WO2023078400A1 - Procédé et appareil de génération de clé sans fil, dispositif et support d'enregistrement - Google Patents

Procédé et appareil de génération de clé sans fil, dispositif et support d'enregistrement Download PDF

Info

Publication number
WO2023078400A1
WO2023078400A1 PCT/CN2022/129917 CN2022129917W WO2023078400A1 WO 2023078400 A1 WO2023078400 A1 WO 2023078400A1 CN 2022129917 W CN2022129917 W CN 2022129917W WO 2023078400 A1 WO2023078400 A1 WO 2023078400A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
key
length
wireless
random access
Prior art date
Application number
PCT/CN2022/129917
Other languages
English (en)
Chinese (zh)
Inventor
田野
何申
粟栗
杜海涛
王峰生
孙玲玲
姜文姝
Original Assignee
中国移动通信有限公司研究院
中国移动通信集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国移动通信有限公司研究院, 中国移动通信集团有限公司 filed Critical 中国移动通信有限公司研究院
Publication of WO2023078400A1 publication Critical patent/WO2023078400A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/04Error control

Definitions

  • the present application relates to the field of communication security, in particular to a wireless key generation method, device, equipment and storage medium.
  • the encryption mechanism is used to ensure the security of user communication, but the AS (Access Stratum, access layer) security mechanism between the terminal and the base station is executed in the AS SMC (Security Mode Command, security mode command) process After the completion, the terminal and the base station can encrypt the control plane signaling and user plane data on the air interface based on the AS key derived from the AKA (Authentication and Key agreement, authentication and key agreement) process. or integrity protection.
  • AS Access Stratum, access layer
  • AS SMC Security Mode Command, security mode command
  • Figure 1 shows the basic signaling interaction process of UE (User Equipment, user equipment), eNodeB (base station) and MME (Mobility Management Entity, mobile management node).
  • UE User Equipment
  • eNodeB base station
  • MME Mobility Management Entity, mobile management node
  • the UE needs to send sensitive information such as the user identity IMSI (International Mobile Subscriber Identity, International Mobile Subscriber Identity) to the MME through the NAS attach request message when attaching, so that the MME can obtain the context information of the UE (including security context), perform AKA operations.
  • IMSI International Mobile Subscriber Identity
  • the MME can obtain the context information of the UE (including security context), perform AKA operations.
  • This will expose the user's unique identity information IMSI in the network in plain text over the air interface, leading to the risk of leakage of user identity privacy information in the mobile network system.
  • the user identification information is obtained by the attacker, this information can be used to track the user's location, or bind the user terminal with the account information obtained by other means and cooperate with other attack methods to cause economic losses to the user.
  • a shared key can be generated between the terminal and the base station based on the wireless physical layer key generation technology before performing the AKA operation to negotiate the key, and based on the generated key, the subsequent transmitted AS message and user ID can be Encryption protection.
  • this method has the following disadvantages:
  • the added dedicated traffic channel is used to carry wireless data, and it needs to be established before the RRC (Radio Resource Control, radio resource control) connection is established.
  • radio bearers including signaling radio bearers and data radio bearers
  • the proposed method contradicts the existing wireless access network radio bearer establishment mechanism in terms of sequence logic.
  • the assigned dedicated service channel is only used for encrypted transmission of sensitive information such as user identity (such as IMSI), and the control channel (such as shared/dedicated control channel) and service channel allocated by the base station for the terminal after the RRC connection is established.
  • sensitive information such as user identity (such as IMSI)
  • control channel such as shared/dedicated control channel
  • service channel allocated by the base station for the terminal after the RRC connection is established Channels (such as dedicated service channels) are different channels, so the generated key cannot be used to encrypt and protect subsequent control plane signaling and user plane service data, and the key application efficiency is not high.
  • related technologies can also take the random access process in the mobile communication system as an improvement object, integrate the physical layer key generation process into it, complete the paired physical layer key generation at both ends of the mobile terminal and the base station, and use the physical layer
  • This method also has the following defects:
  • the signals generated by the random access request and the response message are used as input excitations to measure the state characteristics of the wireless channel, and the original key is formed after quantization.
