WO2021134381A1 - Procédé, appareil et système de communication locale - Google Patents

Procédé, appareil et système de communication locale Download PDF

Info

Publication number
WO2021134381A1
WO2021134381A1 PCT/CN2019/130245 CN2019130245W WO2021134381A1 WO 2021134381 A1 WO2021134381 A1 WO 2021134381A1 CN 2019130245 W CN2019130245 W CN 2019130245W WO 2021134381 A1 WO2021134381 A1 WO 2021134381A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
edge computing
local
local terminal
computing terminal
Prior art date
Application number
PCT/CN2019/130245
Other languages
English (en)
Chinese (zh)
Inventor
刘清顺
何朗
李伟
林浩
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2019/130245 priority Critical patent/WO2021134381A1/fr
Priority to CN201980103267.4A priority patent/CN114930769B/zh
Publication of WO2021134381A1 publication Critical patent/WO2021134381A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • This application relates to the field of communication technology, and in particular to methods, devices and systems for local communication.
  • the terminal refers to the local terminal
  • the edge refers to the terminal with edge computing capability, which can be called the edge computing terminal
  • the pipe refers to the local communication pipeline between the terminal and the edge, and the remote between the edge and the cloud.
  • Communication pipeline refers to business platforms and applications.
  • the local terminal refers to the terminal that accepts local services
  • the edge computing terminal refers to the terminal that provides local services for the local terminal.
  • the deployment location is close to the local terminal, which can provide real-time, dynamic and intelligent computing services for the local terminal, such as from
  • the local terminal collects information for calculation, implements local management and control, and communicates and exchanges information with the cloud;
  • the local communication channel refers to the communication channel between the terminal and the edge, which supports the direct communication between the terminal and the edge, that is, it does not need to pass through the base station and
  • the core network performs forwarded communication.
  • the long-distance communication pipeline refers to the communication pipeline between the edge and the cloud, including the base station and the core network, and supports the long-distance communication between the edge and the cloud.
  • the long-distance communication refers to the communication through the base station and the core network.
  • the remote communication technology used to support remote communication may include wired communication technology and long-distance wireless communication technology.
  • the long-distance wireless communication technology refers to the communication technology defined by the communication standards organization that uses the authorized spectrum, has the characteristics of wide coverage, low latency, and security, such as 3GPP (3rd Generation Partnership Project) ) LTE (Long Term Evolution) and NR (New Radio).
  • the communication technology used for local communication can adopt short-range wireless communication technology, such as WiFi, ZigBee, Wi-SUN (Wireless Smart Metering Utility Network, wireless smart meter reading public network).
  • the above-mentioned local communication technologies use unlicensed spectrum. Since the unlicensed spectrum is shared by multiple parties, the terminal is generally required to support LBT (listen before talk), that is, the terminal needs to determine whether the channel is free before sending data, which may affect the communication delay.
  • LBT listen before talk
  • some frequency bands of the unlicensed spectrum have communication duty ratio requirements, and the transmission power is strictly limited, so the coverage distance is small.
  • the embodiments of the present application are used to provide a method, device, and system for local communication, which are used to increase the coverage of local communication and reduce the time delay of local communication.
  • an embodiment of the present application provides a local communication method based on long-distance wireless communication technology.
  • the method includes: a local terminal initiates access to an edge computing terminal; wherein the edge computing terminal supports a base station air interface side protocol stack The local terminal stores the root key; the edge computing terminal assigns a network temporary identifier to the local terminal, and the network temporary identifier is used for local communication between the edge computing terminal and the local terminal; the edge computing terminal obtains from the local terminal The terminal identification of the local terminal; the edge computing terminal obtains the root key, the random number, and the integrity protection algorithm corresponding to the terminal identification; the edge computing terminal according to the root key, the random number, and the integrity
  • the protection algorithm generates a control plane integrity protection key K CPint ; where the K CPint is used to protect the integrity of the control plane message between the local terminal and the edge computing terminal; the edge computing terminal sends the use of The first control plane message for integrity protection performed by the K CPint , the first control plane message including the random number and
  • the edge computing terminal supports the base station air interface side protocol stack of the long-distance wireless communication technology, which makes it possible to use the long-distance wireless communication technology between the local terminal and the edge computing terminal.
  • the edge computing terminal supports obtaining the terminal identification from the local terminal, thereby obtaining the root key of the local terminal, and generating the control plane integrity protection key based on the root key and random number, so that the edge computing terminal and the local terminal can be deployed without the core network In the case of complete mutual authentication. Therefore, through the above method, the local terminal and the edge computing terminal can adopt the long-distance wireless communication technology for local communication without deploying the core network to support the local communication, which makes the local communication using the long-distance wireless communication technology more complicated and complex.
  • the cost reduction can increase coverage and reduce time delay compared with local communication using short-range wireless communication technology.
  • the edge computing terminal acquiring the root key, random number, and integrity protection algorithm corresponding to the terminal identifier includes: the edge computing terminal acquiring the root corresponding to the terminal identifier The key, the random number, the encryption algorithm, and the integrity protection algorithm; the edge computing terminal generates the control plane integrity protection key K CPint according to the root key, the random number, and the integrity protection algorithm, including: The edge computing terminal generates a control plane encryption key K CPenc , the K CPint , and a user plane encryption key K UPenc according to the root key, the random number, the encryption algorithm, and the integrity protection algorithm; wherein, the K CPenc is used to encrypt the control plane message, and the K UPenc is used to encrypt user plane data between the local terminal and the edge computing terminal; the first control plane message also includes the encryption algorithm; the local terminal according to the root key , The random number and the integrity protection algorithm to generate the K CPint includes: the local terminal generates the K CPint
  • the edge computing terminal and the local terminal support the control plane encryption key and the user plane encryption key, which can strengthen the security of the local communication between the edge computing terminal and the local terminal.
  • the edge computing terminal generates the control plane encryption key K CPenc , the K CPint , and the user plane according to the root key, the random number, the encryption algorithm, and the integrity protection algorithm.
  • the encryption key K UPenc includes: the edge computing terminal generates the base station key K eNB according to the root key and the random number; the edge computing terminal generates the K CPenc according to the K eNB , the encryption algorithm, and the integrity protection algorithm , The K CPint , and the K UPenc ; the local terminal generates the K CPenc , the K CPint , and the K UPenc according to the root key, the random number, the encryption algorithm, and the integrity protection algorithm, including: the The local terminal generates the K eNB according to the root key and the random number; the local terminal generates the K CPenc , the K CPint , and the K UPenc according to the K eNB , the encryption algorithm, and the
  • the base station key is generated first, and then the encryption key and the integrity protection key are derived from the base station key, which can maximize the use of the relevant technical solutions for key derivation in the long-distance wireless communication technology standard.
  • the terminal and edge computing terminal have minor changes, which makes the implementation of the solution simple and low in cost.
  • the method further includes: the edge computing terminal obtains an updated random number, and the updated random number is used for key update; and the edge computing terminal performs the encryption according to the updated random number. Key update; the edge computing terminal sends the updated random number to the local terminal; the local terminal performs the key update according to the updated random number.
  • the edge computing terminal can periodically or event-triggered to update the key for local communication, which further strengthens the security of local communication.
