WO2022033405A1 - Procédé et appareil de traitement d'informations, dispositif, et support de stockage lisible - Google Patents

Procédé et appareil de traitement d'informations, dispositif, et support de stockage lisible Download PDF

Info

Publication number
WO2022033405A1
WO2022033405A1 PCT/CN2021/111296 CN2021111296W WO2022033405A1 WO 2022033405 A1 WO2022033405 A1 WO 2022033405A1 CN 2021111296 W CN2021111296 W CN 2021111296W WO 2022033405 A1 WO2022033405 A1 WO 2022033405A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
proximity communication
communication function
information
interface
Prior art date
Application number
PCT/CN2021/111296
Other languages
English (en)
Chinese (zh)
Inventor
毕晓宇
Original Assignee
大唐移动通信设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大唐移动通信设备有限公司 filed Critical 大唐移动通信设备有限公司
Publication of WO2022033405A1 publication Critical patent/WO2022033405A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Definitions

  • the present disclosure relates to the field of communication technologies, and in particular, to an information processing method, apparatus, device, and readable storage medium.
  • Proximity communication is defined as Proximity-based Services (ProSe) in the 3rd Generation Partnership Project (3GPP) standard.
  • the service includes proximity discovery and proximity communication.
  • ProSe discovery is a process of determining that user equipment (User Equipment, UE) with the ProSe function are in the vicinity of each other. For the UE, the process of a ProSe-capable UE confirming that there is another ProSe-capable UE nearby may or may not use the network.
  • a ProSe-capable UE may be referred to as a ProSe UE) may use the UE's capability or a New Radio (New Radio, NR) technology to discover another ProSe-capable UE.
  • ProSe communication is a service capable of establishing a new communication path between two or more ProSe-capable UEs.
  • ProSe needs to be authorized by the operator, and the operator can also provide configuration data, such as proximity criteria, to the ProSe-capable UE, which can be used for ProSe discovery.
  • the PC3 interface is the interface between the UE end and the ProSe functional end.
  • the PC3 interface depends on the core network (ie, the interface based on the Internet protocol (IP)). It is used to authorize ProSe direct discovery and ProSe discovery requirements of the core network, and to perform the assignment of ProSe application code, where the application code is consistent with the ProSe application identifier (identifier, ID) used for ProSe direct discovery.
  • IP Internet protocol
  • the ProSe function provides the UE with configuration information of the ProSe function.
  • the network provides the ProSe UE with authorization and configuration information through the PC3 interface. Therefore, the data transmitted on the PC3 interface needs to be protected by integrity, confidentiality, and replay.
  • GBA Generic Bootstrapping Architecture
  • GBA/Geric Authentication Architecture GBA/Geric Authentication Architecture
  • 5G 5th Generation
  • IOT Internet of Things
  • Embodiments of the present disclosure provide an information processing method, apparatus, device, and readable storage medium, so as to ensure the security of the UE when performing ProSe configuration.
  • an embodiment of the present disclosure provides an information processing method, which is applied to a proximity communication function, including:
  • the first information includes: one of the subscription information of the UE, the application security policy of the network, and the request information of the UE;
  • the application layer protection method includes: application layer authentication and key management (Authentication and Key Management for Applications, AKMA).
  • application layer authentication and key management Authentication and Key Management for Applications, AKMA.
  • determining the application layer protection method of the PC3 interface between the proximity communication function and the user equipment UE according to the first information includes:
  • UDM Unified Data Management
  • the subscription information of the UE indicates that the UE has subscribed to Prose, it is determined that the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA.
  • determining the application layer protection method of the PC3 interface between the proximity communication function and the user equipment UE according to the first information includes:
  • Policy Control Function Policy Control Function
  • the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA.
  • determining the application layer protection method of the PC3 interface between the proximity communication function and the user equipment UE according to the first information includes:
  • the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA.
  • determining the application layer protection method of the PC3 interface between the proximity communication function and the user equipment UE according to the first information includes:
  • the proximity communication function supports AKMA according to the request information and the preconfigured network application security policy, then determine that the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA;
  • the method also includes:
  • the determining the authentication key of the proximity communication includes:
  • the first key is obtained from an authentication service function (Authentication Server Function, AUSF), where the first key is calculated by the AUSF.
  • AUSF Authentication Server Function
  • the method further includes:
  • the second key is obtained from the AUSF according to the registration request, where the registration request further includes a third indication and a fourth indication, where the third indication is used to indicate that the UE supports AKMA, and the fourth indication is
  • the proximity service indicates that the second key is a key used for proximity communication.
  • the determining the authentication key of the proximity communication includes:
  • the second authentication key K AF is obtained from the proximity server or the AKMA anchor function AAnF, the second authentication key being the first key of the PC3 interface.
  • the determining the authentication key of the proximity communication includes:
  • AKMA Anchor Function AKMA Anchor Function, AAnF
  • the second authentication key is the key of the PC3 interface
  • a second key is calculated from the second authentication key K AF , the second key being a key for proximity communication.
  • the method further includes:
  • a third key is calculated, and the third key is used for encryption and integrity protection of the PC3 interface.
  • an embodiment of the present disclosure further provides an information processing method, which is applied to a UE, including:
  • the application layer protection method includes: AKMA.
  • the request information carries a first indication, where the first indication is used to indicate that the UE supports AKMA; the method further includes:
  • a failure response of the proximity communication function is received, wherein the failure response is sent by the proximity communication function without AKMA support.
  • the method further includes:
  • the determining the authentication key of the proximity communication includes:
  • the registration request carries a second indication, where the second indication is used to indicate that the first key of the PC3 interface needs to be generated by the first authentication key K AUSF ;
  • the registration request further includes a third indication and a fourth indication, the third indication is used to indicate that the UE supports AKMA, and the fourth indication is a proximity service indication; after the calculation of the first key, The method also includes:
  • a second key is calculated, the second key being a key for proximity communication.
  • the determining the authentication key of the proximity communication includes:
  • the method also includes:
  • a third key is calculated, and the third key is used for encryption and integrity protection of the PC3 interface.
  • an embodiment of the present disclosure provides an information processing apparatus, which is applied to a proximity communication function, including:
  • a first obtaining module used for obtaining the first information
  • a first determining module configured to determine, according to the first information, an application layer protection method of the PC3 interface between the proximity communication function and the UE;
  • the first information includes: one of the subscription information of the UE, the application security policy of the network, and the request information of the UE;
  • the application layer protection method includes: AKMA.
  • an embodiment of the present disclosure provides an information processing apparatus, which is applied to a UE, including:
  • the first sending module is used to send request information to the proximity communication function, and the request information is used to make the proximity communication function determine the application layer protection method of the PC3 interface between the proximity communication function and the UE;
  • the application layer protection method includes: AKMA.
  • embodiments of the present disclosure provide an information processing device applied to a proximity communication function, including: a transceiver, a memory, a processor, and a program stored on the memory and executable on the processor;
  • the processor for reading the program in the memory, performs the following processes:
  • the first information includes: one of the subscription information of the UE, the application security policy of the network, and the request information of the UE;
  • the application layer protection method includes: AKMA.
  • the processor is further configured to read the program in the memory, and perform the following process:
  • the subscription information of the UE indicates that the UE has subscribed to Prose, it is determined that the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA.
  • the processor is further configured to read the program in the memory, and perform the following process:
  • the session request request the PCF for the application security policy of the network, and receive the first information of the PCF;
  • the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA.
  • the processor is further configured to read the program in the memory, and perform the following process:
  • the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA.
  • the processor is also used to read the program in the memory, and execute the following process:
  • the proximity communication function supports AKMA according to the request information and the preconfigured network application security policy, then determine that the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA;
  • the processor is also used to read the program in the memory, and execute the following process:
  • the processor is also used to read the program in the memory, and execute the following process:
  • the first key is obtained from the authentication service function AUSF, where the first key is calculated by the AUSF.
  • the processor is also used to read the program in the memory, and execute the following process:
  • the second key is obtained from the AUSF according to the registration request, where the registration request further includes a third indication and a fourth indication, where the third indication is used to indicate that the UE supports AKMA, and the fourth indication is
  • the proximity service indicates that the second key is a key used for proximity communication.
  • the processor is also used to read the program in the memory, and execute the following process:
  • the second authentication key K AF is obtained from the proximity server or the AKMA anchor function AAnF, the second authentication key being the first key of the PC3 interface.
  • the processor is also used to read the program in the memory, and execute the following process:
  • a second key is calculated from the second authentication key K AF , the second key being a key for proximity communication.
  • the processor is also used to read the program in the memory, and execute the following process:
  • a third key is calculated, and the third key is used for encryption and integrity protection of the PC3 interface.
  • embodiments of the present disclosure provide an information processing device, applied to a UE, including: a transceiver, a memory, a processor, and a program stored in the memory and executable on the processor; the The processor, for reading the program in memory, performs the following processes:
  • the application layer protection method includes: AKMA.
  • the request information carries a first indication, where the first indication is used to indicate that the UE supports AKMA; the processor is further configured to read the program in the memory, and perform the following process:
  • a failure response of the proximity communication function is received, wherein the failure response is sent by the proximity communication function without AKMA support.
  • the processor is also used to read the program in the memory, and execute the following process:
  • the processor is also used to read the program in the memory, and execute the following process:
  • the registration request carries two indications, where the second indication is used to indicate that the first key of the PC3 interface needs to be generated by the first authentication key K AUSF ;
  • the registration request further includes a third indication and a fourth indication, the third indication is used to indicate that the UE supports AKMA, and the fourth indication is a proximity service indication; the processor is further configured to read the memory , perform the following procedure:
  • a second key is calculated, the second key being a key for proximity communication.
  • the processor is also used to read the program in the memory, and execute the following process:
  • a third key is calculated, and the third key is used for encryption and integrity protection of the PC3 interface.
  • an embodiment of the present disclosure provides a readable storage medium for storing a program, which implements the steps in the information processing method as described above when the program is executed by a processor.
  • the PC3 interface can be protected by means such as AKMA between the UE and the proximity communication function, so as to ensure the security of the UE when performing the ProSe configuration.
  • FIG. 1 is one of the flowcharts of the information processing method provided by an embodiment of the present disclosure
  • FIG. 2 is the second flowchart of the information processing method provided by the embodiment of the present disclosure
  • FIG. 3 is a schematic diagram of a process of negotiating an application layer protection method between a UE and a network device in the implementation of the present disclosure
  • FIG. 6 is the third schematic diagram of the process of generating a key in the implementation of the present disclosure.
  • FIG. 9 is a second structural diagram of an information processing apparatus provided by an embodiment of the present disclosure.
  • FIG. 10 is one of the structural diagrams of an information processing device provided by an embodiment of the present disclosure.