  • the short duration of the random access request and response message about 1 ms
  • the amount of information is limited, and only a limited number of bits can be generated in one transmission under good conditions, and the key may not be generated under poor conditions. , so this scheme cannot effectively guarantee the generation of sufficient keys for subsequent encryption.
  • the random access request message of the existing system usually adopts a preamble sequence (such as a Zadoff-Chu sequence) with good autocorrelation and cross-correlation and constant amplitude characteristics , to meet the needs of terminal random access.
  • a preamble sequence such as a Zadoff-Chu sequence
  • the key generation rate is the main technical index of wireless key generation.
  • targeted pilot information such as adding random pilot codes with poor correlation
  • the random access request and response messages are respectively carried by RACH (Random Access Channel, random access channel) and DL-SCH (Downlink-Shared Channel, downlink shared channel) logical channel, corresponding In the L1 physical layer PRACH (Physical Random Access Channel, Physical Random Access Channel) and PDSCH (Physical Downlink Shared Channel, Physical Downlink Shared Channel).
  • PRACH and PDSCH correspond to different physical time-frequency resource blocks in the LTE system. Therefore, neither the TDD (Time Division Duplex, Time Division Duplex) nor the FDD (Frequency Division Duplex, Frequency Division Duplex) system can guarantee the terminal uplink channel and The frequency consistency of the downlink channel of the base station. This cannot well meet the requirements of wireless key generation technology for channel reciprocity, and will eventually have a negative impact on the key generation rate and consistency rate.
  • embodiments of the present application provide a wireless key generation method, device, device, and storage medium, aiming at improving wireless key generation performance and meeting security requirements of a wireless communication system.
  • the embodiment of the present application provides a method for generating a wireless key, the method including:
  • a second message is sent to the first device based on the length of the first key.
  • the sending the second message to the first device based on the length of the first key includes:
  • determining that the length of the first key is less than a threshold sending a second message to the first device, the second message being used to indicate that the length of the first key is less than a threshold, or indicating that the first key length, or instruct the first device to continue sending the first message.
  • the sending the second message to the first device based on the length of the first key includes:
  • said extracting wireless channel characteristics based on said first message, and generating a first key include:
  • the channel detection information is at least one of a preamble (Preamble), a pilot code, and a preset information code.
  • the first message is a random access request message
  • the second message is a random access response message
  • the first message is a radio resource control (RRC) connection request message
  • the second message is an RRC connection establishment message.
  • RRC radio resource control
  • the method also includes:
  • the first check information is an error correction code or a check code.
  • the method also includes:
  • the fourth message carries the second verification information used for key consistency verification.
  • the second verification information is a verification code.
  • the third message is a random access request message
  • the fourth message is a random access response message
  • the third message is an RRC connection request message
  • the fourth message is an RRC connection establishment message.
  • the embodiment of the present application provides a method for generating a wireless key, the method including:
  • the second message is used to indicate that the length of the first key is smaller than the threshold, or indicate the length of the first key, or instruct the first device to continue sending the first message.
  • the second message is used to indicate that the length of the first key is greater than or equal to the threshold, or indicate the length of the first key, or indicate that the first device does not need to send the first message, or does not carry additional indication information .
  • the sending the first message to the second device based on the length of the second key and/or the indication information of the second message includes:
  • the second message is used to instruct the first device to continue sending the first message, and send the first message to the second device.
  • the sending a third message to the second device based on the length of the second key and/or the indication information of the second message includes:
  • the second message indicates that the first device does not need to send the first message
  • the second message does not carry additional indication information.
  • said extracting wireless channel characteristics based on said second message, and generating a second key include:
  • the channel detection information is at least one of a preamble (Preamble), a pilot code, and a preset information code.
  • the first message is a random access request message
  • the second message is a random access request message
  • the first message is a radio resource control (RRC) connection request message
  • the second message is an RRC connection establishment message.
