WO2015105401A1 - Security method and system for supporting prose group communication or public safety in mobile communication - Google Patents

Security method and system for supporting prose group communication or public safety in mobile communication Download PDF

Info

Publication number
WO2015105401A1
WO2015105401A1 PCT/KR2015/000354 KR2015000354W WO2015105401A1 WO 2015105401 A1 WO2015105401 A1 WO 2015105401A1 KR 2015000354 W KR2015000354 W KR 2015000354W WO 2015105401 A1 WO2015105401 A1 WO 2015105401A1
Authority
WO
WIPO (PCT)
Prior art keywords
prose
terminal
group
key
communication
Prior art date
Application number
PCT/KR2015/000354
Other languages
French (fr)
Korean (ko)
Inventor
서경주
Original Assignee
삼성전자 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to KR10-2014-0004069 priority Critical
Priority to KR20140004069 priority
Priority to KR1020140055885A priority patent/KR20150084628A/en
Priority to KR10-2014-0055885 priority
Application filed by 삼성전자 주식회사 filed Critical 삼성전자 주식회사
Priority claimed from US15/111,471 external-priority patent/US10382955B2/en
Publication of WO2015105401A1 publication Critical patent/WO2015105401A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0892Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
    • H04W4/08User group management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Abstract

The present invention relates to a system for enabling a communication function of a device, and a method for communicating by a terminal, according to one embodiment of the present invention, comprises the steps of: transmitting, to an MME, an attach request message including a public safety indication and/or a group communication indication; receiving, from the MME, an attach accept message including at least one type of information from among a ProSe identifier, a ProSe group identifier, and a ProSe group for performing a ProSe, ProSe-related functions of the terminal, and a proximity-related security key (ProSe key); transmitting a ProSe registration request to a ProSe function server; and receiving, from the ProSe function server, a ProSe registration response message pending authentication of the terminal. According to one embodiment of the present invention, devices can mutually provide or receive information within a group in an environment such as an EUTRAN or a UTRAN/GERAN.

Description

Security plan and system for supporting PROSE group communication or public safety in mobile communication

The present invention relates to a system that enables a communication function to be performed on a device. Specifically, proximity based services (Prose), Prose discovery, Prose communication, Device to Device (D2D), especially public safety (P2) in a mobile communication network. It relates to communication for. In this case, the present invention relates to an inter-device communication for public safety, or a device-to-device discovery for a group communication between devices, and a related security method for group communication between devices.

Proximity based services (Prose) are particularly useful in situations where disaster relief by existing infrastructure communications is difficult, especially in disaster situations such as earthquakes, tsunamis and tornadoes. Proximity services are expected to play the role of public safety to communicate disasters through group communication between devices.

However, in spite of these advantages, if the security is not secured, the wrong information may be transmitted by a certain group of users by the malicious entity. In addition, since this can cause a great deal of confusion, security is particularly important for public safety or proxy service for group communication.

However, in the current communication system architecture, there is a vulnerability and other operational difficulties due to the security exposure of the terminal-related information in performing communication between devices. As a result, there is a lack of discussion on systems and methods for security setting and management for group communication between devices, and there is a possibility that security vulnerabilities or inefficient problems in communication performance may occur.

The present invention provides a method for enabling group communication between devices in an evolved mobile communication system including a 3rd Generation Partnership Project (3GPP) Evolved Packet System (EPS) and a method for setting and managing security in group communication between devices. .

Further, according to an embodiment of the present invention, a device for performing group communication between devices acquires information for performing group communication between devices, obtains a security key for performing group communication between devices, and performs group communication between devices. It aims to set up security for secure communication.

In addition, according to an embodiment of the present invention, in performing device-to-device communication, an object of providing a proximity based service (Prose), that is, prose discovery, prose communication (prose communication) do. In particular, an object of the UE (UE) is to provide a method for obtaining the relevant information to enable group communication, and the security configuration is possible. Another object of the present invention is to provide a method and system for enabling group communication, public safety communication, and the like to be performed safely and securely.

In addition, according to an embodiment of the present invention, when the UE (UE) discovers another terminal and performs group communication, when the terminal cannot query the group related information, the group related information and group security information is generated. In order to verify this, and also to receive and verify security-related information between groups, an object of the present invention is to enable secure communication.

The technical problems to be achieved in the present invention are not limited to the technical problems mentioned above, and other technical problems not mentioned above will be clearly understood by those skilled in the art from the following description. Could be.

In order to achieve the above object, a communication method of a terminal according to an embodiment of the present invention may include at least one of a public safety indication and a group communication indication to a mobility management entity (MME). Transmitting an attach request message including one; A prose identifier, a prose group identifier, a prose group key, a prose-related capability of the terminal and a proxy-related security key for a proximity based service (Prose) from the MME. Receiving an attach accept message including at least one of information; transmitting a prose registration request message to a prose function server; And receiving a prose registration response message according to authentication of the terminal from the prose function server.

The method may further include: transmitting a paging message including at least one of a public safety indication and a group communication indication to the second terminal; Transmitting a prose group communication request message including prose group related information to a second terminal; Receiving a prose group communication response message from the second terminal when the second terminal verifies that the terminal belongs to the prose group by using the prose group related information; Verifying whether the second terminal belongs to the prose group; And performing prose group communication with the second terminal.

The prose group communication with the second terminal may include: transmitting a prose group session key request message to the prose function server; Receiving a prose session key encrypted with the prose group key from the prose function server; Transmitting a prose group encryption key or integrity key request message to the prose function server; And receiving a prose group encryption key or an integrity key encrypted with the prose session key from the prose function server.

The transmitting of the attach request message may include transmitting a attach request message further including a secret value for verifying whether the terminal is an appropriate terminal for group communication. It may include;

In addition, verifying whether the second terminal belongs to the prose group comprises: transmitting a verification request message regarding whether the second terminal belongs to the prose group to the prose function server; ; And receiving a verification response message indicating whether the second terminal belongs to the prose group from the prose function server.

The method may further include transmitting a prose registration complete message including the prose group key to the prose function server.

In addition, verifying whether the second terminal belongs to the prose group further comprises: transmitting a message indicating that the verification that the second terminal belongs to the prose group is successful to the second terminal; can do.

In addition, the terminal according to an embodiment of the present invention to achieve the above object, Communication unit for communicating with the entity; And send an attach request message including at least one of a public safety indication and a group communication indication to a Mobility Management Entity (MME) and proxy from the MME. At least one of a prose identifier, a prose group identifier, a prose group key, a prose-related capability of the terminal and a proxy-related security key for a proximity based service (Prose) Receive an attach accept message including the information of the information, transmit a prose registration request message to the prose function server (prose function server), the prose according to the authentication of the terminal from the prose function server It may include a control unit for controlling to receive a registration registration (prose registration response) message.

