WO2022170994A1 - Pc5根密钥处理方法、装置、ausf及远程终端 - Google Patents
Pc5根密钥处理方法、装置、ausf及远程终端 Download PDFInfo
- Publication number
- WO2022170994A1 WO2022170994A1 PCT/CN2022/074372 CN2022074372W WO2022170994A1 WO 2022170994 A1 WO2022170994 A1 WO 2022170994A1 CN 2022074372 W CN2022074372 W CN 2022074372W WO 2022170994 A1 WO2022170994 A1 WO 2022170994A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- remote terminal
- root key
- relay
- ausf
- Prior art date
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 20
- 230000004044 response Effects 0.000 claims abstract description 106
- 238000000034 method Methods 0.000 claims abstract description 55
- 238000004891 communication Methods 0.000 claims description 94
- 238000012795 verification Methods 0.000 claims description 40
- 238000004590 computer program Methods 0.000 claims description 32
- 238000012545 processing Methods 0.000 claims description 20
- 238000013475 authorization Methods 0.000 claims description 12
- 238000013523 data management Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 10
- 230000008569 process Effects 0.000 description 7
- 238000007726 management method Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000007774 longterm Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 239000003795 chemical substances by application Substances 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
- H04L9/0836—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/047—Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
- H04W12/0471—Key exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W92/00—Interfaces specially adapted for wireless communication networks
- H04W92/16—Interfaces between hierarchically similar devices
- H04W92/18—Interfaces between hierarchically similar devices between terminal devices
Definitions
- the present disclosure relates to the field of communication technologies, and in particular, to a root key processing method, device, AUSF and remote terminal of a PC5 interface.
- the 5G Proximity Service (ProSe) system is currently being developed, which means that user data can be directly transmitted between terminals without going through the network. Because the 5G network architecture is different from the 4G network architecture, and the functions supported by the 5G ProSe system are also different from those of 4G ProSe, the security technology of UE-to-Network Relay in 4G ProSe is not applicable to the 5G ProSe system.
- the authentication server network element (Authentication Server Function, AUSF) generates a key identifier for the remote terminal, and then generates a relay key according to the request when PC5 communication is required.
- AUSF Authentication Server Function
- the purpose of the embodiments of the present disclosure is to provide a root key processing method, device, AUSF and remote terminal of a PC5 interface, so as to solve the problem of low efficiency or no root key concept in the technical solution of 5G ProSe security in the related art.
- an embodiment of the present disclosure provides a PC5 root key processing method, which includes:
- the authentication server network element AUSF of the remote terminal receives the relay key request message sent by the relay terminal through the target network element of the relay terminal;
- the AUSF obtains the PC5 root key of the remote terminal according to the relay key request message
- the AUSF generates a first random number, and generates a relay key for secure communication between the relay terminal and the remote terminal according to the first random number and the PC5 root key;
- the AUSF sends a relay key response message to the relay terminal through the target network element of the relay terminal; the relay key response message includes: the relay key and the first random number.
- the AUSF obtains the PC5 root key of the remote terminal according to the relay key request message, including:
- the AUSF sends a first request message to a unified data management network element (Unified Data Management, UDM), where the first request message includes: the user permanent identifier (Subscription Permanent Identifier, SUPI) of the remote terminal and the PC5 root key 's identification;
- UDM Unified Data Management
- the AUSF receives the first response message sent by the UDM, where the first response message includes: the PC5 root key corresponding to the identifier of the PC5 root key.
- the AUSF obtains the PC5 root key of the remote terminal according to the relay key request message, including:
- the AUSF generates a PC5 root key and an identifier of the PC5 root key based on the AUSF key of the remote terminal;
- the relay key response message further includes: the identifier of the PC5 root key.
- the method further includes:
- the AUSF sends the PC5 root key and the identification of the PC5 root key to the UDM of the remote terminal, and the UDM of the remote terminal stores it.
- the AUSF generates a PC5 root key and an identifier of the PC5 root key based on the AUSF key of the remote terminal, including:
- the AUSF generates a second random number, and generates a PC5 root key and an identifier of the PC5 root key according to the second random number and the AUSF key of the remote terminal;
- the AUSF generates a second random number, and according to the second random number, the AUSF key of the remote terminal, and the third random number generated by the remote terminal, generates a PC5 root key and a key of the PC5 root key. logo.
- the method also includes:
- the relay key response message further includes: the message verification code; or, the relay key response message further includes: the message verification code and parameters required for generating the message verification code.
- the method Before the AUSF receives the relay key request message sent by the relay terminal through the target network element of the relay terminal, the method includes:
- the AUSF performs authorization checking on the remote terminal according to the PC5 root key request message
- the AUSF When it is determined that the remote terminal is an authorized remote terminal, the AUSF generates a PC5 root key and an identifier of the PC5 root key based on the AUSF key of the remote terminal;
- the AUSF sends a PC5 root key response message to the remote terminal through the access network element of the remote terminal, where the PC5 root key response message includes the PC5 root key generation information, and the PC5 root key
- the key generation information includes: parameters required to generate the PC5 root key and an identifier of the PC5 root key.
- the AUSF obtains the PC5 root key of the remote terminal according to the relay key request message, including:
- the AUSF performs authorization checking on the remote terminal according to the relay key request message
- the AUSF acquires the PC5 root key of the remote terminal.
- the relay key request message includes: the user permanent identifier SUPI of the remote terminal, or the subscription hidden identifier SUCI of the remote terminal.
- Embodiments of the present disclosure also provide a PC5 root key processing method, which includes:
- the remote terminal sends a direct communication key request message to the relay terminal;
- the remote terminal receiving, by the remote terminal, a direct communication key response message fed back by the relay terminal, where the direct communication key response message includes a first random number used by the AUSF of the remote terminal to generate a relay key;
- the remote terminal generates a relay key for secure communication between the relay terminal and the remote terminal according to the first random number and the PC5 root key.
- the direct communication key request message includes: the identification of the PC5 root key.
- the direct communication key response message further includes: PC5 root key generation information, the PC5 root key generated The information includes: the parameters required to generate the PC5 root key and the identification of the PC5 root key;
- the method also includes:
- the remote terminal generates the PC5 root key according to the AUSF key of the remote terminal and the parameters required for generating the PC5 root key.
- the parameters required for generating the PC5 root key include: the second random number used by the AUSF to generate the PC5 root key;
- the remote terminal generates the PC5 root key according to the AUSF key of the remote terminal and the parameters required for generating the PC5 root key, including:
- the remote terminal generates the PC5 root key according to the AUSF key of the remote terminal and the second random number;
- the remote terminal generates the PC5 root key according to the AUSF key of the remote terminal, the second random number and the third random number generated by the remote terminal.
- the relay key response message further includes: the message verification code; or, the relay key response message further includes: the message verification code and parameters required for generating the message verification code ;
- the message verification code is used for integrity protection of the PC5 root key generation information.
- the method further includes:
- the remote terminal receives the PC5 root key response message fed back by the AUSF through the access network element of the remote terminal, where the PC5 root key response message includes the PC5 root key generation information; the PC5 root key
- the key generation information includes: parameters required to generate the PC5 root key and the identification of the PC5 root key;
- the remote terminal generates the PC5 root key according to the AUSF key of the remote terminal and the parameters required for generating the PC5 root key.
- the direct communication key request message includes: the SUCI of the remote terminal, or the globally unique temporary UE identity (Globally Unique Temporary UE Identity, GUTI) of the remote terminal.
- the globally unique temporary UE identity Globally Unique Temporary UE Identity, GUTI
- the embodiment of the present disclosure also provides a PC5 root key processing device, which is applied to the authentication server network element AUSF of the remote terminal, including:
- a first receiving unit configured to receive a relay key request message sent by a relay terminal through a target network element of the relay terminal
- a first obtaining unit configured to obtain the PC5 root key of the remote terminal according to the relay key request message
- a first generating unit configured to generate a first random number, and generate a relay key for secure communication between the relay terminal and the remote terminal according to the first random number and the PC5 root key;
- a first sending unit configured to send a relay key response message to the relay terminal through the target network element of the relay terminal; the relay key response message includes: the relay key, the first a random number.
- the first obtaining unit includes:
- the relay key response message further includes: the identifier of the PC5 root key.
