WO2021047276A1

WO2021047276A1 - Key generation method and device

Info

Publication number: WO2021047276A1
Application number: PCT/CN2020/101713
Authority: WO
Inventors: 张博
Original assignee: 华为技术有限公司
Priority date: 2019-09-12
Filing date: 2020-07-13
Publication date: 2021-03-18
Also published as: CN112491533A; CN112491533B; CN115567931A

Abstract

The embodiments of the present application disclose a key generation method and device, being used for completing key negotiation when direct communication is performed between terminals by means of a PC5 interface. Taking key negotiation between a first terminal and a second terminal as an example, said method comprises: a first terminal sending a communication request to a second terminal, the communication request being used to request for the establishment of communication with the second terminal, the communication request comprising the identifier of the first terminal and the identifier of a service; the first terminal receiving from the second terminal a communication response to the communication request; and the first terminal acquiring a shared key, and determining a security key according to the shared key and the identifier of the service, the security key being a security key for communication protection between the first terminal and the second terminal. Said method is able to complete key negotiation between the first terminal and the second terminal by means of the negotiation process.

Description

Method and device for generating key

Cross-references to related applications

This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on September 12, 2019, the application number is 201910864831.6, and the application name is "a key generation method and device", the entire content of which is incorporated into this application by reference in.

Technical field

The embodiments of the present application relate to the field of communication technologies, and in particular, to a method and device for generating a key.

Background technique

In the Internet of Vehicles scenario of the mobile communication network, a variety of communication methods between terminals are defined. For example, the terminal 1 may send data to a user plane function (UPF) through the base station, and the UPF forwards the data to the terminal 2 through the base station. Then a logical channel is established between terminal 1 and terminal 2 for service communication between them.

The terminal 1 and the terminal 2 can also communicate directly. In the Internet of Vehicles scenario, there may be a PC5 interface between the terminal and the terminal. Multiple terminals can communicate directly through the PC5 interface between them.

Then, when multiple terminals communicate directly through the PC5 interface, how to complete the key agreement is a problem that needs to be solved.

Summary of the invention

The embodiments of the present application provide a key generation method and device to solve the problem of how to complete key negotiation when multiple terminals communicate directly through a PC5 interface.

The specific technical solutions provided by the embodiments of this application are as follows:

In the first aspect, a key generation method is provided, which is applied to a system in which multiple terminals communicate directly. For example, any two terminals in the system are represented by a first terminal and a second terminal, and the first terminal and The interaction process between the second terminal will introduce the key generation method provided in this application. The first terminal sends a communication request to the second terminal, the second terminal receives a communication request from the first terminal, the communication request is used to request the establishment of communication with the second terminal, and the communication request includes the identification of the first terminal And the identifier of the service; the identifier of the service is used to indicate the service for establishing communication between the first terminal and the second terminal. The second terminal determines the first security key according to the shared key and the service identifier; the second terminal returns a communication response to the first terminal according to the communication request; the first terminal receives The second terminal receives a communication response, and the communication response is used to respond to the communication request; the first terminal determines a first security key according to the shared key and the identifier of the service, wherein the first The security key is a security key for communication protection between the first terminal and the second terminal. Through the above method, it is possible to realize key negotiation when the terminal communicates directly with the terminal. And because the first terminal and the second terminal are the first security key determined according to the service identifier, the first security key is used for a specific service indicated by the service identifier, thereby enabling different The keys used between different businesses are different, which achieves the effect of key isolation between different businesses.

In a possible design, the communication request further includes one or more of the following information: the identity of the shared key, the type of service, the application layer identity of the first terminal, and the application of the second terminal Layer ID, Layer 2 ID of the first terminal, Layer 2 ID of the second terminal, instructions for PC5 interface signaling transmission, instructions for PC5 interface radio resource control RRC transmission, for PC5 interface users The indication of plane data transmission, the identification of the data radio bearer DRB, the identification of the data flow, the identification of the PC5 unicast link of the first terminal or the identification of the terminal-to-terminal communication group.

In a possible design, the communication response includes one or more of the following information: identification of the shared key, type of service, application layer identification of the first terminal, application layer of the second terminal ID, the layer 2 ID of the first terminal, the layer 2 ID of the second terminal, the instruction for PC5 interface signaling transmission, the instruction for PC5 interface RRC transmission, the instruction for PC5 interface user plane data transmission Indication, the identifier of the DRB, the identifier of the data flow, the identifier of the PC5 unicast link of the first terminal, the identifier of the PC5 unicast link of the second terminal or the terminal-to-terminal communication group.

In a possible design, if the communication request carries one or more of the above information, then the first terminal determines the first security key according to the shared key and the service identifier, which can also be implemented in the following manner: The first terminal determines the first security key according to the shared key, the identifier of the service, and the one or more types of information included in the communication request. In this way, the first terminal determines the first security key according to the information carried in the communication request, which can not only realize the key isolation between different services, but also realize the key isolation between the parameters of the information. For example, the communication request includes an indication for PC5 interface radio resource control RRC transmission, and the first terminal may determine the first security secret based on the shared key and the indication for PC5 interface radio resource control RRC transmission included in the communication request. Key, the determined first security key is used to protect the security of the first terminal and the second terminal when RRC is transmitted through the PC5 interface.

In a possible design, if the communication response carries one or more of the above-mentioned information, the first terminal determines the first security key according to the shared key and the service identifier, which can also be implemented in the following manner: The first terminal determines the first security key according to the shared key, the identifier of the service, and the one or more types of information included in the communication response. In this way, the first terminal determines the first security key according to the information carried in the communication response, which can not only realize the key isolation between different services, but also realize the key isolation between the parameters of the information. For example, the communication request includes an instruction for PC5 interface radio resource control RRC transmission, and the first terminal may determine the first security secret based on the shared key and the instruction for PC5 interface radio resource control RRC transmission carried in the communication response. Key, the determined first security key is used to protect the security of the first terminal and the second terminal when RRC is transmitted through the PC5 interface.

It should be noted that, the first terminal receives the communication response from the second terminal, and the first terminal determines the first security key, there is no strict execution sequence between these two steps. The order can be exchanged with each other. The first terminal may generate the first security key according to the shared key and the parameters in the communication request, so that there is no need to determine the first security key after receiving the communication response. In another case, after receiving the communication response, the first security key is determined according to the parameters in the communication response, so that it is necessary to perform the step of determining the first security key after the communication response is received.

Similarly, in a possible design, the second terminal determines the first security key according to the shared key and the service identifier, which can be implemented in the following manner: the second terminal determines the first security key according to the shared key, the The identification of the service and the one or more types of information included in the communication request determine the first security key. In this way, the second terminal determines the first security key according to the information carried in the communication request, which can not only realize the key isolation between different services, but also realize the key isolation between the parameters of the information. For example, the communication request includes an indication for PC5 interface radio resource control RRC transmission, and the second terminal may determine the first security secret based on the shared key and the indication for PC5 interface radio resource control RRC transmission included in the communication request. Key, the determined first security key is used to protect the security of the first terminal and the second terminal when RRC is transmitted through the PC5 interface.

In a possible design, the second terminal determines the first security key according to the shared key and the service identifier, which can be implemented in the following manner: the second terminal according to the shared key, the service ID The identification and the one or more types of information included in the communication response determine the first security key. In this way, the second terminal determines the first security key according to the information carried in the communication response, which can not only realize the key isolation between different services, but also realize the key isolation between the parameters of the information. For example, the communication request includes an indication for PC5 interface radio resource control RRC transmission, and the second terminal may determine the first security secret based on the shared key and the indication for PC5 interface radio resource control RRC transmission carried in the communication response. Key, the determined first security key is used to protect the security of the first terminal and the second terminal when RRC is transmitted through the PC5 interface.

In this way, the key negotiated between the first terminal and the second terminal can be for a certain parameter, such as for the service indicated by the service ID, or for the RRC transmission of the PC5 interface, or for the DRB indicated by the DRB ID of. In this way, the key negotiated between the first terminal and the second terminal may be isolated between different parameters whose granularity is the parameter when the key is applied.

In a possible design, the communication request further includes a first message verification code MAC and/or a first indication, and the first MAC is used to verify whether the communication request is a legitimate request, and the first indication It is used to instruct the second terminal to obtain the shared key through an application layer or obtain the shared key through an operator network.

In a possible design, the second terminal judges whether the first terminal and the second terminal belong to the same network according to the identifier of the first terminal. By judging whether the first terminal and the second terminal belong to the same network, it can be determined whether to obtain the shared key through the application layer or through the operator network. The way to obtain the shared key can be expanded.

In a possible design, the second terminal determines that the first terminal and the second terminal belong to the same network, and sends a non-access stratum NAS request to the first network function NF. The NAS request is used to request all The shared secret key. In this way, the shared key can be obtained through the operator's network. For example, the key agreement between the first terminal and the second terminal may be completed according to the AMF key.

In a possible design, the NAS request includes at least one of the following information: the identifier of the first terminal, the message verification code MAC, or the first indication; the first indication is used to indicate that the NAS request is used for Telematics communication.

In a possible design, the second terminal receives a NAS response from the first NF, and the NAS response includes the shared key. In this way, the shared key can be obtained through the operator network. For example, the first NF is AMF, the shared key provided by the first NF is AMF key, and the first terminal and the second terminal can complete key negotiation according to the AMF key.

In a possible design, the communication response also carries a second indication, and the second indication is used to instruct the first terminal to obtain the shared key through the application layer or obtain the shared secret through the operator network. key.

In a possible design, the first terminal sends a registration request to the network device, the registration request is used to request to register the identity of the first terminal, the registration request includes a third instruction, and the third instruction It is used to instruct the first terminal to request the use of a service for communication between the terminal and the terminal; the first terminal receives the identification of the first terminal from the network device. For example, the network device here may be a core network device, such as AMF. The first terminal can request to register the identification used for key negotiation by sending a registration request to the network device. The network device returns the identification of the first terminal to the first terminal, which may be an identification allocated according to the registration request for key negotiation. When the first terminal adopts the identifier for key negotiation and the second terminal for key negotiation, since the identifier is allocated by the network side for key negotiation, it can avoid the disclosure of other types of identifiers (such as 5G). -GUTI), the less 5G-GUTI is used, the more safety performance can be improved.

In a second aspect, a method for generating a key is provided, and the execution subject of the method is NF, for example, denoted as first NF. The method can be implemented in the following manner: a first network function NF receives a key request, the key request includes the identification of the first terminal; the first NF determines a shared key according to the identification of the first terminal ; The first NF sends the shared key to the second terminal. The shared key is used by the first terminal to generate a first security key. The first security key is a security key for communication protection between the first terminal and the second terminal. In this way, the shared key can be provided to the terminal through the operator network. For example, the first NF is AMF, the shared key provided by the first NF is AMF key, and the first terminal and the second terminal can complete key negotiation according to the AMF key. .

In a possible design, the key request is sent by the second terminal. The second terminal sends a key request to the first NF, and the first NF receives the key request from the second terminal. The second terminal belongs to the first NF.

Alternatively, the key request is sent by the second terminal through a second NF. That is, the second terminal sends a key request to the second NF, and the second NF sends the key request to the first NF. In this case, it is possible that the second terminal belongs to the second NF, and the first terminal belongs to the first NF.