In addition, the communication method of the proximity based service (prose) function server (prose function server) according to an embodiment of the present invention to achieve the above object, the prose registration procedure for prose group communication with the terminal; Performing; Receiving a prose group session key request message from the terminal; Generating the prose group session key; transmitting a prose session key encrypted with a prose group key to the terminal; Receiving a prose group encryption key or integrity key request message from the terminal; Generating the prose group encryption key or integrity key; And transmitting the prose group encryption key or the integrity key encrypted with the prose group body key to the terminal.

The method may further include receiving a verification request message indicating whether a second terminal belongs to a prose group from the terminal; Verifying a prose group communication list associated with the terminal whether the second terminal belongs to the prose group; And transmitting a verification response message including the response information about the verification to the terminal.

The verifying may include generating a prose group key and storing the prose group key.

In addition, in order to achieve the above object, a proximity based service (Prose) function server according to an embodiment of the present invention, the communication unit for communicating with the entities; Perform a prose registration procedure for prose group communication with the terminal, receive a prose group session key request message from the terminal, generate the prose group session key, and generate a prose session key encrypted with the prose group key; A prose transmitted to the terminal, receiving a prose group encryption key or integrity key request message from the terminal, generating the prose group encryption key or integrity key, and encrypting the prose group body key And a control unit controlling to transmit a group encryption key or an integrity key to the terminal.

According to an embodiment of the present invention, a device performing communication performs a communication security method for public safety using prose discovery, prose communication group communication, and prose communication. can do.

According to an embodiment of the present invention, devices are connected to each other in a group under an environment such as Evolved Universal Terrestrial Radio Access Network (EUTRAN) or Universal Terrestrial Radio Access Network (UTRAN) / GSM / EDGE Radio Access Network (GERAN). Information may be provided or provided. In addition, the device may receive security key related information for prose discovery and prose communication, or perform a security procedure using the security key, thereby enhancing efficiency and security of communication.

Further, according to an embodiment of the present invention, when the UE (UE) discovers another terminal and performs group communication, when the terminal cannot query the group related information, the group related information and the group security information are generated. By verifying this, and receiving and verifying security related information between groups, secure communication can be performed.

In addition, according to an embodiment of the present invention, there is an advantage that important information can be transmitted through device-to-device communication even when an infrastructure is not available due to a disaster or the like. In addition, using the method described in the present invention, it is possible to safely perform communication for public safety in addition to intergroup communication.

The effects obtainable in the present invention are not limited to the above-mentioned effects, and other effects not mentioned above may be clearly understood by those skilled in the art from the following description. will be.

1 is a block diagram of a mobile communication system according to an embodiment of the present invention.

2 is an example of a flowchart illustrating a communication and security procedure for securing prose communication group communication according to an embodiment of the present invention.

3 is another example of a flowchart illustrating a communication and security procedure for securing prose communication group communication according to an embodiment of the present invention.

4 is a block diagram of a terminal according to an embodiment of the present invention.

5 is a block diagram of a prose function server according to an embodiment of the present invention.

6 is a block diagram of an HSS according to an embodiment of the present invention.

7 is a block diagram of an MME according to an embodiment of the present invention.

Hereinafter, with reference to the accompanying drawings will be described in detail the operating principle of the preferred embodiment of the present invention. In the following description of the present invention, detailed descriptions of well-known functions or configurations will be omitted if it is determined that the detailed description of the present invention may unnecessarily obscure the subject matter of the present invention. In addition, terms to be described below are defined in consideration of functions in the present invention, which may vary according to intentions or customs of users and operators. Therefore, the definition should be made based on the contents throughout the specification.

The present invention to be described later, in the process of enabling various devices described above to operate as a terminal (UE) in a mobile communication system environment to enable communication, discovering each other between the devices (discovery), and group communication with each other In order to perform communication, it is to provide a method of transmitting related information, performing security procedures, and enabling secure communication.

In the following description, the Evolved Packet System (EPS) system based on 3rd Generation Partnership Project (3GPP), Universal Terrestrial Radio Access Network (UTRAN), and GSM / EDGE Radio Access Network (GERAN) will be used. However, the present invention may be used in other mobile systems.

Meanwhile, in the present invention, in the group communication between devices, the terminal receives the related information, and receives the security related information, and performs the security procedure, of course, various modifications are possible without departing from the scope of the present invention.

Meanwhile, as shown in FIG. 1 of the present invention, an embodiment of the present invention transmits related information when various devices including a communication terminal, which is a basic object of the present invention, attempt to perform group communication between devices in an EUTRAN or 3GPP environment, and a security procedure. And management methods to enable secure communication. Such a method may be used within the scope of the present invention without departing from the scope of the present invention even in a similar technical background and channel form, network architecture or similar protocol, or other mobile communication systems having different but similar protocols. It is applicable to the modification of the, which will be possible in the judgment of a person skilled in the art of the present invention.

1 is a block diagram of a mobile communication system according to an embodiment of the present invention.

Referring to FIG. 1, in the mobile communication system according to an embodiment of the present invention, security setting for group communication in proximity based service (Prose) discovery, prose communication, and prose communication are performed. (communication) Here, the 3GPP EPS system structure is illustrated as an example. The present invention has been described based on EUTRAN, and this method can be used in other similar mobile communication systems.

Referring to FIG. 1, devices 111 and 131 may include various devices such as a user equipment (UE), a device performing machine type communication (UE), and a consumer device. May be included.

FIG. 1 illustrates an example of an environment in which the first terminal 111 and the second terminal 131 are applicable to prose discovery and prose group communication. The first terminal 111 may perform general EUTRAN communication through an evolved Node B (eNB) 114, a Mobility Management Entity (MME) 116, or the like. The first terminal 111 may perform data communication through a serving gateway (S-GW), a packet data network gateway (PDN-GW) 119, or the like. Can be.

On the other hand, the mobile communication system according to an embodiment of the present invention further includes a prose function server (prose function server) 127 performing a prose related function in order to perform a Proximity based service (Prose) function. can do. The prose function server 127 verifies prose related registration, delivery of related information, and prose related capability of the terminal, and performs prose related functions. On the other hand, there is a home subscriber server (HSS) / home location register (HLR) 121 and thus information about a subscriber and security key information related to the UE. Will be delivered. In addition, the application server function of Prose is performed through the prose application server 125. In addition, the prose application server 125 interoperates with a policy and charging rules function (PCRF) 123-1 in order to perform such a prose application function. Will perform.

In the above, the configuration of the mobile communication system according to an embodiment of the present invention has been described.