  • RRC radio resource control
  • the third message carries the first verification information used for password consistency verification.
  • the first check information is an error correction code or a check code.
  • the method also includes:
  • the fourth message carries the second verification information used for consistency verification.
  • the second verification information is a verification code.
  • the third message is a random access request message
  • the fourth message is a random access response message
  • the third message is an RRC connection request message
  • the fourth message is an RRC connection establishment message.
  • the embodiment of the present application provides a wireless key generation device, which includes:
  • a first receiving module configured to receive a first message sent by the first device
  • a first key generation module configured to extract wireless channel characteristics based on the first message, and generate a first key
  • a first sending module configured to send a second message to the first device based on the length of the first key.
  • the embodiment of the present application provides a wireless key generation device, which includes:
  • a second sending module configured to send the first message to the second device
  • a second receiving module configured to receive a second message sent by the second device
  • the second key generation module is configured to extract wireless channel characteristics based on the second message, and generate a second key
  • the second sending module is further configured to send the first message or the third message to the second device based on the length of the second key and/or the indication information of the second message.
  • the embodiment of the present application provides a second device, including: a processor and a memory for storing a computer program that can run on the processor, wherein, when the processor is used to run the computer program, Execute the steps of the method described in the first aspect of the embodiments of the present application.
  • the embodiment of the present application provides a first device, including: a processor and a memory for storing a computer program that can run on the processor, wherein, when the processor is used to run the computer program, Execute the steps of the method described in the second aspect of the embodiment of the present application.
  • the embodiment of the present application provides a storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the method described in the first aspect or the second aspect of the embodiment of the present application is implemented A step of.
  • the second device receives the first message sent by the first device; extracts the wireless channel characteristics based on the first message, and generates the first key; based on the length of the first key, sends the message to the first device
  • the second message in this way, can support multiple extractions of wireless channel features for the wireless channel between the first device and the second device, allowing the first device and the second device to generate sufficient keys, thereby improving wireless encryption. reliability of key generation.
  • FIG. 1 is a schematic diagram of a flow of UE attach and access in the related art
  • FIG. 2 is a schematic flowchart of a method for generating a wireless key applied to a second device according to an embodiment of the present application
  • FIG. 3 is a schematic flow diagram of a method for generating a wireless key applied to a first device according to an embodiment of the present application
  • FIG. 4 is a schematic flowchart of a method for generating a wireless key according to Embodiment 1 of the present application;
  • FIG. 5 is a schematic flowchart of a wireless key generation method according to Embodiment 2 of the present application.
  • FIG. 6 is a schematic flowchart of a method for generating a wireless key according to Embodiment 3 of the present application.
  • FIG. 7 is a schematic flowchart of a method for generating a wireless key according to Embodiment 4 of the present application.
  • FIG. 8 is a schematic structural diagram of a wireless key generation device applied to a second device according to an embodiment of the present application.
  • FIG. 9 is a schematic structural diagram of a wireless key generation device applied to a first device according to an embodiment of the present application.
  • Fig. 10 is a schematic structural diagram of the second device of the embodiment of the present application.
  • Fig. 11 is a schematic structural diagram of the first device according to the embodiment of the present application.
  • an embodiment of the present application provides a method for generating a wireless key, which is applied to a second device. As shown in Figure 2, the method includes:
  • Step 201 receiving a first message sent by a first device
  • Step 202 extracting wireless channel characteristics based on the first message, and generating a first key
  • Step 203 Send a second message to the first device based on the length of the first key.
  • the first device may be various terminal devices supporting wireless communication, for example, 4G/5G/6G terminals, mobile phones, tablet computers, smart bracelets, WLAN/WiFi stations (WLAN/WiFi STA) and other devices;
  • the second device can be 4G/5G/6G base station, wireless local area network/wireless fidelity access point (WLAN/WiFi AP), wireless local area network/wireless fidelity station (WLAN/WiFi STA) , network side devices and other network devices that support wireless communication.
