WO2013113368A1 - Encrypting device-to-device messages for a public safety network mobile communication system - Google Patents

Encrypting device-to-device messages for a public safety network mobile communication system Download PDF

Info

Publication number
WO2013113368A1
WO2013113368A1 PCT/EP2012/051527 EP2012051527W WO2013113368A1 WO 2013113368 A1 WO2013113368 A1 WO 2013113368A1 EP 2012051527 W EP2012051527 W EP 2012051527W WO 2013113368 A1 WO2013113368 A1 WO 2013113368A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
communications
characteristic
communications characteristic
value
Prior art date
Application number
PCT/EP2012/051527
Other languages
French (fr)
Inventor
Vinh Van Phan
Ling Yu
Kari Veikko Horneman
Johanna Katariina Pekonen
Original Assignee
Nokia Siemens Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Oy filed Critical Nokia Siemens Networks Oy
Priority to PCT/EP2012/051527 priority Critical patent/WO2013113368A1/en
Publication of WO2013113368A1 publication Critical patent/WO2013113368A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • H04W12/64Location-dependent; Proximity-dependent using geofenced areas
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/90Services for handling of emergency or hazardous situations, e.g. earthquake and tsunami warning systems [ETWS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup

Definitions

  • the example and non-limiting embodiments of this invention relate generally to wireless communication systems, including methods, devices and computer programs for communicating in such systems, and more specifically relate to direct communications between mobile devices over public safety network allocated resources, also known as device-to-device D2D communications.
  • a communication system can be seen as a facility that enables communication sessions between two or more entities such as mobile communication devices and/or other stations associated with the communication system.
  • a communication system and a compatible communication device typically operate in accordance with a given standard or specification which sets out what the various entities associated with the system are permitted to do and how that should be achieved. For example, the manner how the communication device can access the communication system and how communications shall be implemented between communicating devices, the elements of the
  • wireless communication system at least a part of communications between at least two devices occurs over a wireless link.
  • wireless systems include public land mobile networks (PLMN), satellite based communication systems and different wireless local networks, for example wireless local area networks (WLAN).
  • PLMN public land mobile networks
  • WLAN wireless local area networks
  • wireless systems an access node is provided by a base station.
  • the radio coverage area of a base station is known as a cell, and therefore the wireless systems are often referred to as cellular systems. They can also be called mobile communication systems or mobile
  • a mobile telecommunication network typically operates in accordance with a wireless standard. Examples include GSM (Global System for Mobile) EDGE (Enhanced Data for GSM Evolution) Radio Access Networks (GERAN), Universal Terrestrial Radio Access Networks (UTRAN), and evolved Universal Terrestrial Radio Access Networks (EUTRAN).
  • GSM Global System for Mobile
  • EDGE Enhanced Data for GSM Evolution
  • GERAN Universal Terrestrial Radio Access Networks
  • UTRAN Universal Terrestrial Radio Access Networks
  • EUTRAN evolved Universal Terrestrial Radio Access Networks
  • LTE Long-term evolution
  • UMTS Universal Mobile Telecommunications System
  • a base station access node is called enhanced or evolved Node B (eNB).
  • eNB enhanced or evolved Node B
  • a user can access the communication system by means of an appropriate communication device.
  • a communication device of a user is often referred to as user equipment (UE) or terminal or mobile device or a mobile station.
  • UE user equipment
  • a communication device is provided with an appropriate signal receiving and transmitting arrangement for enabling communications with other parties.
  • the device may also comprise user interface for communicating with the user and a controller for controlling the operation of the device.
  • a communication device may be arranged to communicate, for example, data for carrying communications such as voice, electronic mail (email), text message, multimedia, for enabling internet access, for carrying application specific data and so on. Users may thus be offered and provided numerous services via their communication devices.
  • the communication connection can be provided by means of one or more data bearers.
  • a communication device provides a transceiver device that can communicate with another communication device such as e.g. an access node or a base station and/or another user equipment.
  • the communication device may access a carrier provided by a base station and transmit and/or receive communications on the carrier.
  • a feature of wireless communication devices is that they offer mobility for the users thereof.
  • a mobile communication device, or mobile device or mobile station for short may also be transferred, or handed over, from a base station to another and even between base stations belonging to different systems.
  • a communication device or user equipment that has no continuous connection to its home system may nevertheless be considered as being a part of a communication system.
  • the communication system may be based on use of a plurality of user equipment capable of communicating with each other.
  • D2D communications alternatively termed mobile-to- mobile (M2M), machine-to-machine (M2M), terminal-to-terminal (T2T) or peer-to-peer
  • P2P 3GPP LTE Release 10
  • LTE-A LTE-Advanced
  • the devices performing D2D communications do not necessarily have a continuous connection to the (PSN) network.
  • PSN networks are separate mobile communication networks that are used by law enforcement, rescue services, fire brigades and other public authorities or even public utilities for time and mission critical communication.
  • the mobile devices may communicate directly with each other in Device to Device mode or in so called direct mode.
  • the operation of PSN network must be fast, reliable and secure, regardless of lack of network coverage, lack of resources or any type of network failure.
  • the PSN Network must have high availability, with no single point of failure, a highly resilient architecture and guaranteed availability even in times of a major incident, when the network will be stressed. It must also continue to operate through power outages.
  • D2D device to device
  • a licensed communications band is an issue, especially when considering support of autonomous D2D in the absence of a controlling network.
  • coverage may be required for some public safety use cases following the loss of a cellular or other controlling network entity.
  • a public safety network may permit device to device communication to operate in the area following a natural or other disaster where the controlling network entity loses coverage.
  • PS public safety
  • D2D apparatus such as public safety (PS) communications devices for use in one country being able to perform device to device (D2D) communications in a second country or region in the licenced bands that are illegal to be used by the PS communication devices in the second country.
  • PS public safety
  • a malfunctioning or misbehaving D2D capable device furthermore outside of a suitable controlling entity may imitate a master public safety device with the aim of attempting to attract other public safety devices to connect to it and share confidential information. Similarly public safety devices being misused or malfunctioning may attempt to find and access other master public safety devices over an autonomous D2D connection.
  • a target of the invention is to develop a method, a system and a mobile device so that the abovementioned drawbacks of the prior art are circumvented.
  • the target of the invention is achieved by a method, a system and a mobile device that is characterised by those features that are depicted in the independent patent claims.
  • a method comprising: determining at least one device-to-device communications characteristic; generating at least one device-to-device message; and encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic.
  • Encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic may comprise: generating a cipher key based on the device to device communications characteristic; selecting at least part of the at least one device-to-device message; and encrypting the at least part of the at least one device-to-device message with the cipher key.
  • the method may further comprise transmitting the at least one device-to-device message.
  • a method comprising: receiving at least one device-to-device message, the at least one device-to-device message comprising at least one encrypted part; determining at least one device-to-device communications characteristic; and decrypting the at least one encrypted part of the at least one device-to- device message depending on the at least one device to device communications characteristic.
  • Determining at least one device to device communications characteristic may comprise at least one of: storing the at least one device to device communications characteristic during the apparatus configuration; receiving the at least one device to device
  • the at least one device to device communications characteristic may comprise at least one of: a geographical boundary information value; a geographical boundary information reference point; at least one position and associated distance value; a group identification value; and a radio service profile identity value.
  • the at least one device-to-device message may comprise at least one of: a master device device-to-device communications configuration message; a slave device device-to-device communications configuration message; a device-to-device communication connection set-up message; a device-to-device indication message; a device-to-device notification message; and a device-to-device data message.
  • Determining at least one device to device communications characteristic may comprise: determining a plurality of device to device communications characteristic values for the at least one device to device communications characteristic; and selecting at least one of the plurality of device to device communications characteristic values.
  • Decrypting the at least one encrypted part of the at least one device-to-device message depending on the at least one device to device communications characteristic may comprise: generating a cipher key based on the device to device communications characteristic; and decrypting the at least one encrypted part of the at least one device-to- device message with the cipher key.
  • the method may further comprise determining a timer value and wherein generating a cipher key is further based on the timer value.
  • an apparatus comprising at least one processor and at least one memory including computer code for one or more programs, the at least one memory and the computer code configured to with the at least one processor to cause the apparatus to at least perform: determining at least one device-to- device communications characteristic; generating at least one device-to-device message; and encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic.
  • Encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic may cause the apparatus to perform: generating a cipher key based on the device to device communications characteristic; selecting at least part of the at least one device-to-device message; and encrypting the at least part of the at least one device-to-device message with the cipher key.
  • the apparatus may further be caused to perform transmitting the at least one device-to- device message.
  • an apparatus comprising at least one processor and at least one memory including computer code for one or more programs, the at least one memory and the computer code configured to with the at least one processor cause the apparatus to at least perform: receiving at least one device-to-device message, the at least one device-to-device message comprising at least one encrypted part; determining at least one device-to-device communications characteristic; and decrypting the at least one encrypted part of the at least one device-to-device message depending on the at least one device-to-device communications characteristic.
  • Determining at least one device to device communications characteristic may cause the apparatus to perform at least one of: storing the at least one device-to-device
  • the at least one device-to-device communications characteristic may comprise at least one of: a geographical boundary information value; a geographical boundary information reference point; at least one position and associated distance value; a group identification value; and a radio service profile identity value.
  • the at least one device-to-device message may comprise at least one of: a master device device-to-device communications configuration message; a slave device device-to-device communications configuration message; a device-to-device communication connection set-up message; a device-to-device indication message; a device-to-device notification message; and a device-to-device data message.
  • Determining at least one device-to-device communications characteristic may cause the apparatus to perform: determining a plurality of device-to-device communications characteristic values for the at least one device-to-device communications characteristic; and selecting at least one of the plurality of device-to-device communications
  • Decrypting the at least one encrypted part of the at least one device-to-device message depending on the at least one device-to-device communications characteristic may cause the apparatus to perform: generating a cipher key based on the device-to-device communications characteristic; and decrypting the at least one encrypted part of the at least one device-to-device message with the cipher key.
  • the apparatus may further be caused to perform determining a timer value and wherein generating a cipher key is further based on the timer value.
  • the timer value may be synchronised between device-to-device communication devices.
  • Generating a cipher key may be further based on the timer value is further dependent on a selection characteristic.
  • the plurality of device-to-device communications characteristic values may be associated with a selection characteristic, wherein the selection characteristic comprises at least one of: rank value; operational level value; and user-group value.
  • Selecting at least one of the plurality of device to device communications characteristic values may cause the apparatus to perform selecting at least one of the plurality of device to device communications characteristic values dependent on the selection characteristic.
  • an apparatus comprising: a device-to-device value determiner configured to determine at least one device-to-device communications characteristic; a message generator configured to generate at least one device-to-device message; and an encrypter configured to encrypt at least a first part of the at least one device-to-device message depending on the at least one device to device
  • the encrypter may comprise: a cipher key generator configured to generate a cipher key based on the device to device communications characteristic; a selector configured to select at least part of the at least one device-to-device message; and a message encrypter configured to encrypt the at least part of the at least one device-to-device message with the cipher key.
  • the apparatus may comprise a transmitter configured to transmit the at least one device- to-device message.
  • an apparatus comprising: a receiver configured to receive at least one device-to-device message, the at least one device-to- device message comprising at least one encrypted part; a device-to-device value determiner configured to determine at least one device-to-device communications characteristic; and a decrypter configured to decrypt the at least one encrypted part of the at least one device-to-device message depending on the at least one device-to-device communications characteristic.
  • the device-to-device value determiner may comprise at least one of: a memory configured to store the at least one device-to-device communications characteristic during the apparatus configuration; a characteristic receiver configured to receive the at least one device-to-device communications characteristic during a registration of the apparatus on a communications network; and a value retriever configured to retrieve the at least one device-to-device communications characteristic from an apparatus memory dependent on receiving an indicator for at least one group from a communications network server.
  • the at least one device-to-device communications characteristic may comprise at least one of: a geographical boundary information value; a geographical boundary information reference point; at least one position and associated distance value; a group identification value; and a radio service profile identity value.
  • the at least one device-to-device message may comprise at least one of: a master device device-to-device communications configuration message; a slave device device-to-device communications configuration message; a device-to-device communication connection set-up message; a device-to-device indication message; a device-to-device notification message; and a device-to-device data message.
  • the device-to-device value determiner may be configured to determine a plurality of device-to-device communications characteristic values for the at least one device-to- device communications characteristic; and the device-to-device value determiner may comprise a selector configured to select at least one of the plurality of device-to-device communications characteristic values.
  • the decrypter may comprise: a cipher key generator configured to generate a cipher key based on the device-to-device communications characteristic; and a message decrypter configured to decrypt the at least one encrypted part of the at least one device-to-device message with the cipher key.
  • the apparatus may further be caused to perform determining a timer value and wherein the cipher key generator is configured to generate the cipher key based on the timer value.
  • the timer value may be synchronised between device-to-device communication devices.
  • the cipher key generator may be configured to generate the cipher key dependent on a selection characteristic.
  • the plurality of device-to-device communications characteristic values may be associated with a selection characteristic, wherein the selection characteristic comprises at least one of: rank value; operational level value; and user-group value.
  • the selector may be configured to select at least one of the plurality of device to device communications characteristic values dependent on the selection characteristic.
  • an apparatus comprising: means for determining at least one device-to-device communications characteristic; means for generating at least one device-to-device message; and means for encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic.
  • the means for encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic may comprise: means for generating a cipher key based on the device to device
  • the apparatus may comprise means for transmitting the at least one device-to-device message.
  • an apparatus comprising: means for receiving at least one device-to-device message, the at least one device-to-device message comprising at least one encrypted part; means for determining at least one device-to-device communications characteristic; and means for decrypting the at least one encrypted part of the at least one device-to-device message depending on the at least one device-to-device communications characteristic.
