GB2588600A - Method to transmit messages between user equipments - Google Patents

Method to transmit messages between user equipments Download PDF

Info

Publication number
GB2588600A
GB2588600A GB1915476.4A GB201915476A GB2588600A GB 2588600 A GB2588600 A GB 2588600A GB 201915476 A GB201915476 A GB 201915476A GB 2588600 A GB2588600 A GB 2588600A
Authority
GB
United Kingdom
Prior art keywords
user equipment
counter value
secret
identity
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
GB1915476.4A
Other versions
GB201915476D0 (en
Inventor
Holm Bjerrum Bo
Jerichow Anja
Buthler Jakob
Dhere Arnol
Henneberg Rysgaard Bent
Caporal Del Barrio Samantha
Ji Lianghai
Barbosa Abreu renato
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Technologies Oy
Original Assignee
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Technologies Oy filed Critical Nokia Technologies Oy
Priority to GB1915476.4A priority Critical patent/GB2588600A/en
Publication of GB201915476D0 publication Critical patent/GB201915476D0/en
Publication of GB2588600A publication Critical patent/GB2588600A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
    • H04W4/08User group management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An apparatus, such as a vehicle-to-everything user equipment V2X-UE, sends a message to a set of user equipment via a groupcast communication. The message comprises a layer 2 group identity and a layer 2 source identity, wherein the source identity is based on a secret and a counter value. The apparatus receives a direct communication request from another user equipment of the set via a unicast communication. The apparatus accepts the request, authenticates the user equipment and sends the secret and the counter value to the user equipment via the unicast communication. The unicast communication may be on a vehicle-to-vehicle V2V sidelink. The V2X-UE stays anonymous to passive attackers who are eavesdropping groupcast communication under L2 group identity.