  • the second device receives the first message sent by the first device; extracts the wireless channel characteristics based on the first message, and generates the first key; based on the length of the first key, sends the second message to the first device, and the first device may be based on The received second message determines whether to continue sending the first message.
  • multiple wireless channel feature extractions can be supported for the wireless channel between the first device and the second device, allowing the first device and the second device to generate sufficient key, which improves the reliability of wireless key generation.
  • the second message is sent to the first device, including:
  • the second message may carry the above information in a manner of explicit indication or implicit indication.
  • displaying the indication refers to directly carrying relevant and clear information
  • the first device may directly determine that the length of the first key is less than the threshold, the length of the first key or the first device continues to send the first message based on the second message indicating the indication
  • the display indication can be interpreted as "representation" or "description”
  • the implicit indication means that the first device needs to perform related processing (for example, calculation processing) based on the received second message to determine that the length of the first key is less than the threshold, The length of the first key or the first device continues to send the first message.
  • the second message is sent to the first device, including:
  • the second message sent may also use the aforementioned explicit indication or implicit indication.
  • the second device determines that the length of the first key is greater than or equal to the threshold
  • the second message sent may also use the aforementioned explicit indication or implicit indication. For details, refer to the foregoing description, and will not repeat them here. .
  • the second message may not indicate relevant indication information such as the condition of the first key, that is, the second device may reply with a second message that does not carry additional indication information, and the first device may receive a second message that does not carry the second key information.
  • the second device After receiving a second message about a key (that is, the key on the second device side), it is assumed that the second device has generated enough keys.
  • the second message may be a new message, or an existing message may be reused.
  • the first device will continue to send the second message. send a message to the second device, so that the first device and the second device can repeat Wireless channel feature extraction is performed on the wireless channel between the two, and then a sufficient amount of wireless keys are generated on the first device and the second device, thereby improving the reliability of wireless key generation.
  • the first message when the second device is a base station, the first message is a random access request message, and the second message is a random access response message; and/or, the first message is an RRC connection request message, and the second message is an RRC Connection establishment message.
  • the second device is a WLAN device
  • the first message can be a RTS (Request To Send, request to send) message, or a Data (data) message
  • the second message can be a CTS (Clear to Send, clear to send) message, or ACK (confirm) message.
  • the first message and the second message can be set according to the specific conditions of the first device and the second device (for example, which type of device they are) .
  • the first message and/or the second message may be an existing message between the first device and the second device, that is, multiplex the existing message between the devices to implement the key agreement method of this application; it may also be a new The message, that is, use the new message to implement the key agreement method of this application.
  • each message in the first message and/or the second message may be a single message, or may include multiple sub-messages.
  • the transmission of the first message and/or the second message between the first device and the second device may be performed through an intermediate forwarding device, which is not specifically limited in this embodiment of the present application.
  • the random access response message is a random access response message carrying relevant information; if the second message does not carry additional indication information, the random access response message may be Existing random access response message.
  • first message and the second message carry channel detection information, which is used to perform channel detection and/or channel estimation on the wireless channel between the first device and the second device, and extract wireless channel features.
  • the wireless channel characteristic may be at least one of Channel State Information (Channel State Information, CSI), Received Signal Strength Indication (Received Signal Strength Indication, RSSI) and Channel Frequency Response (Channel Frequency Response, CFR). Examples are not limited to this.
  • CSI Channel State Information
  • RSSI Received Signal Strength Indication
  • CFR Channel Frequency Response
  • the existing wireless channel resources in the mobile communication network can be used to generate wireless keys, without the need to extract channel characteristics based on dedicated key negotiation, so that it can be compatible with the existing radio bearer establishment mechanism of the wireless access network .
  • the method in the embodiment of the present application can effectively guarantee the number of bits generated by the wireless key, so as to meet the key length requirement of the encryption algorithm.
  • extracting wireless channel characteristics based on the first message, and generating a first key include:
  • the first message itself and/or the channel detection information carried in the first message, perform channel detection and/or channel estimation, extract wireless channel features, and generate a first key.