In a possible design, the key request further includes a message verification code MAC; the first NF verifies the MAC and determines that the MAC verification passes.

In a possible design, the key request further includes one or more of the following information: the identification of the shared key, the identification of the service, the type of the service, the application layer identification of the first terminal, the The application layer identifier of the second terminal, the layer 2 identifier of the first terminal, the layer 2 identifier of the second terminal, an indication for PC5 interface signaling transmission, an indication for PC5 interface radio resource control RRC transmission, It is used for the instruction of PC5 interface user plane data transmission, the identifier of the data radio bearer DRB, the identifier of the data flow, the identifier of the PC5 unicast link of the first terminal or the identifier of the terminal-to-terminal communication group. The information included in the key request may be carried in a container. The first terminal sends the container to the second terminal, and the second terminal sends the container to the first NF; or, the first terminal sends the container to the second terminal, and the second terminal sends the container to the second NF. The second NF sends the container to the first NF.

In a possible design, the first NF determines the shared key according to the identification of the first terminal and the one or more types of information in the key request.

In a possible design, after determining the shared key, the first NF sends the shared key to the second terminal, which may be implemented in the following manner: the first NF sends the shared key to the second NF, The second NF sends the shared key to the second terminal, or the second NF generates a key according to the shared key, and sends the generated key to the second terminal. Or, the first NF directly sends the shared key to the second terminal.

In a third aspect, a device is provided. The device may be a terminal, a device in the terminal, or a device that can be matched and used with the terminal. In one design, the device may include modules that perform one-to-one correspondence of the methods/operations/steps/actions performed by the first terminal described in the first aspect, or the device may include modules that perform the methods/operations/steps/actions described in the first aspect. The module corresponding to the method/operation/step/action executed by the second terminal. The module can be a hardware circuit, software, or a combination of hardware circuit and software. In one design, the device may include a processing module and a communication module.

Exemplarily, when the device is used to perform the operation performed by the first terminal in the first aspect: the communication module is used to send a communication request to the second terminal, and the communication request is used to request communication with the second terminal. To establish communication, the communication request includes the identity of the first terminal and the identity of the service; the communication module is further configured to receive a communication response from the second terminal; the communication response is used to respond to the communication request; The processing module is configured to determine a first security key according to the shared key and the service identifier; wherein, the first security key is the security of communication protection between the first terminal and the second terminal Key.

In a possible design, the processing unit is configured to determine the first security key according to the shared key, the identifier of the service, and the one or more types of information included in the communication request.

In a possible design, the communication module is further configured to send a registration request to a network device, the registration request is used to request registration of the identity of the first terminal, the registration request includes a third instruction, the The third indication is used to indicate that the first terminal requests to use the service of communication between the terminal and the terminal; and used to receive the identification of the first terminal from the network device.

Exemplarily, when the device is used to perform an operation performed by the first terminal in the first aspect: a communication module, configured to receive a communication request from the first terminal, the communication request including the identification ID of the first terminal And the identification of the service; the processing module is used to determine the first security key according to the shared key and the identification of the service; wherein, the first security key is the difference between the first terminal and the second terminal A security key for inter-communication protection; the communication module is further configured to return a communication response to the first terminal according to the communication request.

In a possible design, the processing module is configured to determine the first security key according to the shared key, the identifier of the service, and the one or more types of information included in the communication request.

In a possible design, the processing module is further configured to: determine whether the first terminal and the second terminal belong to the same network according to the identity of the first terminal; determine whether the first terminal and the second terminal belong to the same network; The second terminal belongs to the same network; the communication module is also used to send a non-access stratum NAS request to the first network function NF, and the NAS request is used to request the shared key.

In a possible design, the NAS request includes at least one of the following information: the identifier of the first terminal, the message verification code MAC, or the first indication; the first indication is used to indicate that the NAS request is used for Car networking communication; the communication module is further configured to receive a NAS response from the first NF, and the NAS response includes the shared key.

Regardless of whether the device is used to perform operations performed by the first terminal in the first aspect or used to perform operations performed by the second terminal in the first aspect, the following optional implementation manners are also possible:

Optionally, the communication request further includes one or more of the following information: identification of the shared key, type of service, layer 2 identification of the first terminal, layer 2 identification data of the second terminal The ID of the radio bearer DRB, the ID of the data flow, the ID of the PC5 unicast link of the first terminal, or the ID of the terminal-to-terminal communication group.

Optionally, the communication request further includes a first message verification code MAC and/or a first indication, the first MAC is used to check whether the communication request is a legal request, and the first indication is used to indicate The second terminal obtains the shared key through an application layer or obtains the shared key through an operator network.

Optionally, the communication response carries a second indication, and the second indication is used to instruct the first terminal to obtain the shared key through an application layer or obtain the shared key through an operator network.

In a fourth aspect, a device is provided. The device may be a network function NF, denoted as the first NF, may also be a device in the NF, or a device that can be used in conjunction with the NF. In one design, the device may include modules that perform one-to-one correspondence of the methods/operations/steps/actions performed by the first NF described in the second aspect. The module can be a hardware circuit, software, or a combination of hardware circuit and software. In one design, the device may include a processing module and a communication module.

Exemplarily, the communication module is configured to receive a key request, the key request is sent by a second terminal, or the key request is sent by the second terminal through a second NF, the key The request includes the identification of the first terminal; the processing module is configured to determine the shared key according to the identification of the first terminal; the communication module is also configured to send the shared key to the second terminal, or And is also used to send the shared key to the second terminal through the second NF.

In a possible design, the key request further includes a message verification code MAC; the processing module is further configured to verify the MAC and determine that the MAC verification passes.

In a possible design, the key request further includes one or more of the following information: the identification of the shared key, the identification of the service, the type of the service, the layer 2 identification of the first terminal, the The layer 2 identification of the second terminal, the identification of the data radio bearer DRB, the identification of the data flow, the identification of the PC5 unicast link of the first terminal, or the identification of the terminal-to-terminal communication group.

In a possible design, the processing module is configured to determine the shared key according to the identification of the first terminal and the one or more types of information in the key request.

In a fifth aspect, an embodiment of the present application provides a device, the device includes a communication interface and a processor, and the communication interface is used for communication between the device and other devices, for example, data or signal transmission and reception. Exemplarily, the communication interface may be a transceiver, circuit, bus, module, or other type of communication interface; other devices may be other terminals or NFs. The processor is configured to execute the method executed by the first terminal or the second terminal described in the first aspect. The device may also include a memory for storing instructions called by the processor. The memory is coupled with the processor, and when the processor executes the instructions stored in the memory, the method executed by the first terminal or the second terminal described in the first aspect can be implemented.

In a possible design, when the device is used to perform operations performed by the first terminal in the first aspect: a communication interface is used to send a communication request to the second terminal, and the communication request is used to request communication with the The second terminal establishes communication, and the communication request includes the identification of the first terminal and the identification of the service; the communication interface is also used to receive a communication response from the second terminal; the communication response is used to respond to the Communication request; a processor, configured to determine a first security key according to the shared key and the identifier of the service; wherein, the first security key is the communication between the first terminal and the second terminal Security key for protection.

In a possible design, the communication interface is further used to send a registration request to a network device, the registration request is used to request to register the identity of the first terminal, the registration request includes a third indication, the The third indication is used to indicate that the first terminal requests to use the service of communication between the terminal and the terminal; and used to receive the identification of the first terminal from the network device.

Exemplarily, when the device is used to perform an operation performed by the first terminal in the first aspect: a communication interface for receiving a communication request from the first terminal, the communication request including the identification ID of the first terminal And the identification of the service; the processor is configured to determine a first security key according to the shared key and the identification of the service; wherein, the first security key is the difference between the first terminal and the second terminal A security key for inter-communication protection; the communication interface is also used to return a communication response to the first terminal according to the communication request.

In a possible design, the processor is configured to determine the first security key according to the shared key, the identifier of the service, and the one or more types of information included in the communication request.

In a possible design, the processor is further configured to: determine whether the first terminal and the second terminal belong to the same network according to the identity of the first terminal; and determine whether the first terminal and the second terminal belong to the same network; The second terminal belongs to the same network; the communication interface is also used to send a non-access stratum NAS request to the first network function NF, and the NAS request is used to request the shared key.

In a possible design, the NAS request includes at least one of the following information: the identifier of the first terminal, the message verification code MAC, or the first indication; the first indication is used to indicate that the NAS request is used for Internet of Vehicles communication; the communication interface is also used to receive a NAS response from the first NF, and the NAS response includes the shared key.

In a sixth aspect, an apparatus is provided. The apparatus includes a communication interface and a processor, and the communication interface is used for communication between the apparatus and other devices, for example, data or signal transmission and reception. Exemplarily, the communication interface may be a transceiver, circuit, bus, module, or other type of communication interface; other devices may be terminals or other NFs. The processor is used to execute the method described in the second aspect above. The device may also include a memory for storing instructions called by the processor. The memory is coupled with the processor, and when the processor executes the instructions stored in the memory, the method described in the second aspect can be implemented.

Exemplarily, the communication interface is configured to receive a key request, the key request is sent by a second terminal, or the key request is sent by the second terminal through a second NF, and the key The request includes the identification of the first terminal; the processor is configured to determine the shared key according to the identification of the first terminal; the communication interface is further configured to send the shared key to the second terminal, or And is also used to send the shared key to the second terminal through the second NF.

In a possible design, the key request further includes a message verification code MAC; the processor is further configured to verify the MAC and determine that the MAC verification passes.

In a possible design, the processor is configured to determine the shared key according to the identification of the first terminal and the one or more types of information in the key request.

In a seventh aspect, the embodiments of the present application also provide a computer-readable storage medium. The computer-readable storage medium stores computer-readable instructions. When the computer-readable instructions run on the computer, the computer can execute The method described in one aspect or any one of the possible designs of the first aspect.

In an eighth aspect, the embodiments of the present application also provide a computer-readable storage medium, including instructions, which, when run on a computer, cause the computer to execute as described in the second aspect or any one of the possible designs in the second aspect. The method described.

In the ninth aspect, the embodiments of the present application also provide a computer program product, including instructions, which when run on a computer, cause the computer to execute the design described in the first aspect or any one of the possible designs in the first aspect Method, or implement the method as described in the second aspect or any one of the possible designs of the second aspect.

In a tenth aspect, an embodiment of the present application provides a chip system, which includes a processor and may also include a memory, for implementing the method described in the first aspect or any one of the possible designs of the first aspect. . The chip system can be composed of chips, or it can include chips and other discrete devices.

In an eleventh aspect, an embodiment of the present application provides a chip system. The chip system includes a processor and may also include a memory for implementing the above-mentioned second aspect or any one of the possible designs of the second aspect. method. The chip system can be composed of chips, or it can include chips and other discrete devices.

In a twelfth aspect, an embodiment of the present application provides a communication system, the communication system including the device described in the third aspect or the fifth aspect, and the device described in the fourth aspect or the sixth aspect.