Description

METHOD TO TRANSMIT MESSAGES BETWEEN USER EQUIPMENTS
TECTINTCAL FIELD
100011 The present disclosure relates generally to network communications and, more particularly, to an apparatus and method for transmitting messages in a wireless network.
BACKGROUND
100021 Wireless communication systems are under constant development. An example is vehicle-to-everything (V2X) communication, originally based on wireless local area network technology but now extending to use cellular networks to provide a wider variety of services.
100031 In vehicle-to-everything (V2X), vehicles may be equipped with user equipment configured to wirelessly communicate with other user equipment, such as vehicle-to-vehicle (V2V) user equipment, vehicle-to-network nodes (V2N), vehicle-to-pedestrian (V2P), and/or any other type of device. The V2X messages may be used to exchange messages, such as traffic related messages, alerts, autonomous or semiautonomous driving messages, and/or any other type of data or message.
100041 A study item Advanced V2X (TR 33.836) has been established and addresses especially the protection of the Layer 2 source identity in unicast, broadcast and groupcast communication since there is privacy concerns regarding identification of the Layer 2 identity due to potential link to the user.
SUMMARY
100051 This summary is provided to introduce concepts related to the present inventive subject matter. This summary is not intended to identify essential features of the claimed subject matter nor is it intended for use in determining or limiting the scope of the claimed subject matter.
100061 In one implementation, there is provided a method comprising: sending, by a user equipment, a message to a set of user equipment via a groupcast communication, the message comprising a group identity and a source identity, wherein the source identity is based on a secret and a counter value, receiving, at the user equipment, a direct communication request from another user equipment of the set of user equipment via a unicast communication, sending, by the user equipment, the secret and the counter value to said another user equipment via the unicast communication.
100071 Advantageously, the method relies on the fact that the decision to disclose the identity should be taken by the caster entity (the sender), which secures the privacy of the caster. Additionally it minimizes signaling and incorporates already existing mechanisms. Security is guaranteed by the change of the identity using an irreversible function. The method protects the source identity of the user equipment by forcing the user equipment to use its identity only once and generating a new one for another groupcast. Thus, privacy compromise is limited for an attacker to only follow an anonymous identity of user equipment within one groupcast 100081 The method may also rely on replay-protected messages, as group members would identify a mismatch in source identity.
100091 In an embodiment, the source identity is derived from an irreversible function taking as inputs the secret and the counter value 100101 In an embodiment, the irreversible function is based on a hash function.
100111 In an embodiment, the group identity is a layer two group identity and the source identity is a layer two source identity.
100121 In an embodiment, the unicast communication is done on a vehicle-to-vehicle sidelink.
100131 In an embodiment, the secret and the counter value are shared after authentication of said another user equipment by the user equipment.
100141 In an embodiment, the counter value is updated based on a policy and the policy is shared by the user equipment with said another user equipment.
100151 In an embodiment, the policy is sent with the secret and the counter value or is pre-provisioned in said another user equipment.
100161 In an embodiment, the policy contains rules to update the counter value and information about selection of the irreversible function.
100171 In another implementation, there is provided a method comprising: receiving, by a user equipment, a message sent from another user equipment via a groupcast communication, the message comprising a group identity and a source identity, wherein the source identity is based on a secret and a counter value, sending, by the user equipment, a direct communication request to said another user equipment via a unicast communication, sending, by the user equipment, the secret and the counter value to said another user equipment via the unicast communication 100181 In another implementation, there is provided an apparatus comprising: at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least: send a message to a set of user equipment via a groupcast communication, the message comprising a group identity and a source identity, wherein the source identity is based on a secret and a counter value, receive a direct communication request from a user equipment of the set of user equipment via a unicast communication, send, the secret and the counter value to said user equipment via the unicast communication.
100191 In another implementation, there is provided an apparatus comprising: at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least: receive a message sent from a user equipment via a groupcast communication, the message comprising a group identity and a source identity, wherein the source identity is based on a secret and a counter value, send a direct communication request to said user equipment via a unicast communication, receive the secret and the counter value from said user equipment via the unicast communication 100201 Another example embodiment of the invention comprises a computer program comprising code for sending, by a user equipment, a message to a set of user equipment via a groupcast communication, the message comprising a group identity and a source identity, wherein the source identity is based on a secret and a counter value, receiving a direct communication request from another user equipment of the set of user equipment via a unicast communication, and sharing the secret and the counter value with said another user equipment via the unicast communication.
BRIEF DESCRIPTION OF THE FIGURES
100211 The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the figures to reference like features and components. Some embodiments of system and/or methods in accordance with embodiments of the present subject matter are now described, by way of example only, and with reference to the accompanying figures, in which: 100221 FIG. I illustrates a schematic block diagram illustrating an embodiment of selected components of an exemplary wireless network in which embodiments described herein may be implemented.