- Embodiments of the present disclosure further provide an authentication server network element AUSF, including a memory, a transceiver, and a processor; the memory, for storing a computer program; the transceiver, for sending and receiving data under the control of the processor; the processor , for reading a computer program in said memory and performing the following operations:
- a relay key response message is sent to the relay terminal through the target network element of the relay terminal; the relay key response message includes: the relay key and the first random number.
- the embodiment of the present disclosure also provides a PC5 root key processing device, which is applied to a remote terminal, including:
- a second sending unit configured to send a direct communication key request message to the relay terminal
- a second receiving unit configured to receive a direct communication key response message fed back by the relay terminal, where the direct communication key response message includes a first random number used by the AUSF of the remote terminal to generate a relay key;
- the second generating unit is configured to generate a relay key for secure communication between the relay terminal and the remote terminal according to the first random number and the PC5 root key.
- the direct communication key request message includes: the SUCI of the remote terminal, or the globally unique temporary terminal identifier GUTI of the remote terminal.
- Embodiments of the present disclosure further provide a remote terminal, including a memory, a transceiver, and a processor; a memory, used for storing computer programs; a transceiver, used for sending and receiving data under the control of the processor; and a processor, used for reading Take the computer program in said memory and do the following:
- the relay terminal receiving a direct communication key response message fed back by the relay terminal, where the direct communication key response message includes a first random number used by the AUSF of the remote terminal to generate a relay key;
- a relay key for secure communication between the relay terminal and the remote terminal is generated.
- Embodiments of the present disclosure further provide a processor-readable storage medium, where a computer program is stored in the processor-readable storage medium, and the computer program is used to cause the processor to execute the above method.
- the PC5 root key is generated by the AUSF of the remote terminal, and the AUSF uses the AUSF key of the remote terminal after completing the authentication of the remote terminal.
- the key generation is in line with the positioning of the AUSF in the 5G system.
- the PC5 root key generated by the AUSF is stored in the UDM, and the entity that needs the PC5 root key can obtain the PC5 root key through the AUSF using the identifier of the PC5 root key, without having to regenerate it every time, which improves the system efficiency.
- FIG. 1 shows one of the flow charts of the steps of the PC5 root key processing method provided by the embodiment of the present disclosure
- FIG. 2 is a schematic diagram showing the interaction of the remote terminal directly accessing the network to obtain the PC5 root key in advance in the PC5 root key processing method provided by the embodiment of the present disclosure
- FIG. 3 shows the second flow chart of the steps of the PC5 root key processing method provided by the embodiment of the present disclosure
- FIG. 4 is an interactive schematic diagram of an application example of the PC5 root key processing method provided by an embodiment of the present disclosure
- FIG. 5 shows one of the schematic structural diagrams of the PC5 root key processing apparatus provided by an embodiment of the present disclosure
- FIG. 6 shows a schematic structural diagram of an AUSF provided by an embodiment of the present disclosure
- FIG. 7 shows the second schematic structural diagram of the PC5 root key processing apparatus provided by an embodiment of the present disclosure
- FIG. 8 is a schematic structural diagram of a remote terminal provided by an embodiment of the present disclosure.
- the term "and/or" describes the association relationship of associated objects, and indicates that there can be three kinds of relationships. For example, A and/or B can indicate that A exists alone, A and B exist at the same time, and B exists alone these three situations.
- the character “/” generally indicates that the associated objects are an "or" relationship.
- the term “plurality” refers to two or more than two, and other quantifiers are similar.
- applicable systems may be global system of mobile communication (GSM) system, code division multiple access (CDMA) system, wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA) general packet Wireless service (general packet radio service, GPRS) system, long term evolution (long term evolution, LTE) system, LTE frequency division duplex (frequency division duplex, FDD) system, LTE time division duplex (time division duplex, TDD) system, Long term evolution advanced (LTE-A) system, universal mobile telecommunication system (UMTS), worldwide interoperability for microwave access (WiMAX) system, 5G New Radio (New Radio, NR) system, etc.
- GSM global system of mobile communication
- CDMA code division multiple access
- WCDMA Wideband Code Division Multiple Access
- general packet Wireless service general packet Radio service
- GPRS general packet Wireless service
- LTE long term evolution
- LTE long term evolution
- FDD frequency division duplex
- TDD time division duplex
- LTE-A Long term evolution advanced
- UMTS universal mobile
- the remote terminal and/or relay terminal involved in the embodiments of the present application may be a device that provides voice and/or data connectivity to a user, a handheld device with a wireless connection function, or other processing device connected to a wireless modem.
- the names of the remote terminals and/or relay terminals may be different.
- the remote terminals and/or relay terminals may be called user equipment (User Equipment, UE).
- Wireless terminal equipment can communicate with one or more core networks (Core Network, CN) via a radio access network (Radio Access Network, RAN).
- RAN Radio Access Network
- phone and computers with mobile terminal equipment, eg portable, pocket-sized, hand-held, computer-built or vehicle-mounted mobile devices, which exchange language and/or data with the radio access network.
- Wireless terminal equipment may also be referred to as system, subscriber unit, subscriber station, mobile station, mobile station, remote station, access point , a remote terminal device (remote terminal), an access terminal device (access terminal), a user terminal device (user terminal), a user agent (user agent), and a user device (user device), which are not limited in the embodiments of the present application.
- an embodiment of the present disclosure provides a PC5 root key processing method, which includes:
- Step 101 the authentication server network element AUSF of the remote terminal receives the relay key request message sent by the relay terminal through the target network element of the relay terminal;
- the remote terminal when it needs to perform PC5 communication with the relay terminal, it sends a direct communication key request message to the relay terminal, and the relay terminal that receives the direct communication key request message accesses through the target network
- the element sends a relay key request message to the AUSF.
- PC5 is a direct connection communication interface between terminals.
- Step 102 the AUSF obtains the PC5 root key of the remote terminal according to the relay key request message; wherein, the PC5 root key may also be referred to as: the PC5 interface between the remote terminal and the relay terminal 's root key.
- the PC5 root key is used to assist in generating the relay key between the remote terminal and the relay terminal.
- Step 103 the AUSF generates a first random number, and generates a relay key for secure communication between the relay terminal and the remote terminal according to the first random number and the PC5 root key;
- the AUSF when the AUSF generates the relay key, in addition to the first random number and the PC5 root key, the third random number generated by the remote terminal and/or the relay service code (Relay Service Code) of the remote terminal can also be combined.
- the AUSF can obtain the third random number and/or the relay service code, the AUSF generates the relay key according to the first random number, the PC5 root key, the third random number and the relay service code.
- Step 104 the AUSF sends a relay key response message to the relay terminal through the target network element of the relay terminal; the relay key response message includes: the relay key, the first random number.
- the target network element of the relay terminal may be the AMF of the relay terminal, or the AMF of the relay terminal and the key management function network element (ProSe Key Management Function, PKMF) of the relay terminal.
- the PKMF communicates with the AUSF of the remote terminal via the AMF.
- the relay terminal after receiving the relay key response message, the relay terminal sends the first random number for generating the relay key to the remote terminal through a direct security mode command (Direct Security Mode Command). number.
- the remote terminal uses the PC5 root key and the first random number to generate the relay key using the same method as the AUSF, so that the relay terminal and the remote terminal can implement PC5 secure communication based on the above relay key.
- the direct communication key request message may carry the identification (PC5 Key ID) of the PC5 root key, correspondingly, the relay key
- the request message carries the identity of the PC5 root key; if the remote terminal does not have the PC5 root key, the direct communication key request message cannot carry the identity of the PC5 root key, and accordingly, the relay key request message It also cannot carry the identification of the PC5 root key.
- step 102 when the relay key request message includes the identifier of the PC5 root key, step 102 includes:
- the AUSF sends a first request message to the unified data management network element UDM, where the first request message includes: the SUPI of the remote terminal and the identifier of the PC5 root key;
- the AUSF receives the first response message sent by the UDM, where the first response message includes: the PC5 root key corresponding to the identifier of the PC5 root key.
- the AUSF requests the UDM for the PC5 root key corresponding to the identification of the PC5 root key, and the UDM obtains the specified PC5 root key. root key and returned to AUSF.