Hereinafter, based on the protocol used in mobile communication and Internet communication, the device or terminal (111, 131), eNB 114, MME 116, prose function server 127, HSS 121, application server ( 125) authentication, security and communication setup processes and operations that enable proximity based services (prose), prose discovery, prose communication, group communication, and the like. Let's take a look at how to help.

2 is an example of a flowchart illustrating a communication and security procedure for securing prose communication group communication according to an embodiment of the present invention. In this case, the embodiment shown in FIG. 2 shows a case of performing group prose discovery and prose communication.

Referring to FIG. 2, in step 301, the first terminal 111 may transmit an attach request message to the eNB 114 to perform a registration procedure. In addition, the eNB 114 may transmit an attach request message transmitted by the first terminal 111 to the MME 116. In this case, if communication for public safety is to be performed, a public safety indication indicating communication for public safety may be included in the attach request message. Alternatively, in the case of group communication, a group communication indication indicating a group communication may be included in the attach request message and transmitted. On the other hand, in the attach request message, if the first terminal 111 is connected to the network for the first time for public safety or group communication, it is verified that the first terminal 111 is a terminal suitable for public safety or group communication. You must connect with a secure value for. This secret value should be a value that can be verified on the network for group communication or public safety communication.

Thereafter, in step 303, the MME 116 may transmit an authentication data request message to the HSS 121. The HSS 121 may transmit a response message including security related information including an authentication vector to the MME 116.

In step 305, the MME 116 transmits a user authentication request message including an authentication token (AUTN) to the first terminal 111, and the first terminal 111 sends a user authentication response to the MME 116. A RES (response security value) can be sent along with a (User authentication response) message.

In step 307, the MME 116 may transmit an update location request message to the HSS 121. In this case, if communication is for public safety, the MME 116 may include a public safety indication in an update location request message and transmit it to the HSS 121. Alternatively, in the case of group communication, the MME 116 may include a group communication indication in an update location request message and transmit it to the HSS 121. In this case, when the first terminal 111 accesses the network for the first time, the first terminal 111 should be verified in the network that the terminal is suitable for public safety or group communication. You must connect with).

This secret value should be a value that can be verified on the network for group communication or public safety communication.

In step 309, the HSS 121 inquires information such as identifier information (ID), group key (group key) for group communication with respect to the first terminal 111.

In this case, if there is no corresponding information, the HSS 121 is a secret value sent by the first terminal 111 in step 311, and the first terminal 111 is suitable for group communication or public safety communication. It is verified whether the terminal.

Thereafter, in step 313, if the first terminal 111 is a suitable terminal, a group identifier is assigned to the first terminal 111, and a group key is generated or assigned. An example of configuring a group identifier is as follows. The group identifier includes any one of country information, area information, and communication network (network information in the carrier network and the provider network). In addition, the group identifier may be used for public safety if it is for public safety. For example, it may include information such as firefighting, security, earthquake, typhoon, tsunami and tornado.

In step 317, the HSS 121 transmits subscription data to the MME 116. At this time, the HSS 121 is a prose identifier for providing a prose service to the MME 116, a Prose group identity, a Prose group key, a prose related capability of the terminal, If there is a registered prose identifier and security key, information such as a proxy key related to proximity and a prose Public Land Mobile Network (PLMN) list can be delivered together. Proximity related security key is a security key for proximity discovery or proximity communication. If there is already registered information, the registered information is searched for and informed. Do it.

In step 319, the MME 116 may transmit an attach accept message to the eNB 114. The attach accept message is transmitted from the eNB 114 to the first terminal 111. In step 319, the MME 116, in step 317, the prose identifier for the prose service delivered from the HSS 121, the prose-related capacity of the terminal, the security-related security key, and the prose group. Information such as a key group, a prose group identity, and a prose PLMN list may also be transmitted to the first terminal 111 along with an attach accept message.

According to an embodiment of the present invention, in relation to steps 301, 303, 305, 307, 309, 311, 313, 317, and 319, the MME 116 is an intermediate entity, and the ProSe public indication, secrete value. And the like, and appeared as an intermediate node to verify in the HSS 121. However, in some embodiments, the intermediate node may be involved in the intermediate process, not the MME 116, but in the intermediate function, passing the parameters and verifying the HSS 121. That is, in step 301, 303, 305, 307, 309, 311, 313, 317, and 319, an entity that is involved in passing such a parameter may be a prose function 127. That is, at least one parameter such as a secret value for public safety and a public safety indication may be delivered from the UE through the Prose function 127. Then, the HSS 121 is verified using the transferred parameters through the steps 309, 311, and 313. On the other hand, if the prose function 127 becomes an entity of the intermediate process, according to the embodiment, the Prose Group ID, Prose Group Key, Prose key, Prose ID, etc. are passed from the HHS 121 to the Prose function 127 in steps 317 and 319. It may be delivered to the UE.

In operation 323, the first terminal 111 may transmit a prose registration request message to the prose function 127. In operation 323-2, the second terminal 131 may perform a prose registration request process like the first terminal 111. Since the process is described with the first terminal 111, it is assumed that the second terminal 131 is basically subjected to the same registration process as the first terminal 111.

The prose function 127 may transmit a prose registration request message to the HSS 121 in step 325, and then the HSS 121 may transmit a prose authentication vector to the prose function 127. . The prose authentication vector includes a cipher key (CK) and an integrity key (IK) and transmitted to the prose function 127.

In step 327, the prose authentication token is transmitted from the prose function 127 to the first terminal 111 through a pse authentication request message.

Meanwhile, according to another embodiment of the present invention, the prose function ID may be delivered to the HSS 121 in the prose function 127 in step 325. In operation 325, the HSS 121 may transmit at least one parameter such as a prose group key, a prose key, and a prose authentication token while delivering a prose authentication vector and an authentication token to the Prose function 127. At least one parameter of the received prose group key, prose key, prose authentication token, etc. may be delivered to the UE in the Prose function 127 in step 327.

In operation 329, a prose authentication response message including a response value for the authentication token transmitted from the prose function 127 to the first terminal 111 is registered by the first terminal 111. 127).

In step 331, the prose function 127 may verify the result by comparing RES and XRES information.

Thereafter, in step 333, the prose function 127 may transmit a prose registration response message to the first terminal 111.

The subsequent process will be described with respect to a process in which the terminal performs prose group communication using a prose key or a prose identifier, a prose group key, and a prose group ID.

In the following process, when the first terminal 111 wants to verify the request message sent for the prose group communication through the group key, the first terminal 111 performs the prose function 127 as in step 343. ) May be transmitted including the prose group key of the first terminal 111 in a prose registration complete message. In response, the prose function 127 may register the group key of the first terminal 111 using the received information.