  • the means for determining at least one device to device communications characteristic may comprise at least one of: means for storing the at least one device-to-device communications characteristic during the apparatus configuration; means for receiving the at least one device-to-device communications characteristic during a registration of the apparatus on a communications network; and means for retrieving the at least one device- to-device communications characteristic from an apparatus memory dependent on receiving an indicator for at least one group from a communications network server.
  • the at least one device-to-device communications characteristic may comprise at least one of: a geographical boundary information value; a geographical boundary information reference point; at least one position and associated distance value; a group identification value; and a radio service profile identity value.
  • the at least one device-to-device message may comprise at least one of: a master device device-to-device communications configuration message; a slave device device-to-device communications configuration message; a device-to-device communication connection set-up message; a device-to-device indication message; a device-to-device notification message; and a device-to-device data message.
  • the means for determining at least one device-to-device communications characteristic may comprise: means for determining a plurality of device-to-device communications characteristic values for the at least one device-to-device communications characteristic; and means for selecting at least one of the plurality of device-to-device communications characteristic values.
  • the means for decrypting the at least one encrypted part of the at least one device-to- device message depending on the at least one device-to-device communications characteristic may comprise: means for generating a cipher key based on the device-to- device communications characteristic; and means for decrypting the at least one encrypted part of the at least one device-to-device message with the cipher key.
  • the apparatus may comprise means for determining a timer value and wherein the means for generating a cipher key is comprises mean for generating a cipher key based on the timer value.
  • the timer value may be synchronised between device-to-device communication devices.
  • the means for generating a cipher key may further comprise means for generating a cipher key dependent on a selection characteristic.
  • the plurality of device-to-device communications characteristic values may be associated with a selection characteristic, wherein the selection characteristic comprises at least one of: rank value; operational level value; and user-group value.
  • the means for selecting at least one of the plurality of device to device communications characteristic values may comprise means for selecting at least one of the plurality of device to device communications characteristic values dependent on the selection characteristic.
  • An apparatus configured to perform the method as described herein.
  • a computer program product stored on a medium for causing an apparatus to perform the method as described herein.
  • An electronic device comprising apparatus as described herein.
  • a chipset comprising apparatus as described herein.
  • Figure 1 shows a schematic view of a general exemplary situation in which some embodiments can be realised
  • Figure 2 shows a schematic view of a general D2D communications apparatus according to some embodiments
  • Figure 3 shows a schematic view of a D2D communication apparatus in further detail with respect to some D2D message generation embodiments
  • Figure 4 is a flow diagram illustrating the functioning of a method of initialising a master D2D communications operation according to some embodiments
  • Figure 5 shows a schematic view of a D2D communication apparatus in further detail with respect to some D2D message reception embodiments
  • Figure 6 is a flow diagram illustrating the functioning of a method of receiving a master D2D communication initialisation message according to some embodiments
  • Figure 7 shows a schematic view of a D2D communication apparatus in further detail with respect to some further D2D message generation embodiments
  • Figure 8 is a flow diagram illustrating the functioning of a method of generating a cipher key for the master D2D communications operation according to some embodiments
  • Figure 9 shows an example geographical boundary information data table
  • Figure 10 shows an example hierarchical or ranked geographical boundary information data table
  • Figure 11 is a flow diagram illustrating the functioning of a method of initialising a master D2D communications operation with hierarchical selection according to some
  • the mobile communication system shown here in Figure 1 is a combination of at least two mobile communication networks namely the public safety network PSN 21 and a mobile communication network CN 10.
  • the mobile communication system comprises at least a first MS1 and a second MS2 mobile communications apparatus 1 adapted to operate in a public safety network PSN 21 having a base station PBS or eNodeB 12. So, the mobile devices MS1 and MS2 belong originally to the public safety network PSN 21 and are designed to operate in the PSN network.
  • the base station or eNodeB network element 12 maintains with its radio unit a first coverage area in which the mobile devices MS1 and MS2 are able to contact the public safety network PSN 21 and via it also other networks and network elements.
  • the public safety network PSN 21 is a separate mobile
  • This PSN network 21 should be more reliable than normal public broadband mobile communication system 10 and mainly separated from any other, particularly commercial, networks so as to avoid any disruptions or malfunctions or other severe and bad network conditions to spread from any commercial network to the PSN network.
  • Mobile communications apparatus 1 can typically access wirelessly a mobile network system via at least one base station 12 or similar wireless transmitter and/or receiver node of the access system.
  • a base station site typically provides one or more cells of a cellular system.
  • the base station 12 is configured to provide a cell, but could provide, for example, three sectors, each sector providing a cell.
  • Each mobile communications apparatus 1 and base station 12 may have one or more radio channels open at the same time and may communicate with more than one other station.
  • the communications apparatus can be in direct communication with the other communication apparatus.
  • a base station is typically controlled by at least one appropriate control apparatus so as to enable operation thereof and management of mobile communication devices in communication with the base station.
  • a control entity of a base station can be
  • control apparatus is shown to be provided by block 13.
  • An appropriate controller apparatus may comprise at least one memory, at least one data processing unit and an input/output interface.
  • the controller is thus typically provided with memory capacity and at least one data processor 14. It shall be understood that the control functions may be distributed between a plurality of controller units and/or that a part of the control may be provided by a control apparatus controlling a plurality of base stations.
  • the controller apparatus for a base station may be configured to execute an appropriate software code to provide the control functions as explained below in more detail.
  • the base station node 12 of the access is connected to a wider communication network 20 via node 15.
  • a communication system may be provided by one or more interconnect networks and the elements thereof, and one or more gateway nodes may be provided for interconnecting various networks.
  • the communications apparatus 1 can be provided with wireless access to the
  • CDMA code division multiple access
  • WCDMA wideband CDMA
  • Evolved Universal Terrestrial Radio Access Network A non-limiting example of mobile architectures where the herein described principles may be applied is known as the Evolved Universal Terrestrial Radio Access Network (E- UTRAN).
  • E- UTRAN Evolved Universal Terrestrial Radio Access Network
  • suitable access nodes are a base station of a cellular system, for example a base station known as NodeB or enhanced NodeB (eNB) in the vocabulary of the 3GPP specifications.
  • the eNBs may provide E-UTRAN features such as user plane Radio Link Control/Medium Access Control/Physical layer protocol (RLC/MAC/PHY) and control plane Radio Resource Control (RRC) protocol terminations towards mobile communication devices.
  • RLC/MAC/PHY Radio Link Control/Medium Access Control/Physical layer protocol
  • RRC Radio Resource Control
  • Other examples include base stations of systems that are based on technologies such as wireless local area network (WLAN) and/or WiMax (Worldwide Interoperability for Microwave Access).
  • WLAN wireless local area
  • the broadband mobile communication network CN 10 comprises a second coverage area maintained by the base station 12 or in some embodiments can be a separate eNodeB network element according to the LTE standard.
  • FIG. 2 shows a schematic, partially sectioned view of a communications apparatus or communications device 1 that can be used for communication with the base station 12 and also for communication with other mobile devices in D2D communications using the PSN.
  • An appropriate mobile communication device may be provided by any device capable of sending and receiving radio signals. Non-limiting examples include a mobile station (MS) such as a mobile phone or what is known as a 'smart phone', a portable computer provided with a wireless interface card or other wireless interface facility, personal data assistant (PDA) provided with wireless communication capabilities, or any combinations of these or the like.
  • the mobile communications device 1 may be used for voice and video calls, for accessing service applications provided via a data network and so forth.
  • the mobile communication device 1 may receive signals via appropriate apparatus for receiving and transmitting radio signals on wireless carriers, or radio bearers.
  • a transceiver apparatus is designated schematically by block 7.
  • the transceiver apparatus may be provided for example by means of a radio part and associated antenna arrangement.
  • the antenna arrangement may be arranged internally or externally to the mobile device.
  • a mobile device is also typically provided with at least one data processing entity 3, at least one memory 4 and other possible components 9 for use in tasks it is designed to perform.
  • the data processing, storage and other entities can be provided on an appropriate circuit board and/or in chipsets. This feature is denoted by reference 6.
  • the user may control the operation of the mobile device by means of a suitable user interface such as key pad 2, voice commands, touch sensitive screen or pad, combinations thereof or the like.
  • a display 5, a speaker and a microphone are also typically provided.
  • a mobile device may comprise appropriate connectors (either wired or wireless) to other devices and/or for connecting external accessories, for example hands-free equipment, there
  • Direct mobile cellular device-to-device (D2D) communications can also be provided between the mobile devices 1 as shown in Figure 2 in the system of Figure 1.
  • D2D Direct mobile cellular device-to-device
  • two or more of the devices can be paired into a set of paired communication devices where after a communications link between the members of the set can be established.
  • direct communications between devices can be referred to in various terms, for example as mobile-to-mobile (M2M), machine-to-machine (M2M), terminal-to-terminal (T2T) or peer-to-peer (P2P).
  • M2M mobile-to-mobile
  • M2M machine-to-machine
  • T2T terminal-to-terminal
  • P2P peer-to-peer
  • Mobile cellular device-to-device (D2D) communications can use licensed radio spectrum under supervision and control of at least one supporting system, typically a cellular system. D2D may use, at least for a part of the needed resources, the same radio resources of the supporting system or systems. Direct D2D communications can be incorporated into the cellular network for example to reduce transmitter power
  • Direct D2D communications in a cellular system may potentially achieve improved spectrum efficiency by spatial reuse. That is, certain radio resources may be simultaneously reused among different D2D users and/or D2D users and cellular users.
  • the communications apparatus or communications device suitable for device to device (D2D) communications can be configured to use device to device information to authenticate the communications devices when operating in as public safety devices. For example when the communications devices are operating during a discovery phase, initiation, or data communications phase.
  • the use of D2D information to authenticate the public safety communications apparatus can for example permit intra-user group (or intra-group), inter-user group (or inter-group), and ranked (or hierarchical or chain-of-command) authentication.
  • intra-user group authentication can be provided using the D2D information.
  • devices of the same user group can 'discover' each other and therefore conduct specified types of autonomous D2D communication services.
  • a specific or defined group such as police from the same police station or area could therefore in some embodiments be permitted to communicate using autonomous D2D communication services based on the D2D information stored within the public safety devices issued to the same police force and therefore prevent any non-police bases D2D devices being able to transmit or listen to the group communication.
  • inter-user group authentication can be implemented using the D2D information as authentication.
  • D2D information can be specified or defined devices of different user groups configured to be able to discover each other to conduct specified or defined types of autonomous D2D communication services.
  • groups such as police, firefighters, ambulance or medical services can communicate where an emergency requires intergroup communication.
  • a ranked or hierarchical or chain-of-command authentication can furthermore be implemented for autonomous D2D communication services in some embodiments to provide a defined chain-of-command based structure for authentication and authorisation hierarchy.
  • a higher ranked user or the user in charge can be provided with authentication and authorisation for many user groups, for example a first (strategy) user group confined to higher ranked D2D devices and second (tactical) user group defined for all the D2D devices operating where a lower ranked user is permitted to only discover and communicate on the second user group.
  • the use of enhanced authentication and authorisation using the D2D information thus assists the resolution of D2D misuse or misconduct.
  • embodiments as described herein allowed the operation of communication devices in a D2D mode in the absence of a cellular network.
  • the devices ensure that autonomous operation on the licensed band is not provided without network permission.
  • the mobile device comprises a device to device (D2D) communications controller 207.
  • the device to device communications controller 207 can be configured to control the operation of the communications device with respect to device to device communications.
  • the device to device communications controller 207 is configured to control the initialisation of suitable device to device operations by performing a master device configuration operation.
  • the device to device communications controller 207 can be configured to control any suitable message generation operation for example sending D2D connection setup requests, indication requests, notification messages or data transmission messages.
  • a master device or apparatus of an autonomous D2D network is the device which starts advertising or broadcasting the availability of the apparatus within the licensed band. By broadcasting availability the apparatus is able to be 'discovered' by other devices performing a D2D discovery or scanning operation.
  • the device to device communications controller 207 can for example receive from a higher level control (such as initialised using a user interface input requesting a D2D communications service to be started, or initialise automatically, detecting that the device is out of coverage of a public safety network) an indicator or message requesting the start of a master device to device master device configurations operation.
  • a higher level control such as initialised using a user interface input requesting a D2D communications service to be started, or initialise automatically, detecting that the device is out of coverage of a public safety network
  • the device to device communications controller 207 can then be configured to initialise the following components to thus generate and transmit the suitable device to device message incorporating D2D information based cryptographic information.
  • the apparatus comprises a reference determiner/store 201.
  • the reference determiner/store 201 is configured to determine and/or store the suitable device to device information.
  • the device to device information comprises geographical boundary information (D2D_GBI).
  • D2D_GBI geographical boundary information
  • the geographical boundary information defines regions (or zones) within which D2D communication is permitted or excluded.
  • the geographical boundary information can for example comprise at least one reference position (or reference point) and range information defining a region or zone.
  • the device to device information can be a subfield of the geographical boundary information.
  • the device to device information can be the device to device geographical boundary information reference point (D2D_GBI_RP).
  • the device to device information can comprise a D2D group identifier (D2D_GID).
  • D2D_GID D2D group identifier
  • the device to device group identifier value can be a value which is assigned to the communication device indicating that the device can communicate with other devices operating on the same group identification value.
  • the device to device information used is the designated profile characteristic.
  • each kind of supported service over the autonomous D2D has a designated profile characteristic with a unique device to device radio service profile identity (D2D_RSPID).
  • D2D_RSPID device to device radio service profile identity
  • the device to device radio service profile identity can be used to map on certain designated radio connection, bearer or channel configurations or characteristics determining how the device to device public safety communications device is to communicate.
  • the D2D information such as the geographical boundary
  • the D2D information can be derived or preconfigured within the D2D devices themselves.
  • the D2D information can be determined with assistance from a 'home' cellular network, or from a 'local' or visited cellular network.
  • the device to device information can in some embodiments be preconfigured in advance as part of a subscription profile or (re-)configured within the device upon re-registration or location update (which may include special cases where permission is granted for specific working areas such as fire brigades, police in emergency situations).
  • the D2D information can be passed to the communications apparatus from local visited cellular network.
  • the device to device information stored in the D2D information determiner/store 201 is geographical boundary information (D2D_GBI) however it would be understood that any suitable device to device information can be used as the cipher key seed.
  • D2D_GBI D2D geographical boundary information
  • the D2D_GBI data table 800 shows a series of data entries.
  • An example data entry 81 1 comprises a reference location 801 defined as a reference location Xi, Yi and a reference distance or range value 803 Ri. It would be understood that in some