  • the encryption algorithm includes: a control plane encryption algorithm and a user plane encryption algorithm.
  • control plane and the user plane can have different encryption algorithms, which further ensures the security of local communication.
  • the method further includes: the edge computing terminal allocates an IP address to the local terminal, and saves the corresponding relationship between the IP address and the temporary network identifier.
  • the edge computing terminal supports the IP address assignment function, and binds the IP address assigned to the local terminal with the temporary network identifier assigned to the local terminal, which can be sent to the service platform or application deployed in the cloud upon receipt After the data packet of the local terminal, the data packet is forwarded to the local terminal according to the temporary network identification. In this way, the remote communication between the local terminal and the cloud is realized.
  • the method further includes: the edge computing terminal receives a data packet, the destination address of the data packet is the IP address; the edge computing terminal obtains the network temporary identifier according to the IP address; the edge The computing terminal sends the data packet to the local terminal according to the temporary network identifier.
  • the edge computing terminal functions as a relay node between the local terminal and the cloud. While realizing local communication, it can also take into account remote communication.
  • the local terminal initiating access to the edge computing terminal includes: the local terminal sends a random access preamble to the edge computing terminal.
  • the local terminal can use the random access procedure of the long-distance communication technology to access the edge computing terminal.
  • that the edge computing terminal assigns a network temporary identifier to the local terminal includes: the edge computing terminal sends a random access response RAR to the local terminal, and the RAR includes the network temporary identifier.
  • the edge computing terminal can use the random access procedure of the long-distance communication technology to assign the network temporary identity to the local terminal.
  • the edge computing terminal acquiring the terminal identifier of the local terminal from the local terminal includes: the edge computing terminal sends the random access message 4 MSG4 to the local terminal, and the MSG4 includes To request the information of the terminal identification; the local terminal sends a first radio resource control RRC message to the edge computing terminal, and the first RRC message includes the terminal identification.
  • the identity acquisition function originally implemented by the NAS protocol is implemented by modifying the RRC protocol, which can eliminate the support of the NAS protocol by the edge computing terminal and the local terminal, and simplify the implementation difficulty.
  • the random access process is used to obtain the terminal identification of the local terminal, which saves signaling interaction and improves the efficiency of program execution.
  • an embodiment of the present application provides a local communication method on the edge computing terminal side.
  • the method is based on a long-distance wireless communication technology.
  • the method includes: the edge computing terminal receives an access signal from the local terminal; wherein The edge computing terminal supports the air interface side protocol stack of the base station, and the local terminal stores the root key.
  • the edge computing terminal assigns a network temporary identifier to the local terminal; wherein, the network temporary identifier is used for the edge computing terminal and the local terminal to perform Local communication; the edge computing terminal obtains the terminal identification of the local terminal from the local terminal; the edge computing terminal obtains the root key, random number, and integrity protection algorithm corresponding to the terminal identification; the edge computing terminal according to the The root key, the random number, and the integrity protection algorithm to generate the control plane integrity protection key K CPint ; wherein, the K CPint is used to complete the control plane message between the local terminal and the edge computing terminal Protection; the edge computing terminal sends to the local terminal a first control plane message that uses the K CPint for integrity protection, the first control plane message includes the random number and the integrity protection algorithm; wherein, the K CPint is used The first control plane message for integrity protection is used to authenticate the edge computing terminal through integrity verification; the edge computing terminal receives a second control plane message for integrity protection using the K CPint from the local terminal; The edge computing terminal
  • the edge computing terminal acquiring the root key, random number, and integrity protection algorithm corresponding to the terminal identifier includes: the edge computing terminal acquiring the root corresponding to the terminal identifier The key, the random number, the encryption algorithm, and the integrity protection algorithm; the edge computing terminal generates the control plane integrity protection key K CPint according to the root key, the random number, and the integrity protection algorithm, including: The edge computing terminal generates a control plane encryption key K CPenc , the K CPint , and a user plane encryption key K UPenc according to the root key, the random number, the encryption algorithm, and the integrity protection algorithm; wherein, the K CPenc is used to encrypt the control plane message, and the K UPenc is used to encrypt user plane data between the local terminal and the edge computing terminal; the first control plane message also includes the encryption algorithm.
  • the edge computing terminal generates the control plane encryption key K CPenc , the K CPint , and the user plane according to the root key, the random number, the encryption algorithm, and the integrity protection algorithm.
  • the encryption key K UPenc includes: the edge computing terminal generates the base station key K eNB according to the root key and the random number; the edge computing terminal generates the K CPenc according to the K eNB , the encryption algorithm, and the integrity protection algorithm , The K CPint , and the K UPenc .
  • the method further includes: the edge computing terminal obtains an updated random number, and the updated random number is used for key update; and the edge computing terminal performs the encryption according to the updated random number. Key update; the edge computing terminal sends the updated random number to the local terminal.
  • the encryption algorithm includes: a control plane encryption algorithm and a user plane encryption algorithm.
  • the method further includes: the edge computing terminal allocates an IP address to the local terminal, and saves the corresponding relationship between the IP address and the temporary network identifier.
  • the method further includes: the edge computing terminal receives a data packet, the destination address of the data packet is the IP address; the edge computing terminal obtains the network temporary identifier according to the IP address; the edge The computing terminal sends the data packet to the local terminal according to the temporary network identifier.
  • the edge computing terminal assigning a network temporary identity to the local terminal includes: the edge computing terminal sends a random access response RAR to the local terminal, and the random access response includes the network temporary identity .
  • the edge computing terminal acquiring the terminal identifier of the local terminal from the local terminal includes: the edge computing terminal sends the random access message MSG4 to the local terminal, and the MSG4 includes To request the terminal identification information; the edge computing terminal receives a first radio resource control RRC message from the local terminal, and the first RRC message includes the terminal identification.
  • an embodiment of the present application provides a method for local communication on the local terminal side.
  • the method is based on a long-distance wireless communication technology.
  • the method includes: the local terminal initiates access to an edge computing terminal; wherein, The edge computing terminal supports the air interface side protocol stack of the base station, and the local terminal stores a root key; the local terminal obtains a network temporary identifier from the edge computing terminal, and the network temporary identifier is used for local communication between the edge computing terminal and the local terminal
  • the local terminal sends a terminal identification to the edge computing terminal; where the terminal identification corresponds to the root key, random number, and integrity protection algorithm; the local terminal receives the control plane integrity protection secret from the edge computing terminal
  • the first control plane message for integrity protection of the key K CPint the first control plane message includes the random number and the integrity protection algorithm; wherein, the K CPint is used between the local terminal and the edge computing terminal Integrity protection is performed on the control plane message of the local terminal; the local terminal generate
  • the first control plane message further includes an encryption algorithm; the local terminal generates the K CPint according to the root key, the random number, and the integrity protection algorithm, including: the local terminal According to the root key, the random number, the encryption algorithm, and the integrity protection algorithm, a control plane encryption key K CPenc , the K CPint , and a user plane encryption key K UPenc are generated; wherein, the K CPenc is used for encryption For the control plane message, the K UPenc is used to encrypt user plane data between the local terminal and the edge computing terminal.