  • FIG. 11 is a second structural diagram of an information processing device provided by an embodiment of the present disclosure.
  • the term "and/or" describes the association relationship of associated objects, and indicates that there can be three kinds of relationships. For example, A and/or B can indicate that A exists alone, A and B exist at the same time, and B exists alone these three situations.
  • the character “/” generally indicates that the associated objects are an "or" relationship.
  • the term “plurality” refers to two or more than two, and other quantifiers are similar.
  • FIG. 1 is a flowchart of an information processing method provided by an embodiment of the present disclosure, applied to a proximity communication function, as shown in FIG. 1, including the following steps:
  • Step 101 Obtain first information.
  • the first information includes one of: subscription information of the UE, application security policy of the network, and request information of the UE.
  • Step 102 Determine an application layer protection method of the PC3 interface between the proximity communication function and the UE according to the first information.
  • the application layer protection method includes: application layer authentication and key management (Authentication and Key Management for Applications, AKMA).
  • application layer authentication and key management Authentication and Key Management for Applications, AKMA.
  • the proximity communication function can obtain the application layer protection method in different ways.
  • the proximity communication function may obtain the subscription information of the Prose of the UE from a unified data management entity (Unified Data Management, UDM). If the subscription information of the UE indicates that the UE has subscribed to Prose, it is determined that the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA.
  • UDM Unified Data Management
  • the proximity communication function may receive a session request from the UE if the first information includes an application security policy of the network. According to the session request, the proximity communication function requests the policy control function (Policy Control Function, PCF) for the application security policy of the network, receives the first information of the PCF, and determines the proximity according to the first information
  • Policy Control Function Policy Control Function
  • the proximity communication function may receive the session request of the UE, and determine the proximity communication function and the application security policy according to the session request and the preconfigured network application security policy.
  • the application layer protection method of the PC3 interface between the UEs is AKMA.
  • the proximity communication function may receive the request information of the UE, and carry a first indication in the request information, where the first indication is used to indicate that the UE supports AKMA . If it is determined that the proximity communication function supports AKMA according to the request information and the application security policy of the preconfigured network, then it is determined that the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA;
  • the re-determined application layer protection method may be any other protection method, which is not limited in this embodiment of the present disclosure.
  • the PC3 interface can be protected by means such as AKMA between the UE and the proximity communication function, so as to ensure the security of the UE when performing the ProSe configuration.
  • the method of the embodiment of the present disclosure may further include:
  • the authentication key for proximity communication may include: a first key for the PC3 interface, a second key for proximity communication, and a third key for encryption and integrity protection of the PC3 interface Wait.
  • the proximity communication function can receive the registration request of the UE, and carry a second indication in the registration request, and the second indication is used to indicate that it needs to be generated by the first authentication key K AUSF.
  • the first key of the PC3 interface, and the first key is obtained from the AUSF according to the registration request, where the first key is calculated by the AUSF.
  • the AUSF can be obtained according to K AUSF , the character string "Prose" and the subscription permanent identifier (Subscription Permanent Identifier, SUPI).
  • the proximity communication function can obtain the second key from the AUSF according to the registration request, and the registration request further includes a third indication and a fourth indication, and the third indication uses To indicate that the UE supports AKMA, the fourth indication is a proximity service indication, and the second key is a key used for proximity communication.
  • the AUSF can be obtained according to K AKMA , the character string "Prose", or the like.
  • the proximity communication function can also obtain the second authentication key K AF from the proximity server or the AKMA anchor function AAnF, and use the second authentication key as the first key of the PC3 interface. key.
  • the proximity server obtains the second authentication key K AF from AAnF and sends it to the proximity communication function. That is, the first key of the PC3 interface can be realized by the second authentication key K AF .
  • the proximity communication function may also calculate a second key according to the second authentication key K AF , where the second key is a key used for proximity communication.
  • the second key is a key used for proximity communication.
  • it can be obtained according to K AF , the character string "prose” and the AF ID (identification of the Prose application function).
  • the proximity communication function can also calculate a third key for encryption and integrity protection of the PC3 interface.
  • the proximity communication function may obtain the encryption key for the PC3 interface based on the first key of the PC3 interface and the string "enc", and obtain the encryption key for the PC3 interface based on the first key of the PC3 interface and the string "int” the integrity-protected key.
  • FIG. 2 is a flowchart of an information processing method provided by an embodiment of the present disclosure, applied to a UE, as shown in FIG. 2, including the following steps:
  • Step 201 sending request information to the proximity communication function, where the request information is used to enable the proximity communication function to determine an application layer protection method of the PC3 interface between the proximity communication function and the UE;
  • the application layer protection method includes: AKMA.
  • the PC3 interface can be protected by means such as AKMA between the UE and the proximity communication function, so as to ensure the security of the UE when performing the ProSe configuration.
  • the method may further include:
  • the request information carries a first indication, where the first indication is used to indicate that the UE supports AKMA; the method further includes:
  • a failure response of the proximity communication function is received, wherein the failure response is sent by the proximity communication function without AKMA support.
  • the method of the embodiment of the present disclosure can also include:
  • the UE may send a registration request to the proximity communication function, and the registration request carries a second indication, where the second indication is used to indicate that the first authentication key of the PC3 interface needs to be generated by the first authentication key K AUSF . key, and compute the first key.