  • the reference distance or range value is a singular value R associated with every reference location (Xi Yi) to (X N Y N ) however in some embodiments the associated reference distance or range value can differ Ri to R N from reference location to location value (X! to (X N Y N ).
  • each entry further comprises a network identifier.
  • the network identifier can indicate which geographical boundary information is allocated to which region or national public safety network (PSN).
  • PSN public safety network
  • the mobile device can be configured to select a public safety network within which the mobile device is allowed to operate within and furthermore which data entries or GBI can be used to control the D2D operations.
  • a first PSN and associated D2D_GBI
  • a second PSN and associated D2D_GBI
  • a mobile device allocated to a service can be configured to operate according to the first PSN D2D_GBI
  • a mobile device allocated to a second service can be configured to operate according to the second PSN D2D_GBI, but when required both could be configured (for example when required to co-operate with each other) to operate in the others geographical region.
  • the reference determiner/store 201 can be preconfigured in advance as part of a subscription profile or can be reconfigured upon D2D reregistration or location updates to define the reference information.
  • the reference determiner/store 201 can be configured to receive visited cellular network broadcast information.
  • the broadcast information can in some embodiments contain information about the identity of the national or regional public service network where the apparatus is currently located.
  • the reference determiner 201 can be configured to determine from such information public safety network information. For example the reference determiner can determine the name of the currently visited public safety network, the allocated spectrum information, or geographical boundary information defining the visited public safety network. The mobile device and reference determiner 201 can then find and read such information once being out of their home network coverage and initiate autonomous D2D communications on licensed bands using such information as described herein.
  • the visited cellular network can further broadcast over certain network coverage information about licensed bands on which eligible D2D devices can conduct autonomous D2D communications to guide as well as prevent misuse of D2D communications. For example where the setting up of public safety network it is to provide a temporary network for emergency services where the apparatus would normally not be allowed to operate then the visited cellular network can broadcast updates for the geographical boundary information to be stored within the reference store.
  • the D2D information for example the geographical boundary information can be passed to a cryptographic cipher key generator 203.
  • the communications device comprises a device to device message generator 205.
  • the D2D message generator 205 can be configured to generate a master device configuration message.
  • the master device configuration message can be any suitable format message.
  • the device comprises a cryptographic cipher key generator 203.
  • the cryptographic cipher key generator 203 can be configured to use the D2D information as a cipher key seed from which a cipher key can be generated.
  • the cipher key generator 203 can be configured to use any suitable cryptographic cipher key generating process.
  • the generated cipher key can in some embodiments be passed to an encrypter 208.
  • step 305 The operation of determining a cypher key from the D2D information is shown in Figure 4 by step 305.
  • the communications device comprises an encrypter 208.
  • the encrypter 208 can be configured to receive the D2D message from the D2D message generator 205, and the cryptographic cipher key from the cryptographic cipher key generator 203 and encrypt at least part of the D2D message using the cryptographic cipher key.
  • the message part encrypted can be the device or service specific access information.
  • the encrypter 208 can then be configured to pass the encrypted message to the transmitter 209.
  • the device comprises a transmitter 209.
  • the transmitter 209 can be configured to receive the encrypted message from the encrypter 208 and transmit the message with a suitable encryption or encrypted part using the licensed frequency band.
  • the communications device comprises a D2D communications controller 407.
  • the D2D communications controller can in some embodiments be configured to control the operation of the receiver components described herein. It would be understood that the D2D communications controller 407 can in some embodiments be the same D2D communications controller as shown with regards to the transmitter operations.
  • the D2D communications controller 407 can control the receiver 402 to listen for a suitable broadcast or transmitted message.
  • the device comprises a receiver 402. It would be understood that the receiver 402 can be any suitable receiver configured to receive communications via the licensed frequency bands. Furthermore the receiver 402 can in some embodiments be a receiver element of a suitable transceiver where the communications device can operate as both transmitter and receiver.
  • the receiver 402 can be configured to receive the encrypted message and pass the received message to the decrypter 405.
  • step 501 The operation of receiving the message with encryption is shown in Figure 6 by step 501.
  • the device comprises a D2D information determiner/store 401. It would be understood that the D2D information determiner/store 401 is analogous to the D2D information determiner/store 201 shown in Figure 2 with regards to the
  • the D2D information determiner/store 401 can be configured to determine or store the suitable geographical boundary information (D2D_GBI).
  • the D2D_GBI information can in some embodiments be passed to a cryptographic cipher key generator 403.
  • any suitable D2D information as described herein can the output from the D2D information determiner/store 401 to the cryptographic cypher key generator 403.
  • the communications device comprises a cryptographic cipher key generator 403.
  • the cryptographic cipher key generator 403 is analogous to the
  • the cryptographic cipher key generator 203 shown with regards to the transmitter.
  • the communications device can be configured to operate as a transmitter and receiver of D2D messages the cryptographic cipher key generator operations for both encoding and decoding messages may be performed in a single key generator or key generator means.
  • the cryptographic cipher key generator is configured to generate a cryptographic cypher key using the D2D information as seed information in a manner similar to the cryptographic cypher key generator shown in the transmitter operations.
  • the cryptographic cypher key generator 403 outputs the key to a decrypter 405.
  • the device comprises a decrypter 405.
  • the decrypter 405 is configured to receive the message from the receiver 402 and the cryptographic cipher key from the cryptographic cipher key generator 403 and configured to decrypt the encrypted parts of the message received using the cypher key generated by the cryptographic cipher key generator 403.
  • the decrypter 405 can in some embodiments be part of a general encryption/decryption (encoding/decoding) process or processor where the device operates as both transmitter and receiver.
  • the decrypter can be configured to operate on the encrypted message parts using any suitable decryption operation (defined as being the opposite to the encryption process used by the encrypter 208).
  • the operation of decrypting the message is shown in Figure 6 by step 505.
  • the decrypter 405 can output the decrypted message.
  • the output message can be processed by the D2D communications controller 407.
  • the D2D communications controller 407 can receive the decrypted message and process the message to respond to the master device configuration message to initiate communication with the master device.
  • an intra-user group authentication can be implemented where an authentic individual or user from a targeted group can derive the same key as used in the encryption in order to listen to the master device configuration message and process the message to determine information for accessing the master device and furthermore the service of interest.
  • the encryption of the message can be performed using more than the D2D information as the key seed.
  • D2D device to device
  • Figure 8 the operation of the example device to device (D2D mobile device is further described.
  • the D2D capable communications device shown in Figure 7 differs from the example shown in Figure 3 in that it further comprises a random number generator 601 and a timer 603.
  • the random number generator 601 can be configured in some embodiments to generate a synchronised random number.
  • the synchronised random number is synchronised among the group members.
  • the synchronisation between the group members is performed by the timer 601 (the communications device operating as the receiver comprising a similar timer) configured to provide a time interval synchronisation or timestamp from which the random number generator 601 is configured to generate the random number.
  • the timestamp or interval reference used to generate the random number can be appended to the D2D master device configuration message where timer synchronisation is not possible.
  • the random number generator 601 can be configured to determine a D2D message timestamp from the timer 603.
  • the random number generator 601 then can be configured to generate the random number dependent on the current interval value or timestamp value according to any suitable pseudo-random process.
  • the timer 603 can be a single received timer value, for example a global or local broadcast time signal.
  • the timer 603 can in some embodiments generate the time value and/or interval reference from timing information received from a satellite, such as the global positioning satellite (GPS) system, or from a cellular communications system.
  • GPS global positioning satellite
  • the operation of generating the random number from the timestamp or interval is shown in Figure 8 by step 703.
  • the cryptographic cipher key generator 203 can then be configured to determine a first cipher key part from the random number.
  • the cryptographic cipher key generator 203 or suitable key generating means can be configured to determine the first cipher key part from the random number can use any suitable seed cryptographic cipher generating process.
  • the key generator can be configured to determine the key by use of a mathematical function (which can generate symmetric or asymmetric keys) known to both the transmitter and receiver communication devices.
  • the key generator can be configured to use a look up table to generate the key.
  • the cryptographic cipher key generator 203 can be configured to determine part of the cipher key from the D2D information as discussed herein.
  • the key generator can be configured to determine the key by use of a mathematical function (which can generate symmetric or asymmetric keys) known to both the transmitter and receiver communication devices.
  • the key generator can be configured to use a look up table to generate the D2D information based key.
  • the cryptographic cipher key generator 203 can then be configured to output the full cipher key to the encrypter 208 for encrypting the message received from the D2D message generator 205.
  • the encryption and therefore the security aspect is enhanced by further randomising the encryption operation.
  • the user or device can belong to multiple user groups.
  • the device to device information can be configured with multiple entries for each information value. For example there can be stored within the D2D information store multiple D2D_GID/D2D_GBI/D2D_RSPID values each value associated with a defined user group or groups.
  • these user groups can furthermore be arranged in hierarchical order such that each of the groups according to a ranking system wherein lower ranks can use a limited number values and higher ranks use more values.
  • the communications device can be configured to act as a master device for one group but not another.
  • the ranking or group organisation configuration can be carried out as a part of a subscription profile or on mobile cellular registration or location update procedures with necessary authentication and authorisation.
  • the device can be configured to determine which entries of the D2D information such as D2D_GI D,
  • D2D_GBI , and D2D_RSPI D are to be used for D2D communications of interest.
  • a multiuser group or rank example D2D_GBI information store format is shown.
  • the device to device geographical boundary information (D2D_GBI) is stored in a first column 901.
  • a second column 903 defines the rank associated with the GBI information. In other words the second column defines at which rank level the GBI value can be used.
  • a third column 905 defines the user group associated with the GBI information. In other words which user groups are allowed to operate according to the GBI information. It would be understood that the information store format shown in Figure 10 is an example only and in some embodiments only the GBI information and one of the associated rank or user group is defined.
  • a first GBI entry 951 Xi , Yi , Ri has associated rank value 903 RK ! and associated groups GPi and GP 2 and a second GBI entry 953 X N , Y N , R N has associated ranks RKi to RK N and user groups GPi to GP N .
  • the first GBI entry can be used only for the rank RKi but the second GBI entry can be used for any of the ranks RK ! to RK N .
  • the first GBI entry can be used only for the user groups GPi and GP 2 but the second GBI entry can be used for any of the user groups GPi to GP N .
  • the D2D communications controller 207 can determine or select the rank (or operational level) at which the D2D communications device is to operate.
  • the D2D communications controller 207 can determine or select the user group, where there are multiple groups within which the communications device can operate within, in which the D2D communications device is to operate.
  • the determination or selection of the rank can for example be defined when the communications device is first switched on. For example as part of the communications device startup procedure the user could be asked for a suitable rank (or operational or user-group) value and where required a log on code for that selection.
  • the rank (operational level or user group) of the device can be assigned from a central system, for example when being used in a mobile cellular network based on some other form of identification or authentication such as provided by the device containing a suitable subscriber identity module associated with a known rank (or operational level or user group) member.
  • the D2D communications controller 207 selection can be fully automatic, semi-automatic (for example a selection list) or fully manually selected.
  • the operation of selecting the rank/operational level/user group is shown in Figure 11 by step 1001.
  • the rank/operational level or user group can have an associated value which can be then used in the look up table shown in Figure 10 to determine a suitable GBI information value.
  • step 1003 The selection of the D2D information based on the rank (or operational level or user group) selection is shown in Figure 11 by step 1003.
  • the D2D communications controller 207 can then control the cryptographic cipher key generator 203 to determine the cipher key from the D2D information selected. In other words the cryptographic cipher key generator 203 generates the cipher key value based on the D2D information having been selected dependent on the rank/operational level/user group.
  • the authentication and ciphering operations described herein can take into account the rank/operational level/user group.
  • the rank/operational level/user group value is used as a variable in deriving the ciphering key or as a guiding factor in determining or mapping on the right entry for the device to device information (such as D2D_GID, D2D_GBI, and D2D_RSPID).
  • the rank or operational level can further be provided security pre- configurations for deriving the ciphering key enhanced specifically for a specific rank/operational level/user group. Therefore individual users depending on their rank/operational level/user group they belong to can be configured with a range of encryption options dependent on the rank/operational level/user group value where more valuable or important rank/operational level/user group values having greater encryption. It would be understood that the same selection and key generation dependent on the rank/operational level/user group can be applied to the receiver D2D operations described herein and the transmitter D2D operations.
  • the receiver communication device can be configured to try all possible configured keys generated according to the receiver communications device rank/operational level/user group permitted.
  • the receiver communications device can be configured to implement rules to speed up the search for the sender rank/operational level/user group search (in other words rank/operational level/user group detection) in order to determine the associated rank/operational level/user group specific cipher key.
  • the receiver communications device can in some embodiments be configured to try a certain rank first or the same rank as the receiver itself and then try the next step one up or down.
  • the synchronisation sequence or L1 identification value sent and received by D2D peers for synchronisation and discovery purposes can be configured to map to the rank of the sender communications device which can be used by the receiver communications device to determine which rank/operational level/user group the sender can use.
  • a top rank can contain only a few devices which can have a stronger authentication procedure some secure personal information such as nickname or code can be applied to those supposed to be authentic peers to those users which know about in order to derive the matching ciphering key.
  • An appropriately adapted computer program code product or products may be used for implementing the embodiments, when loaded on an appropriate data processing apparatus, for example for determining geographical boundary based operations and/or other control operations.
  • the program code product for providing the operation may be stored on, provided and embodied by means of an appropriate carrier medium.
  • An appropriate computer program can be embodied on a computer readable record medium. A possibility is to download the program code product via a data network.
  • the various embodiments may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Embodiments of the inventions may thus be practiced in various components such as integrated circuit modules.
  • the design of integrated circuits is by and large a highly automated process. Complex and powerful software tools are available for converting a logic level design into a semiconductor circuit design ready to be etched and formed on a semiconductor substrate.
  • communication system is provided by means of a plurality of mobile user equipment, for example in adhoc networks, and at least one of the user equipments can provide control on the communications based on grouping that takes interference into account. Therefore, although certain embodiments were described above by way of example with reference to certain exemplifying architectures for wireless networks, technologies and standards, embodiments may be applied to any other suitable forms of communication systems than those illustrated and described herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and control apparatus for a wireless communication system is disclosed comprising determining at least one device-to-device communications characteristic; generating at least one device-to-device message; and encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic.