Description of the drawings

FIG. 1 is one of the schematic diagrams of the communication system architecture in an embodiment of the application;

Figure 2 is one of the schematic diagrams of the key generation method in the embodiment of the application;

FIG. 3a is a schematic diagram of a method for obtaining a shared key through an operator in an embodiment of the application;

FIG. 3b is the second schematic diagram of the flow of the key generation method according to the embodiment of this application;

FIG. 4 is a schematic diagram of the process of registering the identification used for key negotiation by the first terminal in an embodiment of the application;

Figure 5 is one of the schematic diagrams of the device structure in an embodiment of the application;

Fig. 6 is the second schematic diagram of the device structure in the embodiment of the application;

FIG. 7 is the second schematic diagram of the communication system architecture in the embodiment of the application.

detailed description

The embodiments of the present application will be described in detail below in conjunction with the accompanying drawings.

The embodiments of the present application provide a method and device for generating a key. The method and device are based on the same inventive concept. Since the principles of the method and device to solve the problem are similar, the implementation of the device and the method can be referred to each other, and the repetition will not be repeated. . In the description of the embodiments of the present application, “and/or” describes the association relationship of the associated objects, indicating that there can be three types of relationships, for example, A and/or B, which can mean: A alone exists, and both A and B exist separately. There are three cases of B. The character "/" generally indicates that the associated objects before and after are in an "or" relationship. At least one involved in this application refers to one or more; multiple refers to two or more. In addition, it should be understood that in the description of this application, words such as "first" and "second" are only used for the purpose of distinguishing description, and cannot be understood as indicating or implying relative importance, nor can it be understood as indicating Or imply the order. The "including" information in the message or request or response in the embodiments of the present application can be understood as the "carrying" information in the message or request or response.

The communication method provided in the embodiments of the present application can be applied to a fourth generation (4th generation, 4G) communication system, a fifth generation (5th generation, 5G) communication system, or various future communication systems. Specifically, it can be applied to a communication scenario of the Internet of Vehicles, and can be applied to a terminal-to-terminal communication system, such as a vehicle-to-everything (V2X) communication system.

FIG. 1 shows the architecture of a possible communication system to which the key generation method provided in the embodiment of the present application is applicable. Figure 1 shows that the communication system is a V2X communication system.

As shown in Figure 1, the V2X communication system includes one or more terminals. The terminal in the V2X communication system is also called user equipment (UE), mobile station (MS), mobile terminal (MT), etc., which provide users with voice or data connectivity. The device can also be an IoT device. For example, terminals include handheld devices with wireless connection functions, vehicle-mounted devices, and so on. At present, the terminal can be: mobile phone (mobile phone), tablet computer, notebook computer, palm computer, mobile internet device (MID), wearable device (such as smart watch, smart bracelet, pedometer, etc.), Vehicles, vehicle-mounted equipment (for example, cars, bicycles, electric vehicles, airplanes, ships, trains, high-speed rail, etc.), virtual reality (VR) equipment, augmented reality (AR) equipment, industrial control (industrial control) Wireless terminals, smart home equipment (for example, refrigerators, TVs, air conditioners, electric meters, etc.), smart robots, workshop equipment, wireless terminals in self-driving, and wireless terminals in remote medical surgery , The wireless terminal in the smart grid, the wireless terminal in the transportation safety, the wireless terminal in the smart city, or the wireless terminal in the smart home, and flying equipment (such as , Smart robots, hot air balloons, drones, airplanes), etc.

The terminal in Figure 1 takes UE as an example, including UE A, UE B, UE C, and UE D. In the V2X communication system, a connection is established between the terminal and the terminal through the PC 5 interface, and communication can be directly carried out. As shown in Figure 1, in UE A, UE B, UE C, and UE D, the two UEs are connected through a PC5 interface. The terminal can also be connected to the access network equipment through a Uu port. The access network equipment in Figure 1 is represented by the next generation radio access network (NG-RAN). An access network device is a node in a radio access network (RAN), which may also be called a base station, or a RAN node (or device). The access network equipment is connected to the core network.

The core network in Figure 1 is represented by a 5G core network (5G core, 5GC), and 5GC includes one or more network functions (network functions, NF), and NF may also be referred to as a network function entity or a network function network element. In Figure 1, 5GC includes authentication management function (authentication management function, AMF), session management function (session management function, SMF), unified data storage (Unified Data Repository, UDR), unified data management function (unified data management, Examples of network functions such as UDM), policy control function (PCF), network exposure function (NEF), application function (AF) and user plane function (UPF) . Among them, AMF is used for access and mobility management functions, and AUSF is used for authentication server functions;

Each terminal may generate data for V2X applications. There are multiple communication link modes between the terminal and the terminal. For example, the terminal and the terminal directly establish communication based on the PC5 interface, that is, the terminal communicates directly based on the wireless capability. The UE A and UE B shown in FIG. 1 establish communication through the PC5 interface. For another example, the terminal may transmit V2X application data to the base station based on the Uu interface. For example, UE A sends the data of the V2X application to the UPF through the base station, and then the UPF forwards the data of the V2X application to the UE D through the base station. At this time, UE A and UE D have established a logical channel for V2X service communication between them. Another possibility is that the UE sends V2X application data to the V2X application server through the base station and UPF, and the V2X application server sends the V2X application data to the UED through the UPF and the base station. Another possibility is that the UE sends the V2X application data to another base station through the base station, and then the other base station sends the V2X application data to the UE D. Here, the base stations to which the two UEs are connected may be the same or different.

In the V2X communication system, the communication mode between the terminal and the terminal includes: unicast, multicast or broadcast.

When a terminal sends V2X application data to another terminal, it needs to perform key negotiation on the PC5 interface to ensure the security of PC5 communication.

The communication system shown in FIG. 1 is a possible system to which the embodiments of this application are applicable. The embodiments of the present application can also be applied to other systems besides the V2X communication system. The method in the embodiment of the present application includes key negotiation between two terminals. When applied to a V2X communication system, it can be the key negotiation between the two terminals on the PC5 interface. This method can also be extended to key negotiation between any two devices.

The key generation method provided in the embodiments of the present application will be described in detail below.

As shown in FIG. 2, the specific process of the key generation method provided by the embodiment of the present application is as follows. This method takes the communication between any two terminals as an example to introduce the method of generating the key. The two terminals of the communicating parties may be referred to as the first terminal and the second terminal.

S201: The first terminal sends a communication request to the second terminal, and the second terminal receives the communication request from the first terminal.

The communication request includes one or more of the following information:

1) The identity of the first terminal. The identity of the first terminal is used to identify the identity of the first terminal. For example, the identifier may be a permanent identifier (identity, ID), or other identifiers, such as 5G-global unique temporary identifier (GUTI), generic public subscription identifier (GPSI) Or a registered temporary identifier dedicated to key negotiation (denoted as UE ID).

Optionally, the second terminal may store the ID of the first terminal.

2) The service identifier or the application program identifier is used to identify the service or application program interacting between the first terminal and the second terminal. For example, the identifier may be used to indicate that the service interacted between the first terminal and the second terminal is a V2X service, or the identifier may be used to indicate that the application program interacted between the first terminal and the second terminal is a V2X application. For example, the service identifier or the application program identifier is an intelligent transportation systems application identifier (ITS-A ID).

3) Type of business. For example, the type of service can be used to indicate that the service is a V2X service. For example, the type of the service is a service provider ID (provider service ID, PSID), which indicates that the type of the service is a service provider.

4) The identification of the shared key. It is used to identify a shared key pre-stored or determined by the first terminal, and the shared key is a shared key between the first terminal and the second terminal. Here, the shared key of the second terminal may be obtained from the first NF after the subsequent second terminal receives the communication request.

5) The application layer ID of the first terminal. For example, it is marked as application layer ID1.

6) Application layer ID of the second terminal. For example, it is recorded as application layer ID2.

7) Layer 2 ID (layer2 ID1) of the first terminal. Among them, layer 2 may be a layer between the application layer and the physical layer. Or it can also be called a source layer 2 (source layer 2) ID. For example, the layer 2 ID of the first terminal is layer 2 ID1, or the source side layer 2 ID of the first terminal is source layer 2 ID1.

8) Layer 2 ID (layer2 ID2) of the second terminal. Or it can also be called a source layer 2 (source layer 2) ID. For example, the layer 2 ID of the second terminal is layer 2 ID2, or the source side layer 2 ID of the second terminal is source layer 2 ID2.

9) An indication used for PC5 interface signaling (signaling) (that is, an indication of PC5-S), that is, used to indicate signaling transmission between the first terminal and the second terminal.

10) An indication (PC5-RRC indication) used for radio resource control (RRC) transmission on the PC5 interface, which is used to indicate RRC transmission between the first terminal and the second terminal.

11) Instructions for data transmission of the user plane (UP) of the PC5 interface (instruction of PC5-U), that is, instructions for user plane transmission between the first terminal and the second terminal.

12) Identification of data radio bearer (DRB).

13) The data flow ID (flow ID) is used to distinguish different flows or to identify the type of flow. For example, the flow ID is used to identify the data flow as a quality of service (QoS) flow.

14) The identification of the PC5 unicast link of the first terminal (PC5 unicast link ID), for example, it is recorded as PC5 unicast link ID1.

15) The identification of the group or the indication of the group. The group identifier is used to identify the group that the first terminal wants to access, and the group indication is used to indicate the group that the first terminal wants to access. A group is a group for terminal-to-terminal communication.

S202. The second terminal determines the first security key.

The second terminal determines that it wants to establish communication with the first terminal, and then determines the security key, which is recorded as the first security key here.

Specifically, the first security key determined by the second terminal is a security key for communication protection between the first terminal and the second terminal. The second terminal may determine the first security key based on the shared key and the generation parameter indicated by the information included in the communication request. The first security key determined by the second terminal is based on the generation parameters indicated by the information included in the communication request as the granularity, and different generation parameters correspond to different keys, so as to achieve the effect of key isolation.

For example, if the communication request includes the identification of the service, the second terminal can determine the first security key based on the shared key and the identification of the service, then the determined first security key is only indicated by the identification of the service For different services, the first security keys determined by the identifiers of different services are different.

For another example, the communication request includes the type of service, and the second terminal can determine the first security key based on the shared key and the type of service. Then the determined first security key is only used for the type of service, and different The first security key determined by the type of service is different.

For another example, the communication request includes the ID of the DRB, and the second terminal can determine the first security key based on the shared key and the ID of the DRB, and the determined first security key is only used for the ID indicated by the DRB. For DRB, the first security keys determined by different DRB identifiers are different.

For another example, the second terminal may determine the first security key based on the shared key and the identifier of the flow, then the determined first security key is only used for the flow indicated by the identifier of the flow, and the identifiers of different flows The determined first security key is different.

For another example, the communication request includes an instruction for PC5 interface signaling transmission, and the second terminal can determine the first security key based on the shared key and the instruction for PC5 interface signaling transmission, then the first security is determined The key is used to protect the security of the first terminal and the second terminal when transmitting signaling through the PC5 interface.

For another example, the communication request includes an instruction for PC5 interface radio resource control RRC transmission, and the second terminal may determine the first security key based on the shared key and the instruction for PC5 interface radio resource control RRC transmission, then it is determined The first security key of is used to protect the security of the first terminal and the second terminal when transmitting RRC through the PC5 interface.