100231 FIG. 2 illustrates a logical flow diagram of an embodiment of a method for preserving privacy in groupcast V2V communication.
100241 FIG. 3 illustrates a schematic block diagram of an exemplary embodiment of a vehicle including a V2X-UE 100251 FIG 4 illustrates a schematic block diagram of an exemplary embodiment of a V2X-UE in more detail.
100261 The same reference number represents the same element or the same type of element on all drawings 100271 It should be appreciated by those skilled in the art that any block diagrams herein represent conceptual views of illustrative systems embodying the principles of the present subject matter. Similarly, it will be appreciated that any flow charts, flow diagrams, state transition diagrams, pseudo code, and the like represent various processes which may be substantially represented in computer readable medium and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.
DESCRIPTION OF EMBODIMENTS
100281 The figures and the following description illustrate specific exemplary embodiments of the invention. It will thus be appreciated that those skilled in the art will be able to devise various arrangements that, although not explicitly described or shown herein, embody the principles of the invention and are included within the scope of the invention.
Furthermore, any examples described herein are intended to aid in understanding the principles of the invention, and are to be construed as being without limitation to such specifically recited examples and conditions. As a result, the invention is not limited to the specific embodiments or examples described below, but by the claims and their equivalents.
100291 FIG. 1 illustrates a schematic block diagram illustrating an embodiment of selected components of an exemplary wireless network 100 in which embodiments described herein may be implemented. The wireless network 100 may include various type of cellular networks including, but not limited to, the Universal Mobile Telecommunications System (UNITS) Terrestrial Radio Access Network (UTRAN), Long Term Evolution (LTE) Evolved UTRAN (E-UTRAN), LTE-Advanced (LIE-A) or other long range wireless networks. In one implementation in which the wireless network 100 is an LIE type cellular network, the overlay access network includes an evolved Universal Terrestrial Radio Access Network (EUTRAN) 102 connected to an evolved packet core (EPC) 104. The E-UTRAN 102 includes at least one Universal Terrestrial Radio Access Network (UTRAN) node B or eNB or eNodeB 106. The eNodeBs 106 are interconnected with each other in the E-UTRAN 102 by means of an X2 interface 112. The eNodeBs 106 provide an air interface to V2X user equipment (V2X-UE 110), 100301 In other embodiments, different types of radio access networks (RAN) may be implemented, e.g. a base transceiver station (BTS) and radio network controller (RNC).
Thus, a base station (BS), base transceiver station (BTS) or any type of RAN controller may perform the same or similar functions as described herein with respect to an eNodeB 106. Other types of protocols, such as IEEE 80216 WiMax set of standards, may also be deployed.
100311 The eNodeBs 106 are connected by means of an S1 interface 114 to the EPC 104, and e.g., more specifically to a Mobility Management Entity (MME 116) by means of the SI-NIME protocol 114, to a Serving Gateway (S-GW) 118 by means of the SI-U protocol 122. The S-OW 118 routes and forwards user data packets, while also acting as the mobility manager for the user plane. The S-GW 118 communicates with a Packet Gateway (P-OW) 130 over a T6a interface 136. The P-GW 130 may be connected to a wide area network (Internet), application server, etc. For example, the P-GW 130 may be communicatively coupled to a V2X application server 150 either directly or through a local area network (LAN) or WAN (such as the Internet).
100321 The MIME 116 is a main control node for the LTE access-network providing signaling to the V2X-UE 110s. The NINIE 116 may be a standalone node or a combined logical node with the P-OW 130 or S-OW 118 having MME functionality 116. The eNodeBs 106 and V2X-UEs 110 communicate over an air interface 120 using a Uu signaling protocol.
The eNodeBs 106 may also use one or more other protocols for communicating over the air interface to the V2X-UEs 110. For example, Multimedia Broadcast Nlulticast Services (MBMS) is a point-to-multipoint interface specification for 3GPP cellular networks, which is designed to provide efficient delivery of broadcast and multicast services, both within a cell as well as within the core network. For broadcast transmission across multiple cells, it defines transmission via single-frequency network configurations. The specification is referred to as Evolved Multimedia Broadcast Multicast Services (eNTBMS) when transmissions are delivered through an LTE (Long Term Evolution) network. eMBNIS is also known as LTE Broadcast. The eNodeBs 106 may broadcast messages to the V2X-UEs 110 using the MBMS or eIVIBMS protocol.
100331 For vehicle to vehicle (V2V) communications using distributed scheduling, a wireless air interface 132 using the PC5 protocol is specified by the 3GPP standards. The PC5 interface 132 may be used to communicate directly between V2X-UEs without signaling from an eNodeB 106. The PC5 interface 132 is a short range communication interface for scheduling and interference management of V2V traffic based on distributed algorithms implemented between the V2X UE 110. The distributed algorithm is based on sensing with semi-persistent transmission. Resource allocation may be dependent on geographical information. In other embodiments, scheduling and interference management of V2V traffic is assisted by eNodeBs 106 via control signaling over the Vu air interface 120. The eNodeB 106 may then assign the resources being used for V2V signaling in a dynamic manner.
100341 A V2X sidelink transmission may be established on a dedicated carrier or may be established on a shared carrier, such as a carrier shared with for example a base station and one or more other user equipment. In the dedicated case, a sidelink transmission may be established on a dedicated V2V carrier between, for example, a first vehicle including a first user equipment and a second vehicle including a second user equipment. In the shared carrier ease, the uplink to the base station (e.g., an LIE eNB base station, a 5G Node B (gNB), and/or other types of base stations) and the sidelink transmissions to V2X user equipment share a carrier. For example, the uplink and sidelink may be multiplexed to enable sharing the same radio resources using frequency division multiplex and/or time division multiplex.