Description

DESCRIPTION
TITLE
ENCRYPTING DEVICE - TO - DEVICE MESSAGES FOR A PUBLIC SAFETY NETWORK MOBILE COMMUNICATION SYSTEM
FIELD
The example and non-limiting embodiments of this invention relate generally to wireless communication systems, including methods, devices and computer programs for communicating in such systems, and more specifically relate to direct communications between mobile devices over public safety network allocated resources, also known as device-to-device D2D communications.
BACKGROUND
A communication system can be seen as a facility that enables communication sessions between two or more entities such as mobile communication devices and/or other stations associated with the communication system. A communication system and a compatible communication device typically operate in accordance with a given standard or specification which sets out what the various entities associated with the system are permitted to do and how that should be achieved. For example, the manner how the communication device can access the communication system and how communications shall be implemented between communicating devices, the elements of the
communications network and/or other communication devices is typically defined.
In a wireless communication system at least a part of communications between at least two devices occurs over a wireless link. Examples of wireless systems include public land mobile networks (PLMN), satellite based communication systems and different wireless local networks, for example wireless local area networks (WLAN). In wireless systems an access node is provided by a base station. The radio coverage area of a base station is known as a cell, and therefore the wireless systems are often referred to as cellular systems. They can also be called mobile communication systems or mobile
communication networks.
A mobile telecommunication network typically operates in accordance with a wireless standard. Examples include GSM (Global System for Mobile) EDGE (Enhanced Data for GSM Evolution) Radio Access Networks (GERAN), Universal Terrestrial Radio Access Networks (UTRAN), and evolved Universal Terrestrial Radio Access Networks (EUTRAN).
A further example of wireless communication systems is an architecture that is being standardized by the 3rd Generation Partnership Project (3GPP). This system is often referred to as the long-term evolution (LTE) of the Universal Mobile Telecommunications System (UMTS) radio-access technology. The aim of LTE is to achieve, inter alia, reduced latency, higher user data rates, improved system capacity and coverage, and reduced cost for the operator. A further development of the LTE is often referred to as LTE- Advanced.
In system according to the LTE standard a base station access node is called enhanced or evolved Node B (eNB).
A user can access the communication system by means of an appropriate communication device. A communication device of a user is often referred to as user equipment (UE) or terminal or mobile device or a mobile station. A communication device is provided with an appropriate signal receiving and transmitting arrangement for enabling communications with other parties. The device may also comprise user interface for communicating with the user and a controller for controlling the operation of the device.
A communication device may be arranged to communicate, for example, data for carrying communications such as voice, electronic mail (email), text message, multimedia, for enabling internet access, for carrying application specific data and so on. Users may thus be offered and provided numerous services via their communication devices. The communication connection can be provided by means of one or more data bearers.
In wireless systems a communication device provides a transceiver device that can communicate with another communication device such as e.g. an access node or a base station and/or another user equipment. The communication device may access a carrier provided by a base station and transmit and/or receive communications on the carrier.
A feature of wireless communication devices is that they offer mobility for the users thereof. A mobile communication device, or mobile device or mobile station for short, may also be transferred, or handed over, from a base station to another and even between base stations belonging to different systems.
A communication device or user equipment that has no continuous connection to its home system may nevertheless be considered as being a part of a communication system. In certain applications, for example in ad-hoc networks or in a public safety network (PSN), the communication system may be based on use of a plurality of user equipment capable of communicating with each other. D2D communications, alternatively termed mobile-to- mobile (M2M), machine-to-machine (M2M), terminal-to-terminal (T2T) or peer-to-peer
(P2P) communications, therefore concerns wireless communications directly between UEs and is targeted for standardization sometime beyond 3GPP LTE Release 10 (also referred to as LTE-Advanced or LTE-A. In this kind of situation the devices performing D2D communications do not necessarily have a continuous connection to the (PSN) network.
PSN networks are separate mobile communication networks that are used by law enforcement, rescue services, fire brigades and other public authorities or even public utilities for time and mission critical communication. In PSN networks the mobile devices may communicate directly with each other in Device to Device mode or in so called direct mode. The operation of PSN network must be fast, reliable and secure, regardless of lack of network coverage, lack of resources or any type of network failure. The PSN Network must have high availability, with no single point of failure, a highly resilient architecture and guaranteed availability even in times of a major incident, when the network will be stressed. It must also continue to operate through power outages.
The misuse of device to device (D2D) communications in a licensed communications band is an issue, especially when considering support of autonomous D2D in the absence of a controlling network. In such situations coverage may be required for some public safety use cases following the loss of a cellular or other controlling network entity. For example a public safety network (PSN) may permit device to device communication to operate in the area following a natural or other disaster where the controlling network entity loses coverage. However this in such circumstances can lead to users of D2D apparatus such as public safety (PS) communications devices for use in one country being able to perform device to device (D2D) communications in a second country or region in the licenced bands that are illegal to be used by the PS communication devices in the second country.
Furthermore in addition to PS D2D communication, commercial D2D communications could provide coverage in licence bands outside of the reach of a cellular system by the implementation of an autonomous ad hoc network connecting back to the cellular base station. In such circumstances the apparatus should be configured to setup ad hoc network using D2D only in those areas where the licence bands can be used legally by the apparatus.
A malfunctioning or misbehaving D2D capable device furthermore outside of a suitable controlling entity may imitate a master public safety device with the aim of attempting to attract other public safety devices to connect to it and share confidential information. Similarly public safety devices being misused or malfunctioning may attempt to find and access other master public safety devices over an autonomous D2D connection.
SUMMARY
A target of the invention is to develop a method, a system and a mobile device so that the abovementioned drawbacks of the prior art are circumvented.
The target of the invention is achieved by a method, a system and a mobile device that is characterised by those features that are depicted in the independent patent claims.
According to a first aspect there is provided a method comprising: determining at least one device-to-device communications characteristic; generating at least one device-to-device message; and encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic.
Encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic may comprise: generating a cipher key based on the device to device communications characteristic; selecting at least part of the at least one device-to-device message; and encrypting the at least part of the at least one device-to-device message with the cipher key.
The method may further comprise transmitting the at least one device-to-device message. According to a second aspect there is provided a method comprising: receiving at least one device-to-device message, the at least one device-to-device message comprising at least one encrypted part; determining at least one device-to-device communications characteristic; and decrypting the at least one encrypted part of the at least one device-to- device message depending on the at least one device to device communications characteristic.
Determining at least one device to device communications characteristic may comprise at least one of: storing the at least one device to device communications characteristic during the apparatus configuration; receiving the at least one device to device
communications characteristic during a registration of the apparatus on a communications network; and retrieving the at least one device to device communications characteristic from an apparatus memory dependent on receiving an indicator for at least one group from a communications network server.
The at least one device to device communications characteristic may comprise at least one of: a geographical boundary information value; a geographical boundary information reference point; at least one position and associated distance value; a group identification value; and a radio service profile identity value.
The at least one device-to-device message may comprise at least one of: a master device device-to-device communications configuration message; a slave device device-to-device communications configuration message; a device-to-device communication connection set-up message; a device-to-device indication message; a device-to-device notification message; and a device-to-device data message.
Determining at least one device to device communications characteristic may comprise: determining a plurality of device to device communications characteristic values for the at least one device to device communications characteristic; and selecting at least one of the plurality of device to device communications characteristic values.
Decrypting the at least one encrypted part of the at least one device-to-device message depending on the at least one device to device communications characteristic may comprise: generating a cipher key based on the device to device communications characteristic; and decrypting the at least one encrypted part of the at least one device-to- device message with the cipher key.
The method may further comprise determining a timer value and wherein generating a cipher key is further based on the timer value.
The timer value may be synchronised between device-to-device communication devices. Generating a cipher key may be further based on the timer value is further dependent on a selection characteristic.
The plurality of device to device communications characteristic values may be associated with a selection characteristic, wherein the selection characteristic comprises at least one of: rank value; operational level value; and user-group value. Selecting at least one of the plurality of device to device communications characteristic values may comprise selecting at least one of the plurality of device to device
communications characteristic values dependent on the selection characteristic.
According to a third aspect there is provided an apparatus comprising at least one processor and at least one memory including computer code for one or more programs, the at least one memory and the computer code configured to with the at least one processor to cause the apparatus to at least perform: determining at least one device-to- device communications characteristic; generating at least one device-to-device message; and encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic.
Encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic may cause the apparatus to perform: generating a cipher key based on the device to device communications characteristic; selecting at least part of the at least one device-to-device message; and encrypting the at least part of the at least one device-to-device message with the cipher key.
The apparatus may further be caused to perform transmitting the at least one device-to- device message.
According to a fourth aspect there is provided an apparatus comprising at least one processor and at least one memory including computer code for one or more programs, the at least one memory and the computer code configured to with the at least one processor cause the apparatus to at least perform: receiving at least one device-to-device message, the at least one device-to-device message comprising at least one encrypted part; determining at least one device-to-device communications characteristic; and decrypting the at least one encrypted part of the at least one device-to-device message depending on the at least one device-to-device communications characteristic.
Determining at least one device to device communications characteristic may cause the apparatus to perform at least one of: storing the at least one device-to-device
communications characteristic during the apparatus configuration; receiving the at least one device-to-device communications characteristic during a registration of the apparatus on a communications network; and retrieving the at least one device-to-device
communications characteristic from an apparatus memory dependent on receiving an indicator for at least one group from a communications network server.
The at least one device-to-device communications characteristic may comprise at least one of: a geographical boundary information value; a geographical boundary information reference point; at least one position and associated distance value; a group identification value; and a radio service profile identity value.
The at least one device-to-device message may comprise at least one of: a master device device-to-device communications configuration message; a slave device device-to-device communications configuration message; a device-to-device communication connection set-up message; a device-to-device indication message; a device-to-device notification message; and a device-to-device data message. Determining at least one device-to-device communications characteristic may cause the apparatus to perform: determining a plurality of device-to-device communications characteristic values for the at least one device-to-device communications characteristic; and selecting at least one of the plurality of device-to-device communications
characteristic values.
Decrypting the at least one encrypted part of the at least one device-to-device message depending on the at least one device-to-device communications characteristic may cause the apparatus to perform: generating a cipher key based on the device-to-device communications characteristic; and decrypting the at least one encrypted part of the at least one device-to-device message with the cipher key.
The apparatus may further be caused to perform determining a timer value and wherein generating a cipher key is further based on the timer value.
The timer value may be synchronised between device-to-device communication devices.
Generating a cipher key may be further based on the timer value is further dependent on a selection characteristic.
The plurality of device-to-device communications characteristic values may be associated with a selection characteristic, wherein the selection characteristic comprises at least one of: rank value; operational level value; and user-group value.
Selecting at least one of the plurality of device to device communications characteristic values may cause the apparatus to perform selecting at least one of the plurality of device to device communications characteristic values dependent on the selection characteristic.
According to a fifth aspect there is provided an apparatus comprising: a device-to-device value determiner configured to determine at least one device-to-device communications characteristic; a message generator configured to generate at least one device-to-device message; and an encrypter configured to encrypt at least a first part of the at least one device-to-device message depending on the at least one device to device
communications characteristic.
The encrypter may comprise: a cipher key generator configured to generate a cipher key based on the device to device communications characteristic; a selector configured to select at least part of the at least one device-to-device message; and a message encrypter configured to encrypt the at least part of the at least one device-to-device message with the cipher key.