For another example, the second terminal may determine the first security key based on the shared key, and the identification of the PC5 unicast link of the first terminal and/or the identification of the PC5 unicast link of the second terminal, then the first security is determined The key is only used for the identification of the PC5 unicast link of the first terminal and/or the identification of the PC5 unicast link of the second terminal. The second terminal determines the first security key based on the generation parameters indicated by the shared key and other information in the communication request. The processes and effects of the above-mentioned several examples can be referred to, which will not be repeated here.

S203. The second terminal returns a communication response to the first terminal, and the first terminal receives the communication response from the second terminal.

The communication response is used to respond to the communication request sent by the first terminal. Optionally, the communication response may include one or more types of information:

(1) The identity of the second terminal. The identification can be a permanent identification ID or other identifications, such as 5G-GUTI, GPSI, or a registered temporary identification dedicated to key negotiation.

Optionally, the first terminal may store the ID of the second terminal.

(2) The service identifier, which is used to identify the service interacted by the first terminal and the second terminal. It can also be the identity of the application. Please refer to the description of point 2) above.

(3) For the type of service, please refer to the description in point 3) above.

(4) The identification of the shared key. It is used to identify a shared key pre-stored or determined by the second terminal, and the shared key is a shared key between the first terminal and the second terminal.

(5) The application layer identifier of the first terminal. For example, it is marked as application layer ID1.

(6) The application layer identifier of the second terminal. For example, it is recorded as application layer ID2.

(7) The layer 2 identification of the first terminal. Or it can also be called a source layer 2 (source layer 2) ID. For example, the layer 2 ID of the first terminal is layer 2 ID1, or the source side layer 2 ID of the first terminal is source layer 2 ID1.

(8) The layer 2 identification of the second terminal. Or it can also be called a source layer 2 (source layer 2) ID. For example, the layer 2 ID of the second terminal is layer 2 ID2, or the source side layer 2 ID of the second terminal is source layer 2 ID2.

(9) Indication for PC5 interface signaling transmission. (That is, the instructions of PC5-S). Used to indicate the signaling transmission between the first terminal and the second terminal.

(10) An indication for RRC transmission (signalling) of the PC5 interface (indication of PC5-RRC), which is used to indicate the RRC transmission between the first terminal and the second terminal.

(11) An instruction for user plane data transmission of the PC5 interface (PC5-U instruction), that is, an instruction for user plane transmission between the first terminal and the second terminal.

(12) The identification of DRB. It may be the identifier of the DRB carried in the communication request sent by the first terminal, or may be the identifier of the DRB selected by the second terminal after receiving the communication request.

(13) The identifier of the data stream flow. Used to distinguish different flows or to identify the type of flow. For example, the flow ID is used to identify the data flow as a QoS flow.

(14) The identification of the PC5 unicast link of the first terminal (PC5 unicast link ID), for example, it is recorded as PC5 unicast link ID1.

(15) The identification of the PC5 unicast link of the second terminal (PC5 unicast link ID), for example, it is recorded as PC5 unicast link ID2.

(16) The identification of the group or the indication of the group. The group identifier is used to identify the group that the first terminal wants to access, and the group indication is used to indicate the group that the first terminal wants to access. A group is a group for terminal-to-terminal communication.

The information included in the aforementioned communication response may be determined according to the information included in the communication request, for example, it may correspond to the same information.

S204. The first terminal determines the first security key.

There may be no strict execution sequence between this step and S202 and S203, and it may be executed immediately after S201. Step S204 can also be executed immediately after step S201.

The first terminal may determine the first security key according to the shared key and the generation parameter. In one case, the generation parameter may be the generation parameter indicated by the information included in the communication request. In this case, the first terminal may execute after S201 without waiting for the communication response to be received. Of course, it may also be executed after receiving the communication response. Execute after communication response. In another case, the generation parameter may be the generation parameter indicated by the information included in the communication request and/or the communication response. In this case, the first terminal receives the communication response according to the information in the communication response. The indicated generation parameters are used to determine the first security key. For the method and effect of the first terminal determining the first security key according to the shared key and the generation parameters, reference may be made to the operation performed by the second terminal in S202. The first security key determined by the first terminal is a security key for communication protection between the first terminal and the second terminal, and can be specifically used for a security key for communication protection with a granularity of generation parameters.

For example, the first terminal may determine the first security key based on the shared key and the identity of the service, then the determined first security key is only used for the service indicated by the identity of the service, and the identity of different services is determined The first security key that comes out is different.

Both the above-mentioned first terminal and the second terminal determine the first security key based on the shared key. The shared key may be obtained through authentication or negotiation between the first terminal and the second terminal, or may be predefined. The authentication process can be authentication based on symmetric (for example, certificate or identity-based cryptography), authentication based on symmetric key, or authentication based on Internet key exchange version 2 (IKEv2) , IP security (IPsec) authentication, or authentication based on transport layer security (TLS), or authentication based on username and password. Before S201, the first terminal and the second terminal also need to perform a process of authentication or negotiation of a shared key, and the first terminal and the second terminal save the shared key respectively. In subsequent steps, the shared key is used to generate or determine the first security key.

The first terminal and/or the second terminal may obtain the shared key through the application layer, and may also obtain the shared key through the operator network. If the shared key is obtained through the application layer, the first terminal/second terminal can obtain the shared key through the above-mentioned authentication or negotiation method, or a predefined shared key. If the shared key is obtained through an operator's network, the first terminal and the second terminal need to belong to the same operator, and the first terminal/second terminal can obtain it from the network device. In a possible implementation manner, the communication request sent by the first terminal to the second terminal in S201 may also carry an indication 1, which is used to indicate whether the second terminal obtains the shared key through the application layer or through the operator network. The second terminal determines the way to acquire the shared key according to the instruction 1. Similarly, in S203, the second terminal returns a communication response to the first terminal to carry indication 2, which is used to indicate whether the first terminal obtains the shared key through the application layer or through the operator network. The first terminal determines the way of acquiring the shared key according to the instruction 2.

Taking the second terminal as an example, the optional method of obtaining the shared key through the operator network and the method of determining the first security key are as follows.

On the basis of the key generation method shown in FIG. 2, as shown in FIG. 3a, the method of obtaining the shared key by the operator and the method of determining the first security key are as follows. Any number of continuous or discontinuous steps in the embodiment shown in Figure 3a can form a solution that needs to be protected in this application, because the embodiment shown in Figure 3a involves multiple execution subjects, and any one of the execution subjects involves part or All operations can form a solution for the execution subject. For example, S303 to S309 may form a solution that needs to be protected in the embodiment of the present application, and the remaining steps are optional steps.

S301. The first terminal sends a communication request to the second terminal, and the second terminal receives the communication request from the first terminal.

The information that the communication request may include is one or more of the information described in 1) to 15) above. The identification of the first terminal in the communication request may include the ID of the first terminal, where the ID of the first terminal It may be the 5G-GUTI of the first terminal, or the UE ID, or GPSI, or SUCI. The UE ID is the UE identification used for this key agreement service.

The communication request may also include the address of the first NF. It is also possible that the identification of the first terminal includes the address information of the first NF.

The first terminal and the first NF share some parameters in advance. For example, the first terminal and the first NF respectively store the identification of the first terminal, the key K, and the key identification Key ID. Here K is the key shared between the first terminal and the first NF. For example, if the first NF is AMF, then K can include AMF key (denoted as Kamf), NAS key (including encryption key Knasenc and integrity protection). Knasint), or any one or more of anchor keys. At this time, the security anchor function (SEAF) is deployed in the AMF. For example, the first NF may be a security anchor function (SEAF), and K here may be a SEAF key (denoted as K_seaf). For example, the first NF is the authentication server function (authentication server function, AUSF), then K here may include AUSF key (denoted as K_AUSF), NAS key (including encryption key Knasenc and integrity protection key Knasint), or anchor secret Any one or more of the keys. For example, the first NF may be a base station, and the base station is represented by gNB, then K here may be gNB key (denoted as _{K_gNB} ), NAS key (including encryption key Knasenc and integrity protection key Knasint), or anchor key Any one or more of them. Here, the key ID (key ID) is an indication of the shared key between the first terminal and the first NF, for example, the key ID is ngKSI, AUSF key ID, SEAF key ID, base station key ID.

When NF is AMF, the first NF is the first AMF, and the second NF is the second AMF;

When NF is AUSF, the first NF is the first AUSF, and the second NF is the second AUSF;

When the NF is a base station, the first NF is the first base station, and the second NF is the second base station.

Optionally, the first NF may be the first AUSF, and the second NF may be the second AMF.

Optionally, the first NF may be the first AMF, and the second NF may be the second base station.

For other possibilities, the second NF can be AMF, SEAF, AUSF, or a base station; the first NF can be AMF, SEAF, AUSF, or a base station, etc. without limitation.

The communication request sent by the first terminal to the second terminal may also include a message authentication code (message authentication code, MAC), which may be recorded as MAC1 here. MAC1 can be used to verify the authentication of the parameters included in the communication request by the network function.

The calculation of MAC1 can be based on the key K, or based on the integrity protection key derived from the key K, or based on the NAS protection key shared between the first terminal and the first AMF; or based on the first terminal and the first AMF. Calculated by the RRC protection key shared between a terminal and the first base station. In addition to the aforementioned various keys, the calculation of MAC1 may also be based on the information included in the aforementioned communication request. For example, the value of MAC1 can be calculated based on the integrity protection key Knasint derived from the NAS protection key. For other MAC calculation methods in the embodiments of the present application, please refer to the calculation method of MAC1 here.

The communication request may include a container, and the container may carry 5G-GUTI1 and/or ngKSI. The container may also include MAC1 and other parameters carried in the communication request. For other parameters, refer to the parameters carried in the communication request in the embodiment shown in FIG. 2. Or on the basis of including a container in the communication request, the container in the communication request also carries a piece of information that is the same as that in the container; it is also possible to carry some information outside the container in the communication request, such as carrying 5G-GUTI1 and/or ngKSI . Alternatively, the container is sent to the second terminal through a message, and the information outside the container in the communication request is sent to the second terminal through another message. It is also possible that the container carries part of other parameters in the communication request. Optionally, the container may also include an indication for indicating that the contents of all the containers are used to request end-to-end key negotiation. The network element that subsequently processes the container can use this instruction to determine the container's request.

The second terminal may perform subsequent operations according to the 5G-GUTI1 carried in the communication request, and the container will be sent by the second terminal to the first NF. There is no restriction on whether 5G-GUTI is inside or outside the container.

S302. Optionally, the second terminal determines whether the first terminal and the second terminal belong to the same network.

Here, the judgment based on the identification of the first terminal and or the address where the first NF is located can be divided into two possibilities. Possibility 1: Determine whether the service network accessed by the first terminal and the second terminal are the same. Possibility 2: Determine whether the home network where the first terminal and the second terminal are located is the same. For example, the network identifier in SUCI is used to determine the home network of the first terminal for judgment; the network identifier in 5G-GUTI is used to determine whether it belongs to the same service network; the UE ID is used to determine the service network or the home network; the GPSI is used to determine the home network Network, etc.; it is determined that the service network or the home network is the same through the address where the first NF is located. If there is the possibility of other identification, it can also be judged.