  • the local terminal generates a control plane encryption key K CPenc , the K CPint , and user plane encryption according to the root key, the random number, the encryption algorithm, and the integrity protection algorithm
  • the key K UPenc includes: the local terminal generates the base station key K eNB according to the root key and the random number;
  • the local terminal generates the K CPenc , the K CPint , and the K UPenc according to the K eNB , the encryption algorithm, and the integrity protection algorithm.
  • the method further includes: the local terminal receives an updated random number from the edge computing terminal, and the updated random number is used for key update; the local terminal according to the updated random number Perform this key update.
  • the encryption algorithm includes: a control plane encryption algorithm and a user plane encryption algorithm.
  • the method further includes: the local terminal receives from the edge computing terminal the IP address allocated to the local terminal.
  • the method further includes: the local terminal receives a data packet from the edge computing terminal according to the network temporary identifier, and the destination address of the data packet is the IP address.
  • the local terminal initiating access to the edge computing terminal includes: the local terminal sends a random access preamble to the edge computing terminal.
  • the local terminal acquiring the network temporary identifier from the edge computing terminal includes: the local terminal receives a random access response RAR from the edge computing terminal, and the RAR includes the network temporary identifier.
  • the method further includes: the local terminal receives a random access message MSG4 from the edge computing terminal, where the MSG4 includes information for requesting the terminal identification; wherein, the local terminal sends Sending the terminal identifier by the edge computing terminal includes: the local terminal sends a first radio resource control RRC message to the edge computing terminal, where the first RRC message includes the terminal identifier.
  • the long-distance communication technology includes: long-term evolution LTE technology or new air interface NR technology.
  • long-term evolution LTE technology or new air interface NR technology.
  • the use of mature, mainstream long-distance communication technology can be compatible with more devices, reducing the difficulty of implementation.
  • the edge computing terminal stores the root key corresponding to the terminal identifier.
  • the air interface side protocol stack of the base station includes: RRC layer, packet data convergence protocol PDCP layer, radio link control RLC layer, medium access control MAC layer, and physical PHY layer.
  • RRC layer packet data convergence protocol PDCP layer
  • RLC layer radio link control RLC layer
  • medium access control MAC layer medium access control MAC layer
  • physical PHY layer optionally, it may also include a service data adaptation protocol SDAP layer.
  • the network temporary identifier includes: a cell radio network temporary identifier C-RNTI; or, a temporary cell radio network temporary identifier TC-RNTI.
  • the terminal identifier includes: International Mobile Subscriber Identity IMSI; or International Mobile Equipment Identity IMEI.
  • the first control plane message includes: a security mode command message; and the second control plane message includes: a security mode complete message.
  • an embodiment of the present application provides an edge computing terminal that supports a base station air interface side protocol stack of long-distance wireless communication technology.
  • the edge computing terminal includes a processing circuit.
  • the circuit is used to execute instructions to implement the functions of the edge computing terminal in the above aspects.
  • an embodiment of the present application provides an edge computing terminal that supports a base station air interface side protocol stack of long-distance wireless communication technology.
  • the edge computing terminal includes: a processing unit, and The transceiver unit is used to implement the functions of the edge computing terminal in the above aspects.
  • the edge computing terminal may have multiple forms.
  • the edge computing terminal may be an independently deployed device, or may be a chip, or may be a single board, etc.
  • an embodiment of the present application provides an edge computing access device that supports a base station air interface side protocol stack of long-distance wireless communication technology.
  • the edge computing access device includes processing The processing circuit is used to execute instructions to implement the functions of the edge computing terminal in the above aspects.
  • the edge computing access device can have many forms.
  • the edge computing access device can be an access point, or it can be a communication chip, or it can be a communication board.
  • the edge computing access device may be connected to the edge computing terminal, for example, through an optical fiber connection.
  • the edge computing access device may be integrated with the edge computing terminal, for example, it may be used as a southbound module of the edge computing terminal.
  • an embodiment of the present application provides a local terminal including a processing circuit configured to execute instructions to implement the functions of the edge computing terminal in the above aspects.
  • an embodiment of the present application provides a local terminal, including a processing unit and a transceiver unit, configured to implement the functions of the edge computing terminal in the foregoing aspects.
  • the local terminal may have multiple forms.
  • the local terminal may be an independently deployed device, or may be a chip, or may be a single board, etc.
  • an embodiment of the present application provides a local communication system, including the edge computing terminal and the local terminal of the above-mentioned aspects.
  • an embodiment of the present application provides a computer program product including instructions.
  • the edge computing terminal realizes the edge computing in the above aspects. Calculate the functions of the terminal.
  • an embodiment of the present application provides a computer-readable storage medium, including the computer program product of the tenth aspect.
  • an embodiment of the present application provides a computer program product, including instructions.
  • the instructions When the instructions are executed on the local terminal, the local terminal realizes the functions of the local terminal in the above aspects. .
  • the embodiments of the present application also provide a computer-readable storage medium, including the computer program product of the twelfth aspect.
  • Figure 1 is a schematic diagram of a network of end, edge, pipe, and cloud architecture
  • Figure 2 is a schematic diagram of a protocol stack on the air interface side of a base station in LTE;
  • Figure 3 is a schematic diagram of the deployment of an edge computing access device
  • Figure 4 is a schematic structural diagram of an edge computing access point
  • Figure 5 is a schematic structural diagram of an edge computing terminal
  • Figure 6 is a schematic structural diagram of a local terminal
  • Fig. 7 is a schematic flowchart of a local communication method
  • Figure 8 is a schematic diagram of a key derivation
  • Figure 9 is a schematic flowchart of another local communication method
  • FIG. 10 is a schematic flowchart of another local communication method
  • Figure 11 is a schematic structural diagram of another edge computing access point
  • Figure 12 is a schematic structural diagram of another edge computing terminal
  • Figure 13 is a schematic structural diagram of another local terminal.
  • the technical solution of the present application is applicable to a network with end, edge, tube, and cloud architecture as shown in FIG. 1.
  • the network schematic diagram in Figure 1 is only an example, and does not constitute a limitation to the technical solution of this application.
  • the technical solution of this application can also be applied to other networks including local communications, or networks that only deploy local communications. .
  • the term "system” and "network” can be replaced with each other, which are explained here in a unified manner, and will not be repeated in the following.
  • the technical solution of the present application is not only applicable to edge computing scenarios, but also applicable to other business scenarios where local communications are deployed. In other business scenarios, local terminals and edge computing terminals have different names.
  • the following description of the present application takes an edge computing scenario as an example.
  • long-distance communication technology is used for local communication
  • the long-distance communication technology used for local communication may be the same as or different from the long-distance communication technology used for remote communication.
  • LTE technology is used for local communication
  • LTE technology or NR technology may be used for remote communication.
  • the edge computing terminal supports the protocol stack on the air interface side of the long-distance communication technology base station.
  • the protocol stack of the base station can be divided into a protocol stack on the air interface side of the base station and a protocol stack on the core network side of the base station.
  • the protocol stack on the air interface side of the base station can be divided into a user plane protocol stack on the air interface side of the base station and a control plane protocol stack on the air interface side of the base station.