  • the UE can obtain the first key according to K AUSF , the string "Prose” and SUPI.
  • the registration request further includes a third indication and a fourth indication, where the third indication is used to indicate that the UE supports AKMA, and the fourth indication is a proximity service indication.
  • the UE may also calculate a second key, which is a key used for proximity communication. When calculating the second key, it can be obtained from K AF , the string "prose", and the AF ID (identification of the Prose application).
  • the UE may also generate a second authentication key K AF , which is used as the first key of the PC3 interface; or obtains the second authentication key K AF from AAnF , which is used as the first key of the PC3 interface; The first key for the PC3 interface.
  • the UE When the UE calculates the second authentication key K AF , it can obtain it according to K AKMA and the AF ID (identity of the Prose application).
  • the UE can also calculate a second key based on the second authentication key K AF , the second key is a key used for proximity communication, and calculate a third key, the third key is used for Encryption and integrity protection for the PC3 interface.
  • the second key it can be obtained from K AF , the string "prose", and the AF ID (identification of the Prose application).
  • the UE may obtain the encryption key for the PC3 interface based on the first key of the PC3 interface and the string "enc", and obtain the complete encryption key for the PC3 interface based on the first key of the PC3 interface and the string "int” security key.
  • FIG. 3 is a schematic diagram of a process of negotiating an application layer protection method between a UE and a network device in the implementation of the present disclosure. As shown in Figure 3, this embodiment may include:
  • Step 301 the UE initiates a session request of PC3 to the ProSe function, and the application layer protection method that the UE expects to be used is not indicated in the session request.
  • Step 302 the ProSe Function requests the application security policy of the network from the Policy Control Function (Policy Control Function, PCF).
  • Policy Control Function Policy Control Function
  • Step 303 The PCF, according to the information of the UE (the capability information of the UE) and the subscription information of the application function (Application Function, AF) stored in the Unified Data Repository (Unified Data Repository, UDR), that is, the application security policy, applies to a certain type of application.
  • the application security policy includes an application protection method and an application ID.
  • the ProSe Function may also decide an application layer protection method for the UE according to a preconfigured network policy, such as using GBA or AKMA or other protection methods.
  • steps 302-303 and step 304 are two parallel implementations. In a specific application, which method is adopted may depend on the final implementation.
  • the ProSe Function informs the UE of the application layer protection method adopted in the session response, that is, the security protection method.
  • FIG. 4 is a schematic diagram of a process of generating a key in the implementation of the present disclosure. As shown in Figure 4, this embodiment may include:
  • Step 401 The UE carries the ProSe indication [PAU] in the registration request, indicating that it wishes to generate the key of the PC3 interface through the K AUSF in the main authentication, so as to protect the PC3 interface.
  • PAU ProSe indication
  • the session request indication [PAU] with the ProSe Function initiated by the UE informs the ProSe Function that it needs to obtain the key for protecting the PC3 interface from the core network.
  • Step 402 After receiving the session request from the UE, the ProSe Function requests a key from the Authentication Server Function (AUSF).
  • AUSF Authentication Server Function
  • Step 403 The AUSF verifies the UE's ProSe service authorization to the Unified Data Management (UDM). If the AUSF confirms that the UE has subscribed to the Prose service, the key of the PC3 interface can be calculated based on the K AUSF , and the AUSF will calculate the key of the PC3 interface.
  • the Pros App ID can be used as a parameter during the calculation of this key.
  • Step 404 the AUSF sends the key of the PC3 interface to the ProSe Function.
  • ProSe Function can save the key after receiving it.
  • Step 405 The ProSe Function sends a Registration Accept (Registration Accept) message to the UE.
  • Step 406 the UE calculates the key of the PC3 interface.
  • the UE if the UE carries the AKMA indication and the Prose service indication in the registration request, it means that the UE wishes to inform the AUSF to calculate the Prose key based on the K AKMA key of AKMA. Then, after AUSF calculates Prose's private key, it sends it to ProSe Function. The UE calculates the private key of ProSe synchronously.
  • FIG. 5 is a schematic diagram of a process of generating a key in the implementation of the present disclosure. As shown in Figure 5, this embodiment may include:
  • Step 501 the UE initiates a discovery request of PC3 to the ProSe Function.
  • Step 502 the ProSe Function confirms the subscription information of the Prose of the UE to the UDM. If the UE subscribes to ProSe, and the ProSe Function decides to select AKMA as the method to protect the PC3 interface, the ProSe Function will send a request to the ProSe Server to obtain the AKMA key, and send a [PAK] instruction to the UE, indicating that the PC3 interface is protected by AKMA. .
  • Step 503 the UE will calculate K AKMA based on K AUSF , and then calculate K AF .
  • Step 504 the ProSe Server requests K AF from the AAnF.
  • Step 505 ProSe Server sends K AF to Prose Function.
  • the UE and the ProSe Function use the K AF as a shared key for establishing Transport Layer Security (TLS).
  • TLS Transport Layer Security
  • FIG. 6 is a schematic diagram of a process of generating a key in the implementation of the present disclosure. As shown in Figure 6, this embodiment may include:
  • Step 601 The UE sends a session request to the ProSe Function. If the session request carries an AKMA indication, it indicates that it wishes to perform ProSe protection through AKMA, that is, a session request indication [AKMA] with the ProSe Function initiated by the UE.
  • AKMA session request indication
  • Step 602 According to the instruction, the ProSe Function requests the K AF calculated based on the AKMA key from the AAnF, and instructs to confirm that the ProSe PC3 interface is protected by the AKMA application key.
  • Step 603 AAnF sends the K AF key to the Prose Function.
  • Step 604 If the network supports the AKMA service function, the Prose Function sends a session response to the UE, confirming that the AKMA method is used to protect the PC3. If the network does not support the AKMA service function or the AKMA subscription is about to expire, the Prose Function returns a session response failure to the UE, indicating that the UE cannot use the AKMA method to protect the PC3 interface, and step 605 will not be performed at this time. In the figure, the Prose Function sends a session response to the UE as an example for illustration.
  • Step 605 The UE calculates the K AF key, and establishes a TLS pre-shared key (PSK) based on the K AF as the ProSe PC3 interface.
  • PSK TLS pre-shared key
  • FIG. 7 is a schematic diagram of a process of generating a key in the implementation of the present disclosure. As shown in Figure 7, this embodiment may include:
  • Step 701 The UE sends a session request to the ProSe Function. If the session request carries an AKMA indication, it indicates that it wishes to perform ProSe protection through AKMA, that is, a session request indication [AKMA] with the ProSe Function initiated by the UE.
  • AKMA session request indication
  • Step 702 if the network supports the AKMA service function, the ProSe Function requests the K AF calculated based on the AKMA key from the AAnF according to the instruction, and instructs to confirm that the ProSe PC3 interface is protected by the AKMA application key, and sends the ProSe parameters to the UE at the same time, The UE is made to calculate the private key of the ProSe PC3 interface (the key used for the PC3 interface) through this parameter. If the network does not support the AKMA service function or the AKMA subscription is about to expire, the Prose Function returns a session response failure to the UE, indicating that the UE cannot use AKMA to protect the PC3 interface. In this case, steps 703 to 706 will no longer be executed. In the figure, the network supports the AKMA service function as an example for illustration.
  • Step 703 AAnF sends the K AF key to the Prose Function.
  • Step 704 The Prose Function sends a session response to the UE, informing the UE to calculate K AF .
  • Step 705 The ProSe Function calculates the private key of ProSe (the key used for ProSe communication) based on the K AF .
  • Step 706 the UE calculates the private key of ProSe based on the K AF .
  • the UE and the ProSe Function calculate a key for encryption and integrity protection of the PC3 interface.
  • the embodiments of the present disclosure provide a security protection method for UEs with limited computing capabilities or without the GBA function when performing ProSe configuration, so as to ensure the security of UEs when performing ProSe configuration .
  • FIG. 8 is a structural diagram of an information processing apparatus provided by an embodiment of the present disclosure. Since the principle of the information processing apparatus for solving the problem is similar to that of the information processing method in the embodiment of the present disclosure, the implementation of the information processing apparatus may refer to the implementation of the method, and the repetition will not be repeated.
  • the information processing apparatus 800 includes: a first obtaining module 801 for obtaining first information; and a first determining module 802 for determining the relationship between the proximity communication function and the UE according to the first information
  • the application layer protection method of the PC3 interface includes: a first obtaining module 801 for obtaining first information; and a first determining module 802 for determining the relationship between the proximity communication function and the UE according to the first information The application layer protection method of the PC3 interface;
  • the first information includes: one of the subscription information of the UE, the application security policy of the network, and the request information of the UE;
  • the application layer protection method includes: AKMA.
  • the first determination module 802 includes: a first acquisition sub-module, configured to acquire the subscription information of the Prose of the UE from the UDM; the first determination The sub-module is configured to determine that the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA if the subscription information of the UE indicates that the UE has subscribed to Prose.
  • the first determining module 802 includes: a first receiving sub-module, configured to receive a session request of the UE; a first sending sub-module, It is used to request the application security policy of the network from the policy control function entity PCF, and receive the first information of the PCF; the first determination submodule is used to determine the proximity communication function and the UE according to the first information.
  • the application layer protection method of the PC3 interface between them is AKMA.
  • the first determining module 802 includes: a first receiving sub-module, configured to receive a session request of the UE; a first determining sub-module,
  • the application layer protection method for determining the PC3 interface between the proximity communication function and the UE according to the session request and the preconfigured network application security policy is AKMA.
  • the first determining module 802 includes: a first receiving sub-module, configured to receive the request information of the UE, and carry the request information in the request information a first indication, where the first indication is used to indicate that the UE supports AKMA; a first determination submodule is used to determine if the proximity communication function supports AKMA according to the request information and the preconfigured network application security policy, then determine The application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA; the second determination submodule is used to determine if the proximity communication function is not determined according to the request information and the application security policy of the preconfigured network.
  • the device may further include:
  • the second determination module is used for determining the authentication key of the proximity communication.
  • the second determining module includes: a first receiving sub-module, configured to receive a registration request from the UE, and carry a second indication in the registration request, where the second indication is used to indicate that it needs to pass the first
  • An authentication key K AUSF generates the first key of the PC3 interface
  • the first obtaining sub-module is used to obtain the first key from the AUSF according to the registration request, wherein the first key is calculated by the AUSF owned.
  • the apparatus may further include: a first obtaining module configured to obtain a second key from the AUSF according to the registration request, where the registration request further includes a third indication and a fourth indication, the The third indication is used to indicate that the UE supports AKMA, the fourth indication is a proximity service indication, and the second key is a key used for proximity communication.
  • a first obtaining module configured to obtain a second key from the AUSF according to the registration request, where the registration request further includes a third indication and a fourth indication, the The third indication is used to indicate that the UE supports AKMA, the fourth indication is a proximity service indication, and the second key is a key used for proximity communication.
  • the second determining module is configured to obtain a second authentication key K AF from the proximity server or the AKMA anchor function AAnF, where the second authentication key is the first key of the PC3 interface.
  • the apparatus may further include: a first calculation module configured to calculate a second key according to the second authentication key K AF , where the second key is a key used for proximity communication.
  • a first calculation module configured to calculate a second key according to the second authentication key K AF , where the second key is a key used for proximity communication.
  • the apparatus may further include: a second calculation module for calculating a third key, where the third key is used for encryption and integrity protection of the PC3 interface.