100351 The V2X-UE 110 may include vehicles, such as cars, trucks, motorcycles, bicycles, drones, planes, trains or even pedestrians or other user devices. A V2X-UE 110 may also include infrastructure equipment, such as road signs, traffic lights, toll stations, barriers, traffic cameras, gates or other types of infrastructure. A V2X-UE 110 may also include temperature sensors, weather sensors or traffic sensors providing data of transportation conditions.
100361 When two devices are communicating over the PC5 sidelink a secure channel is established and data are confidentially protected including the identity. In case of broadcast, no link is established. If a UP would use the same identity in several broadcast messages, it is possible to track the related vehicle and compromise its privacy. Hence, some solutions in broadcast protect the identity of the sender by obfuscation because none of the receivers are going to reply to the broadcast due to the nature of the broadcast. This implies, that broadcast receivers will not be able to link two contiguous messages from the same broadcaster. Whether such privacy solutions are used for a V2X service may likely depend on regional regulatory requirements and/or operator policy.
100371 Groupcast is of a different nature, because the sender needs to behave as a broadcast entity but has to reveal its identity, such that members of the group can send a NAK message (negative acknowledgment or not acknowledged) in case it is needed. The not acknowledged message will only be send in case of incomplete transfer of the groupcast message to request a retransmission. Additionally, the group members shall be able to identify whether the message is sent from the same sender. Here is a need to ensure privacy of the group caster (groupcast sender) against an eavesdropper, i.e. how to privacy-protect the sender' s identity in a groupcast, while allowing the recipient to be able to link the sender identity to the specific sender and additionally link all messages if groupcast from that sender.
10038] The group receiving a groupcast message is defined as a set of V2X-UE's interested in the same information defined by the group identifier of the message, for example in speed, location etc. The intension of the groupcast is to enable retransmission of messages related to this specific group information sent by the group caster.
10039] The group caster cannot distinguish between a trusted receiver and an eavesdropper when broadcasting a message with a group identifier. If the group caster's layer 2 identity is not protected, eavesdroppers can listen and track the identity, which implies privacy issue for the group caster.
100401 With reference to FIG. 2, a method preserving privacy in groupcast V2V communication according to one embodiment comprises steps SI to S6. One asset which requires protection is the L2 identity of the group caster Therefore, it shall be up for the group caster to decide to whom it will disclose its identity and hereby its tracking capabilities.
100411 FIG. 2 illustrates operations which may be performed by a network device such as, but not limited to the V2X-UE 110 as in FIG. 1.
100421 In step Sl, a V2X-UE 110a sends a groupcast message to a group of V2X-UE's, for example to a V2X-UE 110b and a V2X-UE 110c, the groupcast message comprising a layer 2 (L2) group identity L2 grp id of the group and a layer 2 (L2) source identity L2 ue id of V2X-UE 110a. The L2 group identity is transmitted such as a V2X-UE of the group of V2X-UE's can send a NAK in case of retransmission is needed.
100431 The source identity of V2X-UE 110a is constructed as a secret using an irreversible function. The irreversible function can be based on a HIMAC (Keyed-Hashing for Message Authentication) function relying on a message authentication code obtained by running a cryptographic hash function (like MD5, SHA1, and SHA256) over the data (to be authenticated) and a shared secret key. The irreversible function can be based on a hash function or a pseudo random generator like DRBG SP800-90A revl but not limited to. In other examples, the irreversible function can be based on 128-EIAL 128-EIA2 or 128-EIA2 algorithms. The irreversible function takes two parameters as input, a secret and a counter value. Secret is a high-entropy number which is confidential and can be acting as the I-EVIAC key if the irreversible function is based on a HMAC 100441 The counter value can be a running counter which is changed based on rules in a policy. In one example, the counter is incremented once for each cast. It's important to note, that counter value and secret cannot be grasped from the L2 source identity due to the irreversible property of the function, like the hash function. It's also important to note, that by introducing a minor change to either counter value or secret, a new L2 source identity will be totally different and independent from the previous one. This implies, that the L2 source identity is changed over time and the L2 source identity is randomized.
100451 In step S2, V2X-UE 110b wants to follow V2X-UE 110a's group cast, without knowing the identity of V2X-UE 110a, or secret and counter value from V2X-UE 110a. Each group cast from V2X-UE 100a will look like different sources. V2X-UE 100b may decide to follow V2X-UE 110a' s group cast based on the L2 group identity comprised in the groupcast message.
100461 V2X-UE 110b requests a direct communication using the L2 source identity from the groupcast message To that end, V2X-UE 110b send a direct communication request to V2X-UE 110a, using a PC5 unicast method.
100471 In step 53, if there is not yet a connection between V2X-UE 110a and V2X-HE 110b, the direct communication request is accepted and the connection is established.
The direct communication request from V2X-UE 110b can comprise an indication that the request is for a limited access service for an application and with one or more credentials. The connection between V2X-UE 110a and V2X-UE 110b is a direct connection meaning that there is no need to establish the connection via a core network. It bears no significance how the physical connection is established, as long as there is a logical connection between V2X-UE 110a and V2X-UE 110b, for following information exchange relating to credentials.