  • the user plane protocol stack at the air interface side of the base station includes: PDCP (Packet Data Convergence Protocol) layer, RLC (Radio Link Control, radio link control) layer, MAC ( Media Access Control layer, and PHY (physical layer, physical layer); base station air interface side control plane protocol stack includes: RRC (Radio Resource Control, radio resource control) layer, PDCP layer, RLC layer, MAC layer , PHY.
  • PDCP Packet Data Convergence Protocol
  • RLC Radio Link Control, radio link control
  • MAC Media Access Control layer
  • PHY physical layer, physical layer
  • base station air interface side control plane protocol stack includes: RRC (Radio Resource Control, radio resource control) layer, PDCP layer, RLC layer, MAC layer , PHY.
  • the RRC layer is mainly used for the broadcast of system information, maintenance of the RRC connection with the terminal, management of the radio bearer with the terminal, key management, etc.;
  • the PDCP layer is mainly used for header compression and decompression, User plane data transmission, encryption and decryption;
  • the PDCP layer is mainly used for encryption and integrity protection, and control plane data transmission.
  • the RLC layer is mainly used for error correction based on ARQ (automatic repeat request), cascading, segmentation and reorganization of RLC SDU (service data unit, service data unit), etc.;
  • MAC layer is mainly used for MAC SDU Multiplexing and HARQ (hybrid automatic repeat request, hybrid automatic repeat request), etc.;
  • PHY is mainly used to process encoding and decoding, modulation and demodulation, antenna mapping, etc.
  • 3GPP TS 36.300 R8 and subsequent versions for example, in v10.12.0, chapters 4.3.1, 4.3.2, and 5-7.
  • the SDAP Service Data Adaptation Protocol
  • QoS quality of service
  • QFI Quality of Service Flow ID
  • QoS flow ID Quality of Service Flow ID
  • control plane In the long-distance communication technology, the control plane is mainly used to transmit control messages, and the user plane is mainly used to transmit business data, but this distinction is not absolute. Both control messages and service data can be considered as a kind of data.
  • the data transmitted through the control plane is called control plane data
  • the data transmitted through the user plane is called user plane data.
  • the transmission of service data between the local terminal and the edge computing terminal can be transmitted through the control plane or through the data plane, which is not limited in this application.
  • an embodiment of the present application provides an edge computing access device that supports the protocol stack on the air interface side of the long-distance communication technology base station.
  • the edge computing access device may be an edge computing access point, which is physically connected to the edge computing terminal, for example, connected through an optical fiber.
  • the edge computing access point can perform local communication with the local terminal, and forward the data of the local terminal to the edge computing terminal, or forward the data of the edge computing terminal to the local terminal.
  • the edge computing access device can be integrated in the edge computing terminal.
  • the edge computing access device can be used as the southbound module of the edge computing terminal.
  • the edge computing terminal communicates locally with the local terminal through the southbound module, and remotely communicates with the base station through the northbound module.
  • the southbound module may be built into the edge computing terminal in the form of a separate chip, or the function of the southbound module may be integrated in the chip of the edge computing terminal.
  • FIG. 4 is a schematic structural diagram of an edge computing access point.
  • the edge computing access point includes a processor 401 and a transceiver 402.
  • the function of the protocol stack on the air interface side of the base station can be implemented by the processor 401 and the transceiver 402.
  • the edge computing access point further includes a memory 403, where the functions or part of the functions of the air interface side protocol stack of the base station can be solidified in the memory 403 in the form of instructions, and the processor 401 reads the instructions in the memory 403 to implement The function or part of the function of the protocol stack on the air interface side of the base station.
  • the encoding and decoding of the PHY layer can be completed by a hardware circuit, such as an encoder.
  • FIG. 5 is a schematic structural diagram of an edge computing terminal.
  • the edge computing terminal includes a processor 501 and a transceiver 502.
  • the function of the protocol stack on the air interface side of the base station can be implemented by the processor 501 and the transceiver 502.
  • the edge computing terminal further includes a memory 503, where the functions or part of the functions of the air interface side protocol stack of the base station can be solidified in the memory 503 in the form of instructions, and the processor 501 reads the instructions in the memory 503 to implement the air interface of the base station.
  • the function or part of the function of the side protocol stack can be completed by a hardware circuit, such as an encoder.
  • Fig. 6 is a schematic diagram of the structure of a local terminal.
  • the local terminal includes a processor 601 and a transceiver 602.
  • the processor 601 and the transceiver 602 can implement the function of the terminal air interface side protocol stack.
  • the local terminal further includes a memory 603, wherein the functions or part of the functions of the terminal air interface side protocol stack can be solidified in the memory 603 in the form of instructions, and the processor 601 reads the instructions in the memory 603 to implement the terminal air interface side protocol The function or part of the function of the stack.
  • the terminal air interface side protocol stack is similar to the base station air interface side protocol stack, which can be divided into the terminal air interface side user plane protocol stack and the terminal air interface side control plane protocol stack.
  • the user plane protocol stack on the air interface side of the terminal includes a PDCP layer, an RLC layer, a MAC layer, and a PHY layer.
  • the terminal air interface side control plane protocol stack includes: RRC layer, PDCP layer, RLC layer, MAC layer, and PHY layer.
  • the encoding and decoding of the PHY layer can be completed by a hardware circuit, such as an encoder.
  • the edge computing terminal can integrate the core network functions required for local communication without the need to deploy a core network for local communication. Since there is no need to deploy a core network for local communication, local terminals and edge computing terminals may not implement the NAS layer in the protocol stack for local communication. Instead, local terminals and edge computing terminals can modify the core network functions required for local communication.
  • the above-mentioned base station air interface side protocol stack or terminal air interface side protocol stack is implemented, for example, by modifying the RRC layer, so that the RRC layer realizes the function of the core network.
  • the local terminal and the edge computing terminal support mutual authentication, that is, two-way authentication.
  • the edge computing terminal supports obtaining the built-in terminal identification of the local terminal from the local terminal, obtaining the root key of the local terminal according to the terminal identification, and generating a random number.
  • the local terminal supports sending its built-in terminal identification to the edge computing terminal, and obtains the above-mentioned random number and the above-mentioned integrity protection algorithm from the edge computing terminal, according to the root key and the random number , And integrity protection algorithms to generate control plane integrity protection keys and other functions.
  • the local terminal and the edge computing terminal support the generation of the user plane encryption key and the control plane encryption key.
  • the local terminal and the edge computing terminal support the allocation of IP addresses by the edge computing terminal.
  • the method includes:
  • S701 The local terminal initiates access to the edge computing terminal.
  • the local terminal sends a random access preamble to the edge computing terminal.
  • the edge computing terminal allocates a temporary network identifier to the local terminal.
  • the network temporary identifier is used for remote communication between the local terminal and the edge computing terminal; for example, the network temporary identifier can be C-RNTI (cell radio network temporary identifier, cell radio network temporary identifier), or TC-RNTI ( Temporary Cell Radio Network Temporary Identity, temporary cell identifier). It should be noted that TC-RNTI will be used as C-RNTI after successful access.
  • C-RNTI cell radio network temporary identifier, cell radio network temporary identifier
  • TC-RNTI Temporary Cell Radio Network Temporary Identity, temporary cell identifier.
  • the edge computing terminal may send the network temporary identifier to the local terminal through message two MSG2 in the random access procedure, that is, the network temporary identifier is included in the MSG2.
  • MSG2 is also called random access response (RAR).
  • RAR random access response
  • the local terminal After the local terminal receives the RAR, it will send the message 3 MSG3 of the random access procedure to the edge computing terminal.
  • MSG3 can be different messages in different random access scenarios.
  • the MSG3 message is an RRC connection request (RRCConnectionRequest) message.
  • RRCConnectionRequest RRC connection request
  • the MSG3 message can carry a random number or temporary identifier generated by the local terminal for subsequent contention resolution. If the contention is resolved successfully, the temporary network identifier assigned to the local terminal in the MSG2 message can be used for local communication between the local terminal and the edge computing terminal.