  • FIG. 9 is a structural diagram of an information processing apparatus provided by an embodiment of the present disclosure. Since the principle of the information processing apparatus for solving the problem is similar to that of the information processing method in the embodiment of the present disclosure, the implementation of the information processing apparatus may refer to the implementation of the method, and the repetition will not be repeated.
  • the information processing apparatus 900 includes: a first sending module 901, configured to send request information to the proximity communication function, where the request information is used to enable the proximity communication function to determine the relationship between the proximity communication function and the UE Application layer protection method of PC3 interface;
  • the application layer protection method includes: AKMA.
  • the request information carries a first indication, where the first indication is used to indicate that the UE supports AKMA; the apparatus may further include:
  • the first receiving module is configured to receive the application layer protection method of the PC3 interface between the proximity communication function and the UE re-determined by the proximity communication function, wherein the proximity communication function is re-determined when the proximity communication function does not support AKMA. Determine an application layer protection method of the PC3 interface between the proximity communication function and the UE; or, receive a failure response of the proximity communication function, wherein the failure response is that the proximity communication function does not support AKMA. sent under the circumstances.
  • the apparatus may further include: a first determining module configured to determine an authentication key for proximity communication.
  • the first determining module includes: a first sending sub-module, configured to send a registration request to the proximity communication function, and the registration request carries a second indication, where the second indication is used to indicate The first key of the PC3 interface needs to be generated by the first authentication key K AUSF ; the first calculation submodule is used to calculate the first key.
  • the registration request further includes a third indication and a fourth indication, the third indication is used to indicate that the UE supports AKMA, and the fourth indication is a proximity based service indication; the apparatus may further include: the first indication The second calculation sub-module is used for calculating a second key, where the second key is a key used for proximity communication.
  • the first determining module is configured to generate a second authentication key K AF , and the second authentication key is the key of the PC3 interface; or, obtain the second authentication key K AF from AAnF, the The second authentication key is the key of the PC3 interface.
  • the device may further include:
  • the first calculation module is used to calculate the second key according to the second authentication key K AF , the second key is the key used for proximity communication; the second calculation module is used to calculate the third key , the third key is used for encryption and integrity protection of the PC3 interface.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
  • the above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a processor-readable storage medium.
  • the technical solution of the present application can be embodied in the form of a software product in essence, or the part that contributes to the related technology, or all or part of the technical solution, and the computer software product is stored in a storage medium.
  • a computer device which may be a personal computer, a server, or a network device, etc.
  • a processor processor
  • the aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program codes .
  • the information processing device of the embodiment of the present disclosure applied to the proximity communication function, includes: a processor 1000, configured to read a program in the memory 1020, and execute the following processes:
  • the first information includes: one of the subscription information of the UE, the application security policy of the network, and the request information of the UE;
  • the application layer protection method includes: AKMA.
  • the transceiver 1010 is used for receiving and transmitting data under the control of the processor 1000 .
  • the bus architecture may include any number of interconnected buses and bridges, specifically, one or more processors represented by the processor 1000 and various circuits of the memory represented by the memory 1020 are linked together.
  • the bus architecture may also link together various other circuits, such as peripherals, voltage regulators, and power management circuits, which are well known in the art and, therefore, will not be described further herein.
  • the bus interface provides the interface.
  • Transceiver 1010 may be a number of elements, including a transmitter and a receiver, that provide a means for communicating with various other devices over a transmission medium.
  • the processor 1000 is responsible for managing the bus architecture and general processing, and the memory 1020 may store data used by the processor 1000 when performing operations.
  • the processor 1010 may be a central processing unit (CPU), an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or a complex programmable logic device (Complex). Programmable Logic Device, CPLD), the processor can also adopt a multi-core architecture.
  • CPU central processing unit
  • ASIC application-specific integrated circuit
  • FPGA field-programmable gate array
  • Complex complex programmable logic device
  • Programmable Logic Device, CPLD Programmable Logic Device
  • the processor can also adopt a multi-core architecture.
  • the processor 1000 is responsible for managing the bus architecture and general processing, and the memory 1020 may store data used by the processor 1000 when performing operations.
  • the processor 1000 is further configured to read the program, and perform the following steps:
  • the subscription information of the UE indicates that the UE has subscribed to Prose, it is determined that the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA.
  • the processor 1000 is further configured to read the program, and perform the following steps:
  • the session request request the PCF for the application security policy of the network, and receive the first information of the PCF;
  • the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA.
  • the processor 1000 is further configured to read the program, and perform the following steps:
  • the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA.
  • the processor 1000 is further configured to read the program, and perform the following steps:
  • the proximity communication function supports AKMA according to the request information and the preconfigured network application security policy, then determine that the application layer protection method of the PC3 interface between the proximity communication function and the UE is AKMA;
  • the processor 1000 is further configured to read the program and perform the following steps:
  • the processor 1000 is further configured to read the program and perform the following steps:
  • the first key is obtained from the authentication service function AUSF, where the first key is calculated by the AUSF.
  • the processor 1000 is further configured to read the program and perform the following steps:
  • the second key is obtained from the AUSF according to the registration request, where the registration request further includes a third indication and a fourth indication, where the third indication is used to indicate that the UE supports AKMA, and the fourth indication is
  • the proximity service indicates that the second key is a key used for proximity communication.
  • the processor 1000 is further configured to read the program and perform the following steps:
  • the second authentication key K AF is obtained from the proximity server or the AKMA anchor function AAnF, the second authentication key being the first key of the PC3 interface.
  • the processor 1000 is further configured to read the program and perform the following steps:
  • a second key is calculated from the second authentication key K AF , the second key being a key for proximity communication.
  • the processor 1000 is further configured to read the program and perform the following steps:
  • a third key is calculated, and the third key is used for encryption and integrity protection of the PC3 interface.
  • the device provided by the embodiment of the present disclosure can execute the above method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again in this embodiment.
  • the information processing device includes: a processor 1100, configured to read a program in a memory 1120, and perform the following processes:
  • the application layer protection method includes: AKMA.
  • the transceiver 1110 is used to receive and transmit data under the control of the processor 1100 .
  • the bus architecture may include any number of interconnected buses and bridges, specifically one or more processors represented by processor 1100 and various circuits of memory represented by memory 1120 are linked together.
  • the bus architecture may also link together various other circuits, such as peripherals, voltage regulators, and power management circuits, which are well known in the art and, therefore, will not be described further herein.
  • the bus interface provides the interface.
  • Transceiver 1110 may be a number of elements, including a transmitter and a receiver, that provide a means for communicating with various other devices over a transmission medium.
  • the user interface 1130 may also be an interface capable of externally connecting the required equipment, and the connected equipment includes but is not limited to a keypad, a display, a speaker, a microphone, a joystick, and the like.
  • the processor 1100 is responsible for managing the bus architecture and general processing, and the memory 1120 may store data used by the processor 1100 in performing operations.
  • the processor 1110 may be a CPU, an ASIC, an FPGA or a CPLD, and the processor may also adopt a multi-core architecture.
  • the request information carries a first indication, where the first indication is used to indicate that the UE supports AKMA; the processor 1100 is further configured to read the program, and perform the following steps:
  • a failure response of the proximity communication function is received, wherein the failure response is sent by the proximity communication function without AKMA support.
  • the processor 1100 is further configured to read the program and perform the following steps:
  • the registration request carries a second indication, where the second indication is used to indicate that the first key of the PC3 interface needs to be generated by the first authentication key K AUSF ;
  • the processor 1100 is further configured to read the program, and perform the following steps:
  • a second key is calculated, the second key being a key for proximity communication.
  • the processor 1100 is further configured to read the program and perform the following steps:
  • the processor 1100 is further configured to read the program and perform the following steps:
  • a third key is calculated, and the third key is used for encryption and integrity protection of the PC3 interface.
  • the device provided by the embodiment of the present disclosure can execute the above method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again in this embodiment.
  • Embodiments of the present disclosure further provide a readable storage medium, where a program is stored on the readable storage medium.
  • a program is stored on the readable storage medium.
  • the readable storage medium can be any available medium or data storage device that can be accessed by the processor, including but not limited to magnetic storage (such as floppy disk, hard disk, magnetic tape, magneto-optical disc (MO) etc.), optical storage (such as compact disc (CD), digital versatile disc (DVD), Blu-ray disc (BD), High-Definition Versatile Disc (HVD) etc.), and semiconductor memories (such as ROM, Electrically Programmable Read-Only-Memory, EPROM), Electrically Erasable Programmable Read-Only-Memory (EEPROM), Non-volatile memory (NAND FLASH), solid state drive (solid state drive, SSD)), etc.
  • magnetic storage such as floppy disk, hard disk, magnetic tape, magneto-optical disc (MO) etc.
  • optical storage such as compact disc (CD), digital versatile disc (DVD), Blu-ray disc (BD), High-Definition Versatile Disc (HVD) etc.
  • semiconductor memories such as ROM, Electrically Programmable Read
  • the disclosed apparatus and method may be implemented in other manners.
  • the apparatus embodiments described above are only illustrative.
  • the division of the units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented.
  • the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
  • each functional unit in each embodiment of the present disclosure may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM) or a random access memory (Random Access Memory, RAM) and the like.
  • modules, units, and subunits can be implemented in one or more Application Specific Integrated Circuits (ASIC), Digital Signal Processor (DSP), Digital Signal Processing Device (DSP Device, DSPD) ), Programmable Logic Device (PLD), Field-Programmable Gate Array (FPGA), general-purpose processor, controller, microcontroller, microprocessor, in other electronic units or combinations thereof.
  • ASIC Application Specific Integrated Circuits
  • DSP Digital Signal Processor
  • DSP Device Digital Signal Processing Device
  • DSPD Digital Signal Processing Device
  • PLD Programmable Logic Device
  • FPGA Field-Programmable Gate Array
  • the technologies described in the embodiments of the present disclosure may be implemented through modules (eg, procedures, functions, etc.) that perform the functions described in the embodiments of the present disclosure.
  • Software codes may be stored in memory and executed by a processor.
  • the memory can be implemented in the processor or external to the processor.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Des modes de réalisation de la présente invention se rapportent au domaine technique des communications et concernent un procédé et un appareil de traitement d'informations, un dispositif et un support de stockage lisible. Le procédé comprend les étapes suivantes : obtention de premières informations ; et détermination d'un procédé de protection de couche d'application d'une interface PC3 entre une fonction de communication de proximité et un UE selon les premières informations. Les premières informations comprennent des informations d'abonnement de l'UE, ou une politique de sécurité d'application d'un réseau, ou des informations de demande de l'UE. Le procédé de protection de couche d'application comprend AKMA.
PCT/CN2021/111296 2020-08-11 2021-08-06 Procédé et appareil de traitement d'informations, dispositif, et support de stockage lisible WO2022033405A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010810605.2 2020-08-11
CN202010810605.2A CN114079918B (zh) 2020-08-11 2020-08-11 一种信息处理方法、装置、设备及可读存储介质