In step 343-3, the prose function 127 may include a prose key to the application server 125 and information related to the registration of the prose service in the process of registering the terminal to the prose function 127 and the prose group key. At least one may be delivered. Thereafter, in operation 343-5, the application server 125 may store at least one of information such as a prose key and a prose group key. Thereafter, in step 343-7, the first terminal 111 and the application server 125 communicate using a prose key, a prose identifier, a Prose Group ID, a Prose Group key, and the like.

In operation 347, the first terminal 111 may send a paging message to the second terminal 131. In this case, the paging message may include a group communication indicator for prose group communication in the terminal, or a public safety communication indication for instructing communication for public safety.

Meanwhile, in step 349, the first terminal 111 notifies the second terminal 131 that it wants to communicate with the prose group, and may request for prose communication. The request method may be performed through a method of using broadcast, broadcast IP, multicast, multicast IP, and the like. At this time, the prose group ID can be used to inform the destination.

In step 349, the group related information of the first terminal 111 is transmitted together with a case 1) time stamp or case 2) nonce, or case 3) time stamp or nonce, in order to prevent a replay attack. Can also be concatenated and sent. Meanwhile, case 4) time stamp may also be time information of an application layer, and case 5) time information value used in a physical layer, that is, physical information used in a physical layer. Counter information, or time information used in system information block (SIB) 16 used in case 6) layer 2 may be used. As in case 5) or case 6), the time information value obtained from the physical layer may be transmitted through SIB of layer 2 as in case 6), and the information of case 5) and case 6) may be physically delayed. There may be a small advantage. In this case, case 7) such information may be transmitted through a one time hash function. Case 8) A message authentication code (MAC) may be obtained using a group key, which is a key shared between the sender and the receiver. It can generate and authenticate whether it is from the right sender.

In step 351, the second terminal 131 verifies whether the first terminal 111 belongs to the Prose Group by decrypting (decrypting) the group related information, time stamp, and nonce transmitted in step 349 with the prose group key. Can be performed.

In operation 353, the second terminal 131 may transmit a group communication response message to the first terminal 111. According to an embodiment, such a group communication response message may be performed including a process of group join. On the other hand, this step may not be performed if step 349 is made by a broadcast method.

In this way, when the first terminal 111 broadcasts or multicasts to members of the prose group, a response message comes from the second terminal 131. The terminal 111 may perform case 1) verifying whether the second terminal 131 also belongs to the group in the first terminal 111. Alternatively, according to an embodiment, case 2) the first terminal 111 may request the network to verify whether the second terminal 131 belongs to a group, and may perform a process of receiving a verification result. The embodiment shown in FIG. 2 relates to an embodiment for verifying whether the second terminal 131 belongs to a group in the first terminal 111 according to case 1).

As an example, case 1) for verifying at the terminal level for group communication, in operation 355, the first terminal 111 may perform verification whether the second terminal 131 belongs to a Prose group. In operation 357, the first terminal 111 may send a message including information indicating that the second terminal 131 joins the group to the second terminal 131. Alternatively, in another embodiment, the second terminal 131 verifies that the second terminal 131 belongs to the prose group in the first terminal 111, and thus the second terminal 131 sends a message indicating that the verification was successful. Can be sent to. On the other hand, if the step 357 does not indicate whether the terminal succeeds in the process of verifying the belonging to the prose group, the purpose is to inform that the terminal is successful in joining the multicast (multicast group) This may be an optional process that is not performed.

In operation 367, the second terminal 131 may send a prose group communication request complete message to the first terminal 111.

Hereinafter, a process of transmitting a session key, an encryption key, a decryption key, and the like for Prose Group communication in steps 381 to 395 will be described.

In operation 381, the first terminal 111 transmits a session group request session message for the Prose group communication to the Prose function 127.

In step 383, the Prose function 127 generates a prose group communication session key.

Thereafter, in step 385, the prose function 127 may encrypt the prose group session key with the prose group key and transmit the encrypted message to the first terminal 111.

In operation 387, the first terminal 111 decrypts the prose group session key.

In operation 389, the first terminal 111 transmits a message requesting a security key to the prose function 127, for example, a prose group encryption and an integrity key request message. Can transmit

In operation 391, the prose function 127 generates a prose group communication integrity key and a prose group communication encryption key.

Thereafter, in step 393, the prose function 127 may encrypt the prose group communication encryption key or the prose group communication integrity key with the prose group session key and transmit the encrypted message to the first terminal 111.

In operation 395, the first terminal 111 decodes the prose group communication encryption key or the prose group communication integrity key into the prose group session key.

Thereafter, in step 399, terminals belonging to the Prose Group such as the first terminal 111 and the second terminal 131 may safely perform the Prose Group communication.

3 is another example of a flowchart illustrating a communication and security procedure for securing prose communication group communication according to an embodiment of the present invention. 3 illustrates a case of performing group prose discovery and prose communication.

Referring to FIG. 3, in step 401, the first terminal 111 may transmit an attach request message to the eNB 114 to perform a registration procedure. In addition, the eNB 114 may transmit an attach request message transmitted by the first terminal 111 to the MME 116. In this case, if communication for public safety is to be performed, a public safety indication indicating communication for public safety may be included in the attach request message. Alternatively, in the case of group communication, a group communication indication indicating a group communication may be included in the attach request message and transmitted. On the other hand, in the attach request message, if the first terminal 111 is connected to the network for the first time for public safety or group communication, it is verified that the first terminal 111 is a terminal suitable for public safety or group communication. You must connect with a secure value for. This secret value should be a value that can be verified on the network for group communication or public safety communication.

Thereafter, in step 403, the MME 116 may transmit an authentication data request message to the HSS 121. The HSS 121 may transmit a response message including security related information including an authentication vector to the MME 116.

In step 405, the MME 116 transmits a user authentication request message including an authentication token (AUTN) to the first terminal 111, and the first terminal 111 sends a user authentication response to the MME 116. A RES (response security value) can be sent along with a (User authentication response) message.

In step 407, the MME 116 may transmit an update location request message to the HSS 121. In this case, if communication is for public safety, the MME 116 may include a public safety indication in an update location request message and send it to the HSS 121. Alternatively, in the case of group communication, the MME 116 may include a group communication indication in an update location request message to the HSS 121. In this case, when the first terminal 111 accesses the network for the first time, the first terminal 111 should be verified in the network that the terminal is suitable for public safety or group communication. You must connect with).

This secret value should be a value that can be verified on the network for group communication or public safety communication.

In step 409, the HSS 121 inquires information such as identifier information (ID) and group key for group communication with respect to the corresponding first terminal 111.

In this case, if there is no corresponding information, the HSS 121 is a secret value sent by the first terminal 111 in step 411 and the first terminal 111 is suitable for group communication or public safety communication. It is verified whether the terminal.