If the first terminal and the second terminal do not belong to the same network, the communication request is rejected, and a rejection message is sent to the first terminal. The optional rejection message includes a rejection indication, indicating the reason for rejection. Or, if the first terminal and the second terminal do not belong to the same network, obtain the shared key through the application layer and continue to negotiate the security key with the first terminal. The first security key can be negotiated according to the method shown in FIG. 2 .

If the first terminal and the second terminal belong to the same network, continue to perform S303.

The second terminal may determine whether the first terminal and the second terminal belong to the same network through the identifier of the first terminal, for example, determine whether the first terminal and the second terminal belong to the same operator through the 5G-GUTI of the first terminal.

For example, the second terminal may determine whether the network identifier and the network accessed by the second terminal belong to the same network according to the network identifier in 5G-GUTI1. For example, according to the mobile network code (mobile network code, MNC) and mobile country code (MCC) of the network included in 5G-GUTI1, the second terminal determines whether it is connected to the MNC and MCC of the service network it is connected to. the same.

Possibility, whether the same network can be understood as the same operator network.

Optionally, the network identification here may also be separately sent by the first terminal to the second terminal in the communication request. The second terminal determines the home network and/or the service network according to the received network identifier, and then executes the foregoing determination.

S303. The second terminal sends the identity of the first terminal to the first NF, and the first NF obtains the identity of the first terminal.

When the second terminal sends the identity of the first terminal to the first NF, it may also send other parameters or information to the first NF.

Optionally, the second terminal sends a request message to the first NF, for example recorded as request message 1, and the request message 1 carries the identity of the first terminal and other parameters or information. The request message 1 may also carry indication information, which is used to indicate that the request message 1 is a request related to communication between the terminal and the terminal, for example, indicating that the request message 1 is a request related to the Internet of Vehicles key agreement or is V2X key agreement related request.

Optionally, the second terminal may directly send a key request to the first NF, and the key request may be a NAS message, and the NAS message carries the identity of the first terminal. For example, in a scenario where the first NF serves the first terminal and the second terminal, the second terminal may directly send the identity of the first terminal to the first NF. Optionally, the NAS message carries a container.

Optionally, the second terminal may send the identity of the first terminal to the first NF through the second NF. For example, the method may be implemented through S304 to S306. For example, when the first NF serves the first terminal and the second NF serves the second terminal, in this scenario, the second terminal may send the identity of the first terminal to the first NF through the second NF.

S304. The second terminal sends a request message (denoted as request message 2) to the second NF, and the second NF receives the request message 2 from the second terminal.

The request message 2 may include the container in the communication request sent by the first terminal. Optionally, the request message 2 may also include the ID of the second terminal in addition to the container. The ID of the second terminal is recorded as UE ID2. Optionally, the request message 2 may also include an indication information for indicating that the request message 2 is a request related to communication between the terminal and the terminal, for example, indicating that the request message 2 is an Internet of Vehicles key Negotiation related requests or V2X key negotiation related requests.

The second NF may be an AMF serving the second terminal, or may be an AMF selected by the base station after the second terminal sends to the base station.

S305. The second NF checks the request message 2 and determines the first NF.

The second NF verifies the correctness of the request message 2 received from the second terminal. The verification action is optional. The second NF can be verified by itself, or can be verified by requesting other NFs. For example, the second NF may determine the security context of the UE ID2 through the ID of the second terminal for verification, and verify the integrity protection of the request message 2. For example, the second NF determines another NF that previously served the second terminal through the UE ID2, requests this NF to check and returns the result. After the verification is passed, continue to the next steps. The action checked here is optional and not restricted.

Optionally, if the request message 2 includes indication information, the second NF determines according to the indication information that the request message 2 is related to the communication between the terminal and the terminal, for example, indicating that the request message 2 is related to the Internet of Vehicles key negotiation. The request or V2X key agreement related request.

The second NF determines the first NF served by the first terminal according to the identity of the first terminal (for example, 5G-GUTI1) and/or the address of the first NF carried in the request message 2.

The second NF may determine the first NF according to the address of the first NF carried in the request message 2. The second NF may also send the identity of the first terminal (for example, GPSI) to other NFs (for example, UDM, UDR), obtain the address of the first NF from the other NF, and then determine the first NF.

Optionally, the second NF may also determine whether the first terminal and the second terminal belong to the same network. The specific determination method is the same as the above determination.

S306. The second NF sends a key request to the first NF; the first NF receives the key request from the second NF.

The key request carries the container received from the second terminal. Alternatively, the key request also carries part or all of the same information as in the container in addition to the container, or other parameters not carried in the container. For other parameters, refer to the communication request carried in the embodiment shown in FIG. 2 Information or parameters.

S307. The first NF determines a key K1, which can be used as the aforementioned shared key.

If the request message (the above request message 1 or request message 2) received by the first NF from the second terminal carries the message verification code MAC1, the first NF will also check MAC1, and after confirming that the verification MAC1 is passed, perform the confirmation sharing The key process.

Taking NF as AMF as an example, the first NF confirms the security context of the first terminal according to 5G-GUTI1 and ngKSI in the container, for example, determines Kamf. K1 is derived based on Kamf. Specifically, K1 can be derived based on Kamf and generation parameters.

Optionally, the first NF also receives indication information from the container, and determines, according to the indication information, that this message is used for a request related to vehicle networking key negotiation or a V2X key negotiation related request, or end-to-end key negotiation.

Optionally, these generation parameters may also be sent to the first NF through the second terminal and the second NF. For example, the generation parameters can refer to the information included in the above communication request or communication response;

Optionally, generating K1 may also use at least one of the following parameters: NAS uplink or downlink count value, end-to-end communication indication, service identifier, and service type. The identifier and type of the service can be sent to the first NF in the container.

Optionally, the first NF verifies the authenticity of the parameters in the container according to the security context of the first terminal. For example, verify the correctness of MAC1. For example, the verification method may be based on the NAS security key verification method, which is not limited in the embodiment of the present application.

S308. The first NF sends the shared key K1 to the second terminal, and the second terminal obtains the shared key K1.

Optionally, the first NF may directly send the response message 1 of the request message 1 to the second terminal, and the second terminal obtains the shared key from the response message 1.

Or, the first NF sends K1 to the second terminal through the second NF, and this manner can be implemented through S309 to S311.

S309. The first NF returns a key response to the second NF, and the second NF receives the key response from the first NF.

The key response is used to respond to the key request. K1 is carried in the key response.

S310. The second NF determines the key K2 according to K1.

The manner of determining the key K2 can refer to the manner of determining K1, that is, the second NF derives K2 according to K1 and the generation parameter, and the generation parameter can refer to the information carried in the above communication request or communication response.

This step can be omitted.

S311. The second NF sends a response message 2 of the request message 2 to the second terminal, and the second terminal receives the response message 2 from the second NF.

The response message 2 carries the key K2. The key K2 is the shared key.

If S310 is omitted, the response message 2 only needs to carry the key K1, and the key K1 is the shared key.

Optionally, the second NF may protect the transmission of K1 or K2 through security context encryption between the second NF and the second terminal.

S312. The second terminal determines the first security key K3.

The second terminal may further derive K3 according to the key K1 or K2 carried in the response message 2. Or the second terminal derives K3 according to the key K1 carried in the response message 1. In this case, the key K1 or K2 is used as the shared key, and K3 is the first security key. For the method of determining the first security key, refer to the description of the embodiment shown in FIG. 2.

The second terminal may also directly use the key K1 or K2 carried in the response message 2 as the first security key; or, the second terminal may directly use the key K1 carried in the response message 1 as the first security key.

Optionally, the second terminal calculates the value of the message verification code MAC2 according to the first security key K3, or obtains the integrity protection key K3int based on K3, performs integrity protection on the communication response based on K3int, and obtains the value of MAC2 .

S313. The second terminal returns a communication response to the first terminal. The first terminal receives the communication response from the second terminal.

For this step, reference may be made to the description of step S203 in the embodiment shown in FIG. 2.

Optionally, the communication response may also include MAC2.

S314. The first terminal determines the first security key K3.

The first security key is the first security key in the embodiment shown in FIG. 2.

Here, the first terminal generates K1 in the same manner as the first NF, and then generates K3; or generates K2 according to K1, and then generates K3. The generation method is the same as described above.

Taking NF as AMF as an example, the first terminal derives K3 according to Kamf. For example, the first terminal derives K1 according to Kamf, and can refer to the first NF to determine the operation of K1. To determine K2 according to K1, the operation of K2 can be determined with reference to the first NF; the first terminal then obtains K3 according to K2, and the operation of K3 can be determined with reference to the second terminal.

If the communication response carries MAC2, the first terminal checks the correctness of MAC2 according to the first key K3, or uses K3int to check the correctness of MAC2 after obtaining K3int based on K3. If the verification fails, a verification failure response is sent to the second terminal. Optionally, a failure indication is sent to the second terminal, indicating that the MAC2 check fails. If the verification is successful, the key negotiation is completed.

S315. Optionally, the first terminal determines MAC3 and sends MAC3 to the second terminal, and the second terminal receives MAC3 from the first terminal.

The first terminal calculates MAC3 according to K3 or K3int. The input parameters of MAC3 may also include at least one of the information carried in the aforementioned communication request or communication response.

S316. Optionally, the second terminal checks MAC3.

The second terminal checks MAC3 according to K3 or K3int. If the verification is passed, it means that the first terminal and the second terminal have completed mutual authentication.

Optionally, in addition to the 5G-GUTI, the identifier of the first terminal may also be GPSI. If the identifier of the first terminal is GPSI, then the 5G-GUTI in the above embodiment may be replaced with GPSI to form a solution It also belongs to the protection scope of the embodiments of the present application.

Optionally, the above-mentioned identification of the first terminal may also be an identification used for key negotiation (denoted as UE ID). Then, the 5G-GUTI in the embodiment described in FIG. 3a can be replaced with the identifier for negotiating the key, and the formed solution also falls within the protection scope of the embodiment of the present application. The identity of the first terminal in Figure 3a is represented by 5G-GUTI/UE ID/GPSI, indicating that the identity of the first terminal can be any of these three types. It is understandable that the identity of the first terminal can also have Other manifestations.

Optionally, in addition to sending the UE identity, the service network identity where the first terminal is located may also be transmitted. In this case, the second terminal may determine whether it belongs to the same service network according to the service network identity where the first terminal is received. If it does not belong, the communication request is rejected. If it belongs, continue execution.

Optionally, in addition to the UE identity, the home network identity where the first terminal is located can also be transmitted. In this case, the second terminal can determine whether it belongs to the same home network according to the received home network identity of the first terminal. If it does not belong, the communication request is rejected. If it belongs, continue execution.

Optionally, the sent UE identifier may also include the service network identifier where the first terminal is located. In this case, the second terminal may determine whether it belongs to the same service network according to the received service network identifier where the first terminal is located. If it does not belong, the communication request is rejected. If it belongs, continue execution.

Optionally, the sent UE identity may also include the home network identity where the first terminal is located. In this case, the second terminal may determine whether it belongs to the same home network according to the received home network identity of the first terminal. If it does not belong, the communication request is rejected. If it belongs, continue execution.