  • the second device receives the first message from the first device, performs channel detection and/or channel estimation according to the first message itself and/or channel detection information carried in the first message, and extracts wireless channel features, Generate the first key.
  • the channel detection information may be at least one of a preamble (Preamble), a pilot code, and a preset information code.
  • Preamble a preamble
  • pilot code a pilot code
  • preset information code a preset information code
  • the preamble is the content actually sent by the first device in the RACH, and consists of a cyclic prefix CP with a length of Tcp and a sequence sequence with a length of Tseq, so that the channel characteristics can be realized during the establishment of random access extract.
  • the channel detection information can be a pilot code (such as m-sequence) or preset information coding that is more conducive to detecting the wireless channel state, which can effectively improve performance such as wireless key generation rate index.
  • a pilot code such as m-sequence
  • preset information coding that is more conducive to detecting the wireless channel state, which can effectively improve performance such as wireless key generation rate index.
  • the RACH and DL-SCH (corresponding to the L1 physical layer PRACH and PDSCH) are used to communicate the state of the wireless channel. Sounding and/or channel estimation to extract wireless channel characteristics.
  • CCCH Common Control Channel, Common Control Channel
  • CCCH Common Control Channel
  • both the RRC connection request message and the RRC connection establishment message are carried by the CCCH logical channel, corresponding to the L1 physical layer UL-SCH (Uplink Shared Channel, uplink shared channel) and DL-SCH (Downlink Shared Channel, downlink shared channel) ) and PUSCH (Physical Uplink Shared Channel, Physical Uplink Shared Channel) and PDSCH (Physical Downlink Shared Channel, Physical Downlink Shared Channel).
  • the PUSCH and PDSCH channels use the same physical time-frequency resource block for time division.
  • the RRC connection request message and the RRC connection establishment message can be performed on the uplink and downlink wireless channels with the same frequency.
  • Channel state detection and/or channel estimation extracts wireless channel features to ensure better reciprocity of wireless channels, so it can better ensure that the second device and the first device generate wireless keys with better consistency and improve the system wireless key generation performance.
  • the method further includes:
  • the first device can send a third message carrying the first verification information to the second device, so that the second device can The information performs a key consistency check on the first key, that is, performs information reconciliation.
  • the key consistency check for the first key may adopt one of the following: an information reconciliation method based on the Caseade protocol, based on error correction codes or based on secure sketches.
  • the first check information is an error correction code or a check code.
  • the first check information may be a forward error correction code, a linear block code, a CRC (cyclic redundancy check) check code, a check code based on the Caseade protocol, and the like.
  • the verification code after the second device verifies the first key, it also needs to send the verification code to the first device, so that the first device can send information to the wireless key based on the received verification code. reconcile.
  • the method further includes:
  • the second device sends a fourth message to the first device, where the fourth message carries second verification information used for key consistency verification.
  • the second check information may be a check code.
  • the wireless keys on the side of the first device and the second device can perform information reconciliation based on the verification code, so as to obtain a key consistent with both parties.
  • the third message is a random access request message
  • the fourth message is a random access response message
  • the third message is an RRC connection request message
  • the fourth message is an RRC Connection establishment message.
  • the third message can be a RTS (Request To Send, request to send) message, or a Data (data) message
  • the fourth message can be a CTS (Clear to Send, clear to send) message, or ACK (confirm) message.
  • the third message and the fourth message can be set according to the specific conditions of the first device and the second device (for example, which type of device they are) .
  • the third message and/or the fourth message may be an existing message between the first device and the second device, that is, multiplex an existing message between devices to implement the key verification method of this application; it may also be A new message, that is, a new message is used to implement the key verification method of the present application.
  • each message in the third message and/or the fourth message may be a single message, or may include multiple sub-messages.
  • the transmission of the third message and/or the fourth message between the first device and the second device may be performed through an intermediate forwarding device, which is not specifically limited in this embodiment of the present application.