The apparatus may comprise a transmitter configured to transmit the at least one device- to-device message.
According to a sixth aspect there is provided an apparatus comprising: a receiver configured to receive at least one device-to-device message, the at least one device-to- device message comprising at least one encrypted part; a device-to-device value determiner configured to determine at least one device-to-device communications characteristic; and a decrypter configured to decrypt the at least one encrypted part of the at least one device-to-device message depending on the at least one device-to-device communications characteristic.
The device-to-device value determiner may comprise at least one of: a memory configured to store the at least one device-to-device communications characteristic during the apparatus configuration; a characteristic receiver configured to receive the at least one device-to-device communications characteristic during a registration of the apparatus on a communications network; and a value retriever configured to retrieve the at least one device-to-device communications characteristic from an apparatus memory dependent on receiving an indicator for at least one group from a communications network server.
The at least one device-to-device communications characteristic may comprise at least one of: a geographical boundary information value; a geographical boundary information reference point; at least one position and associated distance value; a group identification value; and a radio service profile identity value.
The at least one device-to-device message may comprise at least one of: a master device device-to-device communications configuration message; a slave device device-to-device communications configuration message; a device-to-device communication connection set-up message; a device-to-device indication message; a device-to-device notification message; and a device-to-device data message.
The device-to-device value determiner may be configured to determine a plurality of device-to-device communications characteristic values for the at least one device-to- device communications characteristic; and the device-to-device value determiner may comprise a selector configured to select at least one of the plurality of device-to-device communications characteristic values.
The decrypter may comprise: a cipher key generator configured to generate a cipher key based on the device-to-device communications characteristic; and a message decrypter configured to decrypt the at least one encrypted part of the at least one device-to-device message with the cipher key.
The apparatus may further be caused to perform determining a timer value and wherein the cipher key generator is configured to generate the cipher key based on the timer value.
The timer value may be synchronised between device-to-device communication devices.
The cipher key generator may be configured to generate the cipher key dependent on a selection characteristic.
The plurality of device-to-device communications characteristic values may be associated with a selection characteristic, wherein the selection characteristic comprises at least one of: rank value; operational level value; and user-group value.
The selector may be configured to select at least one of the plurality of device to device communications characteristic values dependent on the selection characteristic. According to a seventh aspect there is provided an apparatus comprising: means for determining at least one device-to-device communications characteristic; means for generating at least one device-to-device message; and means for encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic.
The means for encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic may comprise: means for generating a cipher key based on the device to device
communications characteristic; means for selecting at least part of the at least one device- to-device message; and means for encrypting the at least part of the at least one device- to-device message with the cipher key.
The apparatus may comprise means for transmitting the at least one device-to-device message.
According to an eighth aspect there is provided an apparatus comprising: means for receiving at least one device-to-device message, the at least one device-to-device message comprising at least one encrypted part; means for determining at least one device-to-device communications characteristic; and means for decrypting the at least one encrypted part of the at least one device-to-device message depending on the at least one device-to-device communications characteristic.
The means for determining at least one device to device communications characteristic may comprise at least one of: means for storing the at least one device-to-device communications characteristic during the apparatus configuration; means for receiving the at least one device-to-device communications characteristic during a registration of the apparatus on a communications network; and means for retrieving the at least one device- to-device communications characteristic from an apparatus memory dependent on receiving an indicator for at least one group from a communications network server.
The at least one device-to-device communications characteristic may comprise at least one of: a geographical boundary information value; a geographical boundary information reference point; at least one position and associated distance value; a group identification value; and a radio service profile identity value.
The at least one device-to-device message may comprise at least one of: a master device device-to-device communications configuration message; a slave device device-to-device communications configuration message; a device-to-device communication connection set-up message; a device-to-device indication message; a device-to-device notification message; and a device-to-device data message.
The means for determining at least one device-to-device communications characteristic may comprise: means for determining a plurality of device-to-device communications characteristic values for the at least one device-to-device communications characteristic; and means for selecting at least one of the plurality of device-to-device communications characteristic values. The means for decrypting the at least one encrypted part of the at least one device-to- device message depending on the at least one device-to-device communications characteristic may comprise: means for generating a cipher key based on the device-to- device communications characteristic; and means for decrypting the at least one encrypted part of the at least one device-to-device message with the cipher key.
The apparatus may comprise means for determining a timer value and wherein the means for generating a cipher key is comprises mean for generating a cipher key based on the timer value.
The timer value may be synchronised between device-to-device communication devices. The means for generating a cipher key may further comprise means for generating a cipher key dependent on a selection characteristic.
The plurality of device-to-device communications characteristic values may be associated with a selection characteristic, wherein the selection characteristic comprises at least one of: rank value; operational level value; and user-group value.
The means for selecting at least one of the plurality of device to device communications characteristic values may comprise means for selecting at least one of the plurality of device to device communications characteristic values dependent on the selection characteristic.
An apparatus configured to perform the method as described herein.
A computer program product stored on a medium for causing an apparatus to perform the method as described herein.
An electronic device comprising apparatus as described herein.
A chipset comprising apparatus as described herein.
BRIEF DESCRIPTION OF DRAWINGS
Embodiments of the present invention are described below, by way of example only, with reference to the accompanying drawings, which are included to provide a further understanding of the invention and constitute a part of this specification. The drawings illustrate exemplary embodiments of the invention and together with the description help to explain the principles of the invention. In the drawings:
Figure 1 shows a schematic view of a general exemplary situation in which some embodiments can be realised;
Figure 2 shows a schematic view of a general D2D communications apparatus according to some embodiments;
Figure 3 shows a schematic view of a D2D communication apparatus in further detail with respect to some D2D message generation embodiments; Figure 4 is a flow diagram illustrating the functioning of a method of initialising a master D2D communications operation according to some embodiments;
Figure 5 shows a schematic view of a D2D communication apparatus in further detail with respect to some D2D message reception embodiments;
Figure 6 is a flow diagram illustrating the functioning of a method of receiving a master D2D communication initialisation message according to some embodiments;
Figure 7 shows a schematic view of a D2D communication apparatus in further detail with respect to some further D2D message generation embodiments;
Figure 8 is a flow diagram illustrating the functioning of a method of generating a cipher key for the master D2D communications operation according to some embodiments;
Figure 9 shows an example geographical boundary information data table
Figure 10 shows an example hierarchical or ranked geographical boundary information data table; and
Figure 11 is a flow diagram illustrating the functioning of a method of initialising a master D2D communications operation with hierarchical selection according to some
embodiments.
DETAILED DESCRIPTION OF SOME EMBODIMENTS
The following embodiments are exemplary. Although the specification may refer to "an", "one", or "some" embodiment(s) in several locations, this does not necessarily mean that each such reference is to the same embodiment(s), or that the feature only applies to a single embodiment. Single features of different embodiments may also be combined to provide other embodiments. Furthermore, words "comprising" and "including" should be understood as not limiting the described embodiments to consist of only those features that have been mentioned and such embodiments may also contain also
features/structures that have not been specifically mentioned.
Reference will now be made in detail to the embodiments of the present invention, examples of which are illustrated in the accompanying drawings.
Before explaining in detail the certain exemplifying embodiments, certain general principles of a wireless communication system and wireless communication devices suitable for both cellular and D2D communication are briefly explained with reference to Figures 1 and 2 to assist in understanding the technology underlying the described examples.
The mobile communication system shown here in Figure 1 is a combination of at least two mobile communication networks namely the public safety network PSN 21 and a mobile communication network CN 10. The mobile communication system comprises at least a first MS1 and a second MS2 mobile communications apparatus 1 adapted to operate in a public safety network PSN 21 having a base station PBS or eNodeB 12. So, the mobile devices MS1 and MS2 belong originally to the public safety network PSN 21 and are designed to operate in the PSN network. The base station or eNodeB network element 12 maintains with its radio unit a first coverage area in which the mobile devices MS1 and MS2 are able to contact the public safety network PSN 21 and via it also other networks and network elements. The public safety network PSN 21 is a separate mobile
communication network that only emergency services, police and rescue services e.g. fire department may use and connect to. It may also be designated only for the users belonging to law enforcement organizations. This PSN network 21 should be more reliable than normal public broadband mobile communication system 10 and mainly separated from any other, particularly commercial, networks so as to avoid any disruptions or malfunctions or other severe and bad network conditions to spread from any commercial network to the PSN network.
Mobile communications apparatus 1 can typically access wirelessly a mobile network system via at least one base station 12 or similar wireless transmitter and/or receiver node of the access system. A base station site typically provides one or more cells of a cellular system. In the figure 1 example the base station 12 is configured to provide a cell, but could provide, for example, three sectors, each sector providing a cell. Each mobile communications apparatus 1 and base station 12 may have one or more radio channels open at the same time and may communicate with more than one other station. In addition to communications with the base station, the communications apparatus can be in direct communication with the other communication apparatus.
A base station is typically controlled by at least one appropriate control apparatus so as to enable operation thereof and management of mobile communication devices in communication with the base station. A control entity of a base station can be
interconnected with other control entities. In Figure 1 the control apparatus is shown to be provided by block 13. An appropriate controller apparatus may comprise at least one memory, at least one data processing unit and an input/output interface. The controller is thus typically provided with memory capacity and at least one data processor 14. It shall be understood that the control functions may be distributed between a plurality of controller units and/or that a part of the control may be provided by a control apparatus controlling a plurality of base stations. The controller apparatus for a base station may be configured to execute an appropriate software code to provide the control functions as explained below in more detail.
In the Figure 1 example the base station node 12 of the access is connected to a wider communication network 20 via node 15. A communication system may be provided by one or more interconnect networks and the elements thereof, and one or more gateway nodes may be provided for interconnecting various networks.
The communications apparatus 1 can be provided with wireless access to the
communication system based on various access techniques, such as code division multiple access (CDMA), wideband CDMA (WCDMA), time division multiple access
(TDMA), frequency division multiple access (FDMA), Orthogonal Frequency-Division Multiple Access (OFDMA), space division multiple access (SDMA), and so on. A non-limiting example of mobile architectures where the herein described principles may be applied is known as the Evolved Universal Terrestrial Radio Access Network (E- UTRAN). Non-limiting examples of appropriate access nodes are a base station of a cellular system, for example a base station known as NodeB or enhanced NodeB (eNB) in the vocabulary of the 3GPP specifications. The eNBs may provide E-UTRAN features such as user plane Radio Link Control/Medium Access Control/Physical layer protocol (RLC/MAC/PHY) and control plane Radio Resource Control (RRC) protocol terminations towards mobile communication devices. Other examples include base stations of systems that are based on technologies such as wireless local area network (WLAN) and/or WiMax (Worldwide Interoperability for Microwave Access).
In Figure 1 the broadband mobile communication network CN 10 comprises a second coverage area maintained by the base station 12 or in some embodiments can be a separate eNodeB network element according to the LTE standard.
Figure 2 shows a schematic, partially sectioned view of a communications apparatus or communications device 1 that can be used for communication with the base station 12 and also for communication with other mobile devices in D2D communications using the PSN. An appropriate mobile communication device may be provided by any device capable of sending and receiving radio signals. Non-limiting examples include a mobile station (MS) such as a mobile phone or what is known as a 'smart phone', a portable computer provided with a wireless interface card or other wireless interface facility, personal data assistant (PDA) provided with wireless communication capabilities, or any combinations of these or the like. The mobile communications device 1 may be used for voice and video calls, for accessing service applications provided via a data network and so forth. The mobile communication device 1 may receive signals via appropriate apparatus for receiving and transmitting radio signals on wireless carriers, or radio bearers. In Figure 2 a transceiver apparatus is designated schematically by block 7. The transceiver apparatus may be provided for example by means of a radio part and associated antenna arrangement. The antenna arrangement may be arranged internally or externally to the mobile device. A mobile device is also typically provided with at least one data processing entity 3, at least one memory 4 and other possible components 9 for use in tasks it is designed to perform. The data processing, storage and other entities can be provided on an appropriate circuit board and/or in chipsets. This feature is denoted by reference 6. The user may control the operation of the mobile device by means of a suitable user interface such as key pad 2, voice commands, touch sensitive screen or pad, combinations thereof or the like. A display 5, a speaker and a microphone are also typically provided. Furthermore, a mobile device may comprise appropriate connectors (either wired or wireless) to other devices and/or for connecting external accessories, for example hands-free equipment, thereto.