  • the edge computing terminal obtains the terminal identifier of the local terminal from the local terminal.
  • the terminal identifier refers to a built-in terminal identifier of the local terminal; for example: IMSI (international mobile subscriber identity, international mobile subscriber identity), IMEI (international mobile equipment identity, international mobile equipment identity).
  • IMSI international mobile subscriber identity, international mobile subscriber identity
  • IMEI international mobile equipment identity, international mobile equipment identity
  • the IMSI is stored in a SIM (subscriber identity module, subscriber identity module) card
  • the IMEI is stored in the memory of the terminal.
  • S703 includes:
  • S703-1 The edge computing terminal sends a request to the local terminal for querying the terminal identification of the local terminal;
  • the local terminal sends a response to the edge computing terminal, where the response includes the terminal identifier of the local terminal.
  • the edge computing terminal may send the request to the local terminal through message 4 MSG4 in the random access procedure.
  • MSG 4 is used for contention resolution.
  • MSG4 will carry the random number or temporary identifier carried in MSG3.
  • the local terminal compares the random number or temporary identifier carried in MSG4 with the random number or temporary identifier it generates.
  • the logo can know whether the competition is successfully resolved.
  • MSG3 can be different messages in different random access scenarios. For example, in the initial access scenario, the MSG3 message is an RRC connection setup (RRCConnectionSetup) message.
  • the local terminal may send the terminal identifier of the local terminal to the edge computing terminal through the first RRC message.
  • the first RRC message may be an RRC connection setup complete (RRCConnectionSetupComplete) message in response to an RRC connection setup message.
  • S703 includes:
  • S703-3 The local terminal sends a second RRC message to the edge computing terminal, where the second RRC message includes the terminal identifier of the local terminal.
  • the second RRC message may be an RRC connection request message or an RRC connection establishment complete message.
  • the local terminal may not rely on the request of the edge computing terminal, and actively send the terminal identifier to the edge computing terminal.
  • the edge computing terminal obtains the root key corresponding to the terminal identifier, the corresponding random number, and the corresponding integrity protection algorithm.
  • the root key of the local terminal can be configured on the edge computing terminal, and after receiving the terminal identification, the root key can be obtained according to the terminal identification.
  • the edge computing terminal can use other devices to query the root key for the terminal identification.
  • the above-mentioned root key obtained by the edge computing terminal is the same as the root key stored on the local terminal.
  • the edge computing terminal can generate random numbers for the local terminal and select the integrity protection algorithm. For example, the edge computing terminal can generate a 32-bit random number.
  • the edge computing terminal generates a control plane integrity protection key K CPint according to the root key, random number, and integrity protection algorithm.
  • K CPint is used to protect the integrity of the control plane messages between the local terminal and the edge computing terminal.
  • the edge computing terminal sends a first control plane message that uses the K CPint for integrity protection to the local terminal, where the first control plane message includes the foregoing random number and the foregoing integrity protection algorithm.
  • the first control plane message may be an RRC message, such as a security mode command message.
  • the local terminal generates K CPint according to the root key on the local terminal, the random number received above, and the integrity protection algorithm received above.
  • the root key on the local terminal is stored in the SIM card.
  • the local terminal authenticates the edge computing terminal by using K CPint to perform integrity check on the above-mentioned first control plane message.
  • the local terminal If the integrity check of the first control plane message is successful, the local terminal authenticates the edge computing terminal successfully; if the integrity check of the first control plane message is unsuccessful, the local terminal authenticates the edge computing terminal. Right to fail. If the authentication fails, the local terminal can try to access the edge computing terminal again or terminate access to the edge computing terminal.
  • S709 The local terminal sends a second control plane message using K CPint for integrity protection to the edge computing terminal.
  • the second control plane message may be an RRC message, such as a security mode completion message.
  • the edge computing terminal authenticates the local terminal by using K CPint to perform integrity check on the above-mentioned second control plane message.
  • the edge computing terminal If the integrity check of the second control plane message is successful, the edge computing terminal authenticates the local terminal successfully; if the integrity check of the second control plane message is unsuccessful, the edge computing terminal authenticates the local terminal. Right to fail. If the authentication fails, the edge computing terminal can refuse the access of the local terminal. As an option, the edge computing terminal can initiate a connection release procedure, such as an RRC connection release procedure.
  • S711 The local terminal and the edge computing terminal perform local communication.
  • the edge computing terminal sends the DCI (downlink control information) scrambled by the above C-RNTI to the local terminal through the PDCCH (physical downlink control channel).
  • the DCI indicates the uplink resource and the local terminal detects After the DCI scrambled by the aforementioned C-RNTI, it can be known that the DCI is the DCI sent by the edge computing terminal to the local terminal, and the local terminal can send data to the edge computing terminal on the uplink resource indicated by the DCI.
  • the edge computing terminal sends the DCI scrambled by the above C-RNTI to the local terminal through the PDCCH.
  • the DCI indicates the downlink resource.
  • the local terminal After the local terminal detects the DCI scrambled by the above C-RNTI, it can learn that the DCI is edge computing.
  • the DCI sent by the terminal to the local terminal, and the local terminal can receive the data sent by the edge computing terminal on the downlink resource indicated by the DCI.
  • the edge computing terminal may also allocate an IP address to the local terminal, and the method further includes:
  • the edge computing terminal allocates an IP address to the local terminal, and saves the corresponding relationship between the IP address and the temporary network identifier.
  • S712 includes:
  • S712-1 The local terminal sends an IP address allocation request to the edge computing terminal.
  • the IP address request may carry an IP protocol version, such as IPv4 or IPv6.
  • S712-2 The edge computing terminal sends the IP address allocated to the local terminal to the local terminal.
  • the edge computing terminal can allocate an IPv4 address or an IPv6 address to the local terminal according to the IP protocol version in the IP address request.
  • the IPv6 address includes an IPv6 prefix and an IPv6 interface identifier.
  • the edge computing terminal saves the corresponding relationship between the network temporary identifier assigned to the local terminal and the temporary identifier assigned to the local terminal.
  • the remote communication between the local terminal and the cloud can be realized.
  • S713 The edge computing terminal receives the data packet from the cloud.
  • the IP address of the data packet is the IP address of the local terminal.
  • the edge computing terminal obtains the network temporary identifier of the local terminal according to the IP address.
  • the edge computing terminal sends the data packet to the local terminal according to the temporary network identifier.
  • S715 can be understood as the edge computing terminal forwarding the data packet to the local terminal through local communication. For details, refer to the description of S711.
  • the edge computing terminal supports the IP address assignment function, and binds the IP address assigned to the local terminal with the temporary network identifier assigned to the local terminal, which can be sent to the service platform or application deployed in the cloud upon receipt After the data packet of the local terminal, the data packet is forwarded to the local terminal according to the temporary network identification.
  • the edge computing terminal functions as a relay node between the local terminal and the cloud, and while realizing local communication, it can also take into account remote communication.
  • the edge computing terminal may also obtain an encryption algorithm, such as a control plane encryption algorithm and a user plane encryption algorithm, which may be the same or different; in S705, the edge computing terminal may also Key, the random number, the encryption algorithm, and the integrity protection algorithm to generate the control plane encryption key K CPenc and the user plane encryption key K UPenc ; wherein, K CPenc is used to encrypt between the local terminal and the control plane terminal K UPenc is used to encrypt the user plane data between the local terminal and the edge computing terminal; in S706, the first control plane message also includes the above encryption algorithm; in S707, the local terminal is also based on the root secret Key, random number, and the above encryption algorithm generate K CPenc and K UPenc .