100481 In step S4, as part of the communication establishment, V2X-UE 110a authenticates V2X-UE 110b using methods already decided in ProSe TS 33.303 (clause 6.5.4), which is hereby incorporated by reference herein. It creates a confidential link over which credentials can be exchanged. More especially, V2X-UE 110a may send a message to V2X-UE 110b, the message comprising signaling and user plane traffic with a new security context for a confidential link and an indication that V2X-UE 110b is authorized as a member of the group 100491 Additionally, V2X-UE 110a decides whether it wants to share its trackable identity. This can be done either by a pre-provisioned policy like an ACL (access control lists) or another remote authorization mechanism.
100501 In step 55, if V2X-UE 110a accepts V2X-UE 110b as being part of the group, it can share the secret, the current counter value and optionally a policy with V2X-UE 110b by sending them over the established confidential link. The policy contains information which makes it possible for V2X-UE 110a and V2X-UE 110b to behave in the same way without signaling a change in behavior. The information exchanged can be split in two: firstly initial information which is session based like the counter value and secret and secondly behavioral information like when to update the counter, how to update the counter, selection of function etc... The policy doesn't need to be shared during initial access but can also be provisioned during manufacturing. This implies, that V2X-UE 110a either sends secret, counter value and policy or sends just secret and counter value if the policy is pre-provisioned. This will enable V2X-UE 110b to calculate the irreversible function and then hereby predict the next L2 source identity of V2X-UE 110a, called L2 ue id', to be used for its next groupcast. V2X-UE 110b thus stores the secret and the counter value and the policy.
100511 Steps S2 to S5 can be repeated between V2X-UE 110a and V2X-UE 110c, as a group endorsement for V2X-UE 110c using also PC5 unicast method.
100521 In step 56, V2X-UE 110a sends a next groupcast message, comprising L2 group identity L2 grp id and updated L2 source identity L2 ue id' of V2X-110a using an updated counter value (like an incremented counter value).
100531 V2X-UE 110b and V2X-UE 110c can recognize the groupcast channel transmission based on the L2 group identity L2 grp id and are be able to calculate the updated L2 source identity of V2X-110a, based on the irreversible function applied to the secret and updated counter value that is incremented according to the policy. Thus, V2X-UE 110a stays anonymous for passive attackers who are eavesdropping groupcast communication under L2 group identity.
100541 If V2X-UE 110a sends another groupcast message, V2X-UE 110a, V2X-UE 110b and V2X-UE 110c have updated the counter value according to the policy. Therefore, V2X-UE 110b and V2X-UE 110c can track groupcast messages from V2X-UE 110a and can identify the source of the groupcast, i.e. V2X-UE 110a, but an eavesdropper or another group member not yet involved, for example V2X-UE 110d, will observe the groupcast messages as coming from different sources.
100551 Utilizing a policy to define an algorithm selector (for irreversible function), initial values update/increment policy enables the solution to scale and adapt to constrained platforms and newer technologies. Additionally, the solution protects authorized group members from replay/impersonation attacks due to the capability of the authentication of the user trackable identity.
100561 FIG. 3 illustrates a schematic block diagram of an exemplary embodiment of a vehicle 1100 including a V2X-UE 110. The V2X-UE 110 may be incorporated within a control module 1102 of the vehicle 1100 or may include a separate entity or node communicatively coupled to the control module 1102 (e.g. as shown in italics). The control module 1102 includes a processing circuit 1104 operable to process or perform one or more functions described herein. The control module 1102 may also include an internal or external location module 1106 that performs location awareness functions. The control module 1102 is coupled or interconnected to a plurality of vehicle sensors 1108 that are coupled to or interconnected with a plurality of systems and components of the vehicle 1100, including, e.g. an engine, fuel system, heating cooling system, braking system, etc. The vehicle sensors 1108 may include various types of sensors to monitor the various systems and components of the vehicle 1100. For example, the vehicle sensors 1108 may include temperature sensors, pressure sensors, timers, clock, warnings, fuel levels, speedometer, RPIVIs, etc. 100571 The control module 1102 may also be coupled to one or more services, such as a global positioning satellite (GPS) service 1120, traffic service 1122, navigation system 1124, onboard camera 1126, etc. The control module 1102 either through the V2X-UE 110 or other transceiver is also operable to receive information from one or more other vehicles or V2X-UEs 110, such as other vehicles, infrastructure, etc. The location module 1106 is operable to determine a location of the vehicle 1100 using one or more of the services or systems, such as the GPS service 1120, traffic service 1122 and/or navigation system 1124.
100581 FIG. 4 illustrates a schematic block diagram of an exemplary embodiment of a V2X-UE 110 in more detail. The V2X-UE 110 may be implemented in a vehicle, such as a car, bicycle, train, drone, plane, helicopter, ship, etc. The V2X-UE 110 may also be implemented in user equipment (UE) including a smart phone, smart tablet, laptop, smart watch, PC, TV or other device. Additional or alternative components and functions may be included within the V2X-UE 110 than illustrated herein. In addition, one or more of the functions and components shown herein may not be present or combined with other components or functions.
100591 The V2X-UE 110 may include a processing device 1200 and memory device 1202 that are configured to perform one or more of the functions described herein with respect to the V2X-UE 110. The memory device may include a managed object 1204 that stores instructions, processes and data that when executed by the processing device 1200 causes the V2X-UE 110 to perform one or more functions described herein. The V2X-UE 110 may also include a Universal Integrated Circuit Card (UICC) 1206 that includes a UNITS Subscriber Identify Module (USIM) 1208 for storage of the International Mobile Subscriber Identity (WISI) 1208. In other embodiments, the V2X-UE 110 does not have UICC capabilities, e.g. the V2X-UE 110 does not include a UICC or the UICC is inoperable.