  • verification information of the key consistency verification can be transmitted during the random access phase, or during the RRC connection phase, which is not limited in this embodiment of the present application.
  • the wireless physical layer key generation technology is organically combined with the mobile communication network technology, and the existing channel resources are used to obtain the wireless channel characteristics to generate the key without adding additional dedicated channels. .
  • the control plane signaling and/or user plane data transmitted point-to-point between the first device and the second device are encrypted and/or integrity protected by using the generated key, thereby improving system security.
  • protecting NAS layer messages containing sensitive information such as user identifiers (such as IMSI) to prevent leakage of user identifiers can improve the security of existing systems.
  • the embodiment of the present application also provides a method for generating a wireless key, which is applied to the first device, as shown in FIG. 3 , the method includes:
  • Step 301 sending a first message to a second device
  • Step 302 receiving a second message sent by a second device
  • Step 303 extracting wireless channel characteristics based on the second message, and generating a second key
  • Step 304 Send the first message or the third message to the second device based on the quantity of the second key and/or the indication information of the second message.
  • the first device sends the first message to the second device; receives the second message sent by the second device; extracts wireless channel characteristics based on the second message, and generates a second key; based on the number of second keys and /or the instruction information of the second message, send the first message or the third message to the second device, the first message can support the second device and the first device to continue to perform wireless channel feature extraction, so that it can support the first device Multiple extractions of wireless channel features are performed on the wireless channel with the second device, allowing the terminal and the second device to generate sufficient keys, thereby improving the reliability of wireless key generation.
  • the second device determines that the length of the first key is less than the threshold (for example, the number of bits of the first key is not enough for 128 or 256 bits)
  • the second message sent is used to indicate that the length of the first key is less than the threshold , or indicate the length of the first key, or instruct the first device to continue sending the first message.
  • the second message sent is used to indicate that the length of the first key is greater than or equal to the threshold, or indicate the length of the first key, or indicate The first device does not need to send the first message, or does not carry additional indication information.
  • sending the first message to the second device includes:
  • the second message is used to instruct the first device to continue sending the first message, and to send the first message to the second device.
  • the first device determines that the number of bits of the second key is less than the threshold, or receives the aforementioned indication that the length of the first key is less than the threshold, or indicates the length of the first key, or instructs the first device to continue sending
  • the second message of the first message will continue to send the first message to the second device, so that the number of bits of the wireless key is insufficient (for example, not enough 128 or 256 bits, resulting in failure to meet the key length requirements of the encryption algorithm)
  • the first device and the second device can repeatedly perform wireless channel feature extraction on the wireless channel between the two, and then generate a sufficient amount of wireless keys between the first device and the second device, and improve the efficiency of wireless key generation. reliability.
  • the first device directly sends the first message to the second device based on the second message; length, the first device needs to compare the length of the first key with the threshold, and determine whether to send the first message based on the comparison result.
  • sending the third message to the second device includes:
  • a third message is sent to the second device:
  • the second message indicates that the first device does not need to send the first message
  • the second message does not carry additional indication information.
  • the first message is a random access request message
  • the second message is a random access response message
  • the first message is an RRC connection request message
  • the second message is an RRC connection establishment message.
  • first message and the second message carry channel detection information, which is used to perform channel detection and/or channel estimation on the wireless channel between the first device and the second device, and extract wireless channel features.
  • extracting wireless channel characteristics based on the second message, and generating a second key include:
  • the second message itself and/or the channel detection information carried in the second message, perform channel detection and/or channel estimation, extract wireless channel features, and generate a second key.
  • the first device receives the second message from the second device, performs channel detection and/or channel estimation according to the second message itself and/or the channel detection information carried in the second message, and extracts wireless channel features , to generate the second key.
  • the wireless channel feature may be at least one of CSI, RSSI, and CFR, which is not limited in this embodiment of the present application.
  • the existing wireless channel resources in the mobile communication network can be used to generate wireless keys, without the need to extract channel characteristics based on dedicated key negotiation, so that it can be compatible with the existing radio bearer establishment mechanism of the wireless access network .