  • an encryption algorithm such as a control plane encryption algorithm and a user plane encryption algorithm, which may be the same or different
  • the edge computing terminal may also Key, the random number, the encryption algorithm, and the integrity protection algorithm to generate the control plane encryption key K CPenc and the
  • the edge computing terminal and the local terminal support the control plane encryption key and the user plane encryption key, which can strengthen the security of the local communication between the edge computing terminal and the local terminal.
  • the edge computing terminal does not encrypt the first control plane message
  • the local terminal does not encrypt the second control plane message.
  • the local terminal and the edge computing terminal may first generate the base station key K eNB according to the root key and random number, and then generate the key according to K eNB.
  • K CPenc and K UPenc are generated according to K eNB and the encryption key; for another example, K CPint is generated according to K eNB and the encryption key.
  • K CPint is generated according to K eNB and the encryption key.
  • key generation reference may be made to related solutions in LTE technology or NR technology.
  • the root key K and the random number RAND are input into the key derivation function (KDF) to generate K eNB ;
  • K eNB and the identification of the user plane encryption algorithm are input Key derivation function, generate K UPenc ;
  • K eNB and control plane integrity protection algorithm identification input key derivation function generate K CPint ;
  • K eNB and control plane encryption algorithm identification input key derivation function generate K CPenc .
  • the base station key is generated first, and then the encryption key and the integrity protection key are derived from the base station key, which can maximize the use of the relevant technical solutions for key derivation in the long-distance wireless communication technology standard.
  • the terminal and edge computing terminal have minor changes, which makes the implementation of the solution simple and low in cost.
  • control plane message between the local terminal and the edge computing terminal can be integrity protected and encrypted, and the user plane data between the local terminal and the edge computing terminal can be encrypted.
  • the key update between the local terminal and the edge computing terminal may be performed periodically or triggered by an event.
  • the edge computing terminal can generate an updated random number, update the key according to the updated random number, and send the updated random number to the local terminal.
  • the local terminal also performs the key update on the above key according to the updated random number. Update. For example, after the local terminal and the edge computing terminal obtain a new random number, they generate a new K eNB , and then generate a new K CPint , a new K CPenc , and a new K UPenc .
  • the edge computing terminal can periodically or event-triggered to update the key used for local communication, which further strengthens the security of local communication.
  • the functions originally implemented by the NAS protocol are implemented by modifying the RRC protocol, which can eliminate the support of the NAS protocol by the edge computing terminal and the local terminal, and simplify the implementation difficulty.
  • the random access process is used to obtain the terminal identification of the local terminal, which saves signaling interaction and improves the efficiency of program execution.
  • the edge computing terminal supports the base station air interface side protocol stack of the long-distance wireless communication technology, which makes it possible to use the long-distance wireless communication technology between the local terminal and the edge computing terminal.
  • the edge computing terminal supports obtaining the terminal identification from the local terminal, thereby obtaining the root key of the local terminal, and generating the control plane integrity protection key based on the root key and random number, so that the edge computing terminal and the local terminal can be deployed without the core network In the case of complete mutual authentication. Therefore, through the above method, the local terminal and the edge computing terminal can adopt the long-distance wireless communication technology for local communication without deploying the core network to support the local communication, which makes the local communication using the long-distance wireless communication technology more complicated and complex.
  • the cost reduction can increase coverage and reduce time delay compared with local communication using short-range wireless communication technology.
  • the method includes:
  • the edge computing terminal receives an access signal from a local terminal.
  • the access signal may be a random access preamble.
  • S901 please refer to the related content of S701.
  • the edge computing terminal allocates a temporary network identifier to the local terminal.
  • the edge computing terminal obtains the terminal identifier of the local terminal from the local terminal.
  • the edge computing terminal obtains the root key, the random number, and the integrity protection algorithm corresponding to the terminal identifier.
  • the edge computing terminal generates K CPint according to the root key, random number, and integrity protection algorithm.
  • the edge computing terminal sends a first control plane message using K CPint for integrity protection to the local terminal.
  • the first control plane message includes the aforementioned random number and an integrity protection algorithm; wherein, the first control plane message using K CPint for integrity protection is used to authenticate the edge computing terminal through integrity verification.
  • the edge computing terminal receives a second control plane message that uses K CPint for integrity protection from the local terminal.
  • the edge computing terminal authenticates the local terminal by using K CPint to perform integrity check on the second control plane message.
  • the edge computing terminal performs local communication with the local terminal.
  • the edge computing terminal may also allocate an IP address to the local terminal, and the method further includes:
  • the edge computing terminal allocates an IP address to the local terminal, and saves the corresponding relationship between the IP address and the temporary network identifier.
  • the remote communication between the local terminal and the cloud can be realized.
  • the edge computing terminal receives data packets from the cloud.
  • the edge computing terminal obtains the network temporary identifier of the local terminal according to the IP address.
  • the edge computing terminal sends the data packet to the local terminal according to the temporary network identifier.
  • the method includes:
  • S1001 The local terminal initiates access to the edge computing terminal.
  • the local terminal obtains the temporary network identifier from the edge computing terminal.
  • S1003 The local terminal sends a terminal identifier to the edge computing terminal.
  • the local terminal receives the first control plane message that uses K CPint for integrity protection from the edge computing terminal.
  • the first control plane message includes a random number and an integrity protection algorithm.
  • S1005 The local terminal generates K CPint according to the root key, random number, and integrity protection algorithm.
  • the local terminal authenticates the edge computing terminal by using K CPint to perform integrity check on the first control plane message.
  • S1007 The local terminal sends a second control plane message using K CPint for integrity protection to the edge computing terminal.
  • the second control plane message using K CPint for integrity protection is used to authenticate the local terminal through integrity verification.
  • S1008 The local terminal performs the local communication with the edge computing terminal.
  • the local terminal may also obtain the IP address allocated for the local terminal from the edge computing terminal, and the method further includes:
  • the local terminal receives the IP address allocated to the local terminal from the edge computing terminal.
  • the remote communication between the local terminal and the cloud can be realized.
  • S1010 The local terminal receives a data packet from the edge computing terminal according to the temporary network identifier.
  • the destination address of the data packet is the IP address allocated to the local terminal.
  • an embodiment of the present application provides an edge computing access device.
  • the edge computing access device is used to implement the local communication function of the edge computing terminal in FIG. 7, FIG. 9, and FIG. 10.
  • the edge computing access device may be an edge computing access point as shown in FIG. 4, or may be a module, chip, single board, etc. integrated in the edge computing terminal.
  • the edge computing access point includes a processor for executing instructions to implement the steps performed by the edge computing terminal shown in FIG. 7, FIG. 9, and FIG. 10.
  • the above instructions may be stored in a memory, and the memory may be built in the edge computing access device or externally placed in the edge computing access device.
  • Fig. 11 describes the foregoing edge computing access device from the perspective of unit division. As shown in FIG. 11, it includes a processing unit 1101 and a transceiver unit 1102.
  • the transceiver unit 1102 can be used to implement related functions such as S901, S902, S903, S906, S907, S909, S910, S911, S912, and S913; the processing unit can be used to implement, for example, S904, S905, S908, S909, and S910. Related functions.
  • an embodiment of the present application provides an edge computing terminal.