100601 The V2X-UE 110 may further include a Bluetooth transceiver 1210, a WLAN (IEEE 802. llx compliant) transceiver 1212, mobile RE (3G/4G/5G) transceiver 1214 and 20 GPS Interface 1216. The WLAN transceiver 1212 may operate as a non-3GPP access interface to a WLAN network. The V2X-UE 110 may further include user interfaces 1218, AC adapter 1220, battery module 1222, U SB transceiver 1224 and Ethernet Port 1226.
100611 When operated in a vehicle 1100, the V2X-UE 110 may further include a vehicle interface 1228 to communicate with the vehicle control module 1102, vehicle sensors 1108, location module 1106 or other vehicle systems or services. The V2X-UE 110 may also include other applications, such as a touch screen controller, speaker or microphone. The V2X-UE 110 may also include a power management unit 1230. One or more internal communication buses (not shown) may communicatively couple one or more of the components of the V2X-UE 150.
100621 More especially, if the V2X-UE 110 is the caster of a groupcast transmission, the V2X-UE 110 is configured to send a message to a set of user equipment via a groupcast transmission, the message comprising a group identity and a source identity, wherein the source identity is constructed from an irreversible function applied on a secret and a counter value The V2X-UE 110 is also configured to receive a direct communication request from another user equipment of the set of user equipment via a unicast transmission and to share the secret and the counter value with said another user equipment via the unicast communication, after authentication of said another user equipment.
100631 More especially, if the V2X-UE 110 is the recipient of a groupcast transmission, the V2X-UE 110 is configured to receive a message sent from another user equipment via a groupcast transmission, the message comprising a group identity and a source identity, wherein the source identity is constructed from an irreversible function applied on a secret and a counter value. The V2X-UE 110 is also configured to send a direct communication request to said another user equipment via a unicast transmission and to share the secret and the counter value with said another user equipment via the unicast communication, after authentication by said another user equipment.
100641 In one embodiment the user equipment is under the form of an apparatus comprising one or more processor(s), I/O interface(s), and a memory coupled to the processor(s) 100651 It is understood that the processor may include circuitry for implementing audio/video and logic functions of apparatus. For example, the processor may comprise a digital signal processor device, a microprocessor device, an analog-to-digital converter, a digital-to-analog converter, and/or the like. Control and signal processing functions of the apparatus may be allocated between these devices according to their respective capabilities. Further, the processor 20 may include functionality to operate one or more software programs, which may be stored in memory. In general, processor and stored software instructions may be configured to cause apparatus to perform actions. For example, processor may be capable of operating a connectivity program, such as a web browser. The connectivity program may allow the apparatus to transmit and receive web content, such as location-based content, according to a protocol, such as wireless application protocol, WAP, hypertext transfer protocol, FITTP, and/or the like.
100661 The processor(s) may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. The processor(s) can be a single processing unit or a number of units, all of which could also include multiple computing units. Among other capabilities, the processor(s) are configured to fetch and execute computer-readable instructions stored in the memory.
100671 The functions realized by the processor may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software. When provided by a processor, the functions may be provided by a single dedicated processor, by a single shared processor, or by a plurality of individual processors, some of which may be shared. Moreover, explicit use of the term "processor" should not be construed to refer exclusively to hardware capable of executing software, and may implicitly include, without limitation, digital signal processor (DSP) hardware, network processor, application specific integrated circuit (ASIC), field programmable gate array (FPGA), read only memory (ROM) for storing software, random access memory (RAM), and non volatile storage. Other hardware, conventional and/or custom, may also be included.
100681 The memory may include any computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes. The memory includes modules and data. The modules include routines, programs, objects, components, data structures, etc., which perform particular tasks or implement particular abstract data types. The data, amongst other things, serves as a repository for storing data processed, received, and generated by one or more of the modules.
100691 In the context of this document, a "computer-readable medium" may be any non-transitory media that can contain, store, communicate, propagate or transport the instructions for use by or in connection with an instruction execution system, apparatus, or device, such as a computer or data processor circuitry, with examples depicted at FIG. 4, computer-readable medium may comprise a non-transitory computer-readable storage medium that may be any media that can contain or store the instructions for use by or in connection with an instruction execution system, apparatus, or device, such as a computer.
100701 A person skilled in the art will readily recognize that steps of the methods, presented above, can be performed by programmed computers. Herein, some embodiments are also intended to cover program storage devices, for example, digital data storage media, which are machine or computer readable and encode machine-executable or computer-executable programs of instructions, where said instructions perform some or all of the steps of the described method. The program storage devices may be, for example, digital memories, magnetic storage media, such as a magnetic disks and magnetic tapes, hard drives, or optically readable digital data storage media.