In step 413, if the first terminal 111 is a suitable terminal, a group identifier is assigned to the first terminal 111 and a group key is generated or assigned. An example of configuring a group identifier is as follows. The group identifier includes any one of country information, area information, and communication network (network information in the carrier network and the provider network). In addition, the group identifier may be used for public safety if it is for public safety. For example, it may include information such as firefighting, security, earthquake, typhoon, tsunami and tornado.

In step 417, the HSS 121 transmits subscription data to the MME 116. At this time, the HSS 121 is a prose identifier for providing a prose service to the MME 116, a Prose group identity, a Prose group key, a prose related capability of the terminal, If there is a registered prose identifier and security key, information such as a proxy key related to proximity and a prose Public Land Mobile Network (PLMN) list can be delivered together. Proximity related security key is a security key for proximity discovery or proximity communication. If there is already registered information, the registered information is searched for and informed. Do it.

In step 419, the MME 116 may transmit an attach accept message to the eNB 114. The attach accept message is transmitted from the eNB 114 to the first terminal 111. In step 419, the MME 116 transmits a prose identifier for providing a prose service delivered from the HSS 121 in step 417, a prose-related capability of the terminal, a security key related to a proximity, and a prose group. Information such as a key group, a prose group identity, and a prose PLMN list may also be transmitted to the first terminal 111 along with an attach accept message.

According to an embodiment of the present invention, in connection with steps 401, 403, 405, 407, 409, 411, 413, 417, and 419, the MME 116 delivers ProSe public indication, secrete value, etc. with respect to ProSe as an intermediate entity. , Which appeared as an intermediate node to verify in the HSS 121. However, the intermediate node is not MME 116, but the Prose function 127 may be involved in the intermediate process, passing these parameters and involved in verifying in the HSS 121. That is, in step 401, 403, 405, 407, 409, 411, 413, 417, 419, the entity involved in passing these parameters may be the prose function 127. That is, at least one parameter such as a secret value or public safety indication for public safety may be delivered from the UE through the Prose function 127. Then, the HSS 121 is verified using the transferred parameters through 409, 411, and 413 steps. On the other hand, if the prose function 127 becomes an entity in the middle process, according to the embodiment, the Prose Group ID, Prose Group Key, Prose key, Prose ID, etc. are passed from the HHS 121 to the Prose function 127 in steps 417 and 419. It may be delivered to the UE.

In operation 423, the first terminal 111 may transmit a prose registration request message to the prose function 127. In operation 423-2, the second terminal 131 may also perform a prose registration request process like the first terminal 111. Since the process is described with the first terminal 111, it is assumed that the second terminal 131 is basically subjected to the same registration process as the first terminal 111.

In operation 425, the prose function 127 may transmit a prose registration request message to the HSS 121, and then the HSS 121 may transmit a prose authentication vector to the prose function 127. The prose authentication vector includes a cipher key (CK) and an integrity key (IK) and transmitted to the prose function 127.

In operation 427, the prose function 127 may transmit the prose authentication token to the first terminal 111 in a prose authentication request message.

Meanwhile, according to another embodiment of the present invention, the prose function ID may be delivered to the HSS 121 in the prose function 127 in step 425. In operation 425, the HSS 121 may transmit at least one parameter such as a prose group key, a prose key, and a prose authentication token while delivering a prose authentication vector and an authentication token to the Prose function 127. At least one of the parameters such as the prose group key, the prose key, and the prose authentication token may be delivered to the UE in the Prose function 127 in step 427.

In step 429, a prose authentication response message including a response value for the authentication token transmitted from the prose function 127 to the first terminal 111 is registered in the prose function 127. 127).

In operation 431, the prose function 127 may verify the result by comparing the RES with the XRES information.

Thereafter, in step 433, the prose function 127 may transmit a prose registration response message to the first terminal 111.

The subsequent process will be described with respect to a process in which the terminal performs prose group communication using a prose key or a prose identifier, a prose group key, and a prose group ID.

In the following process, when the first terminal 111 wants to verify the request message sent for the prose group communication through the group key, the first terminal 111 performs the prose function 127 as in step 443. ) May be transmitted including the prose group key of the first terminal 111 in a prose registration complete message. In response, the prose function 127 may register the group key of the first terminal 111 using the received information.

In step 443-3, the prose function 127 registers at least one of a prose key and a prose group key to the application server 125, and the prose function 127 registers for the prose service in the process of registering the terminal in the prose function 127. Can convey information Thereafter, in operation 443-5, the application server 125 may store at least one of information such as a prose key and a prose group key. Thereafter, in step 443-7, the first terminal 111 and the application server 125 communicate using at least one of a prose key, a prose identifier, a prose group ID, and a prose group key.

In operation 447, the first terminal 111 may send a paging message to the second terminal 131. In this case, the paging message may include a group communication indicator for prose group communication in the terminal, or a public safety communication indication for instructing communication for public safety.

Meanwhile, in step 449, the first terminal 111 notifies the second terminal 131 that it wants to communicate with the prose group, and may request for prose communication. Such a request method may be performed through a method using broadcast, broadcast IP, multicast, multicast IP, and the like. At this time, the prose group ID can be used to inform the destination.

In step 449, the group related information of the first terminal 111 is transmitted together with a case 1) time stamp or case 2) nonce, or case 3) time stamp or nonce, in order to prevent a replay attack. Can also be concatenated and sent. Meanwhile, case 4) time stamp may also be time information of an application layer, and case 5) time information value used in a physical layer, that is, physical information used in a physical layer. Counter information, or time information used in system information block (SIB) 16 used in case 6) layer 2 may be used. As in case 5) or case 6), the time information value obtained from the physical layer may be transmitted through SIB of layer 2 as in case 6), and the information of case 5) and case 6) may be physically delayed. There may be a small advantage. In this case, case 7) such information may be transmitted through a one time hash function, and case 8) a message authentication code (MAC) may be obtained using a group key, which is a key shared between the sender and the receiver. It can generate and authenticate whether it is from the right sender.

In step 451, the second terminal 131 verifies whether the first terminal 111 belongs to the Prose Group by decrypting (decrypting) the group related information, time stamp, nonce, etc. transmitted in step 449 with the prose group key. Can be performed.

In operation 453, the second terminal 131 may transmit a group communication response message to the first terminal 111. According to an embodiment, such a group communication response message may be performed including a process of group join. On the other hand, this step may not be performed if step 449 is made by a broadcast method.

When the first terminal 111 broadcasts or multicasts to members of the prose group, a response message comes from the second terminal 131. The first terminal 111 may perform case 1) verifying whether the second terminal 131 also belongs to the group in the first terminal 111. Alternatively, according to an embodiment, case 2) the first terminal 111 may request the network to verify whether the second terminal 131 belongs to a group, and perform a process of receiving a verification result.