Publications (1)

Publication Number Publication Date
WO2022033405A1 true WO2022033405A1 (fr) 2022-02-17

Family

ID=80247697

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/111296 WO2022033405A1 (fr) 2020-08-11 2021-08-06 Procédé et appareil de traitement d'informations, dispositif, et support de stockage lisible

Country Status (2)

Country Link
CN (1) CN114079918B (fr)
WO (1) WO2022033405A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105025478A (zh) * 2014-04-30 2015-11-04 中兴通讯股份有限公司 D2D通信安全配置方法、ProSe密钥管理功能实体、终端及系统
CN105706474A (zh) * 2013-10-30 2016-06-22 日本电气株式会社 基于邻近的服务中的安全直接通信所用的设备、系统和方法
CN106797668A (zh) * 2014-10-03 2017-05-31 交互数字专利控股公司 用于ProSe通信的优化处理
CN111147231A (zh) * 2018-11-05 2020-05-12 华为技术有限公司 一种密钥协商的方法、相关装置及系统
WO2020152087A1 (fr) * 2019-01-21 2020-07-30 Telefonaktiebolaget Lm Ericsson (Publ) Révocation de clé pour la gestion et l'authentification de clé pour une caractéristique d'applications dans 5g

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105706474A (zh) * 2013-10-30 2016-06-22 日本电气株式会社 基于邻近的服务中的安全直接通信所用的设备、系统和方法
CN105025478A (zh) * 2014-04-30 2015-11-04 中兴通讯股份有限公司 D2D通信安全配置方法、ProSe密钥管理功能实体、终端及系统
CN106797668A (zh) * 2014-10-03 2017-05-31 交互数字专利控股公司 用于ProSe通信的优化处理
CN111147231A (zh) * 2018-11-05 2020-05-12 华为技术有限公司 一种密钥协商的方法、相关装置及系统
WO2020152087A1 (fr) * 2019-01-21 2020-07-30 Telefonaktiebolaget Lm Ericsson (Publ) Révocation de clé pour la gestion et l'authentification de clé pour une caractéristique d'applications dans 5g

Also Published As

Publication number Publication date
CN114079918B (zh) 2024-02-02
CN114079918A (zh) 2022-02-22

Similar Documents

Publication Publication Date Title
US11824981B2 (en) Discovery method and apparatus based on service-based architecture
US12052233B2 (en) Identity verification method for network function service and related apparatus
JP6185017B2 (ja) セキュアユーザプレーンロケーション(supl)システムにおける認証
US20200404494A1 (en) Key Obtaining Method and Device, and Communications System
US9769732B2 (en) Wireless network connection establishment method and terminal device
EP3308519B1 (fr) Système, appareil et procédé de transfert de propriété d'un dispositif du fabricant à l'utilisateur à l'aide d'une ressource intégrée
US10798082B2 (en) Network authentication triggering method and related device
EP4262257A1 (fr) Procédé et dispositif de communication sécurisée
US20180069836A1 (en) Tiered attestation for resource-limited devices
WO2021218978A1 (fr) Procédé, dispositif, et système de gestion de clé
WO2022170994A1 (fr) Procédé et appareil de traitement de clé racine pc5, ausf et terminal distant
CN117641347A (zh) 注册方法、认证方法、装置及计算机可读存储介质
WO2019024744A1 (fr) Procédé et dispositif d'acquisition d'identifiant de dispositif terminal
EP2922325B1 (fr) Procédé et appareil de traitement de sécurité de communication
CN114079915A (zh) 确定用户面安全算法的方法、系统及装置
KR102692376B1 (ko) 무선랜에서 클라이언트 디바이스와 액세스 포인트의 페어링 방법 및 장치
WO2022033405A1 (fr) Procédé et appareil de traitement d'informations, dispositif, et support de stockage lisible
WO2022171156A1 (fr) Procédé de configuration d'un algorithme de sécurité de strate de non-accès de système de paquets évolué, et appareil associé
WO2022033186A1 (fr) Procédé d'authentification basé sur une architecture d'amorçage général et dispositif correspondant
WO2022147838A1 (fr) Procédé et appareil de communication sans fil
WO2022067827A1 (fr) Procédé et appareil de dérivation de clé, et système
WO2023230983A1 (fr) Procédé et appareil d'établissement de canal d'interfonctionnement, puce, et support de stockage
WO2023230975A1 (fr) Procédé et appareil d'établissement de canal d'interfonctionnement, puce, et support de stockage
WO2023050799A1 (fr) Procédé d'enregistrement, dispositif terminal, dispositif de réseau central et support de stockage
JP2023523151A (ja) ランダムmac設定

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21855458

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21855458

Country of ref document: EP

Kind code of ref document: A1