Direct mobile cellular device-to-device (D2D) communications, or D2D for short in the following, can also be provided between the mobile devices 1 as shown in Figure 2 in the system of Figure 1. In direct mobile cellular device-to-device communications two or more of the devices can be paired into a set of paired communication devices where after a communications link between the members of the set can be established. It is noted that direct communications between devices can be referred to in various terms, for example as mobile-to-mobile (M2M), machine-to-machine (M2M), terminal-to-terminal (T2T) or peer-to-peer (P2P).
Mobile cellular device-to-device (D2D) communications can use licensed radio spectrum under supervision and control of at least one supporting system, typically a cellular system. D2D may use, at least for a part of the needed resources, the same radio resources of the supporting system or systems. Direct D2D communications can be incorporated into the cellular network for example to reduce transmitter power
consumption in the participating communication devices and the network side, to improve spectrum efficiency, to increase cellular network capacity and coverage, and to create and support more services for users in an efficient fashion. Direct D2D communications in a cellular system may potentially achieve improved spectrum efficiency by spatial reuse. That is, certain radio resources may be simultaneously reused among different D2D users and/or D2D users and cellular users.
In the embodiments described herein the communications apparatus or communications device suitable for device to device (D2D) communications can be configured to use device to device information to authenticate the communications devices when operating in as public safety devices. For example when the communications devices are operating during a discovery phase, initiation, or data communications phase. In such embodiments the use of D2D information to authenticate the public safety communications apparatus can for example permit intra-user group (or intra-group), inter-user group (or inter-group), and ranked (or hierarchical or chain-of-command) authentication.
Therefore in some embodiments intra-user group authentication can be provided using the D2D information. For example in such embodiments only devices of the same user group can 'discover' each other and therefore conduct specified types of autonomous D2D communication services. A specific or defined group such as police from the same police station or area could therefore in some embodiments be permitted to communicate using autonomous D2D communication services based on the D2D information stored within the public safety devices issued to the same police force and therefore prevent any non-police bases D2D devices being able to transmit or listen to the group communication.
In some embodiments inter-user group authentication can be implemented using the D2D information as authentication. Thus in these embodiments there can be specified or defined devices of different user groups configured to be able to discover each other to conduct specified or defined types of autonomous D2D communication services. For example groups such as police, firefighters, ambulance or medical services can communicate where an emergency requires intergroup communication.
A ranked or hierarchical or chain-of-command authentication can furthermore be implemented for autonomous D2D communication services in some embodiments to provide a defined chain-of-command based structure for authentication and authorisation hierarchy. For example in some embodiments a higher ranked user or the user in charge can be provided with authentication and authorisation for many user groups, for example a first (strategy) user group confined to higher ranked D2D devices and second (tactical) user group defined for all the D2D devices operating where a lower ranked user is permitted to only discover and communicate on the second user group. In such embodiments the use of enhanced authentication and authorisation using the D2D information thus assists the resolution of D2D misuse or misconduct.
It would be further understood that commercial D2D use when applied to some
embodiments as described herein allowed the operation of communication devices in a D2D mode in the absence of a cellular network. Thus in such embodiments the devices ensure that autonomous operation on the licensed band is not provided without network permission.
With respect to Figure 3 an example device to device (D2D) communications apparatus or mobile device with respect to some embodiments is described in further detail. In some embodiments the mobile device comprises a device to device (D2D) communications controller 207. The device to device communications controller 207 can be configured to control the operation of the communications device with respect to device to device communications.
For example with respect to Figure 3 the device to device communications controller 207 is configured to control the initialisation of suitable device to device operations by performing a master device configuration operation. However it would be understood that the device to device communications controller 207 can be configured to control any suitable message generation operation for example sending D2D connection setup requests, indication requests, notification messages or data transmission messages. A master device or apparatus of an autonomous D2D network is the device which starts advertising or broadcasting the availability of the apparatus within the licensed band. By broadcasting availability the apparatus is able to be 'discovered' by other devices performing a D2D discovery or scanning operation.
Wth reference to Figure 4 the operation of controlling the D2D master device
configuration operation is shown.
The device to device communications controller 207 can for example receive from a higher level control (such as initialised using a user interface input requesting a D2D communications service to be started, or initialise automatically, detecting that the device is out of coverage of a public safety network) an indicator or message requesting the start of a master device to device master device configurations operation.
Wth respect to Figure 4 the operation of starting the device to device master device configurations operation is shown in step 301.
The device to device communications controller 207 can then be configured to initialise the following components to thus generate and transmit the suitable device to device message incorporating D2D information based cryptographic information.
In some embodiments the apparatus comprises a reference determiner/store 201. The reference determiner/store 201 is configured to determine and/or store the suitable device to device information. In some embodiments the device to device information comprises geographical boundary information (D2D_GBI). For example the geographical boundary information defines regions (or zones) within which D2D communication is permitted or excluded. The geographical boundary information can for example comprise at least one reference position (or reference point) and range information defining a region or zone. In some embodiments the device to device information can be a subfield of the geographical boundary information. For example the device to device information can be the device to device geographical boundary information reference point (D2D_GBI_RP).
In some embodiments the device to device information can comprise a D2D group identifier (D2D_GID). The device to device group identifier value can be a value which is assigned to the communication device indicating that the device can communicate with other devices operating on the same group identification value.
In some embodiments the device to device information used is the designated profile characteristic. In such embodiments each kind of supported service over the autonomous D2D has a designated profile characteristic with a unique device to device radio service profile identity (D2D_RSPID). The device to device radio service profile identity can be used to map on certain designated radio connection, bearer or channel configurations or characteristics determining how the device to device public safety communications device is to communicate.
In some embodiments the D2D information such as the geographical boundary
information can be derived or preconfigured within the D2D devices themselves. In some other embodiments the D2D information can be determined with assistance from a 'home' cellular network, or from a 'local' or visited cellular network. Furthermore the device to device information can in some embodiments be preconfigured in advance as part of a subscription profile or (re-)configured within the device upon re-registration or location update (which may include special cases where permission is granted for specific working areas such as fire brigades, police in emergency situations). In some embodiments of the D2D information can be passed to the communications apparatus from local visited cellular network.
In the following examples the device to device information stored in the D2D information determiner/store 201 is geographical boundary information (D2D_GBI) however it would be understood that any suitable device to device information can be used as the cipher key seed.
An example of a D2D geographical boundary information (D2D_GBI) data table is shown in Figure 9. The D2D_GBI data table 800 shows a series of data entries. An example data entry 81 1 comprises a reference location 801 defined as a reference location Xi, Yi and a reference distance or range value 803 Ri. It would be understood that in some
embodiments there can be more than one data entry such as shown in Figure 9 where there are N entries defining N reference locations and N associated range values. In some embodiments the reference distance or range value is a singular value R associated with every reference location (Xi Yi) to (XN YN) however in some embodiments the associated reference distance or range value can differ Ri to RN from reference location to location value (X! to (XN YN).
Although the D2D_GBI data is shown in Figure 9 as a data table, any other suitable format can be used. In some embodiments each entry further comprises a network identifier. The network identifier can indicate which geographical boundary information is allocated to which region or national public safety network (PSN). In such embodiments the mobile device can be configured to select a public safety network within which the mobile device is allowed to operate within and furthermore which data entries or GBI can be used to control the D2D operations. For example a first PSN (and associated D2D_GBI) can be defined as being allocated to a first region or country, and a second PSN (and associated D2D_GBI) can be defined as being allocated to a second region or country.
Therefore in some embodiments a mobile device allocated to a service (for example a first region fire service or police service) can be configured to operate according to the first PSN D2D_GBI, a mobile device allocated to a second service (for example a second region fire service or police service) can be configured to operate according to the second PSN D2D_GBI, but when required both could be configured (for example when required to co-operate with each other) to operate in the others geographical region.
In some embodiments the reference determiner/store 201 can be preconfigured in advance as part of a subscription profile or can be reconfigured upon D2D reregistration or location updates to define the reference information.
In some embodiments the reference determiner/store 201 can be configured to receive visited cellular network broadcast information. The broadcast information can in some embodiments contain information about the identity of the national or regional public service network where the apparatus is currently located.
Furthermore the reference determiner 201 can be configured to determine from such information public safety network information. For example the reference determiner can determine the name of the currently visited public safety network, the allocated spectrum information, or geographical boundary information defining the visited public safety network. The mobile device and reference determiner 201 can then find and read such information once being out of their home network coverage and initiate autonomous D2D communications on licensed bands using such information as described herein.
In some embodiments the visited cellular network can further broadcast over certain network coverage information about licensed bands on which eligible D2D devices can conduct autonomous D2D communications to guide as well as prevent misuse of D2D communications. For example where the setting up of public safety network it is to provide a temporary network for emergency services where the apparatus would normally not be allowed to operate then the visited cellular network can broadcast updates for the geographical boundary information to be stored within the reference store.
In some embodiments the D2D information, for example the geographical boundary information can be passed to a cryptographic cipher key generator 203.
In some embodiments the communications device comprises a device to device message generator 205. In some embodiments the D2D message generator 205 can be configured to generate a master device configuration message. The master device configuration message can be any suitable format message.
The operation of determining the D2D message is shown in Figure 4 by step 303. Furthermore in some embodiments the device comprises a cryptographic cipher key generator 203. The cryptographic cipher key generator 203 can be configured to use the D2D information as a cipher key seed from which a cipher key can be generated. The cipher key generator 203 can be configured to use any suitable cryptographic cipher key generating process.
The generated cipher key can in some embodiments be passed to an encrypter 208.
The operation of determining a cypher key from the D2D information is shown in Figure 4 by step 305.
Furthermore in some embodiments the communications device comprises an encrypter 208. The encrypter 208 can be configured to receive the D2D message from the D2D message generator 205, and the cryptographic cipher key from the cryptographic cipher key generator 203 and encrypt at least part of the D2D message using the cryptographic cipher key. In some embodiments the message part encrypted can be the device or service specific access information.
The encrypter 208 can then be configured to pass the encrypted message to the transmitter 209.
The operation of encrypting at least part of the D2D message using the cipher key determined from the D2D information is shown in Figure 4 by step 307.
In some embodiments the device comprises a transmitter 209. The transmitter 209 can be configured to receive the encrypted message from the encrypter 208 and transmit the message with a suitable encryption or encrypted part using the licensed frequency band.
The operation of transmitting the message with encryption is shown in Figure 4 by step 309.
With respect to Figure 5 a communications device operating in a receiver mode with respect to receiving the encrypted master device configuration message according to some embodiments. Furthermore with respect to Figure 6 the operation of receiving and processing the encrypted master device configuration message at the communications device operating in receiver mode is shown.
In some embodiments the communications device comprises a D2D communications controller 407. The D2D communications controller can in some embodiments be configured to control the operation of the receiver components described herein. It would be understood that the D2D communications controller 407 can in some embodiments be the same D2D communications controller as shown with regards to the transmitter operations.
In some embodiments the D2D communications controller 407 can control the receiver 402 to listen for a suitable broadcast or transmitted message.
In some embodiments the device comprises a receiver 402. It would be understood that the receiver 402 can be any suitable receiver configured to receive communications via the licensed frequency bands. Furthermore the receiver 402 can in some embodiments be a receiver element of a suitable transceiver where the communications device can operate as both transmitter and receiver.
In some embodiments the receiver 402 can be configured to receive the encrypted message and pass the received message to the decrypter 405.