- the PC5 root key generated by the AUSF is stored in the UDM, and the entity that needs the PC5 root key can obtain the PC5 root key through the AUSF using the identifier of the PC5 root key, and does not need to be regenerated every time, which improves the system efficiency .
- step 102 includes:
- the AUSF generates a PC5 root key and an identifier of the PC5 root key based on the AUSF key of the remote terminal;
- the relay key response message further includes: the identifier of the PC5 root key.
- the parameters required for generating the PC5 root key include: a random number generated by the AUSF for generating the PC5 root key.
- the AUSF generates a PC5 root key and an identifier of the PC5 root key based on the AUSF key of the remote terminal, including:
- the AUSF generates a second random number, and generates a PC5 root key and an identifier of the PC5 root key according to the second random number and the AUSF key of the remote terminal;
- the AUSF generates a second random number, and according to the second random number, the AUSF key of the remote terminal, and the third random number generated by the remote terminal, generates a PC5 root key and a key of the PC5 root key. logo.
- the method further includes:
- the AUSF sends the PC5 root key and the identification of the PC5 root key to the UDM of the remote terminal, and the UDM of the remote terminal stores it.
- the AUSF stores the newly generated PC5 root key and the identifier of the PC5 root key in the UDM.
- the entity that needs the PC5 root key can be obtained through the AUSF by using the identification of the PC5 root key, and does not need to be regenerated every time, which improves the system efficiency.
- the method further includes:
- the relay key response message further includes: the message verification code; or, the relay key response message further includes: the message verification code and parameters required for generating the message verification code.
- the embodiments of the present disclosure provide Two ways:
- Mode 1 In the case that the remote terminal cannot be directly connected to the network, a direct communication key request message that does not include the identification of the PC5 root key is sent to the relay terminal, and the relay terminal sends the AUSF through the target network element the message that does not include the PC5 root key.
- the AUSF generates the PC5 root key and the identification of the PC5 root key for the remote terminal, and sends it to the remote terminal through the PC5 root key generation information.
- the method includes:
- a PC5 root key request message sent by the remote terminal through an access network element of the remote terminal (for example, the AMF of the remote terminal);
- the AUSF performs authorization checking on the remote terminal according to the PC5 root key request message
- the AUSF When it is determined that the remote terminal is an authorized remote terminal, the AUSF generates a PC5 root key and an identifier of the PC5 root key based on the AUSF key of the remote terminal;
- the AUSF sends a PC5 root key response message to the remote terminal through the access network element of the remote terminal, where the PC5 root key response message includes the PC5 root key generation information, and the PC5 root key
- the key generation information includes: parameters required to generate the PC5 root key and an identifier of the PC5 root key.
- Step 21 the remote terminal registers and authenticates to the network
- the remote terminal sends a PC5 root key request message to the AUSF of the remote terminal through the AMF of the remote terminal.
- the PC5 root key request message may include the GUTI or SUCI of the remote terminal, and the AUSF can obtain it according to the GUTI or SUCI of the remote terminal.
- Step 23 AUSF performs authorization check on the remote terminal according to the SUPI of the remote terminal;
- Step 24 when the AUSF determines that the remote terminal is an authorized terminal, the AUSF derives the PC5 root key according to the AUSF key of the remote terminal, and generates the identification of the PC5 root key and the PC5 root key generation information;
- Step 25 AUSF stores the identification of the PC5 root key and the PC5 root key in the UDM of the remote terminal;
- Step 26 the AUSF sends a PC5 root key response message to the remote terminal through the AMF of the remote terminal, and the PC5 root key response message includes the PC5 root key generation information;
- Step 27 the remote terminal derives the PC5 root key and the identifier of the PC5 root key according to the PC5 root key generation information, and stores them.
- step 102 includes:
- the AUSF performs authorization checking on the remote terminal according to the relay key request message
- the AUSF obtains the PC5 root key of the remote terminal
- the relay key request message includes: the user permanent identifier SUPI of the remote terminal, or the subscription hidden identifier SUCI of the remote terminal.
- the AUSF determines the SUPI (SUbscription Permanent Identifier, user permanent identifier of the SIM card) of the remote terminal according to the relay key request message; the AUSF performs an authorization check on the remote terminal according to the SUPI of the remote terminal.
- SUPI subscription Permanent Identifier, user permanent identifier of the SIM card
- the way in which the AUSF determines the SUPI of the remote terminal includes: the AUSF of the remote terminal requests an authentication vector (Authentication Vector, AV) from the UDM; the UDM returns an AV and the SUPI of the remote terminal.
- AV Authentication Vector
- the SUPI of the remote terminal is obtained by the target network element of the relay terminal according to the GUTI (Globally Unique Temporary UE Identity) of the remote terminal.
- GUTI Globally Unique Temporary UE Identity
- the AUSF of the remote terminal the AMF of the relay terminal and the remote terminal need to perform an initial authentication (primary authentication) process through the relay terminal, which is described in detail here.
- the PC5 root key is generated by the AUSF of the remote terminal. After the AUSF completes the authentication of the remote terminal, the AUSF key of the remote terminal is used to generate it, which conforms to the positioning of the AUSF in the 5G system.
- the PC5 root key generated by the AUSF is stored in the UDM, and the entity that needs the PC5 root key can obtain the PC5 root key through the AUSF using the identifier of the PC5 root key, without having to regenerate it every time, which improves the system efficiency.
- an embodiment of the present disclosure further provides a PC5 root key processing method, which includes:
- Step 301 the remote terminal sends a direct communication key request message to the relay terminal;
- the remote terminal when it needs to perform PC5 communication with the relay terminal, it sends a direct communication key request message to the relay terminal, and the relay terminal that receives the direct communication key request message accesses through the target network
- the AUSF sends a relay key request message to the AUSF; the AUSF obtains the PC5 root key of the remote terminal according to the relay key request message; the AUSF generates a first random number, according to the first random number and the PC5 root key to generate a relay key for secure communication between the relay terminal and the remote terminal.
- Step 302 the remote terminal receives a direct communication key response message fed back by the relay terminal, where the direct communication key response message includes a first random number used by the AUSF of the remote terminal to generate a relay key;
- the relay terminal after receiving the relay key response message, the relay terminal sends the first random number for generating the relay key to the remote terminal through the direct communication key response message.
- the direct communication key response message is a direct security mode command (Direct Security Mode Command).
- Step 303 the remote terminal generates a relay key for secure communication between the relay terminal and the remote terminal according to the first random number and the PC5 root key.
- the relay terminal may also generate a fourth random number, carry the fourth random number in the direct communication key response message and send it to the remote terminal, and the relay terminal may use the relay key, the fourth random number and the The third random number generated by the remote terminal, generates the session key (Session Key), and uses the session key to protect the Direct Security Mode Command message.
- the remote terminal also uses the relay key, the fourth random number, and the third random number generated by the remote terminal to generate a session key (Session Key), and use the session key to protect the Direct Security Mode Complete message.
- the remote terminal and the relay terminal use the negotiated session key for secure communication.
- the direct communication key request message may carry the identification (PC5 Key ID) of the PC5 root key, correspondingly, the relay key
- the request message carries the identity of the PC5 root key; if the remote terminal does not have the PC5 root key, the direct communication key request message cannot carry the identity of the PC5 root key, and accordingly, the relay key request message It also cannot carry the identification of the PC5 root key.
- the remote terminal when the remote terminal stores the PC5 root key and the identifier of the PC5 root key,
- the direct communication key request message includes: the identification of the PC5 root key.
- the remote terminal when the remote terminal generates the relay key in step 303, the PC5 root key stored locally by the remote terminal is used.
- the direct communication key response message further includes: PC5 root key generation information, the Described PC5 root key generation information comprises: the parameter required to generate described PC5 root key and the identification of described PC5 root key;
- the method also includes:
- the remote terminal generates the PC5 root key according to the AUSF key of the remote terminal and the parameters required for generating the PC5 root key.
- the remote terminal uses the PC5 root key generated by the remote terminal according to the AUSF key and the parameters required for generating the PC5 root key sent by the AUSF.
- the parameters required for generating the PC5 root key include: the second random number used by the AUSF to generate the PC5 root key.