Optionally, the identifier of the aforementioned UE may also be SUCI. At this time, the second terminal can actually belong to the same home network according to the network identifier in the SUCI. If it does not belong, the communication request is rejected. If it belongs, continue execution.

Optionally, the second NF is AMF. After the second NF verifies that the MAC is passed, the identity of the first terminal in the container message is sent to the first NF. It may also send at least one of instruction information, key identification, etc. At this time, the first NF does not need to verify the MAC.

Based on the embodiment described in Fig. 3a, if the NF is AMF, the first NF is the first AMF, and the second NF is the second AMF. In this case, as shown in Fig. 3b, the key provided by the embodiment of this application The production method is as follows.

S301b. The first terminal sends a communication request to the second terminal, and the second terminal receives the communication request from the first terminal.

The communication request may also include the address of the first AMF. It is also possible that the identification of the first terminal includes the address information of the first AMF.

The communication request may also include a message authentication code (message authentication code, MAC), which may be recorded as MAC1 here. MAC1 can be used to verify the authentication of the parameters included in the communication request by the network function.

The communication request may include a NAS container (container) in which 5G-GUTI1 and/or ngKSI is carried, and the container may also include MAC1 and other parameters carried in the communication request. For other parameters, refer to the parameters carried in the communication request in the embodiment shown in FIG. 2. Or on the basis of including a container in the communication request, the container in the communication request also carries a piece of information that is the same as that in the container; it is also possible to carry some information outside the container in the communication request, such as carrying 5G-GUTI1 and/or ngKSI . Alternatively, the container is sent to the second terminal through a message, and the information outside the container in the communication request is sent to the second terminal through another message. It is also possible that the container carries part of other parameters in the communication request. Optionally, the container may also include an indication for indicating that the contents of all the containers are used to request end-to-end key negotiation. The network element that subsequently processes the container can use this instruction to determine the container's request.

For other related descriptions of this step, reference may also be made to the description of S301 above, and the repetitions are not repeated here.

S302b. The second terminal sends a first NAS message to the second AMF, and the second AMF receives the first NAS message from the second terminal.

The first NAS message carries the identity of the first terminal, and may also carry the NAS container received from the first terminal.

The first NAS message here is the request message 2 described in S303 in FIG. 3a, and the related description can refer to the description of the request message 2, which will not be repeated here.

S303b. The second AMF sends a key request (key request) to the first AMF, and the first AMF receives the key request from the second AMF.

For this step, refer to the description of S306 above, and for the key request, refer to the description of the key request in S306.

S304b. The first AMF determines the key K1.

The first AMF may first verify the NAS container, for example, MAC1 carried in the NAS container, the first AMF checks MAC1, and after confirming that the verification MAC1 is passed, the key K1 is determined.

S305b. The first AMF returns a key response to the second AMF, and the second AMF receives the key response from the first AMF.

S306b. The second NF sends the key K1 to the second terminal, and the second terminal receives the key K1 from the second NF.

S307b. The second terminal determines the first security key K3. Refer to S312.

S308b. The second terminal returns a communication response to the first terminal. The first terminal receives the communication response from the second terminal.

Same as S313.

S309b. The first terminal determines the first security key K3. Same as S313.

For other undescribed operations of the first terminal and the second terminal in FIG. 3b, reference may be made to the description of the first terminal and the second terminal in FIG. 3a. For other undescribed operations of the first AMF in FIG. 3b, reference may be made to the description of the first NF in FIG. 3a. For other undescribed operations of the second AMF in FIG. 3b, reference may be made to the description of the second NF in FIG. 3a. The parameters or information carried in the message and signaling can also correspond to the related description in Fig. 3a, and will not be repeated. The first AMF and the second AMF may also be the same AMF.

In the case where the identity of the first terminal is the UE ID, the first terminal needs to register the identity for key negotiation. As shown in Figure 4, a possible registration process is given below. Any multiple continuous or discontinuous steps in the embodiment shown in FIG. 4 can form a solution, which falls within the protection scope of the embodiments of the present application. In the following description, the identification of the first terminal may be an identification used to negotiate a key, or may also be understood as an identification used to determine the key derivation of communication protection between the terminal and the terminal, or for other understanding.

S401: The first terminal sends a registration request to the AMF, and the AMF receives the registration request from the first terminal.

The registration request carries the identity of the first terminal. For example, the identity identifier is a subscription concealed identifier (SUCI). The real identity of the first terminal is called a subscription permanent identifier (SUPI), and the ciphertext encrypted by the SUPI with a key is SUCI. Or, the identity is 5G-GUTI.

Optionally, the registration request also carries an indication (for example, marked as indicator1), which is used to indicate that the first terminal needs to use the service of communication between the terminal and the terminal, such as the Internet of Vehicles service; or, it is used to indicate that the registration request is used for Request to register the logo associated with the vehicle network.

Optionally, the registration request also carries an application identifier (ID), which is used to indicate a service identifier for terminal-to-terminal communication that the first terminal will use, such as a V2X application ID.

Optionally, the registration request also carries a type of service, which is used to indicate the type of communication service between the terminal and the terminal that the first terminal will use.

S402. The AMF sends the identity identifier and the service network identifier of the first terminal to the AUSF, and the AUSF receives the identity identifier and the service network identifier of the first terminal from the AMF.

The identity of the first terminal sent by the AMF to the AUSF comes from the identity carried in the registration request, for example, the identity is SUCI.

Optionally, the AMF may also send an indication (for example, indicator1) to the AUSF.

Optionally, the AMF can also send the application ID to the AUSF.

Optionally, AMF can also send the type of service to AUSF.

According to the registration request, the AMF sends the instruction and the application ID to the AUSF, for example, the instruction and the application ID are obtained from the registration request.

S403. AUSF sends the identity identifier and service network identifier of the first terminal to UDM, and UDM receives the identity identifier and service network identifier of the first terminal from AUSF.

The AUSF sends the identity identifier and the service network identifier of the first terminal received from the AMF to the UDM.

Optionally, AUSF also sends the indicator1 to UDM;

Optionally, AUSF also sends the application ID to UDM.

Optionally, AUSF can also send the type of service to UDM.

Optionally, the UDM determines whether to allow the first terminal to use the service of communication between the terminal and the terminal, such as the Internet of Vehicles service, according to the subscription data of the first terminal and indicator1;

Optionally, UDM determines whether to allow the first terminal to use the service of communication between the terminal and the terminal, such as the service indicated by the V2X application ID, according to the subscription data of the first terminal and the application ID and/or service type.

S404. UDM sends an authentication vector to AUSF, and AUSF receives the authentication vector SUPI from UDM.

Optionally, UDM also sends SUPI to AUSF, and AUSF also receives SUPI from UDM.

Optionally, if the UDM determines that the first terminal is allowed to use the service of the communication between the terminal and the terminal, an indication (denoted as indicator2) is sent to the AUSF. AUSF receives this indication from UDM.

S405. AUSF sends an authentication vector to AMF, and AMF receives the authentication vector from AUSF.

Optionally, AUSF also sends SUPI to AMF, and AMF also receives SUPI from AUSF.

S406: Perform mutual authentication between the first terminal, AMF and AUSF.

Authentication includes, for example, 5G AKA, EAP AKA'. After the authentication is successful, execute S407.

S407. AUSF sends Kseaf and SUPI to AMF, and AMF receives Kseaf and SUPI from AUSF.

Optionally, AUSF also sends indicator2 to AMF, and AMF receives this indicator2 from AUSF.

S408. The AMF sends a request message (request) to the UDM to request the subscription information of the UE.

S409. The UDM sends a response (response) to the AMF, and the AMF receives the response from the UDM.

The response carries the subscription data of the first terminal.

Optionally, the AMF determines whether to allow the first terminal to use the service of communication between the terminal and the terminal. For example, the AMF may determine whether to allow the first terminal to use the service of communication between the terminal and the terminal according to the subscription data of the first terminal and the indicator1. Optionally, the AMF judges whether to allow the first terminal to use the service of communication between the terminal and the terminal according to the subscription data of the first terminal, and the application ID and/or the type of the service.

As described above, to determine whether the first terminal is allowed to use the service of communication between the terminal and the terminal, this operation may be performed by UDM or AMF.

Regardless of whether the AMF performs the judgment or the UDM performs the judgment, if it is determined that the first terminal is allowed to use the service of communication between the terminal and the terminal, the subsequent steps may be divided into the following possibilities.

For other possibilities, the above authentication process is optional. It can also be that the UE has been authenticated and registered to the 5G network. At this time, the UE only initiates a registration process, or other NAS request; requests to obtain the identity of the first terminal from the network for end-to-end communication. After the AMF receives the UE's request, the following possibilities are performed. Optionally, the AMF determines, according to the subscription information, that the UE is allowed to use the service of the communication between the terminal and the terminal.

The first possibility:

S410a. The AMF generates an identification (UE ID) and/or key indication of the first terminal.

Here, the UE ID is the temporary identification of the first terminal, which may include the location or name information of the AMF. For example, the temporary identification of the first terminal may include at least one of the following: network identification where AMF is located, MNC where AMF is located, MCC where AMF is located, area address where AMF is located, group ID where AMF is located, set address where AMF is located, AMF Pointer, AMF IP address, fully qualified domain name (FQDN), instance ID, NAI address. In this way, the first terminal can find the AMF serving the first terminal through the temporary identity of the first terminal. The key indication can be used to indicate the AMF key (Kamf) in the current first terminal authentication. For example, the AMF key (Kamf) in the above-mentioned embodiment.

S411a. The AMF sends the generated identification of the first terminal to the first terminal, and the first terminal receives the identification of the first terminal from the AMF.

The AMF can also send the key indication to the first terminal. The first terminal receives the key indication from the AMF.

The above process is also possible, the AMF and the UE derive the basic key according to the AMF key. Here the key indication is used to indicate this basic key. The derivation of the basic key is not restricted. For example, the derived parameters may include at least one of the following, end-to-end communication identification, service type sent by the UE, application identification, etc.

The second possibility:

S410b. The AMF sends an indication (denoted as indicator3) to the base station, and the base station receives the indication from the AMF.

The indicator3 is used to instruct the base station to allocate the temporary identity and/or key indication of the first terminal to the first terminal.

AMF will also generate the base station key and send the base station key to the base station.

S411b: The base station generates an identification (UE ID) and/or key indication of the first terminal.

Here, the identifier of the first terminal is the temporary identifier of the first terminal, which may include the location or name information of the base station. For example, the identity of the first terminal includes at least one of the following: the network identity where the base station is located, the MNC where the base station is located, the MCC where the base station is located; the address of the area where the base station is located; the group ID where the base station is located; the collective address where the base station is located; Pointer; the IP address of the base station, FQDN, instance ID, NAI address, etc. The first terminal can find the base station serving the first terminal through the identifier of the first terminal. The key indication may be used to indicate the base station key in the current first terminal authentication, for example, the gNB key ( _{K_gNB} ) described in the above-mentioned embodiment.

S412b. The base station sends the generated identification and/or key indication of the first terminal to the first terminal, and the first terminal receives the identification and/or key indication of the first terminal from the base station.