  • the edge computing terminal is used to implement the functions of the edge computing terminal in FIG. 7, FIG. 9, and FIG. 10.
  • the structure of the edge computing terminal is shown in Figure 5.
  • the edge computing terminal includes a processor 501 for executing instructions to implement the steps executed by the edge computing terminal as shown in FIG. 7, FIG. 9 and FIG. 10.
  • the above-mentioned instructions may be stored in the memory 503, and the memory 503 may be built-in or external to the edge computing terminal.
  • Figure 12 describes the foregoing edge computing terminal from the perspective of unit division.
  • the edge computing terminal includes a southbound module 1201 and a northbound module 1202.
  • the northbound module 1202 is used to implement remote communication
  • the southbound module 1201 is used to implement related functions such as S901-S913 shown in FIG. 9.
  • an embodiment of the present application provides a local terminal.
  • the local terminal is used to implement the functions of the local terminal in FIG. 7, FIG. 9 and FIG. 10.
  • the structure of the local terminal is shown in Figure 6.
  • the local terminal includes a processor 601 for executing instructions to implement the steps performed by the local terminal shown in Figs. 7, 9 and 10.
  • the above-mentioned instructions may be stored in the memory 603, and the memory 603 may be built in the local terminal or externally installed in the local terminal.
  • Figure 13 describes the above-mentioned local terminal from the perspective of unit division.
  • the local terminal includes a processing unit 1301 and a transceiver unit 1302.
  • the transceiver unit is used to implement the related functions of S1001, S1002, S1003, S1004, S1007, S1008, S1009, and S1010 as shown in FIG. Related functions.
  • an embodiment of the present application also provides a computer program product related to an edge computing terminal, including instructions.
  • the edge computing terminal realizes the above-mentioned FIG. 7, FIG. 9 and FIG. Figure 10 shows the functions of the edge computing terminal.
  • an embodiment of the present application also provides a computer-readable storage medium, including the computer program product related to the above-mentioned edge computing terminal.
  • an embodiment of the present application also provides a computer program product related to a local terminal, including instructions.
  • the instructions When the instructions are executed on the local terminal, the local terminal realizes the local The function of the terminal.
  • an embodiment of the present application also provides a computer-readable storage medium, including the computer program product related to the above-mentioned local terminal.
  • the embodiment of the present application also provides a local communication system, including the above-mentioned edge computing terminal and a local terminal.
  • words such as “first” and “second” are used to distinguish the same items or similar items that have substantially the same function and effect. Those skilled in the art can understand that words such as “first” and “second” do not limit the quantity and order of execution, and words such as “first” and “second” do not limit the difference.
  • words such as “exemplary” or “for example” are used as examples, illustrations, or illustrations. Any embodiment or design solution described as “exemplary” or “for example” in the embodiments of the present application should not be construed as being more preferable or advantageous than other embodiments or design solutions. To be precise, words such as “exemplary” or “for example” are used to present related concepts in a specific manner to facilitate understanding.
  • the local terminal and the edge computing terminal in the embodiment of the present application may be a device or a chip.
  • the terminal can have different names in different systems.
  • the terminal may be a user equipment (UE), an access terminal, a terminal unit, a terminal station, a mobile station, a mobile station, a remote station, a remote terminal, a mobile device, an LTE system, an NR system, or a future evolved network.
  • UE user equipment
  • the terminal unit may be a terminal station, a mobile station, a mobile station, a remote station, a remote terminal, a mobile device, an LTE system, an NR system, or a future evolved network.
  • Wireless communication equipment, terminal agent or terminal device etc.
  • the access terminal can be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), with wireless communication Functional handheld devices, computing devices or other processing devices connected to wireless modems, vehicle-mounted devices or wearable devices, virtual reality (VR) terminal devices, augmented reality (AR) terminal devices, industrial control (industrial) Wireless terminal in control), wireless terminal in self-driving (self-driving), wireless terminal in remote medical (remote medical), wireless terminal in smart grid (smart grid), wireless terminal in transportation safety (transportation safety) Terminals, wireless terminals in smart cities, wireless terminals in smart homes, etc.
  • the terminal can be mobile or fixed.
  • the processor may be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more for controlling the computer. Apply for integrated circuits for program execution.
  • the memory may be a device with a storage function.
  • ROM read-only memory
  • RAM random access memory
  • Dynamic storage devices can also be electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM), or other optical disk storage, optical disc storage ( Including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or can be used to carry or store desired program codes in the form of instructions or data structures and can be stored by a computer Any other media taken, but not limited to this.
  • the memory can exist independently and is connected to the processor through a communication line. The memory can also be integrated with the processor.
  • the computer execution instructions in the embodiments of the present application may also be referred to as application program codes, which are not specifically limited in the embodiments of the present application.
  • the present application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
  • the embodiments of the present application may divide the device into functional modules according to the foregoing method embodiments.
  • each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module.
  • the above-mentioned integrated modules can be implemented in the form of hardware or software functional modules. It should be noted that the division of modules in the embodiments of the present application is illustrative, and is only a logical function division, and there may be other division methods in actual implementation.
  • unit and module may refer to specific ASICs, circuits, processors and memories that execute one or more software or firmware programs, integrated logic circuits, and/or other devices that can provide the aforementioned functions.
  • the above embodiments it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof.
  • a software program it can be implemented in the form of a computer program product in whole or in part.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
  • the computer instruction may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium.
  • the computer instruction may be transmitted from a website, a computer, a server, or a data center through a cable (Such as coaxial cable, optical fiber, digital subscriber line (digital subscriber line, DSL)) or wireless (such as infrared, wireless, microwave, etc.) to transmit to another website, computer, server, or data center.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer or may include one or more data storage devices such as a server or a data center that can be integrated with the medium.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).
  • the computer may include the aforementioned device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Les modes de réalisation de la présente invention concernent un procédé de communication locale. Dans le procédé, un terminal informatique périphérique prend en charge une pile de protocoles d'interface radio de station de base d'une technologie de communication sans fil à longue distance, et prend en charge la génération d'une clé associée sur la base d'une clé racine et d'un nombre aléatoire. Plus précisément, un terminal local peut initier l'accès au terminal informatique périphérique; le terminal informatique périphérique attribue un identifiant temporaire de réseau pour une communication locale au terminal local, obtient un identifiant de terminal stocké sur le terminal local pour obtenir une clé racine, un nombre aléatoire et un algorithme de protection d'intégrité correspondants, en déduit une clé de protection d'intégrité de plan de commande, et envoie le nombre aléatoire et l'algorithme de protection d'intégrité au terminal local; le terminal local génère une clé de protection d'intégrité de plan de commande en fonction de la clé racine, du nombre aléatoire et de l'algorithme de protection d'intégrité; le terminal local et le terminal informatique périphérique vérifient l'intégrité des messages de plan de commande les uns des autres en utilisant des clés de protection d'intégrité de plan de commande générées respectives pour obtenir une authentification mutuelle; une fois que l'authentification a réussi, le terminal informatique périphérique et le terminal local réalisent une communication locale. Le procédé est approprié pour des scénarios de service tels que l'Internet des objets et l'Internet des véhicules.
PCT/CN2019/130245 2019-12-31 2019-12-31 Procédé, appareil et système de communication locale WO2021134381A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2019/130245 WO2021134381A1 (fr) 2019-12-31 2019-12-31 Procédé, appareil et système de communication locale
CN201980103267.4A CN114930769B (zh) 2019-12-31 2019-12-31 本地通信的方法、装置和系统