- the remote terminal uses the same method as AUSF to generate the PC5 root key, for example:
- the PC5 root key is generated according to the AUSF key of the remote terminal, the second random number generated by the AUSF, and the third random number generated by the remote terminal.
- the relay key response message further includes: the message verification code; or, the relay key response message further includes: the message verification code and the generated message Parameters required by the verification code; the message verification code is used for integrity protection of the PC5 root key generation information.
- the remote terminal uses the message verification code to verify the integrity of the PC5 root key generation information, and on the premise of confirming the integrity, then generates all the required parameters according to the AUSF key of the remote terminal and the parameters required to generate the PC5 root key. the PC5 root key described above.
- the embodiments of the present disclosure provide Two ways:
- Mode 1 In the case that the remote terminal cannot be directly connected to the network, a direct communication key request message that does not include the identification of the PC5 root key is sent to the relay terminal, and the relay terminal sends the AUSF through the target network element the message that does not include the PC5 root key.
- the AUSF generates the PC5 root key and the identification of the PC5 root key for the remote terminal, and sends it to the remote terminal through the PC5 root key generation information.
- the method further includes:
- the remote terminal receives the PC5 root key response message fed back by the AUSF through the access network element of the remote terminal, where the PC5 root key response message includes the PC5 root key generation information; the PC5 root key
- the key generation information includes: parameters required to generate the PC5 root key and the identification of the PC5 root key;
- the remote terminal generates the PC5 root key according to the AUSF key of the remote terminal and the parameters required for generating the PC5 root key.
- the direct communication key request message includes: the SUCI of the remote terminal, or the globally unique temporary terminal identifier GUTI of the remote terminal.
- the SUPI of the remote terminal is obtained by the target network element of the relay terminal according to the Globally Unique Temporary UE Identity (GUTI) of the remote terminal.
- GUI Globally Unique Temporary UE Identity
- the AUSF of the remote terminal requests an authentication vector (Authentication Vector, AV) from the UDM; the UDM returns an AV and the SUPI of the remote terminal. Further, if the remote terminal provides the SUCI of the remote terminal, the AUSF of the remote terminal, the AMF of the relay terminal and the remote terminal need to perform an initial authentication (primary authentication) process through the relay terminal, which is described in detail here.
- AV Authentication Vector
- the PC5 root key is generated by the AUSF of the remote terminal. After the AUSF completes the authentication of the remote terminal, the AUSF key of the remote terminal is used to generate it, which conforms to the positioning of the AUSF in the 5G system.
- the PC5 root key generated by the AUSF is stored in the UDM, and the entity that needs the PC5 root key can obtain the PC5 root key through the AUSF using the identifier of the PC5 root key, without having to regenerate it every time, which improves the system efficiency.
- Step 41 the remote terminal generates a random number 3, and then sends a direct communication key request to the relay terminal.
- the request includes: SUCI or GUTI; optionally, the request also includes: PC5 root key ID (PC5 Key ID), relay service code (Relay Service Code), random number 3.
- PC5 Key ID PC5 Key ID
- Relay Service Code relay service code
- the request shall contain the Globally Unique Temporary UE Identity (GUTI), otherwise, it shall contain the Subscription Concealed Identifier (SUCI); if the remote terminal already has a PC5 root key, the request contains the identification of the PC5 root key (PC5 Key ID).
- Step 42 the relay terminal sends a relay key request (Relay Key Request) to its AMF (or the relay terminal sends a relay key request to the AMF through PKMF).
- the request contains the SUCI or GUTI provided by the remote terminal; optionally, it also includes: PC5 Key ID, Relay Service Code, random number 3.
- the relay key will be used to establish secure one-to-one direct communication between the remote terminal and the relay terminal.
- Step 43 the AMF (or PKMF) of the relay terminal checks whether the relay terminal is authorized as a relay UE. If the relay terminal is authorized as a relay terminal, the AMF continues to perform the following operations.
- Step 44 if the remote terminal provides the GUTI, the AMF of the relay terminal should obtain the corresponding SUPI based on the GUTI.
- the AMF of the relay terminal sends a relay key request (Relay Key Request) to the AUSF of the remote terminal.
- the request includes the SUCI provided by the remote terminal or the SUPI obtained by AMF; optionally, it also includes Relay Key ID, Relay Service Code, and random number 3.
- Step 45 if the relay key request contains SUCI, the AUSF of the remote terminal requests an authentication vector (Authentication Vector, AV) from the UDM of the remote terminal.
- AV Authentication Vector
- Step 46 the UDM of the remote terminal returns an AV, and the SUPI of the remote terminal.
- Step 47 the AUSF of the remote terminal checks whether the remote terminal is authorized as a remote terminal based on the SUPI of the remote terminal. If the remote terminal is authorized as a remote terminal, continue with the following operations.
- Step 48 if the remote terminal provides the PC5 Key ID, the AUSF of the remote terminal requests the PC5 root key from the UDM.
- the request message contains: SUPI, PC5 Key ID.
- Step 49 the UDM obtains the specified PC5 root key and returns it to the AUSF.
- Step 50 if the remote terminal provides SUCI, the AUSF of the remote terminal, the AMF of the relay terminal and the remote terminal perform an initial authentication (primary authentication) process through the relay terminal.
- Step 51 if the remote terminal does not provide the PC5 Key ID, or the network decides to update the PC5 root key of the remote terminal, the AUSF of the remote terminal uses the key Kausf of the remote terminal to derive the new PC5 root key.
- AUSF generates a new root key identification PC5 Key ID for the PC5 root key;
- AUSF generates PC5 root key generation information (PC5 Key Info).
- the parameters required to generate a new PC5 Key are provided in PC5 Key Info, such as the random number generated by AUSF to generate the PC5 root key, etc.
- the key generation can also use information from the remote terminal, such as random number 3.
- PC5 Key Info can also be integrity-protected, for example, using the newly generated root key or its derived key to generate a Message Authentication Code (MAC).
- MAC Message Authentication Code
- Step 52 the AUSF of the remote terminal stores the newly generated PC5 root key and PC5 Key ID in the UDM.
- Step 53 the AUSF of the remote terminal generates a random number 1 (Relay Key Freshness) for generating the relay key; using the PC5 root key, random number 1 and other parameters, such as random number 3, Relay Service Code, etc. are being derived Relay Key.
- a random number 1 (Relay Key Freshness) for generating the relay key; using the PC5 root key, random number 1 and other parameters, such as random number 3, Relay Service Code, etc. are being derived Relay Key.
- Step 54 the AUSF of the remote terminal sends the Relay Key, random number 1, and PC5 Key Info (if any) to the AMF of the relay terminal.
- Step 55 the AMF of the relay terminal sends the Relay Key, random number 1, and PC5 Key Info (if it exists) to the relay terminal.
- Step 56 the relay terminal generates a random number 4, and sends the random number 1, the random number 4, and the PC5 Key Info (if it exists) to the remote terminal through a Direct Security Mode Command.
- the relay terminal can use the relay key, random number 3, random number 4 and other parameters to generate a session key (Session Key), and use the session key to protect the Direct Security Mode Command message.
- Session Key Session Key
- Step 57 if the message contains PC5 Key Info, then the remote terminal utilizes the parameters in the local key Kausf and PC5 Key Info, uses the same method as AUSF to derive the PC5 root key, and obtains the PC5 from the PC5 Key Info The identity of the root key (PC5 Key ID). The remote terminal stores the PC5 root key and PC5 Key ID.
- Step 58 the remote terminal uses the PC5 root key, random number 1 and other parameters to derive the relay key by using the same method as the AUSF.
- Step 59 the remote terminal sends a Direct Security Mode Complete (Direct Security Mode Complete) message to the relay terminal.
- the remote terminal can use the relay key, random number 3, random number 4 and other parameters to generate a session key (Session Key), and use the session key to protect the Direct Security Mode Complete message.
- Session Key session key
- Step 60 the remote terminal and the relay terminal use the negotiated session key to perform secure communication.
- the PC5 root key is generated by the AUSF of the remote terminal, and the AUSF is generated using the AUSF key of the remote terminal after completing the authentication of the remote terminal, which conforms to the positioning of the AUSF in the 5G system.
- the PC5 root key generated by the AUSF is stored in the UDM, and the entity that needs the PC5 root key can obtain the PC5 root key through the AUSF using the identifier of the PC5 root key, without having to regenerate it every time, which improves the system efficiency.