The operation of receiving the message with encryption is shown in Figure 6 by step 501.
In some embodiments the device comprises a D2D information determiner/store 401. It would be understood that the D2D information determiner/store 401 is analogous to the D2D information determiner/store 201 shown in Figure 2 with regards to the
communications device operating as a transmitter and therefore determine, receive or otherwise maintain the D2D information required. In the following examples the D2D information determiner/store 401 can be configured to determine or store the suitable geographical boundary information (D2D_GBI). The D2D_GBI information can in some embodiments be passed to a cryptographic cipher key generator 403.
However it would be understood that in some embodiments any suitable D2D information as described herein can the output from the D2D information determiner/store 401 to the cryptographic cypher key generator 403.
In some embodiments the communications device comprises a cryptographic cipher key generator 403. The cryptographic cipher key generator 403 is analogous to the
cryptographic cipher key generator 203 shown with regards to the transmitter. In some embodiments where the communications device can be configured to operate as a transmitter and receiver of D2D messages the cryptographic cipher key generator operations for both encoding and decoding messages may be performed in a single key generator or key generator means.
In some embodiments the cryptographic cipher key generator is configured to generate a cryptographic cypher key using the D2D information as seed information in a manner similar to the cryptographic cypher key generator shown in the transmitter operations.
The operation of generating or determining a cipher key from the D2D information is shown in Figure 6 by step 503.
In some embodiments the cryptographic cypher key generator 403 outputs the key to a decrypter 405.
In some embodiments the device comprises a decrypter 405. The decrypter 405 is configured to receive the message from the receiver 402 and the cryptographic cipher key from the cryptographic cipher key generator 403 and configured to decrypt the encrypted parts of the message received using the cypher key generated by the cryptographic cipher key generator 403. The decrypter 405 can in some embodiments be part of a general encryption/decryption (encoding/decoding) process or processor where the device operates as both transmitter and receiver.
The decrypter can be configured to operate on the encrypted message parts using any suitable decryption operation (defined as being the opposite to the encryption process used by the encrypter 208). The operation of decrypting the message is shown in Figure 6 by step 505.
The decrypter 405 can output the decrypted message. In some embodiments the output message can be processed by the D2D communications controller 407. For example in some embodiments the D2D communications controller 407 can receive the decrypted message and process the message to respond to the master device configuration message to initiate communication with the master device.
The operation of processing the message is shown in Figure 6 by step 507.
Thus in some embodiments an intra-user group authentication can be implemented where an authentic individual or user from a targeted group can derive the same key as used in the encryption in order to listen to the master device configuration message and process the message to determine information for accessing the master device and furthermore the service of interest.
In some embodiments the encryption of the message can be performed using more than the D2D information as the key seed. With respect to Figure 7 a further example device to device (D2D) communications apparatus or communications device with respect to some further embodiments is described in further detail. Furthermore with respect to Figure 8 the operation of the example device to device (D2D mobile device is further described.
The D2D capable communications device shown in Figure 7 differs from the example shown in Figure 3 in that it further comprises a random number generator 601 and a timer 603.
The random number generator 601 can be configured in some embodiments to generate a synchronised random number. The synchronised random number is synchronised among the group members. In some embodiments the synchronisation between the group members is performed by the timer 601 (the communications device operating as the receiver comprising a similar timer) configured to provide a time interval synchronisation or timestamp from which the random number generator 601 is configured to generate the random number. In some embodiments the timestamp or interval reference used to generate the random number can be appended to the D2D master device configuration message where timer synchronisation is not possible.
In some embodiments the random number generator 601 can be configured to determine a D2D message timestamp from the timer 603.
The operation of determining the D2D message timestamp or interval indicator indicating which time interval is shown in Figure 8 by step 701.
The random number generator 601 then can be configured to generate the random number dependent on the current interval value or timestamp value according to any suitable pseudo-random process. In some embodiments the timer 603 can be a single received timer value, for example a global or local broadcast time signal. For example the timer 603 can in some embodiments generate the time value and/or interval reference from timing information received from a satellite, such as the global positioning satellite (GPS) system, or from a cellular communications system. The operation of generating the random number from the timestamp or interval is shown in Figure 8 by step 703.
The cryptographic cipher key generator 203 can then be configured to determine a first cipher key part from the random number. The cryptographic cipher key generator 203 or suitable key generating means can be configured to determine the first cipher key part from the random number can use any suitable seed cryptographic cipher generating process. For example in some embodiments the key generator can be configured to determine the key by use of a mathematical function (which can generate symmetric or asymmetric keys) known to both the transmitter and receiver communication devices. In some embodiments the key generator can be configured to use a look up table to generate the key.
The operation of determining the cipher key from the random number value is shown in figure 8 by step 705.
Furthermore in some embodiments the cryptographic cipher key generator 203 can be configured to determine part of the cipher key from the D2D information as discussed herein. In some embodiments the key generator can be configured to determine the key by use of a mathematical function (which can generate symmetric or asymmetric keys) known to both the transmitter and receiver communication devices. In some further embodiments the key generator can be configured to use a look up table to generate the D2D information based key.
The operation of determining the cipher key part from the D2D information is shown in Figure 8 by step 707.
The cryptographic cipher key generator 203 can then be configured to output the full cipher key to the encrypter 208 for encrypting the message received from the D2D message generator 205.
The operation of outputting the full cipher key to the encrypter is shown in Figure 8 by step 709. The process described herein can thus replace the operation of determining the cipher key from the D2D information alone as shown in Figure 4 step 305.
In such embodiments the encryption and therefore the security aspect is enhanced by further randomising the encryption operation.
In some embodiments the user or device can belong to multiple user groups. In such embodiments the device to device information can be configured with multiple entries for each information value. For example there can be stored within the D2D information store multiple D2D_GID/D2D_GBI/D2D_RSPID values each value associated with a defined user group or groups.
In some embodiments these user groups can furthermore be arranged in hierarchical order such that each of the groups according to a ranking system wherein lower ranks can use a limited number values and higher ranks use more values. In such embodiments the communications device can be configured to act as a master device for one group but not another. Furthermore the ranking or group organisation configuration can be carried out as a part of a subscription profile or on mobile cellular registration or location update procedures with necessary authentication and authorisation. In some embodiments the device can be configured to determine which entries of the D2D information such as D2D_GI D,
D2D_GBI , and D2D_RSPI D are to be used for D2D communications of interest.
With respect to Figure 10 a multiuser group or rank example D2D_GBI information store format is shown. In the example shown in Figure 10 the device to device geographical boundary information (D2D_GBI) is stored in a first column 901. A second column 903 defines the rank associated with the GBI information. In other words the second column defines at which rank level the GBI value can be used. A third column 905 defines the user group associated with the GBI information. In other words which user groups are allowed to operate according to the GBI information. It would be understood that the information store format shown in Figure 10 is an example only and in some embodiments only the GBI information and one of the associated rank or user group is defined.
Furthermore any other suitable data arrangement other than the table format can be used in some embodiments.
In the example shown in Figure 10 a first GBI entry 951 Xi , Yi , Ri has associated rank value 903 RK! and associated groups GPi and GP2 and a second GBI entry 953 XN, YN, RN has associated ranks RKi to RKN and user groups GPi to GPN. In other words the first GBI entry can be used only for the rank RKi but the second GBI entry can be used for any of the ranks RK! to RKN. Similarly the first GBI entry can be used only for the user groups GPi and GP2 but the second GBI entry can be used for any of the user groups GPi to GPN.
Thus in some embodiments the D2D communications controller 207 can determine or select the rank (or operational level) at which the D2D communications device is to operate.
Similarly in some embodiments the D2D communications controller 207 can determine or select the user group, where there are multiple groups within which the communications device can operate within, in which the D2D communications device is to operate.
The determination or selection of the rank (operational level or user-group) can for example be defined when the communications device is first switched on. For example as part of the communications device startup procedure the user could be asked for a suitable rank (or operational or user-group) value and where required a log on code for that selection.
In some embodiments the rank (operational level or user group) of the device can be assigned from a central system, for example when being used in a mobile cellular network based on some other form of identification or authentication such as provided by the device containing a suitable subscriber identity module associated with a known rank (or operational level or user group) member.
In some embodiments the D2D communications controller 207 selection can be fully automatic, semi-automatic (for example a selection list) or fully manually selected. The operation of selecting the rank/operational level/user group is shown in Figure 11 by step 1001.
In some embodiments the rank/operational level or user group can have an associated value which can be then used in the look up table shown in Figure 10 to determine a suitable GBI information value.
The selection of the D2D information based on the rank (or operational level or user group) selection is shown in Figure 11 by step 1003.
In some embodiments the D2D communications controller 207 can then control the cryptographic cipher key generator 203 to determine the cipher key from the D2D information selected. In other words the cryptographic cipher key generator 203 generates the cipher key value based on the D2D information having been selected dependent on the rank/operational level/user group.
In some embodiments therefore the authentication and ciphering operations described herein such as for public safety purposes can take into account the rank/operational level/user group. In other words the rank/operational level/user group value is used as a variable in deriving the ciphering key or as a guiding factor in determining or mapping on the right entry for the device to device information (such as D2D_GID, D2D_GBI, and D2D_RSPID).
In some embodiments the rank or operational level can further be provided security pre- configurations for deriving the ciphering key enhanced specifically for a specific rank/operational level/user group. Therefore individual users depending on their rank/operational level/user group they belong to can be configured with a range of encryption options dependent on the rank/operational level/user group value where more valuable or important rank/operational level/user group values having greater encryption. It would be understood that the same selection and key generation dependent on the rank/operational level/user group can be applied to the receiver D2D operations described herein and the transmitter D2D operations. Furthermore in some embodiments where the receiver communications device is receiving a message encrypted with a rank/operational level/user group specific key then the receiver communication device can be configured to try all possible configured keys generated according to the receiver communications device rank/operational level/user group permitted. In some embodiments the receiver communications device can be configured to implement rules to speed up the search for the sender rank/operational level/user group search (in other words rank/operational level/user group detection) in order to determine the associated rank/operational level/user group specific cipher key. For example the receiver communications device can in some embodiments be configured to try a certain rank first or the same rank as the receiver itself and then try the next step one up or down.
In some embodiments the synchronisation sequence or L1 identification value sent and received by D2D peers for synchronisation and discovery purposes can be configured to map to the rank of the sender communications device which can be used by the receiver communications device to determine which rank/operational level/user group the sender can use. In some embodiments as a top rank can contain only a few devices which can have a stronger authentication procedure some secure personal information such as nickname or code can be applied to those supposed to be authentic peers to those users which know about in order to derive the matching ciphering key.
An appropriately adapted computer program code product or products may be used for implementing the embodiments, when loaded on an appropriate data processing apparatus, for example for determining geographical boundary based operations and/or other control operations. The program code product for providing the operation may be stored on, provided and embodied by means of an appropriate carrier medium. An appropriate computer program can be embodied on a computer readable record medium. A possibility is to download the program code product via a data network. In general, the various embodiments may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Embodiments of the inventions may thus be practiced in various components such as integrated circuit modules. The design of integrated circuits is by and large a highly automated process. Complex and powerful software tools are available for converting a logic level design into a semiconductor circuit design ready to be etched and formed on a semiconductor substrate.
It is noted that whilst embodiments have been described in relation to LTE-Advanced, similar principles can be applied to any other communication system where direct communications between communication devices can occur. For example, this may be the case in applications where no fixed control equipment is provided but a
communication system is provided by means of a plurality of mobile user equipment, for example in adhoc networks, and at least one of the user equipments can provide control on the communications based on grouping that takes interference into account. Therefore, although certain embodiments were described above by way of example with reference to certain exemplifying architectures for wireless networks, technologies and standards, embodiments may be applied to any other suitable forms of communication systems than those illustrated and described herein.
It is also noted herein that while the above describes exemplifying embodiments of the invention, there are several variations and modifications which may be made to the disclosed solution without departing from the scope of the present invention.