In an embodiment, if the first terminal 111 requests the network to verify whether the second terminal 131 belongs to a group and receives the verification result, the second terminal in steps 459 to 467 may be used. Verification is made as to whether 131 belongs to the group.

That is, in step 459, the first terminal 111 may transmit a verification request message including information for requesting verification whether the second terminal 131 belongs to the group to the prose function 127. . Subsequently, according to an embodiment of step 461, the case 2-1) prose function 127 may determine whether the second terminal 131 belongs to a prose group or a prose group communication list related to the first terminal 111. ) Can be verified. The prose group communication list is a list of terminals in the prose group capable of prose communication with the first terminal 111.

According to another exemplary embodiment in step 461, the case 2-2) Prose function 127 may generate a prose group key and store the prose group key.

Thereafter, in step 463, the prose function 127 may send a verification response message including the response information about the verification to the first terminal 111. In this case, the prose function 127 may simply send the first terminal 111 only whether verification is successful.

In step 465, the first terminal 111 transmits a verification response message or a group join response message to the second terminal 131 based on a result of verifying the prose group communication request response of the second terminal 131. Can be. This message may be a verification response to whether the second terminal 131 belongs to a prose group or a response message to a prose group join.

In operation 467, the second terminal 131 may send a prose group communication request complete message to the first terminal 111.

Hereinafter, a process of transmitting a session key, an encryption key, a decryption key, and the like for Prose Group communication will be described in steps 481 to 495.

In step 481, the first terminal 111 transmits a session group request session message for the Prose group communication to the Prose function 127.

In step 483, the Prose function 127 generates a prose group communication session key.

Thereafter, in step 485, the prose function 127 may encrypt the prose group session key with the prose group key and transmit the encrypted message to the first terminal 111.

In operation 487, the first terminal 111 decrypts the prose group session key.

And. In step 489, the first terminal 111 transmits a message requesting a security key to the prose function 127, for example, a prose group encryption key and an integrity key request message. Can be.

In operation 491, the prose function 127 generates a prose group communication integrity key and a prose group communication encryption key.

Thereafter, in step 493, the prose function 127 may encrypt the prose group communication encryption key or the prose group communication integrity key with the prose group session key and transmit the encrypted message to the first terminal 111.

In operation 495, the first terminal 111 decodes the prose group communication encryption key or the prose group communication integrity key into the prose group session key.

Thereafter, in step 499, terminals belonging to the Prose Group such as the first terminal 111 and the second terminal 131 may safely perform the Prose Group communication.

4 is a block diagram of a terminal according to an embodiment of the present invention.

Referring to FIG. 4, the terminal 500 according to an embodiment of the present invention may include a communication unit 510 and a control unit 520. The controller 520 of the terminal 500 controls the terminal to perform any one of the above-described embodiments. For example, the controller 520 transmits an attach request message including at least one of a public safety indication and a group communication indication to the MME, and sends a proxy from the MME. Prose identifier, prose group identifier, prose group key, prose-related capability of the terminal 500, and proxy-related security key (prose key) for proximity based service (Prose: proximity based service) Receives an attach accept message including at least one of the information, transmits a prose registration request message to a prose function server, and transmits the prose registration request message to the prose function server from the terminal 500. Control to receive a prose registration response message according to the authentication of. In addition, the controller 520 transmits a paging message including at least one of a public safety indication and a group communication indication to the second terminal, and prose to the second terminal. When a prose group communication request message including group related information is transmitted and the second terminal verifies that the terminal belongs to a prose group using the prose group related information, the prose group communication response A group communication response message may be received from the second terminal, the second terminal may verify whether the second terminal belongs to the prose group, and control to perform prose group communication with the second terminal.

In addition, the communication unit 510 of the terminal transmits and receives a signal in accordance with any one of the above-described embodiments. For example, the communication unit 510 may communicate with other entities. That is, an attach request message including at least one of a public safety indication and a group communication indication is transmitted to the MME, or a prose registration request is requested to a prose function server. You can communicate with other entities, such as sending a message (prose registration request).

5 is a block diagram of a prose function server according to an embodiment of the present invention.

Referring to FIG. 5, the prose function server 600 according to an embodiment of the present invention may include a communication unit 610 and a controller 620 for controlling overall operations of the prose function server 600. In this case, the controller 620 may further include a prose controller 621.

The prose controller 621 of the prose function server 600 controls the prose function server 600 to perform an operation of any of the above-described embodiments. For example, the prose controller 621 performs a prose registration procedure for prose group communication with a terminal, receives a prose group session key request message from the terminal, generates the prose group session key, and and transmitting a prose session key encrypted with a prose group key to the terminal, receiving a prose group encryption key or integrity key request message from the terminal, and receiving the prose group encryption key or integrity key. And generate and transmit the prose group encryption key or the integrity key encrypted with the prose group body key to the terminal.

In addition, the communication unit 610 of the prose function server transmits and receives signals in accordance with any one of the above-described embodiments. For example, the communication unit 610 may communicate with other entities. That is, the mobile station may communicate with other entities such as receiving a prose group session key request message from the terminal or transmitting a prose session key encrypted with the prose group key to the terminal.

6 is a block diagram of an HSS according to an embodiment of the present invention.

Referring to FIG. 6, a home subscriber server (HSS) 700 may include a communication unit 710 and a controller 720 for controlling the overall operation of the HSS 700. In addition, the controller 720 may further include a subscriber information controller 721.

The subscriber information controller 721 of the HSS 700 controls the HSS 700 to perform the operation of any of the above-described embodiments. For example, the subscriber information control unit 721 controls to receive an authentication data request message from the MME, and based on the received information, the subscriber information control unit 721 includes an authentication vector as an MME. It can be controlled to transmit information.

In addition, the communication unit 710 of the HSS 700 transmits and receives signals in accordance with any one of the above-described embodiments. For example, the communication unit 710 may communicate with other entities. That is, it may communicate with other entities such as receiving an authentication data request message from the MME, or transmitting security related information including an authentication vector to the MME.

7 is a block diagram of an MME according to an embodiment of the present invention.

Referring to FIG. 7, the MME 800 may include a communication unit 810 and a controller 820 for controlling overall operations of the MME 800. In addition, the controller 820 may further include a mobility management controller 821.

The mobility management controller 821 of the MME 800 controls the MME 800 to perform an operation of any of the above-described embodiments. For example, the control unit receives the attach request request message transmitted by the terminal from the base station and transmits an authentication data request message to the HSS based on the received attach request message. can do. In addition, the mobility management control unit 821 receives security-related information including an authentication vector from the HSS, and a user authentication request message including an authentication token (AUTN) to the terminal. Can be controlled to transmit.