  • the method in the embodiment of the present application can effectively guarantee the number of bits generated by the wireless key, so as to meet the key length requirement of the encryption algorithm.
  • the channel detection information may be at least one of a preamble (Preamble), a pilot code, and a preset information code.
  • Preamble a preamble
  • pilot code a pilot code
  • preset information code a preset information code
  • the preamble is the content actually sent by the first device in the RACH, and consists of a cyclic prefix CP with a length of Tcp and a sequence sequence with a length of Tseq, so that the channel characteristics can be realized during the establishment of random access extract.
  • the channel detection information can be a pilot code (such as m-sequence) or preset information coding that is more conducive to detecting the wireless channel state, which can effectively improve performance such as wireless key generation rate index.
  • a pilot code such as m-sequence
  • preset information coding that is more conducive to detecting the wireless channel state, which can effectively improve performance such as wireless key generation rate index.
  • the RACH and DL-SCH (corresponding to the L1 physical layer PRACH and PDSCH) are used to communicate the state of the wireless channel. Sounding and/or channel estimation to extract wireless channel characteristics.
  • CCCH Common Control Channel, Common Control Channel
  • CCCH Common Control Channel
  • both the RRC connection request message and the RRC connection establishment message are carried by the CCCH logical channel, corresponding to the L1 physical layer UL-SCH (Uplink Shared Channel, uplink shared channel) and DL-SCH (Downlink Shared Channel, downlink shared channel) ) and PUSCH (Physical Uplink Shared Channel, Physical Uplink Shared Channel) and PDSCH (Physical Downlink Shared Channel, Physical Downlink Shared Channel).
  • the PUSCH and PDSCH channels use the same physical time-frequency resource block for time division.
  • the RRC connection request message and the RRC connection establishment message can be performed on the uplink and downlink wireless channels with the same frequency.
  • Channel state detection and/or channel estimation extracts wireless channel features to ensure better reciprocity of wireless channels, so it can better ensure that the second device and the first device generate wireless keys with better consistency and improve the system wireless key generation performance.
  • the third message carries first verification information for password consistency verification, so that the second device can perform key consistency verification on the first key based on the first verification information, that is, perform information reconcile.
  • the first check information is an error correction code or a check code.
  • the first check information may be a forward error correction code, a linear block code, a CRC (cyclic redundancy check) check code, a check code based on the Caseade protocol, and the like.
  • the verification code after the second device verifies the first key, it also needs to send the verification code to the first device, so that the first device can send information to the wireless key based on the received verification code. reconcile.
  • the method further includes:
  • the fourth message carries second verification information used for consistency verification.
  • the second check information may be a check code.
  • the wireless keys on the side of the first device and the second device can perform information reconciliation based on the verification code, so as to obtain a key consistent with both parties.
  • the third message is a random access request message
  • the fourth message is a random access response message
  • the third message is an RRC connection request message
  • the fourth message is an RRC connection establishment message.
  • verification information of the key consistency verification can be transmitted during the random access phase, or during the RRC connection phase, which is not limited in this embodiment of the present application.
  • Each application embodiment of the present application takes the 4G LTE system as an example to provide an application solution of the above method in a mobile communication network, wherein the first device is a user equipment (UE), and the second device is a base station (eNodeB).
  • the terminal access process in the 5G system is basically similar to that in 4G, so the above method is also applicable to other mobile communication systems with similar processing processes.
  • the terminal device and the base station use a random access request message and a random access response message to generate a wireless key, referring to Figure 4, specifically including:
  • Step 401 sending a first message (MSG1): a random access request message.
  • the terminal device sends a random access request message on the uplink RACH, including a preamble (Preamble).
  • Preamble a preamble
  • Step 402 wireless channel state measurement, feature extraction, key generation.
  • the base station Based on the received uplink random access request message, the base station measures the state of the wireless channel, extracts channel features, and generates a first key after sampling and quantizing.
  • Step 403 sending a second message (MSG2): a random access response message.
