a base station, where the base station may include a plurality of cells for providing services for a terminal. A base station may also be called an access point or may be a device in an access network that communicates over the air-interface, through one or more sectors, with wireless terminal devices, or other names, depending on the particular application. The network device may be operable to exchange received air frames with internet protocol (Internet Protocol, IP) packets as a router between the wireless terminal device and the rest of the access network, which may include an Internet Protocol (IP) communication network. The network device may also coordinate attribute management for the air interface. For example, the network device according to the embodiments of the present application may be a network device (Base Transceiver Station, BTS) in a global system for mobile communications (Global System for Mobile communications, GSM) or code division multiple access (Code Division Multiple Access, CDMA), a network device (NodeB) in a wideband code division multiple access (Wide-band Code Division Multiple Access, WCDMA), an evolved network device (evolutional Node B, eNB or e-NodeB) in a long term evolution (long term evolution, LTE) system, a 5G base station (gNB) in a 5G network architecture (next generation system), a home evolved base station (Home evolved Node B, heNB), a relay node (relay node), a home base station (femto), a pico base station (pico), and the like. In some network structures, the network device may include a Centralized Unit (CU) node and a Distributed Unit (DU) node, which may also be geographically separated.

Multiple-input Multiple-output (Multi Input Multi Output, MIMO) transmissions may each be made between a network device and a terminal device using one or more antennas, and the MIMO transmissions may be Single User MIMO (SU-MIMO) or Multiple User MIMO (MU-MIMO). The MIMO transmission may be 2D-MIMO, 3D-MIMO, FD-MIMO, or massive-MIMO, or may be diversity transmission, precoding transmission, beamforming transmission, or the like, depending on the form and number of the root antenna combinations.

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, magnetic disk storage, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-executable instructions. These computer-executable instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These processor-executable instructions may also be stored in a processor-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the processor-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These processor-executable instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.

Claims

1. A data transmission method, applied to a first terminal, the method comprising:

generating a first relay discovery message according to the security material, wherein the first relay discovery message comprises at least one of an end-to-end discovery message, a relay service identification code RSC, first relay discovery message source indication information and an end-to-end discovery message security processing identifier; the security material is a secret key and related parameters for performing security protection on the discovery message in the relay discovery process from the terminal to the terminal U2U;

sending the first relay discovery message to a relay terminal;

2. The data transmission method of claim 1, wherein the security material comprises at least one of:

end-to-end discovery of the sending security material;

end-to-end discovery of the receiving security material;

a relay discovery receive security material associated with the RSC.

3. The data transmission method according to claim 2, wherein the generating the first relay discovery message according to the security material includes:

opening all end-to-end message security;

the end-to-end message security is not opened;

the partial end-to-end message security is opened.

4. A data transmission method according to claim 3, wherein said generating said first relay discovery message according to a security policy and said security material comprises:

5. The method according to claim 4, wherein the obtaining the end-to-end discovery message according to the security material and the security policy comprises:

generating an end-to-end discovery message plaintext;

6. A data transmission method according to any one of claims 3 to 5, characterized in that the method further comprises:

7. A data transmission method, applied to a relay terminal, comprising:

Sending a second relay discovery message to a second terminal;

8. The data transmission method of claim 7, wherein the security material comprises at least one of:

a relay discovery receive security material associated with the RSC.

9. The data transmission method according to claim 7 or 8, wherein the processing the first relay discovery message according to the security material to generate a second relay discovery message comprises:

10. The data transmission method according to claim 7 or 8, characterized in that the method further comprises:

and receiving the security material sent by the network equipment.

11. A data transmission method, applied to a second terminal, the method comprising:

12. The data transmission method of claim 11, wherein the security material comprises at least one of:

end-to-end discovery of the sending security material;

end-to-end discovery of the receiving security material;

a relay discovery receive security material associated with the RSC.

13. The method for transmitting data according to claim 11, wherein the performing deprotection processing on the second relay discovery message according to the security material to obtain the plaintext of the end-to-end discovery message corresponding to the end-to-end discovery message includes:

Opening all end-to-end message security;

the end-to-end message security is not opened;

the partial end-to-end message security is opened.

14. The method for transmitting data according to claim 13, wherein the performing deprotection processing on the second relay discovery message according to the security material and the security policy to obtain a plaintext of the end-to-end discovery message corresponding to the end-to-end discovery message includes:

15. The data transmission method according to any one of claims 11 to 14, characterized in that the method further comprises:

16. A first terminal comprising a memory, a transceiver, and a processor;

sending the first relay discovery message to a relay terminal;

17. The first terminal of claim 16, wherein the security material comprises at least one of:

end-to-end discovery of the sending security material;

end-to-end discovery of the receiving security material;

a relay discovery receive security material associated with the RSC.

18. The first terminal of claim 17, wherein the generating the first relay discovery message from the security material comprises:

opening all end-to-end message security;

the end-to-end message security is not opened;

the partial end-to-end message security is opened.

19. The first terminal of claim 18, wherein the generating the first relay discovery message according to a security policy and the security material comprises:

20. The first terminal of claim 19, wherein the obtaining the end-to-end discovery message according to the security material and the security policy comprises:

generating an end-to-end discovery message plaintext;

21. The first terminal according to any of the claims 18 to 20, wherein the processor is further adapted to read a computer program in the memory and to perform the following operations:

22. A relay terminal, comprising a memory, a transceiver, and a processor;

sending a second relay discovery message to a second terminal;

23. The relay terminal of claim 22, wherein the security material comprises at least one of:

a relay discovery receive security material associated with the RSC.

24. The relay terminal according to claim 22 or 23, wherein the processing the first relay discovery message according to the security material to generate a second relay discovery message comprises:

25. The relay terminal according to claim 22 or 23, wherein the processor is further configured to read the computer program in the memory and perform the following operations:

And receiving the security material sent by the network equipment.

26. A second terminal, comprising a memory, a transceiver, and a processor;

27. The second terminal of claim 26, wherein the security material comprises at least one of:

end-to-end discovery of the sending security material;

end-to-end discovery of the receiving security material;

a relay discovery receive security material associated with the RSC.

28. The second terminal according to claim 26, wherein the performing the deprotection processing on the second relay discovery message according to the security material to obtain the plaintext of the end-to-end discovery message corresponding to the end-to-end discovery message includes:

opening all end-to-end message security;

the end-to-end message security is not opened;

the partial end-to-end message security is opened.

29. The second terminal according to claim 28, wherein the performing deprotection processing on the second relay discovery message according to the security material and the security policy to obtain a plaintext of the end-to-end discovery message corresponding to the end-to-end discovery message includes:

30. The second terminal according to any of the claims 26 to 29, wherein the processor is further adapted to read a computer program in the memory and to perform the following operations:

31. A data transmission apparatus, comprising:

32. A data transmission apparatus, comprising:

33. A data transmission apparatus, comprising:

34. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for causing a computer to execute the data transmission method according to any one of claims 1 to 6, or for causing a computer to execute the data transmission method according to any one of claims 7 to 10, or for causing a computer to execute the data transmission method according to any one of claims 11 to 15.