The above process is also possible. The base station and the UE derive the basic key according to the gNB key. Here the key indication is used to indicate this basic key. The derivation of the basic key is not restricted. For example, the derived parameters may include at least one of the following, end-to-end communication identification, service type sent by the UE, application identification, etc.

The first possibility and the second possibility mentioned above respectively introduce the situation where the AMF and the base station generate the identity and/or key indication of the first terminal. The third possibility is given below. In the third possibility, the AUSF generates the identity and/or key indication of the first terminal. The third possibility may be executed after UDM determines that the first terminal is allowed to use the service of communication between the terminal and the terminal.

The third possibility:

After performing mutual authentication between S406AMF and AUSF, AUSF generates the identification and/or key indication of the first terminal. Send to AMF in S407. In the process of establishing a secure connection between the first terminal and the AMF or after the secure connection is established, the AMF sends the identification and/or key indication of the first terminal received from the AUSF to the first terminal. The identity of the first terminal here includes the location or name information of the AUSF, for example, the identity of the first terminal includes at least one of the following: the network identity where the AUSF is located; routing instructions; the MNC where the AUSF is located, the MCC where the AUSF is located; the area address where the AUSF is located ; Group ID where AUSF is located; Set address where AUSF is located; AUSF pointer; AUSF's IP address, FQDN, instance ID, NAI address, etc. The first terminal can find the AUSF serving the first terminal through the identifier of the first terminal. The key indication can be used to indicate the AUSF key in the current first terminal authentication. For example, the AUSF key ( _{K_AUSF} ) described in the above-mentioned embodiment.

The above process is also possible. AUSF and UE derive the basic key according to the AUSF key. Here the key indication is used to indicate this basic key. The derivation of the basic key is not restricted. For example, the derived parameters may include at least one of the following, end-to-end communication identification, service type sent by the UE, application identification, etc.

In a possible implementation manner, if the 5G-GUTI is updated, and the identification of the first terminal described above also needs to be updated, the update process can be performed according to the above method.

It should be noted that the names of some messages or signaling involved in the embodiments of the present application are only exemplary names, and may also be referred to as other names, which are not limited in the present application. For example, request message 1, request message 2, key request, response message 1, response message 2, or key response, etc. can all be called other names. In addition, the above is a description of key negotiation in the Internet of Vehicles scenario, and it can also be a specific key negotiation scenario without limitation.

In the foregoing embodiments provided in the present application, the methods provided in the embodiments of the present application are introduced from the perspective of interaction between the first terminal, the second terminal, the first NF, and the second NF respectively. In order to realize each function in the method provided in the above embodiments of the present application, the terminal and the NF may include a hardware structure and/or software module, and the above functions are implemented in the form of a hardware structure, a software module, or a hardware structure plus a software module. Whether a certain function of the above-mentioned functions is executed by a hardware structure, a software module, or a hardware structure plus a software module depends on the specific application and design constraint conditions of the technical solution.

As shown in FIG. 5, based on the same technical concept, an embodiment of the present application further provides an apparatus 500. The apparatus 500 may be a first terminal, a second terminal, or a first NF, or a first terminal or a second terminal. Or a device in the first NF, or a device that can be matched and used with the first terminal, the second terminal, or the first NF. In one design, the device 500 may include a one-to-one corresponding module for executing the method/operation/step/action performed by the first terminal, the second terminal or the first NF in the above method embodiment, and the module may be a hardware circuit, It can also be implemented by software, or a combination of hardware circuits and software. In one design, the device may include a processing module 501 and a communication module 502.

When used to execute the method executed by the first terminal:

The communication module 502 is configured to send a communication request to the second terminal. The communication request is used to request the establishment of communication with the second terminal. The communication request includes the identity of the first terminal and the identity of the service.

The communication module 502 is also used to receive a communication response from the second terminal; the communication response is used to respond to a communication request;

The processing module 501 is configured to determine a first security key according to the shared key and the service identifier; where the first security key is a security key for communication protection between the first terminal and the second terminal.

When used to execute the method executed by the second terminal:

The communication module 502 is configured to receive a communication request from the first terminal, the communication request including the identification ID of the first terminal and the identification of the service;

The processing module 501 is configured to determine a first security key according to the shared key and the service identifier; where the first security key is a security key for communication protection between the first terminal and the second terminal;

The communication module 502 is further configured to return a communication response to the first terminal according to the communication request.

When used to execute the method executed by the first NF:

The communication module 502 is configured to receive a key request, the key request is sent by the second terminal, or the key request is sent by the second terminal through the second NF, and the key request includes the identity of the first terminal;

The processing module 501 is configured to determine a shared key according to the identity of the first terminal;

The communication module 502 is also configured to send the shared key to the second terminal, or, is also configured to send the shared key to the second terminal through the second NF.

The processing module 501 and the communication module 502 may also be used to perform other corresponding steps or operations performed by the first terminal, the second terminal, or the first NF in the foregoing method embodiment, which will not be repeated here.

The division of modules in the embodiments of this application is illustrative, and it is only a logical function division. In actual implementation, there may be other division methods. In addition, the functional modules in the various embodiments of this application can be integrated into one process. In the device, it can also exist alone physically, or two or more modules can be integrated into one module. The above-mentioned integrated modules can be implemented in the form of hardware or software function modules.

As shown in FIG. 6, an apparatus 600 provided in an embodiment of this application is used to implement the functions of the first terminal, the second terminal, or the first NF in the foregoing method. The device 600 may be the first terminal, the second terminal, or the first NF, or may be the first terminal, the second terminal, or the device in the first NF, or may be able to communicate with the first terminal, the second terminal, or the first NF. Match the device used.

Among them, the device may be a chip system. In the embodiments of the present application, the chip system may be composed of chips, or may include chips and other discrete devices. The apparatus 600 includes at least one processor 620, configured to implement the functions of the first terminal, the second terminal, or the first NF in the method provided in the embodiment of the present application. The device 600 may also include a communication interface 610.

In the embodiment of the present application, the communication interface may be a transceiver, a circuit, a bus, a module, or other types of communication interfaces, which are used to communicate with other devices through a transmission medium. For example, the communication interface 610 is used for the device in the device 600 to communicate with other devices.

Exemplarily, when the apparatus 600 is the first terminal, the other device may be the second terminal. When the device 600 is the second terminal, the other device may be the first terminal or the first NF. When the apparatus 600 is the first NF, the other device may be the second terminal or the second NF. The processor 620 uses the communication interface 610 to send and receive data, and is used to implement the method described in the foregoing method embodiment.

Exemplarily, when the function of the first terminal is implemented, the communication interface 610 is used to send a communication request to the second terminal. The communication request is used to request to establish communication with the second terminal. The communication request includes the identity of the first terminal and the identity of the service. . The communication interface 610 is also used to receive a communication response from the second terminal; the communication response is used to respond to a communication request. The processor 620 is configured to determine a first security key according to the shared key and the service identifier; where the first security key is a security key for communication protection between the first terminal and the second terminal.

When the function of the second terminal is implemented, the communication interface 610 is used to receive a communication request from the first terminal, the communication request includes the identification ID of the first terminal and the identification of the service; the processor 620 is used to, according to the shared key and the identification of the service, Determine the first security key; where the first security key is a security key for communication protection between the first terminal and the second terminal; the communication interface 610 is also used to return a communication response to the first terminal according to the communication request.

When the function of the first NF is implemented, the communication interface 610 is used to receive a key request, which is sent by the second terminal, or the key request is sent by the second terminal through the second NF, and the key request includes the first The identifier of a terminal; the processor 620 is configured to determine the shared key according to the identifier of the first terminal; the communication interface 610 is also configured to send the shared key to the second terminal, or is also configured to send the shared key to the second terminal through the second NF The terminal sends the shared key.

The processor 620 and the communication interface 610 may also be used to execute other corresponding steps or operations performed by the first terminal, the second terminal, or the first NF in the foregoing method embodiment, which will not be repeated here.

The device 600 may further include at least one memory 630 for storing program instructions and/or data. The memory 630 and the processor 620 are coupled. The coupling in the embodiments of the present application is an indirect coupling or communication connection between devices, units or modules, and may be in electrical, mechanical or other forms, and is used for information exchange between devices, units or modules. The processor 620 may cooperate with the memory 630 to operate. The processor 620 may execute program instructions stored in the memory 630. At least one of the at least one memory may be included in the processor.

The specific connection medium between the aforementioned communication interface 610, the processor 620, and the memory 630 is not limited in the embodiment of the present application. In the embodiment of the present application, the memory 630, the communication interface 620, and the transceiver 610 are connected by a bus 640 in FIG. 6. The bus is represented by a thick line in FIG. 6, and the connection mode between other components is only for schematic illustration. , Is not limited. The bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of representation, only one thick line is used in FIG. 6, but it does not mean that there is only one bus or one type of bus.

In the embodiments of the present application, the processor may be a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component, which may implement or Perform the methods, steps, and logical block diagrams disclosed in the embodiments of the present application. The general-purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly embodied as being executed and completed by a hardware processor, or executed and completed by a combination of hardware and software modules in the processor.

In the embodiment of the present application, the memory may be a non-volatile memory, such as a hard disk drive (HDD) or a solid-state drive (SSD), etc., or a volatile memory (volatile memory), for example Random-access memory (random-access memory, RAM). The memory is any other medium that can be used to carry or store desired program codes in the form of instructions or data structures and that can be accessed by a computer, but is not limited to this. The memory in the embodiments of the present application may also be a circuit or any other device capable of realizing a storage function for storing program instructions and/or data.

In the method provided in the foregoing embodiments of the present application, part or all of the operations and functions performed by the first terminal, the second terminal, the first NF, or the second NF described can be completed by a chip or an integrated circuit.

In order to realize the functions of the device described in FIG. 5 or FIG. 6, an embodiment of the present application further provides a chip including a processor for supporting the device to implement the first terminal, the second terminal, and the first terminal, the second terminal, and the first terminal in the foregoing method embodiment. The function involved in the first NF or the second NF. In a possible design, the chip is connected to a memory or the chip includes a memory, and the memory is used to store the necessary program instructions and data of the device.

The embodiment of the present application provides a computer storage medium storing a computer program, and the computer program includes instructions for executing the method embodiments provided in the foregoing embodiments.

The embodiments of the present application provide a computer program product containing instructions, which when run on a computer, cause the computer to execute the method embodiments provided in the foregoing embodiments.

Based on the same technical concept, the embodiment of the present application also provides a communication system. As shown in FIG. 7, the communication system includes at least one of a first terminal 701, a second terminal 702, and a first NF703. The first NF may be an access network device, such as a base station, or a core network device, such as AMF. among them:

The first terminal 701 sends a communication request to the second terminal 702, and the second terminal 702 receives the communication request from the first terminal 701. The communication request is used by the first terminal 701 to request to establish communication with the second terminal 702, and the communication request includes the identity of the first terminal 701 and the identity of the service;

The second terminal 702 determines the first security key according to the shared key and the identifier of the service; where the first security key is a security key for communication protection between the first terminal and the second terminal.

The second terminal 702 returns a communication response to the first terminal 701 according to the communication request. The first terminal 701 receives the communication response from the second terminal 702. The communication response is used to respond to the communication request.