- an embodiment of the present disclosure further provides a PC5 root key processing device, which is applied to an authentication server network element AUSF of a remote terminal, including:
- a first receiving unit 501 configured to receive a relay key request message sent by a relay terminal through a target network element of the relay terminal;
- a first obtaining unit 502 configured to obtain the PC5 root key of the remote terminal according to the relay key request message
- a first generating unit 503, configured to generate a first random number, and generate a relay key for secure communication between the relay terminal and the remote terminal according to the first random number and the PC5 root key;
- the first sending unit 504 is configured to send a relay key response message to the relay terminal through the target network element of the relay terminal; the relay key response message includes: the relay key, the first random number.
- the relay key request message includes the identifier of the PC5 root key
- the first obtaining unit includes:
- a first subunit configured to send a first request message to the unified data management network element UDM, where the first request message includes: the SUPI of the remote terminal and the identifier of the PC5 root key;
- the second subunit is configured to receive a first response message sent by the UDM, where the first response message includes: the PC5 root key corresponding to the identifier of the PC5 root key.
- the relay key request message does not include the identifier of the PC5 root key, or the AUSF determines to update the PC5 root key of the remote terminal,
- the first obtaining unit includes:
- the third subunit is used to generate the identification of the PC5 root key and the PC5 root key based on the AUSF key of the remote terminal;
- the relay key response message further includes: the identifier of the PC5 root key.
- the device further includes:
- the first storage unit is configured to send the PC5 root key and the identifier of the PC5 root key to the UDM of the remote terminal, and the UDM of the remote terminal stores the same.
- the third subunit is further used for:
- a second random number is generated, and a PC5 root key and an identifier of the PC5 root key are generated according to the second random number, the AUSF key of the remote terminal, and the third random number generated by the remote terminal.
- the device further includes:
- the third generation unit is used to utilize the PC5 root key or the derived key of the PC5 root key to generate a message verification code that integrity-protects the PC5 root key generation information;
- the relay key response message further includes: the message verification code; or, the relay key response message further includes: the message verification code and parameters required for generating the message verification code.
- the apparatus when the relay key request message includes the identifier of the PC5 root key, the apparatus includes:
- a third receiving unit configured to receive the PC5 root key request message sent by the remote terminal through the access network element of the remote terminal;
- a first checking unit configured to perform authorization checking on the remote terminal according to the PC5 root key request message
- a fourth generating unit configured to generate a PC5 root key and an identifier of the PC5 root key based on the AUSF key of the remote terminal when it is determined that the remote terminal is an authorized remote terminal;
- a third sending unit configured to send a PC5 root key response message to the remote terminal through the access network element of the remote terminal, where the PC5 root key response message includes the PC5 root key generation information, so
- the PC5 root key generation information includes: parameters required for generating the PC5 root key and an identifier of the PC5 root key.
- the first obtaining unit includes:
- a second checking subunit configured to perform authorization checking on the remote terminal according to the relay key request message
- An obtaining subunit configured to obtain, by the AUSF, the PC5 root key of the remote terminal when it is determined that the remote terminal is an authorized remote terminal.
- the relay key request message includes: the user permanent identifier SUPI of the remote terminal, or the subscription hidden identifier SUCI of the remote terminal.
- the PC5 root key is generated by the AUSF of the remote terminal, and the AUSF is generated using the AUSF key of the remote terminal after completing the authentication of the remote terminal, which conforms to the positioning of the AUSF in the 5G system.
- the PC5 root key generated by the AUSF is stored in the UDM, and the entity that needs the PC5 root key can obtain the PC5 root key through the AUSF using the identifier of the PC5 root key, without having to regenerate it every time, which improves the system efficiency.
- the method and the device are conceived based on the same application. Since the principles of the method and the device for solving the problem are similar, the implementation of the device and the method can be referred to each other, and repeated descriptions will not be repeated here.
- an embodiment of the present disclosure further provides an authentication server network element AUSF, which includes a memory 620, a transceiver 610, and a processor 600; the memory 620 is used to store computer programs; Send and receive data under the control of the processor 600; the processor 600 is used to read the computer program in the memory 620 and perform the following operations:
- a relay key response message is sent to the relay terminal through the target network element of the relay terminal; the relay key response message includes: the relay key and the first random number.
- the processor 600 is further configured to read the computer program in the memory 620 and perform the following operations:
- the unified data management network element UDM sends a first request message to the unified data management network element UDM, where the first request message includes: the SUPI of the remote terminal and the identifier of the PC5 root key;
- a first response message sent by the UDM is received, where the first response message includes: the PC5 root key corresponding to the identifier of the PC5 root key.
- the processor 600 when the relay key request message does not include the identifier of the PC5 root key, or the AUSF determines to update the PC5 root key of the remote terminal, the processor 600 further A computer program for reading the memory 620 and performing the following operations:
- the relay key response message further includes: PC5 root key generation information, where the PC5 root key generation information includes: parameters required for generating the PC5 root key and an identifier of the PC5 root key.
- the processor 600 is further configured to read the data stored in the memory 620 computer program and do the following:
- the PC5 root key and the identification of the PC5 root key are sent to the UDM of the remote terminal, and stored by the UDM of the remote terminal.
- the processor 600 is further configured to read the computer program in the memory 620 and perform the following operations:
- a second random number is generated, and a PC5 root key and an identifier of the PC5 root key are generated according to the second random number, the AUSF key of the remote terminal, and the third random number generated by the remote terminal.
- the processor 600 is further configured to read the computer program in the memory 620 and perform the following operations:
- the relay key response message further includes: the message verification code; or, the relay key response message further includes: the message verification code and parameters required for generating the message verification code.
- the processor 600 is further configured to read the computer program in the memory 620 and perform the following operations:
- a PC5 root key and an identifier of the PC5 root key are generated;
- the PC5 root key response message includes the PC5 root key generation information, the PC5 root key generation information Including: parameters required for generating the PC5 root key and the identifier of the PC5 root key.
- the processor 600 is further configured to read the computer program in the memory 620 and perform the following operations:
- the PC5 root key of the remote terminal is obtained.
- the relay key request message includes: the user permanent identifier SUPI of the remote terminal, or the subscription hidden identifier SUCI of the remote terminal.
- the bus architecture may include any number of interconnected buses and bridges, specifically one or more processors represented by processor 600 and various circuits of memory represented by memory 620 are linked together.
- the bus architecture may also link together various other circuits, such as peripherals, voltage regulators, and power management circuits, which are well known in the art and, therefore, will not be described further herein.
- the bus interface provides the interface.
- Transceiver 610 may be multiple elements, ie, including transmitters and receivers, providing means for communicating with various other devices over transmission media including wireless channels, wired channels, fiber optic cables, and the like.
- the processor 600 is responsible for managing the bus architecture and general processing, and the memory 620 may store data used by the processor 600 in performing operations.
- the processor 600 may be a central processing unit (Central Processing Unit, CPU), an application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), a field-programmable gate array (Field-Programmable Gate Array, FPGA) or a complex programmable logic device (Complex) Programmable Logic Device, CPLD), the processor can also adopt a multi-core architecture.
- CPU Central Processing Unit
- ASIC Application Specific Integrated Circuit
- FPGA Field-Programmable Gate Array
- CPLD complex programmable logic device
- the processor can also adopt a multi-core architecture.
- the PC5 root key is generated by the AUSF of the remote terminal, and the AUSF is generated using the AUSF key of the remote terminal after completing the authentication of the remote terminal, which conforms to the positioning of the AUSF in the 5G system.
- the PC5 root key generated by the AUSF is stored in the UDM, and the entity that needs the PC5 root key can obtain the PC5 root key through the AUSF using the identifier of the PC5 root key, without having to regenerate it every time, which improves the system efficiency.
- the AUSF provided by the embodiments of the present disclosure is an AUSF capable of executing the above-mentioned PC5 root key processing method, and all the above-mentioned embodiments of the PC5 root key processing method are applicable to the AUSF, and can achieve the same or similar beneficial effect.