Claims

Claims
1. A method comprising:
determining at least one device-to-device communications characteristic;
generating at least one device-to-device message; and
encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic.
2. The method as claimed in claim 1 , wherein encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic comprises:
generating a cipher key based on the device to device communications
characteristic;
selecting at least part of the at least one device-to-device message;
encrypting the at least part of the at least one device-to-device message with the cipher key.
3. The method as claimed in claims 1 to 2, further comprising transmitting the at least one device-to-device message.
4. A method comprising:
receiving at least one device-to-device message, the at least one device-to-device message comprising at least one encrypted part;
determining at least one device-to-device communications characteristic;
decrypting the at least one encrypted part of the at least one device-to-device message depending on the at least one device to device communications characteristic.
5. The method as claimed in claims 1 and 4, wherein determining at least one device to device communications characteristic comprises at least one of:
storing the at least one device to device communications characteristic during the apparatus configuration; receiving the at least one device to device communications characteristic during a registration of the apparatus on a communications network; and
retrieving the at least one device to device communications characteristic from an apparatus memory dependent on receiving an indicator for at least one group from a communications network server.
6. The method as claimed in claims 1 , 4 and 5, wherein the at least one device to device communications characteristic comprises at least one of:
a geographical boundary information value;
a geographical boundary information reference point;
at least one position and associated distance value;
a group identification value; and
a radio service profile identity value.
7. The method as claimed in claims 1 , and 4 to 6, wherein the at least one device-to- device message comprises at least one of:
a master device device-to-device communications configuration message;
a slave device device-to-device communications configuration message;
a device-to-device communication connection set-up message;
a device-to-device indication message;
a device-to-device notification message; and
a device-to-device data message.
8. The method as claimed in claims 1 , and 4 to 7, wherein determining at least one device to device communications characteristic comprises:
determining a plurality of device to device communications characteristic values for the at least one device to device communications characteristic;
selecting at least one of the plurality of device to device communications characteristic values.
9. The method as claimed in claims 4 to 8, wherein the decrypting at least one encrypted part of the at least one device-to-device message depending on the at least one device to device communications characteristic comprises:
generating a cipher key based on the device to device communications
characteristic;
decrypting the at least one encrypted part of the at least one device-to-device message with the cipher key.
10. The method as claimed in claim 1 and 9, further comprising determining a timer value and wherein generating a cipher key is further based on the timer value.
11. The method as claimed in claim 10, wherein the timer value is synchronised between device-to-device communication devices.
12. The method as claimed in claims 2, and 9 to 1 1 , wherein generating a cipher key is further based on the timer value is further dependent on a selection characteristic.
13. The method as claimed in claims 8 and 12, wherein the plurality of device to device communications characteristic values are associated with a selection
characteristic, wherein the selection characteristic comprises at least one of:
rank value;
operational level value; and
user-group value.
14. The method as claimed in claim 13, wherein selecting at least one of the plurality of device to device communications characteristic values comprises selecting at least one of the plurality of device to device communications characteristic values dependent on the selection characteristic.
15. An apparatus comprising at least one processor and at least one memory including computer code for one or more programs, the at least one memory and the computer code configured to with the at least one processor to cause the apparatus to at least perform: determining at least one device-to-device communications characteristic;
generating at least one device-to-device message; and encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic.
16. An apparatus comprising at least one processor and at least one memory including computer code for one or more programs, the at least one memory and the computer code configured to with the at least one processor cause the apparatus to at least perform: receiving at least one device-to-device message, the at least one device-to- device message comprising at least one encrypted part; determining at least one device- to-device communications characteristic; and decrypting the at least one encrypted part of the at least one device-to-device message depending on the at least one device-to-device communications characteristic.
17. An apparatus comprising: a device-to-device value determiner configured to determine at least one device-to-device communications characteristic; a message generator configured to generate at least one device-to-device message; and an encrypter configured to encrypt at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic.
18. An apparatus comprising: a receiver configured to receive at least one device-to- device message, the at least one device-to-device message comprising at least one encrypted part; a device-to-device value determiner configured to determine at least one device-to-device communications characteristic; and a decrypter configured to decrypt the at least one encrypted part of the at least one device-to-device message depending on the at least one device-to-device communications characteristic.
19. An apparatus comprising: means for determining at least one device-to-device communications characteristic; means for generating at least one device-to-device message; and means for encrypting at least a first part of the at least one device-to-device message depending on the at least one device to device communications characteristic.
20. An apparatus comprising: means for receiving at least one device-to-device message, the at least one device-to-device message comprising at least one encrypted part; means for determining at least one device-to-device communications characteristic; and means for decrypting the at least one encrypted part of the at least one device-to- device message depending on the at least one device-to-device communications characteristic.
21. The apparatus as claimed in claims 15 to 20, wherein the at least one device to device communications characteristic comprises at least one of:
a geographical boundary information value;
a geographical boundary information reference point;
at least one position and associated distance value;
a group identification value; and
a radio service profile identity value.
22. A computer program product stored on a medium for causing an apparatus to perform the method of any of claims 1 to 14.
23. An electronic device comprising apparatus as claimed in claims 15 to 21.
24. A chipset comprising apparatus as claimed in claims 15 to 21.
PCT/EP2012/051527 2012-01-31 2012-01-31 Encrypting device-to-device messages for a public safety network mobile communication system WO2013113368A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/051527 WO2013113368A1 (en) 2012-01-31 2012-01-31 Encrypting device-to-device messages for a public safety network mobile communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/051527 WO2013113368A1 (en) 2012-01-31 2012-01-31 Encrypting device-to-device messages for a public safety network mobile communication system

Publications (1)

Publication Number Publication Date
WO2013113368A1 true WO2013113368A1 (en) 2013-08-08

Family

ID=45558731

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/051527 WO2013113368A1 (en) 2012-01-31 2012-01-31 Encrypting device-to-device messages for a public safety network mobile communication system

Country Status (1)

Country Link
WO (1) WO2013113368A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2521196A (en) * 2013-12-12 2015-06-17 Good Technology Corp Secure communication channels
GB2521195A (en) * 2013-12-12 2015-06-17 Good Technology Corp Secure communication channels
CN106664555A (en) * 2014-08-11 2017-05-10 英特尔公司 Network-enabled device provisioning

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2379588A (en) * 2001-09-11 2003-03-12 Motorola Inc Encrypting/decrypting information in a wireless communication system
US20030108202A1 (en) * 2001-12-12 2003-06-12 Clapper Edward O. Location dependent encryption and/or decryption
US20040054891A1 (en) * 2002-08-27 2004-03-18 Hengeveld Thomas Andrew Secure encryption key distribution
WO2009064596A1 (en) * 2007-11-16 2009-05-22 Motorola, Inc. Secure communication system comprising terminals with different security capability levels
US20100153727A1 (en) * 2008-12-17 2010-06-17 Interdigital Patent Holdings, Inc. Enhanced security for direct link communications

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2379588A (en) * 2001-09-11 2003-03-12 Motorola Inc Encrypting/decrypting information in a wireless communication system
US20030108202A1 (en) * 2001-12-12 2003-06-12 Clapper Edward O. Location dependent encryption and/or decryption
US20040054891A1 (en) * 2002-08-27 2004-03-18 Hengeveld Thomas Andrew Secure encryption key distribution
WO2009064596A1 (en) * 2007-11-16 2009-05-22 Motorola, Inc. Secure communication system comprising terminals with different security capability levels
US20100153727A1 (en) * 2008-12-17 2010-06-17 Interdigital Patent Holdings, Inc. Enhanced security for direct link communications

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2521196A (en) * 2013-12-12 2015-06-17 Good Technology Corp Secure communication channels
GB2521195A (en) * 2013-12-12 2015-06-17 Good Technology Corp Secure communication channels
GB2532903A (en) * 2013-12-12 2016-06-01 Good Tech Corp Secure communication channels
GB2521196B (en) * 2013-12-12 2016-06-15 Good Tech Corp Secure communication channels
GB2521195B (en) * 2013-12-12 2016-06-29 Good Tech Corp Secure communication channels
GB2532903B (en) * 2013-12-12 2018-04-18 Good Tech Holdings Limited Secure communication channels
CN106664555A (en) * 2014-08-11 2017-05-10 英特尔公司 Network-enabled device provisioning
EP3180933A4 (en) * 2014-08-11 2018-02-21 Intel Corporation Network-enabled device provisioning
CN106664555B (en) * 2014-08-11 2021-01-26 英特尔公司 Network-enabled device provisioning

Similar Documents

Publication Publication Date Title
US20220166628A1 (en) Network access privacy
EP2810486B1 (en) Permitting direct mode communications for public safety only in certain geographical areas
US9445443B2 (en) Network based provisioning of UE credentials for non-operator wireless deployments
KR101836021B1 (en) Apparatus, system and method of securing communications of a user equipment (ue) in a wireless local area network
US9894065B2 (en) Security management method and apparatus for group communication in mobile communication system
US10986175B2 (en) Key establishment for communications within a group
EP2770796B1 (en) Method for simultaneous communications with multiple base stations and related communication device
US10462660B2 (en) Method, network element, user equipment and system for securing device-to-device communication in a wireless network
JP2022527109A (en) Methods and devices for secure access control in wireless communication
US9232393B2 (en) Facilitating proximity services
CN112385249A (en) Method for protecting privacy of WTRU by using PC5 communication
KR20170137080A (en) Method and apparatus for securing structured proximity service codes for restricted discovery
JP7416068B2 (en) Electronic devices, wireless communication methods and computer readable media
US20180359633A1 (en) Neighbor Awareness Networking Device Pairing
JP2022524704A (en) Procedure for enabling V2X unicast communication on the PC5 interface
CN114270884A (en) 5G broadcast/multicast security key refresh
US11888999B2 (en) Managing an unmanned aerial vehicle identity
WO2020155138A1 (en) Techniques for encrypting groupcast wireless communications
WO2013113368A1 (en) Encrypting device-to-device messages for a public safety network mobile communication system
JP6814636B2 (en) Terminal devices, integrated circuits, and communication methods
CN110557753B (en) DNS redirection method based on relay access for public security network access
WO2014161155A1 (en) Methods and apparatus for securing device-to-device communications
WO2022231684A1 (en) Managing an unmanned aerial vehicle identity
EP4331250A1 (en) Managing an unmanned aerial vehicle identity
CN117376889A (en) Auxiliary routing method, terminal equipment and network equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12701901

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12701901

Country of ref document: EP

Kind code of ref document: A1