The first terminal 701 determines the security key according to the shared key and the identifier of the service, where the security key determined by the first terminal 701 is also the security key for communication protection between the first terminal 701 and the second terminal 702, and The same as the above-mentioned first security key, it can also be recorded as the first security key.

Optionally, the second terminal 702 determines whether the first terminal 701 and the second terminal 702 belong to the same network according to the identity of the first terminal 701.

If the second terminal 702 determines that the first terminal 701 and the second terminal 702 belong to the same network, the second terminal 702 sends a request message to the first network function NF703, and the request message is used to request a shared key.

The first network function NF703 receives the request message. The request message may be called a key request. The key request is sent by the second terminal. Alternatively, the communication system may also include a second NF. The key request is for the second terminal to pass the second terminal. Second, sent by the NF, the key request includes the identity of the first terminal;

The first NF703 determines the shared key according to the identity of the first terminal;

The first NF703 sends the shared key to the second terminal, or the first NF703 sends the shared key to the second terminal through the second NF.

Optionally, the first terminal 701 may also perform other operations performed by the first terminal in the foregoing method embodiment. The second terminal 702 may also perform other operations performed by the second terminal in the foregoing method embodiment. The first NF703 can perform other operations performed by the first NF703 in the foregoing method embodiment. The second NF may perform other operations performed by the second NF in the foregoing method embodiment.

The first terminal 701, the second terminal 702, or the first NF703 included in the communication system may all be the devices shown in FIG. 5. Of course, the first terminal 701, the second terminal 702, or the first NF703 included in the communication system are all It may be the device shown in FIG. 6 described above.

Those skilled in the art should understand that the embodiments of the present application can be provided as methods, systems, or computer program products. Therefore, this application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.

This application is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of this application. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.

These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.

These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.

Although the preferred embodiments of the present application have been described, those skilled in the art can make additional changes and modifications to these embodiments once they learn the basic creative concept. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and all changes and modifications falling within the scope of the present application.

Obviously, those skilled in the art can make various changes and modifications to the embodiments of the present application without departing from the spirit and scope of the embodiments of the present application. In this way, if these modifications and variations of the embodiments of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application is also intended to include these modifications and variations.

Claims

A method for generating a key, characterized in that it comprises:

The first terminal sends a communication request to the second terminal, where the communication request is used to request to establish communication with the second terminal, and the communication request includes the identity of the first terminal and the identity of the service;

The first terminal receives a communication response from the second terminal; the communication response is used to respond to the communication request;

The first terminal determines the first security key according to the shared key and the service identifier; wherein, the first security key is the security of communication protection between the first terminal and the second terminal Key.
The method according to claim 1, wherein the communication request further includes one or more of the following information: the identity of the shared key, the type of service, the layer 2 identity of the first terminal, the The layer 2 identifier of the second terminal identifies the data radio bearer DRB identifier, the identifier of the data flow flow, the identifier of the PC5 unicast link of the first terminal, or the terminal-to-terminal communication group identifier.
The method according to claim 2, wherein the first terminal determining the first security key according to the shared key and the service identifier comprises:

The first terminal determines the first security key according to the shared key, the identifier of the service, and the one or more types of information included in the communication request.
The method according to any one of claims 1 to 3, wherein the communication request further includes a first message verification code MAC and/or a first indication, and the first MAC is used to verify the communication Whether the request is a legal request, the first indication is used to instruct the second terminal to obtain the shared key through an application layer or obtain the shared key through an operator network.
The method according to any one of claims 1 to 4, wherein the communication response carries a second indication, and the second indication is used to instruct the first terminal to obtain the shared key through an application layer Or obtain the shared key through the operator's network.
The method according to any one of claims 1 to 5, wherein the method further comprises:

The first terminal sends a registration request to the network device, the registration request is used to request to register the identity of the first terminal, the registration request includes a third indication, and the third indication is used to indicate the first The terminal requests to use the service of communication between the terminal and the terminal;

The first terminal receives the identifier of the first terminal from the network device.
A method for generating a key, characterized in that it comprises:

The second terminal receives a communication request from the first terminal, where the communication request includes the identification ID of the first terminal and the identification of the service;

The second terminal determines the first security key according to the shared key and the service identifier; wherein, the first security key is the security of communication protection between the first terminal and the second terminal Key

The second terminal returns a communication response to the first terminal according to the communication request.
The method according to claim 7, wherein the communication request further includes one or more of the following information: the identity of the shared key, the type of service, the layer 2 identity of the first terminal, the The layer 2 identification of the second terminal, the identification of the data radio bearer DRB, the identification of the data flow, the identification of the PC5 unicast link of the first terminal, or the identification of the terminal-to-terminal communication group.
The method according to claim 8, wherein the second terminal determining the first security key according to the shared key and the service identifier comprises:

The second terminal determines the first security key according to the shared key, the identifier of the service, and the one or more types of information included in the communication request.
The method according to any one of claims 7-9, wherein the method further comprises:

The second terminal determines whether the first terminal and the second terminal belong to the same network according to the identity of the first terminal; the second terminal determines that the first terminal and the second terminal belong to the same network The network sends a request message to the first network function NF, where the request message is used to request the shared key.
The method according to claim 10, wherein the request message includes at least one of the following information: an identifier of the first terminal, a message verification code (MAC) or a first indication; the first indication is used to indicate The request message is used for vehicle networking communication;

The second terminal receives a response message of the request message from the first NF, and the response message includes the shared key.
A method for generating a key, characterized in that it comprises:

The first network function NF receives the key request, the key request is sent by the second terminal, or the key request is sent by the second terminal through the second NF, and the key request includes the The identity of the first terminal;

The first NF determines the shared key according to the identity of the first terminal;

The first NF sends the shared key to the second terminal, or the first NF sends the shared key to the second terminal through the second NF.
The method according to claim 12, wherein the key request further comprises a message verification code (MAC);

The method further includes: the first NF checks the MAC, and determines that the MAC check passes.
The method according to claim 12 or 13, wherein the key request further includes one or more of the following information: the identification of the shared key, the identification of the service, the type of the service, the first The layer 2 identification of the terminal, the layer 2 identification of the second terminal, the identification of the data radio bearer DRB, the identification of the data flow, the identification of the PC5 unicast link of the first terminal or the identification of the terminal-to-terminal communication group .
The method of claim 14, wherein the first NF determines the shared key according to the identity of the first terminal, comprising:

The first NF determines the shared key according to the identification of the first terminal and the one or more types of information in the key request.
A key generation device applied to a first terminal, characterized in that it comprises:

A communication module, configured to send a communication request to a second terminal, where the communication request is used to request to establish communication with the second terminal, and the communication request includes an identifier of the first terminal and an identifier of a service;

The communication module is further configured to receive a communication response from the second terminal; the communication response is used to respond to the communication request;

The processing module is configured to determine a first security key according to the shared key and the service identifier; wherein, the first security key is the security of communication protection between the first terminal and the second terminal Key.
The device according to claim 16, wherein the communication request further includes one or more of the following information: the identity of the shared key, the type of service, the layer 2 identity of the first terminal, the The layer 2 identifier of the second terminal identifies the data radio bearer DRB identifier, the identifier of the data flow flow, the identifier of the PC5 unicast link of the first terminal, or the terminal-to-terminal communication group identifier.
The device according to claim 17, wherein the processing unit is configured to:

Determine the first security key according to the shared key, the identifier of the service, and the one or more types of information included in the communication request.
The apparatus according to any one of claims 16 to 18, wherein the communication request further includes a first message verification code MAC and/or a first indication, and the first MAC is used to verify the communication Whether the request is a legal request, the first indication is used to instruct the second terminal to obtain the shared key through an application layer or obtain the shared key through an operator network.
The apparatus according to any one of claims 16 to 19, wherein the communication response carries a second indication, and the second indication is used to instruct the first terminal to obtain the shared key through an application layer Or obtain the shared key through the operator's network.
The device according to any one of claims 16 to 20, wherein the communication module is further configured to:

Send a registration request to the network device, the registration request is used to request to register the identity of the first terminal, the registration request includes a third indication, the third indication is used to instruct the first terminal to request to use the terminal and A service for communication between terminals; and for receiving an identification of the first terminal from the network device.
A key generation device applied to a second terminal, characterized in that it comprises:

A communication module, configured to receive a communication request from a first terminal, the communication request including the identification ID of the first terminal and the identification of the service;

The processing module is configured to determine a first security key according to the shared key and the service identifier; wherein, the first security key is the security of communication protection between the first terminal and the second terminal Key

The communication module is further configured to return a communication response to the first terminal according to the communication request.
The apparatus according to claim 22, wherein the communication request further includes one or more of the following information: the identity of the shared key, the type of service, the layer 2 identity of the first terminal, the The layer 2 identification of the second terminal, the identification of the data radio bearer DRB, the identification of the data flow, the identification of the PC5 unicast link of the first terminal, or the identification of the terminal-to-terminal communication group.
The device of claim 23, wherein the processing module is configured to:

Determine the first security key according to the shared key, the identifier of the service, and the one or more types of information included in the communication request.
The device according to any one of claims 22 to 24, wherein the processing module is further configured to:

According to the identifier of the first terminal, determine whether the first terminal and the second terminal belong to the same network; determine whether the first terminal and the second terminal belong to the same network; the communication module is also used to The first network function NF sends a non-access stratum NAS request, and the NAS request is used to request the shared key.
The apparatus according to claim 25, wherein the NAS request includes at least one of the following information: an identifier of the first terminal, a message verification code (MAC), or a first indication; the first indication is used to indicate The NAS request is used for IoV communication;

The communication module is further configured to receive a NAS response from the first NF, where the NAS response includes the shared key.
A key generation device applied to a first network function NF, characterized in that it includes:

The communication module is configured to receive a key request, the key request is sent by a second terminal, or the key request is sent by the second terminal through a second NF, and the key request includes the The identity of the first terminal;

A processing module, configured to determine a shared key according to the identifier of the first terminal;

The communication module is further configured to send the shared key to the second terminal, or is further configured to send the shared key to the second terminal through the second NF.
The device according to claim 27, wherein the key request further comprises a message verification code (MAC);

The processing module is further configured to verify the MAC and determine that the MAC verification passes.
The device according to claim 27 or 28, wherein the key request further includes one or more of the following information: the identification of the shared key, the identification of the service, the type of the service, the first The layer 2 identification of the terminal, the layer 2 identification of the second terminal, the identification of the data radio bearer DRB, the identification of the data flow, the identification of the PC5 unicast link of the first terminal or the identification of the terminal-to-terminal communication group .
The device of claim 29, wherein the processing module is configured to:

The shared key is determined according to the identification of the first terminal and the one or more types of information in the key request.
A communication system, characterized by comprising at least one of a first terminal, a second terminal, and a first network function NF;

Wherein, the first terminal is used to execute the method according to any one of claims 1 to 6; or,

The second terminal is used to execute the method according to any one of claims 7 to 11; or,

The first NF is used to execute the method according to any one of claims 12-15.
A computer-readable storage medium, wherein computer-readable instructions are stored in the computer storage medium, and when the computer-readable instructions are run on a computer, the computer can execute any one of claims 1-15. The method described.