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/130245 WO2021134381A1 (fr) 2019-12-31 2019-12-31 Procédé, appareil et système de communication locale

Publications (1)

Publication Number Publication Date
WO2021134381A1 true WO2021134381A1 (fr) 2021-07-08

Family

ID=76686306

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/130245 WO2021134381A1 (fr) 2019-12-31 2019-12-31 Procédé, appareil et système de communication locale

Country Status (2)

Country Link
CN (1) CN114930769B (fr)
WO (1) WO2021134381A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117097682A (zh) * 2023-10-19 2023-11-21 杭州义益钛迪信息技术有限公司 设备接入方法、装置、设备及存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102036242A (zh) * 2009-09-29 2011-04-27 中兴通讯股份有限公司 一种移动通讯网络中的接入认证方法和系统
US20150281953A1 (en) * 2012-10-19 2015-10-01 Nokia Corporation Method and Device of Generating a key for Device-to-Device Communication Between a First User Equipment and a Second User Equipment
WO2018145056A1 (fr) * 2017-02-06 2018-08-09 Pcms Holdings, Inc. Sécurisation de la communication de dispositifs dans l'internet des objets
CN108810026A (zh) * 2018-07-20 2018-11-13 电子科技大学 一种基于边缘计算的终端设备接入认证方法及系统
CN108881280A (zh) * 2018-07-11 2018-11-23 中国联合网络通信集团有限公司 接入方法、内容分发网络系统及接入系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102036242A (zh) * 2009-09-29 2011-04-27 中兴通讯股份有限公司 一种移动通讯网络中的接入认证方法和系统
US20150281953A1 (en) * 2012-10-19 2015-10-01 Nokia Corporation Method and Device of Generating a key for Device-to-Device Communication Between a First User Equipment and a Second User Equipment
WO2018145056A1 (fr) * 2017-02-06 2018-08-09 Pcms Holdings, Inc. Sécurisation de la communication de dispositifs dans l'internet des objets
CN108881280A (zh) * 2018-07-11 2018-11-23 中国联合网络通信集团有限公司 接入方法、内容分发网络系统及接入系统
CN108810026A (zh) * 2018-07-20 2018-11-13 电子科技大学 一种基于边缘计算的终端设备接入认证方法及系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on authentication and key management for applications based on 3GPP credential in 5G (Release 16)", 3GPP STANDARD; TECHNICAL REPORT; 3GPP TR 33.835, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. V2.0.0, 4 December 2019 (2019-12-04), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, pages 1 - 83, XP051840699 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117097682A (zh) * 2023-10-19 2023-11-21 杭州义益钛迪信息技术有限公司 设备接入方法、装置、设备及存储介质
CN117097682B (zh) * 2023-10-19 2024-02-06 杭州义益钛迪信息技术有限公司 设备接入方法、装置、设备及存储介质

Also Published As

Publication number Publication date
CN114930769B (zh) 2024-04-12
CN114930769A (zh) 2022-08-19

Similar Documents

Publication Publication Date Title
US10943005B2 (en) Secure authentication of devices for internet of things
TWI336577B (en) Method and mobile terminal for communicating data in a wireless communications system
WO2017091959A1 (fr) Procédé de transmission de données, équipement utilisateur et dispositif côté réseau
CN115413413A (zh) 用于安全链路建立的中继侧行链路通信
KR20210024985A (ko) 무선 네트워크에서 IAB(Integrated Access and Backhaul) 노드의 인증을 위한 방법 및 장치
US11582233B2 (en) Secure authentication of devices for Internet of Things
CN109691156B (zh) 基站、移动性管理实体及其操作方法
CN116248370A (zh) 由esim终端和服务器讨论数字证书的方法和装置
US11405830B2 (en) Information transmission method and apparatus
WO2023283789A1 (fr) Procédé et appareil de communication sécurisée, dispositif terminal et périphérique de réseau
CN116034595A (zh) 用户设备(ue)到网络的中继的认证和授权
CN114339688A (zh) 用于ue与边缘数据网络的认证的装置和方法
WO2020238957A1 (fr) Procédé et appareil de vérification
CN116723507B (zh) 针对边缘网络的终端安全方法及装置
WO2022134089A1 (fr) Procédé et appareil de génération de contexte de sécurite, et support de stockage lisible par ordinateur
WO2021134381A1 (fr) Procédé, appareil et système de communication locale
CN113825234A (zh) 用在用户设备中的装置
WO2020232576A1 (fr) Procédé et appareil d'etablissement de connexion à monodiffusion, et support d'informations
CN110226319A (zh) 用于紧急接入期间的参数交换的方法和设备
CN113873492B (zh) 一种通信方法以及相关装置
CN115942305A (zh) 一种会话建立方法和相关装置
US20230188360A1 (en) Method and apparatus for establishing end-to-end security in wireless communication system
WO2023212913A1 (fr) Procédé et appareil de communication sans fil, dispositif, support de stockage et produit-programme
WO2024067047A1 (fr) Procédé et appareil de communication
WO2024087038A1 (fr) Procédé et appareil de communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19958132

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19958132

Country of ref document: EP

Kind code of ref document: A1