In addition, the communication unit 810 of the MME 800 transmits and receives a signal in accordance with any one of the above-described embodiments. For example, the communication unit 810 may communicate with other entities. That is, the base station may communicate with other entities such as receiving an attach request request message transmitted by the terminal from the base station or transmitting an authentication data request message to the HSS.

In addition, although not specifically illustrated, network entities such as an eNB and an application server according to an embodiment of the present invention may also include a communication unit and a control unit, respectively. Each communication unit may transmit and receive a signal such that the entity communicates with other entities. Each controller may control the corresponding entity to perform the operation of any one of the above-described embodiments.

In the above embodiments, all steps and messages may optionally be subject to execution or subject to omission. In addition, in each embodiment, the steps need not necessarily occur in order and may be reversed. Message delivery doesn't necessarily have to happen in order, but can be reversed.

Embodiments of the present invention disclosed in the specification and drawings are only specific examples to easily explain the technical contents of the present invention and aid the understanding of the present invention, and are not intended to limit the scope of the present invention. It will be apparent to those skilled in the art that other modifications based on the technical idea of the present invention can be carried out in addition to the embodiments disclosed herein.

Accordingly, the above detailed description should not be construed as limiting in all aspects and should be considered as illustrative. The scope of the invention should be determined by reasonable interpretation of the appended claims, and all changes within the equivalent scope of the invention are included in the scope of the invention.

Claims (20)

  1. In the communication method of the terminal,
    Sending an attach request message including at least one of a public safety indication and a group communication indication to a Mobility Management Entity (MME);
    A prose identifier, a prose group identifier, a prose group key, a prose-related capability of the terminal and a proxy-related security key for a proximity based service (Prose) from the MME. Receiving an attach accept message including at least one of information;
    transmitting a prose registration request message to a prose function server; And
    Receiving a prose registration response message according to authentication of the terminal from the prose function server;
    Communication method of the terminal comprising a.
  2. According to claim 1,
    Transmitting a paging message including at least one of a public safety indication and a group communication indication to the second terminal;
    Transmitting a prose group communication request message including prose group related information to a second terminal;
    Receiving a prose group communication response message from the second terminal when the second terminal verifies that the terminal belongs to the prose group by using the prose group related information;
    Verifying whether the second terminal belongs to the prose group; And
    Performing prose group communication with the second terminal;
    Communication method of the terminal further comprising.
  3. The method of claim 2, wherein the performing of the prose group communication with the second terminal comprises:
    Transmitting a prose group session key request message to the prose function server;
    Receiving a prose session key encrypted with the prose group key from the prose function server;
    Transmitting a prose group encryption key or integrity key request message to the prose function server; And
    Receiving a prose group encryption key or integrity key encrypted with the prose session key from the prose function server;
    Communication method of the terminal further comprising.
  4. The method of claim 1, wherein the transmitting of the attach request message comprises:
    Transmitting the attach request message further including a secret value for verifying whether the terminal is a terminal suitable for group communication;
    Communication method of a terminal comprising a.
  5. The method of claim 2, wherein the verifying whether the second terminal belongs to the prose group comprises:
    Transmitting a verification request message regarding whether the second terminal belongs to the prose group to the prose function server; And
    Receiving a verification response message indicating whether the second terminal belongs to the prose group from the prose function server;
    Communication method of the terminal further comprising.
  6. According to claim 1,
    Transmitting a prose registration complete message including the prose group key to the prose function server;
    Communication method of the terminal further comprising.
  7. The method of claim 2, wherein the verifying whether the second terminal belongs to the prose group comprises:
    Transmitting a message indicating that the verification belonging to the prose group has succeeded by the second terminal to the second terminal;
    Communication method of the terminal further comprising.
  8. In the terminal,
    A communication unit for communicating with entities; And
    Send an attach request message including at least one of a public safety indication and a group communication indication to a mobility management entity, and from the MME a proxy At least one of a prose identifier, a prose group identifier, a prose group key, a prose-related capability of the terminal and a proxy-related security key for a proximity based service (Prose) Receive an attach accept message including information, transmit a prose registration request message to a prose function server, and register a prose according to authentication of the terminal from the prose function server. A control unit controlling to receive a response registration message;
    Terminal comprising a.
  9. The method of claim 8, wherein the control unit,
    Prose group communication to send a paging message including at least one of a public safety indication and a group communication indication to the second terminal, and includes prose group-related information to the second terminal Send a group communication request message, and when the second terminal verifies that the terminal belongs to the prose group by using the prose group related information, the prose group communication response message is sent to the second terminal. Receiving from a second terminal, verifying whether the second terminal belongs to the prose group, and controlling to perform prose group communication with the second terminal.
  10. The method of claim 9, wherein the control unit,
    Send a prose group session key request message to the prose function server, receive a prose session key encrypted with the prose group key from the prose function server, and request a prose group encryption key or integrity key from the prose function server (prose group encryption, integrity key request) A terminal, characterized in that the terminal to control to receive a prose group encryption key or integrity key encrypted with the prose session key from the prose function server.
  11. The method of claim 8, wherein the control unit,
    And controlling the terminal to transmit the attach request message further including a secret value for verifying whether the terminal is a terminal suitable for group communication.
  12. The method of claim 9, wherein the control unit,
    Sends a verification request message for whether the second terminal belongs to the prose group to the prose function server, and verifies whether the second terminal belongs to the prose group from the prose function server And controlling to receive the response message.
  13. The method of claim 8, wherein the control unit,
    And a prose registration complete message including the prose group key is transmitted to the prose function server.
  14. The method of claim 9, wherein the control unit,
    And controlling the second terminal to transmit a message indicating that the verification belonging to the prose group has succeeded.
  15. In a communication method of a proximity based service (Prose) function server (Prose function server),
    Performing a prose registration procedure for prose group communication with the terminal;
    Receiving a prose group session key request message from the terminal;
    Generating the prose group session key;
    transmitting a prose session key encrypted with a prose group key to the terminal;
    Receiving a prose group encryption key or integrity key request message from the terminal;
    Generating the prose group encryption key or integrity key; And
    Transmitting a prose group encryption key or an integrity key encrypted with the prose group body key to the terminal;
    Communication method of the prose function server comprising a.
  16. The method of claim 15,
    Receiving a verification request message indicating whether a second terminal belongs to a prose group from the terminal;
    Verifying a prose group communication list associated with the terminal whether the second terminal belongs to the prose group; And
    Transmitting a verification response message including a response information about the verification to the terminal;
    Communication method of the prose function server further comprising a.
  17. The method of claim 16, wherein the verifying step,
    generating a prose group key and storing the prose group key;
    Communication method of the prose function server comprising a.
  18. In a proximity based service (Prose) function server,
    A communication unit for communicating with entities;
    Perform a prose registration procedure for prose group communication with the terminal, receive a prose group session key request message from the terminal, generate the prose group session key, and generate a prose session key encrypted with the prose group key; A prose transmitted to the terminal, receiving a prose group encryption key or integrity key request message from the terminal, generating the prose group encryption key or integrity key, and encrypting the prose group body key A control unit controlling to transmit a group encryption key or an integrity key to the terminal;
    Prose function server including.
  19. The method of claim 18, wherein the control unit,
    Receiving a verification request message on whether the second terminal belongs to the prose group from the terminal, and whether the second terminal belongs to the prose group; a prose group communication list associated with the terminal; ) And control to transmit a verification response message including the response information to the terminal to the terminal.
  20. The method of claim 19, wherein the control unit,
    Prose function server for generating a prose group key, and controls to store the prose group key.
PCT/KR2015/000354 2014-01-13 2015-01-13 Security method and system for supporting prose group communication or public safety in mobile communication WO2015105401A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
KR10-2014-0004069 2014-01-13
KR20140004069 2014-01-13
KR1020140055885A KR20150084628A (en) 2014-01-13 2014-05-09 Security supporting method and system for proximity based service group communication or public safety in mobile telecommunication system environment
KR10-2014-0055885 2014-05-09