- an embodiment of the present disclosure further provides a PC5 root key processing device, which is applied to a remote terminal, including:
- a second sending unit 701 configured to send a direct communication key request message to the relay terminal
- the second receiving unit 702 is configured to receive a direct communication key response message fed back by the relay terminal, where the direct communication key response message includes a first random number used by the AUSF of the remote terminal to generate a relay key ;
- the second generating unit 703 is configured to generate a relay key for secure communication between the relay terminal and the remote terminal according to the first random number and the PC5 root key.
- the remote terminal when the remote terminal stores the PC5 root key and the identifier of the PC5 root key,
- the direct communication key request message includes: the identification of the PC5 root key.
- the direct communication key response message further includes: PC5 root key generation information
- the The PC5 root key generation information includes: parameters required to generate the PC5 root key and the identification of the PC5 root key;
- the device also includes:
- a fifth generating unit configured to generate the PC5 root key according to the AUSF key of the remote terminal and the parameters required for generating the PC5 root key.
- the parameters required for generating the PC5 root key include: the second random number used by the AUSF to generate the PC5 root key;
- the fifth generation unit is further used for:
- the PC5 root key is generated according to the AUSF key of the remote terminal, the second random number, and the third random number generated by the remote terminal.
- the relay key response message further includes: the message verification code; or, the relay key response message further includes: the message verification code and the generation of the message verification code The parameters required by the code; the message verification code is used for integrity protection of the PC5 root key generation information.
- the The device when the remote terminal stores the PC5 root key and the identifier of the PC5 root key, before the remote terminal sends the direct communication key request message to the relay terminal, the The device also includes:
- a third sending unit configured to send a PC5 root key request message to the AUSF of the remote terminal through the access network element of the remote terminal;
- a sixth receiving unit configured to receive a PC5 root key response message fed back by the AUSF through the access network element of the remote terminal, where the PC5 root key response message includes the PC5 root key generation information;
- Described PC5 root key generation information comprises: the parameter required to generate described PC5 root key and the identification of described PC5 root key;
- a sixth generating unit configured to generate the PC5 root key according to the AUSF key of the remote terminal and the parameters required for generating the PC5 root key.
- the direct communication key request message includes: the SUCI of the remote terminal, or the globally unique temporary terminal identifier GUTI of the remote terminal.
- the PC5 root key is generated by the AUSF of the remote terminal, and the AUSF is generated using the AUSF key of the remote terminal after completing the authentication of the remote terminal, which conforms to the positioning of the AUSF in the 5G system.
- the PC5 root key generated by the AUSF is stored in the UDM, and the entity that needs the PC5 root key can obtain the PC5 root key through the AUSF using the identifier of the PC5 root key, without having to regenerate it every time, which improves the system efficiency.
- the method and the device are conceived based on the same application. Since the principles of the method and the device for solving the problem are similar, the implementation of the device and the method can be referred to each other, and repeated descriptions will not be repeated here.
- an embodiment of the present disclosure further provides a remote terminal, including a memory 820, a transceiver 810, and a processor 800; the memory 820 is used to store a computer program; Send and receive data under the control of the processor 800, for reading the computer program in the memory 820 and performing the following operations:
- the relay terminal receiving a direct communication key response message fed back by the relay terminal, where the direct communication key response message includes a first random number used by the AUSF of the remote terminal to generate a relay key;
- a relay key for secure communication between the relay terminal and the remote terminal is generated.
- the remote terminal when the remote terminal stores the PC5 root key and the identifier of the PC5 root key,
- the direct communication key request message includes: the identification of the PC5 root key.
- the direct communication key response message further includes: PC5 root key generation information
- the The PC5 root key generation information includes: the parameters required to generate the PC5 root key and the identification of the PC5 root key;
- the processor 800 is further configured to read the computer program in the memory 820 and perform the following operations:
- the PC5 root key is generated according to the AUSF key of the remote terminal and the parameters required for generating the PC5 root key.
- the parameters required for generating the PC5 root key include: the AUSF generates a second random number used by the PC5 root key; the processor 800 is further configured to read the memory 820 computer program that does the following:
- the PC5 root key is generated according to the AUSF key of the remote terminal, the second random number, and the third random number generated by the remote terminal.
- the relay key response message further includes: the message verification code; or, the relay key response message further includes: the message verification code and the generation of the message verification code The parameters required by the code; the message verification code is used for integrity protection of the PC5 root key generation information.
- the processor 800 is further configured to: Read the computer program in the memory 820 and perform the following operations:
- the PC5 root key response message includes the PC5 root key generation information;
- the PC5 root key generation information Including: generating the required parameters of the PC5 root key and the identification of the PC5 root key;
- the PC5 root key is generated according to the AUSF key of the remote terminal and the parameters required for generating the PC5 root key.
- the direct communication key request message includes: the SUCI of the remote terminal, or the globally unique temporary terminal identifier GUTI of the remote terminal.
- the bus architecture may include any number of interconnected buses and bridges, specifically one or more processors represented by processor 800 and various circuits of memory represented by memory 820 are linked together.
- the bus architecture may also link together various other circuits, such as peripherals, voltage regulators, and power management circuits, which are well known in the art and, therefore, will not be described further herein.
- the bus interface provides the interface.
- Transceiver 810 may be a number of elements, including a transmitter and a receiver, providing a means for communicating with various other devices over transmission media including wireless channels, wired channels, fiber optic cables, and the like Transmission medium.
- the user interface 830 may also be an interface capable of externally connecting the required equipment, and the connected equipment includes but is not limited to a keypad, a display, a speaker, a microphone, a joystick, and the like.
- the processor 800 is responsible for managing the bus architecture and general processing, and the memory 820 may store data used by the processor 800 in performing operations.
- the processor 800 may be a central processing unit (Central Processing Unit, CPU), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a field programmable gate array (Field-Programmable Gate Array, FPGA) or a complex programmable Logic device (Complex Programmable Logic Device, CPLD), the processor can also use a multi-core architecture.
- CPU Central Processing Unit
- ASIC Application Specific Integrated Circuit
- FPGA Field-Programmable Gate Array
- CPLD Complex Programmable Logic Device
- the processor is configured to execute any one of the methods provided in the embodiments of the present application according to the obtained executable instructions by invoking the computer program stored in the memory.
- the processor and memory may also be physically separated.
- the PC5 root key is generated by the AUSF of the remote terminal, and the AUSF is generated using the AUSF key of the remote terminal after completing the authentication of the remote terminal, which conforms to the positioning of the AUSF in the 5G system.
- the PC5 root key generated by the AUSF is stored in the UDM, and the entity that needs the PC5 root key can obtain the PC5 root key through the AUSF using the identifier of the PC5 root key, without having to regenerate it every time, which improves the system efficiency.
- the remote terminal provided by the embodiments of the present disclosure is a remote terminal capable of executing the above-mentioned PC5 root key processing method, and all the above-mentioned embodiments of the PC5 root key processing method are applicable to the remote terminal, and can achieve same or similar beneficial effects.
- each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
- the above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.
- the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a processor-readable storage medium.
- the technical solution of the present application can be embodied in the form of a software product in essence, or the part that contributes to the related technology, or all or part of the technical solution, and the computer software product is stored in a storage medium.
- a computer device which may be a personal computer, a server, or a network device, etc.
- a processor processor
- the aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program codes .
- Embodiments of the present disclosure further provide a processor-readable storage medium, where a computer program is stored in the processor-readable storage medium, and the computer program is used to cause the processor to execute the above method embodiments;
- the A processor-readable storage medium can be any available medium or data storage device that can be accessed by a processor, including but not limited to magnetic storage (eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.), optical storage (eg, CD, DVD, BD, HVD, etc.), and semiconductor memory (eg, ROM, EPROM, EEPROM, non-volatile memory (NAND FLASH), solid-state disk (SSD)), etc.
- magnetic storage eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.
- optical storage eg, CD, DVD, BD, HVD, etc.
- semiconductor memory eg, ROM, EPROM, EEPROM, non-volatile memory (NAND FLASH),
- the embodiments of the present application may be provided as a method, a system, or a computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied therein, including but not limited to disk storage, optical storage, and the like.
- processor-executable instructions may also be stored in a processor-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the processor-readable memory result in the manufacture of means including the instructions product, the instruction means implements the functions specified in the flow or flow of the flowchart and/or the block or blocks of the block diagram.