Claims (14)

16 CLAINts 1 A method, comprising: sending, by a user equipment, a message to a set of user equipment via a groupcast communication, the message comprising a group identity and a source identity, wherein the source identity is based on a secret and a counter value, receiving, at the user equipment, a direct communication request from another user equipment of the set of user equipment via a unicast communication, sending, by the user equipment, the secret and the counter value to said another user equipment via the unicast communication.
2. The method as claimed in claim I, wherein the source identity is derived from an irreversible function taking as inputs the secret and the counter value
3 The method as claimed in claim 2, wherein the irreversible function is based on a hash function.
4. The method as claimed in any of the preceding claims, wherein the group identity is a layer two group identity and the source identity is a layer two source identity.
5. The method as claimed in any of the preceding claims, wherein the unicast communication is done on a vehicle-to-vehicle sidelink.
6. The method as claimed in any of the preceding claims, wherein the secret and the counter value are shared after authentication of said another user equipment by the user equipment.
7 The method as claimed in any of the preceding claims, wherein the counter value is updated based on a policy and the policy is shared by the user equipment with said another user equipment.
8 The method as claimed in claim 7, wherein the policy is sent with the secret and the counter value or is pre-provisioned in said another user equipment
9. The method as claimed in claim 7 or 8, wherein the policy contains rules to update the counter value and information about selection of the irreversible function.
10. A method, comprising: receiving, by a user equipment, a message sent from another user equipment via a groupcast communication, the message comprising a group identity and a source identity, wherein the source identity is based on a secret and a counter value, sending, by the user equipment, a direct communication request to said another user equipment via a unicast communication, sending, by the user equipment, the secret and the counter value to said another user equipment via the unicast communication.
11. An apparatus comprising: at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least: send a message to a set of user equipment via a groupcast communication, the message comprising a group identity and a source identity, wherein the source identity is based on a secret and a counter value, receive a direct communication request from a user equipment of the set of user equipment via a unicast communication, send, the secret and the counter value to said user equipment via the unicast communication.
12. An apparatus comprising: at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least: receive a message sent from a user equipment via a groupcast communication, the message comprising a group identity and a source identity, wherein the source identity is based on a secret and a counter value, send a direct communication request to said user equipment via a un cast communication, receive the secret and the counter value from said user equipment via the unicast communication.
13. A computer-readable medium having embodied thereon a computer program for executing a method for according to any of claims 1 to 8 or 9.
14. The computer program according to claim 13, wherein the computer program is a computer program product comprising a computer-readable medium bearing computer program code embodied therein for use with a computer.
GB1915476.4A 2019-10-25 2019-10-25 Method to transmit messages between user equipments Pending GB2588600A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1915476.4A GB2588600A (en) 2019-10-25 2019-10-25 Method to transmit messages between user equipments