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US15/111,471 US10382955B2 (en) 2014-01-13 2015-01-13 Security method and system for supporting prose group communication or public safety in mobile communication
EP15735197.4A EP3096544B1 (en) 2014-01-13 2015-01-13 Security method and system for supporting prose group communication or public safety in mobile communication

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/111,471 Division US10382955B2 (en) 2014-01-13 2015-01-13 Security method and system for supporting prose group communication or public safety in mobile communication

Publications (1)

Publication Number Publication Date
WO2015105401A1 true WO2015105401A1 (en) 2015-07-16

Family

ID=53524160

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2015/000354 WO2015105401A1 (en) 2014-01-13 2015-01-13 Security method and system for supporting prose group communication or public safety in mobile communication

Country Status (1)

Country Link
WO (1) WO2015105401A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017027056A1 (en) * 2015-08-11 2017-02-16 Intel IP Corporation Secure direct discovery among user equipment
WO2017034103A1 (en) * 2015-08-26 2017-03-02 엘지전자(주) Method and device by which terminal transmits/receives data in wireless communication system
WO2017126721A1 (en) * 2016-01-21 2017-07-27 엘지전자(주) Method and apparatus for transmitting and receiving data of terminal in wireless communication system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013089452A1 (en) * 2011-12-13 2013-06-20 엘지전자 주식회사 Method and device for providing a proximity service in a wireless communication system
WO2013095001A1 (en) * 2011-12-20 2013-06-27 엘지전자 주식회사 User equipment-initiated control method and apparatus for providing proximity service
WO2013109040A1 (en) * 2012-01-16 2013-07-25 엘지전자 주식회사 Method and apparatus for providing proximity service in wireless communication system
US20130294433A1 (en) * 2012-05-04 2013-11-07 Institute For Information Industry Direct mode communication system and communication attaching method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013089452A1 (en) * 2011-12-13 2013-06-20 엘지전자 주식회사 Method and device for providing a proximity service in a wireless communication system
WO2013095001A1 (en) * 2011-12-20 2013-06-27 엘지전자 주식회사 User equipment-initiated control method and apparatus for providing proximity service
WO2013109040A1 (en) * 2012-01-16 2013-07-25 엘지전자 주식회사 Method and apparatus for providing proximity service in wireless communication system
US20130294433A1 (en) * 2012-05-04 2013-11-07 Institute For Information Industry Direct mode communication system and communication attaching method thereof

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
None
See also references of EP3096544A4 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017027056A1 (en) * 2015-08-11 2017-02-16 Intel IP Corporation Secure direct discovery among user equipment
US10499236B2 (en) 2015-08-11 2019-12-03 Intel IP Corporation Secure direct discovery among user equipment
WO2017034103A1 (en) * 2015-08-26 2017-03-02 엘지전자(주) Method and device by which terminal transmits/receives data in wireless communication system
WO2017126721A1 (en) * 2016-01-21 2017-07-27 엘지전자(주) Method and apparatus for transmitting and receiving data of terminal in wireless communication system

Similar Documents

Publication Publication Date Title
DE60318244T2 (en) 802.11 standard use of a compressed reassoction exchange for fast override
EP2567573B1 (en) Method and apparatus for performing handover
CN101322428B (en) Method and apparatus for distributing keying information
EP2184933B1 (en) A method and apparatus for new key derivation upon handoff in wireless networks
KR101170191B1 (en) Improved subscriber authentication for unlicensed mobile access signaling
ES2734989T3 (en) Secure communications for computer devices that use proximity services
JP5288210B2 (en) Unicast key management method and multicast key management method in network
WO2013169073A1 (en) Method and system for connectionless transmission during uplink and downlink of data packets
DE602004011573T2 (en) Improvements of authentication and authorization in heterogenic networks
US20100002883A1 (en) Security procedure and apparatus for handover in a 3gpp long term evolution system
JP2004297783A (en) Wireless network handoff encryption key
US9276909B2 (en) Integrity protection and/or ciphering for UE registration with a wireless network
US8892874B2 (en) Enhanced security for direct link communications
US20110010538A1 (en) Method and system for providing an access specific key
CN102769848B (en) The evolved packet system Non-Access Stratum monitored using real-time LTE is decrypted
CA2413944C (en) A zero-configuration secure mobility networking technique with web-base authentication method for large wlan networks
KR101030646B1 (en) Systems and methods for key management for wireless communications systems
US7158777B2 (en) Authentication method for fast handover in a wireless local area network
EP1841260B1 (en) Authentication system comprising a wireless terminal and an authentication device
KR20130126742A (en) Methods and apparatuses for enabling non-access stratum(nas) security in lte mobile units
EP1713289B1 (en) A method for establishing security association between the roaming subscriber and the server of the visited network
US9554271B2 (en) Generating keys for protection in next generation mobile networks
US7107051B1 (en) Technique to establish wireless session keys suitable for roaming
JP4861426B2 (en) Method and server for providing mobility key
EP1438821A1 (en) Ciphering as a part of the multicast concept

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15735197

Country of ref document: EP

Kind code of ref document: A1

REEP

Ref document number: 2015735197

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2015735197

Country of ref document: EP

NENP Non-entry into the national phase in:

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 15111471

Country of ref document: US