- processor-executable instructions can also be loaded onto a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process that Execution of the instructions provides steps for implementing the functions specified in the flowchart or blocks and/or the block or blocks of the block diagrams.
Abstract
Description
Claims (24)
- 一种PC5根密钥处理方法,该方法包括:远程终端的鉴权服务器网元AUSF接收中继终端通过所述中继终端的目标网元发送的中继密钥请求消息;所述AUSF根据所述中继密钥请求消息,获取所述远程终端的PC5根密钥;所述AUSF生成第一随机数,根据所述第一随机数以及所述PC5根密钥,生成所述中继终端和所述远程终端之间安全通信的中继密钥;所述AUSF通过所述中继终端的所述目标网元向所述中继终端发送中继密钥响应消息;所述中继密钥响应消息中包括:所述中继密钥,所述第一随机数。
- 根据权利要求1所述的方法,其中,在所述中继密钥请求消息中包括PC5根密钥的标识的情况下,所述AUSF根据所述中继密钥请求消息,获取所述远程终端的PC5根密钥,包括:所述AUSF向统一数据管理网元UDM发送第一请求消息,所述第一请求消息中包括:所述远程终端的用户永久标识符SUPI以及PC5根密钥的标识;所述AUSF接收所述UDM发送的第一响应消息,所述第一响应消息中包括:所述PC5根密钥的标识对应的PC5根密钥。
- 根据权利要求1所述的方法,其中,在所述中继密钥请求消息中不包括PC5根密钥的标识,或者,所述AUSF确定更新所述远程终端的PC5根密钥的情况下,所述AUSF根据所述中继密钥请求消息,获取所述远程终端的PC5根密钥,包括:所述AUSF基于所述远程终端的AUSF密钥,生成PC5根密钥以及所述PC5根密钥的标识;所述中继密钥响应消息还包括:所述PC5根密钥的标识。
- 根据权利要求3所述的方法,所述AUSF基于所述远程终端的AUSF密钥,生成PC5根密钥以及所述PC5根密钥的标识之后,还包括:所述AUSF将所述PC5根密钥以及所述PC5根密钥的标识发送给所述远程终端的UDM,由所述远程终端的UDM进行存储。
- 根据权利要求3所述的方法,其中,所述AUSF基于所述远程终端的AUSF密钥,生成PC5根密钥以及所述PC5根密钥的标识,包括:所述AUSF生成第二随机数,根据所述第二随机数和所述远程终端的AUSF密钥,生成PC5根密钥以及所述PC5根密钥的标识;或者,所述AUSF生成第二随机数,根据所述第二随机数、所述远程终端的AUSF密钥以及所述远程终端生成的第三随机数,生成PC5根密钥以及所述PC5根密钥的标识。
- 根据权利要求3所述的方法,还包括:利用所述PC5根密钥或者所述PC5根密钥的派生密钥,生成对PC5根密钥生成信息进行完整性保护的消息验证码;所述中继密钥响应消息中还包括:所述消息验证码;或者,所述中继密钥响应消息中还包括:所述消息验证码以及生成所述消息验证码所需的参数。
- 根据权利要求2所述的方法,其中,在所述中继密钥请求消息中包括PC5根密钥的标识的情况下,AUSF接收所述中继终端通过所述中继终端的目标网元发送的中继密钥请求消息之前,所述方法包括:所述AUSF接收远程终端通过所述远程终端的接入网元发送的PC5根密钥请求消息;所述AUSF根据所述PC5根密钥请求消息,对所述远程终端进行授权检查;在确定所述远程终端为被授权的远程终端的情况下,所述AUSF基于所述远程终端的AUSF密钥,生成PC5根密钥以及所述PC5根密钥的标识;所述AUSF通过所述远程终端的接入网元向所述远程终端发送PC5根密钥响应消息,所述PC5根密钥响应消息中包括所述PC5根密钥生成信息,所 述PC5根密钥生成信息包括:生成所述PC5根密钥所需的参数以及所述PC5根密钥的标识。
- 根据权利要求1所述的方法,其中,所述AUSF根据所述中继密钥请求消息,获取所述远程终端的PC5根密钥,包括:所述AUSF根据所述中继密钥请求消息,对所述远程终端进行授权检查;在确定所述远程终端为被授权的远程终端的情况下,所述AUSF获取所述远程终端的PC5根密钥。
- 根据权利要求1或8所述的方法,其中,所述中继密钥请求消息中包括:远程终端的用户永久标识符SUPI,或者,所述远程终端的签约隐藏标识符SUCI。
- 一种PC5根密钥处理方法,该方法包括:远程终端向中继终端发送直接通信密钥请求消息;所述远程终端接收所述中继终端反馈的直接通信密钥响应消息,所述直接通信密钥响应消息中包括所述远程终端的AUSF生成中继密钥使用的第一随机数;所述远程终端根据所述第一随机数和PC5根密钥,生成所述中继终端和远程终端之间安全通信的中继密钥。
- 根据权利要求10所述的方法,其中,在所述远程终端存储了PC5根密钥以及所述PC5根密钥的标识的情况下,所述直接通信密钥请求消息中包括:所述PC5根密钥的标识。
- 根据权利要求10所述的方法,其中,在所述远程终端未存储PC5根密钥以及PC5根密钥的标识的情况下,所述直接通信密钥响应消息中还包括:PC5根密钥生成信息,所述PC5根密钥生成信息包括:生成所述PC5根密钥所需的参数以及所述PC5根密钥的标识;所述方法还包括:所述远程终端根据所述远程终端的AUSF密钥以及生成所述PC5根密钥所需的参数,生成所述PC5根密钥。
- 根据权利要求12所述的方法,其中,生成所述PC5根密钥所需的参数包括:所述AUSF生成PC5根密钥使用的第二随机数;所述远程终端根据所述远程终端的AUSF密钥以及生成所述PC5根密钥所需的参数,生成所述PC5根密钥,包括:所述远程终端根据所述远程终端的AUSF密钥以及所述第二随机数,生成所述PC5根密钥;或者,所述远程终端根据所述远程终端的AUSF密钥、所述第二随机数以及所述远程终端生成的第三随机数,生成所述PC5根密钥。
- 根据权利要求12所述的方法,其中,所述中继密钥响应消息中还包括:所述消息验证码;或者,所述中继密钥响应消息中还包括:所述消息验证码以及生成所述消息验证码所需的参数;所述消息验证码用于对PC5根密钥生成信息进行完整性保护。
- 根据权利要求10所述的方法,在所述远程终端存储了PC5根密钥以及所述PC5根密钥的标识的情况下,所述远程终端向中继终端发送直接通信密钥请求消息之前,还包括:所述远程终端通过所述远程终端的接入网元向所述远程终端的AUSF发送PC5根密钥请求消息;所述远程终端接收所述AUSF通过所述远程终端的接入网元反馈的PC5根密钥响应消息,所述PC5根密钥响应消息中包括所述PC5根密钥生成信息;所述PC5根密钥生成信息包括:生成所述PC5根密钥所需的参数以及所述PC5根密钥的标识;所述远程终端根据所述远程终端的AUSF密钥以及生成所述PC5根密钥所需的参数,生成所述PC5根密钥。
- 根据权利要求10所述的方法,其中,所述直接通信密钥请求消息中包括:所述远程终端的SUCI,或,所述远程终端的全球唯一临时终端标识GUTI。
- 一种PC5根密钥处理装置,应用于远程终端的鉴权服务器网元AUSF,包括:第一接收单元,用于接收中继终端通过所述中继终端的目标网元发送的中继密钥请求消息;第一获取单元,用于根据所述中继密钥请求消息,获取所述远程终端的PC5根密钥;第一生成单元,用于生成第一随机数,根据所述第一随机数以及所述PC5根密钥,生成所述中继终端和所述远程终端之间安全通信的中继密钥;第一发送单元,用于通过所述中继终端的所述目标网元向所述中继终端发送中继密钥响应消息;所述中继密钥响应消息中包括:所述中继密钥,所述第一随机数。
- 如权利要求17所述的装置,其中,在所述中继密钥请求消息中不包括PC5根密钥的标识,或者,确定更新所述远程终端的PC5根密钥的情况下,所述第一获取单元,包括:第三子单元,用于基于所述远程终端的AUSF密钥,生成PC5根密钥以及所述PC5根密钥的标识;所述中继密钥响应消息还包括:所述PC5根密钥的标识。
- 如权利要求17所述的装置,其中,所述中继密钥请求消息中包括:远程终端的用户永久标识符SUPI,或者,所述远程终端的签约隐藏标识符SUCI。
- 一种鉴权服务器网元AUSF,包括存储器,收发机,处理器;存储器,用于存储计算机程序;收发机,用于在所述处理器的控制下收发数据;处理器,用于读取所述存储器中的计算机程序并执行以下操作:接收中继终端通过所述中继终端的目标网元发送的中继密钥请求消息;根据所述中继密钥请求消息,获取远程终端的PC5根密钥;生成第一随机数,根据所述第一随机数以及所述PC5根密钥,生成所述中继终端和所述远程终端之间安全通信的中继密钥;通过所述中继终端的所述目标网元向所述中继终端发送中继密钥响应消息;所述中继密钥响应消息中包括:所述中继密钥,所述第一随机数。
- 一种PC5根密钥处理装置,应用于远程终端,包括:第二发送单元,用于向中继终端发送直接通信密钥请求消息;第二接收单元,用于接收所述中继终端反馈的直接通信密钥响应消息,所述直接通信密钥响应消息中包括所述远程终端的AUSF生成中继密钥使用 的第一随机数;第二生成单元,用于根据所述第一随机数和PC5根密钥,生成所述中继终端和远程终端之间安全通信的中继密钥。
- 如权利要求21所述的装置,其中,所述直接通信密钥请求消息中包括:所述远程终端的SUCI,或,所述远程终端的全球唯一临时终端标识GUTI。
- 一种远程终端,包括存储器,收发机,处理器;存储器,用于存储计算机程序;收发机,用于在所述处理器的控制下收发数据;处理器,用于读取所述存储器中的计算机程序并执行以下操作:向中继终端发送直接通信密钥请求消息;接收所述中继终端反馈的直接通信密钥响应消息,所述直接通信密钥响应消息中包括所述远程终端的AUSF生成中继密钥使用的第一随机数;根据所述第一随机数和PC5根密钥,生成所述中继终端和远程终端之间安全通信的中继密钥。
- 一种处理器可读存储介质,所述处理器可读存储介质存储有计算机程序,所述计算机程序用于使所述处理器执行如权利要求1至9任一项所述的方法;或者,所述计算机程序用于使所述处理器执行如权利要求10至16任一项所述的方法。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP22752155.6A EP4293953A1 (en) | 2021-02-10 | 2022-01-27 | Pc5 root key processing method and apparatus, and ausf and remote terminal |