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1915476.4A GB2588600A (en) 2019-10-25 2019-10-25 Method to transmit messages between user equipments

Publications (2)

Publication Number Publication Date
GB201915476D0 GB201915476D0 (en) 2019-12-11
GB2588600A true GB2588600A (en) 2021-05-05

Family

ID=68768871

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1915476.4A Pending GB2588600A (en) 2019-10-25 2019-10-25 Method to transmit messages between user equipments

Country Status (1)

Country Link
GB (1) GB2588600A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170272384A1 (en) * 2016-03-17 2017-09-21 Lg Electronics Inc. Method and apparatus for buffering v2x message for path switching in wireless communication system
US20180131676A1 (en) * 2015-04-13 2018-05-10 Telefonaktiebolaget Lm Ericsson (Publ) Code encryption

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180131676A1 (en) * 2015-04-13 2018-05-10 Telefonaktiebolaget Lm Ericsson (Publ) Code encryption
US20170272384A1 (en) * 2016-03-17 2017-09-21 Lg Electronics Inc. Method and apparatus for buffering v2x message for path switching in wireless communication system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Architecture enhancements for 5G System (5GS) to support Vehicle-to-Everything (V2X) services (Release 16)", no. V16.0.0, 24 September 2019 (2019-09-24), pages 1 - 49, XP051784662, Retrieved from the Internet <URL:ftp://ftp.3gpp.org/Specs/archive/23_series/23.287/23287-g00.zip 23287-g00.doc> [retrieved on 20190924] *
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on Security Aspects of 3GPP support for Advanced V2X Services (Release 16)", no. V0.3.0, 22 September 2019 (2019-09-22), pages 1 - 36, XP051784629, Retrieved from the Internet <URL:ftp://ftp.3gpp.org/Specs/archive/33_series/33.836/33836-030.zip 33836-030.doc> [retrieved on 20190922] *

Also Published As

Publication number Publication date
GB201915476D0 (en) 2019-12-11

Similar Documents

Publication Publication Date Title
US10863356B2 (en) Communications method, apparatus, and system
CN101810019B (en) Method and apparatus for authenticating nodes in a wireless network
CN110786031A (en) Method and system for privacy protection of 5G slice identifiers
US10219152B2 (en) Security architecture and solution for handling internet of things devices in a fifth generation system
US11184344B2 (en) Authorization of user equipment for mobile communications network that has previously been authorized by trusted traffic authority
EP3691316A1 (en) Parameter protection method, device and system
CN112351431B (en) Security protection mode determining method and device
US11770247B2 (en) Method for providing end-to-end security over signaling plane in mission critical data communication system
CN108702303B (en) Method and equipment for carrying out security configuration on radio bearer
US11588622B2 (en) Securing outside-vehicle communication using IBC
CN114584969B (en) Information processing method and device based on associated encryption
US11057746B2 (en) Method, device and system for transmitting broadcasting services, and computer storage medium
US20230141992A1 (en) Apparatus and server for v2x service
CN115885496B (en) Communication method and related device
GB2588600A (en) Method to transmit messages between user equipments
CN117320002A (en) Communication method and device
WO2021151730A1 (en) An apparatus for forwarding encrypted messages
CN110392076B (en) Method, device and storage medium for vehicle-to-any V2X communication
van Dam et al. Security in hybrid vehicular communication based on its g5, lte-v, and mobile edge computing
CN116561810B (en) Storage management big data processing method and device based on hybrid cloud platform
WO2022116917A1 (en) Wireless communication method, device, and system
US20220399998A1 (en) Device establishing security session for v2x service
CN116233848A (en) Data transmission protection method, device and system
CN116709332A (en) Method and device for cell switching
CN117322033A (en) Enhanced mobile artificial intelligence for wireless devices