US18/264,244 US20240121606A1 (en) | 2021-02-10 | 2022-01-27 | Pc5 root key processing method, device, ausf and remote terminal |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110184930.7A CN114915407A (zh) | 2021-02-10 | 2021-02-10 | Pc5根密钥处理方法、装置、ausf及远程终端 |
CN202110184930.7 | 2021-02-10 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022170994A1 true WO2022170994A1 (zh) | 2022-08-18 |
Family
ID=82760692
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2022/074372 WO2022170994A1 (zh) | 2021-02-10 | 2022-01-27 | Pc5根密钥处理方法、装置、ausf及远程终端 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20240121606A1 (zh) |
EP (1) | EP4293953A1 (zh) |
CN (1) | CN114915407A (zh) |
WO (1) | WO2022170994A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115529588A (zh) * | 2022-09-28 | 2022-12-27 | 中国电信股份有限公司 | 安全链路建立方法、用户设备、pkmf设备和通信系统 |
WO2024066667A1 (zh) * | 2022-09-30 | 2024-04-04 | 大唐移动通信设备有限公司 | 密钥管理方法、装置及设备 |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024065549A1 (zh) * | 2022-09-29 | 2024-04-04 | 北京小米移动软件有限公司 | 直连通信密钥生成方法及装置 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190053226A1 (en) * | 2017-10-23 | 2019-02-14 | Gang Xiong | Uplink control signaling for grant-free uplink transmission |
CN109716810A (zh) * | 2017-01-06 | 2019-05-03 | 华为技术有限公司 | 授权验证方法和装置 |
US20190141533A1 (en) * | 2016-07-04 | 2019-05-09 | Huawei Technologies Co., Ltd. | Network authentication method, relay node, and related system |
CN110192381A (zh) * | 2017-09-15 | 2019-08-30 | 华为技术有限公司 | 密钥的传输方法及设备 |
-
2021
- 2021-02-10 CN CN202110184930.7A patent/CN114915407A/zh active Pending
-
2022
- 2022-01-27 WO PCT/CN2022/074372 patent/WO2022170994A1/zh active Application Filing
- 2022-01-27 US US18/264,244 patent/US20240121606A1/en active Pending
- 2022-01-27 EP EP22752155.6A patent/EP4293953A1/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190141533A1 (en) * | 2016-07-04 | 2019-05-09 | Huawei Technologies Co., Ltd. | Network authentication method, relay node, and related system |
CN109716810A (zh) * | 2017-01-06 | 2019-05-03 | 华为技术有限公司 | 授权验证方法和装置 |
CN110192381A (zh) * | 2017-09-15 | 2019-08-30 | 华为技术有限公司 | 密钥的传输方法及设备 |
US20190053226A1 (en) * | 2017-10-23 | 2019-02-14 | Gang Xiong | Uplink control signaling for grant-free uplink transmission |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115529588A (zh) * | 2022-09-28 | 2022-12-27 | 中国电信股份有限公司 | 安全链路建立方法、用户设备、pkmf设备和通信系统 |
WO2024066667A1 (zh) * | 2022-09-30 | 2024-04-04 | 大唐移动通信设备有限公司 | 密钥管理方法、装置及设备 |
Also Published As
Publication number | Publication date |
---|---|
EP4293953A1 (en) | 2023-12-20 |
CN114915407A (zh) | 2022-08-16 |
US20240121606A1 (en) | 2024-04-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2022170994A1 (zh) | Pc5根密钥处理方法、装置、ausf及远程终端 | |
CN111670587B (zh) | 用于多个注册的方法和设备 | |
US11496320B2 (en) | Registration method and apparatus based on service-based architecture | |
US10798082B2 (en) | Network authentication triggering method and related device | |
US20210120409A1 (en) | User authentication in first network using subscriber identity module for second legacy network | |
US11924635B2 (en) | Security authentication method and apparatus thereof, and electronic device | |
CN111630882B (zh) | 用户设备、认证服务器、介质、及确定密钥的方法和系统 | |
US11445365B2 (en) | Communication method and communications apparatus | |
WO2020238595A1 (zh) | 获取安全上下文的方法、装置和通信系统 | |
WO2021218978A1 (zh) | 密钥管理方法、设备及系统 | |
US20230179997A1 (en) | Method, system, and apparatus for determining user plane security algorithm | |
WO2007034299A1 (en) | Re-keying in a generic bootstrapping architecture following handover of a mobile terminal | |
WO2019096279A1 (zh) | 一种安全通信方法和装置 | |
WO2022068474A1 (zh) | ProSe通信组的通信方法、装置及存储介质 | |
US20190149326A1 (en) | Key obtaining method and apparatus | |
US20240089728A1 (en) | Communication method and apparatus | |
WO2022134089A1 (zh) | 一种安全上下文生成方法、装置及计算机可读存储介质 | |
WO2023071836A1 (zh) | 一种通信方法及装置 | |
CN114786179B (zh) | 非蜂窝终端鉴权方法、装置、设备及介质 | |
WO2019205896A1 (zh) | 信息处理方法、网络设备及终端 | |
WO2019141135A1 (zh) | 支持无线网络切换的可信服务管理方法以及装置 | |
JP2021524167A (ja) | 複数の登録のための方法および装置 | |
US20230354028A1 (en) | Method, system, and apparatus for generating key for inter-device communication | |
CN110830996A (zh) | 一种密钥更新方法、网络设备及终端 | |
WO2023109865A1 (zh) | 一种密钥生成方法、装置、设备及可读存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22752155 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 18264244 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2022752155 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2022752155 Country of ref document: EP Effective date: 20230911 |