  • the base station returns a random access response message on the DL-SCH channel.
  • the base station may return instruction information to request the terminal device to continue to initiate a random access request message for uplink channel detection. If the base station has generated enough keys, it can normally feed back a random access response message, requiring the terminal to continue to perform subsequent operations.
  • Step 404 wireless channel state measurement, feature extraction, and key generation.
  • the terminal device Based on the received downlink random access response message, the terminal device measures the state of the wireless channel, extracts channel features, and generates a second key after sampling and quantizing.
  • Step 405 judging whether sufficient keys are generated, if yes, execute step 406; if not, return to step 401.
  • the terminal device determines that sufficient keys have been generated, subsequent operations will be performed. If sufficient keys have not been generated, the terminal device resends the random access request message, repeats steps 401 to 404, and continues to generate keys until sufficient keys are generated.
  • Step 406 sending a first message (MSG1): a random access request message, where the random access request message carries key consistency check information.
  • the terminal device resends the random access request message, which includes the first verification information for completing the key consistency verification.
  • Step 407 sending a second message (MSG2): a random access response message, where the random access response message carries key consistency check information.
  • the base station returns a random access response message, which includes the second verification information for completing the key consistency verification.
  • Step 408a and step 408b key consistency verification and privacy amplification.
  • the base station and the terminal device Based on the received key consistency verification information, the base station and the terminal device perform key consistency verification and privacy amplification operations, and finally form a key that can be used by both parties.
  • Step 409a and Step 409b enable encryption.
  • the terminal device and the base station encrypt and/or integrity protect the wireless signaling and data that are subsequently exchanged.
  • the AS layer signaling messages including NAS layer messages carried by RRC signaling, such as registration requests
  • user plane data exchanged between the terminal device and the base station will be transparently encrypted using the wireless key and/or Or integrity protection to ensure the security of all control plane signaling and user plane data.
  • the coded signals sent in the above steps 401 and 403 can be replaced with signal codes that are more suitable for detecting the system wireless channel state, for example, using pilot codes (such as m-sequences), For better wireless key generation effect.
  • pilot codes such as m-sequences
  • the wireless key generation method of the application embodiment 2 includes:
  • Step 501 sending a first message (MSG1): a random access request message.
  • the terminal device sends a pilot code for channel detection, for example, an m-sequence, on the uplink RACH.
  • Step 502 wireless channel state measurement, feature extraction, key generation.
  • the base station Based on the received uplink random access request message, the base station measures the state of the wireless channel, extracts channel features, and generates a first key after sampling and quantizing.
  • Step 503 sending a second message (MSG2): a random access response message.
  • the base station returns a random access response message on the DL-SCH channel, and the random access response message carries a pilot code for channel detection.
  • the base station may return instruction information to request the terminal device to continue to initiate a random access request message for uplink channel detection. If the base station has generated enough keys, it can normally feed back a random access response message, requiring the terminal to continue to perform subsequent operations.
  • Step 504 wireless channel state measurement, feature extraction, key generation.
  • the terminal device Based on the received downlink random access response message, the terminal device measures the state of the wireless channel, extracts channel features, and generates a second key after sampling and quantizing.
  • Step 505 judging whether sufficient keys are generated, if yes, execute step 506; if not, return to step 501.
  • the terminal device determines that sufficient keys have been generated, subsequent operations will be performed. If sufficient keys have not been generated, the terminal device resends the random access request message, repeats steps 501 to 504, and continues to generate keys until sufficient keys are generated.
  • Step 506 sending a first message (MSG1): a random access request message, where the random access request message carries key consistency check information.
  • the terminal device resends the random access request message, which includes the first verification information used to complete the key consistency verification.
  • Step 507 sending a second message (MSG2): a random access response message, where the random access response message carries key consistency check information.
  • the base station returns a random access response message, which includes the second verification information for completing the key consistency verification.
  • Step 508a and step 508b key consistency verification and privacy amplification.
  • the base station and the terminal device Based on the received key consistency verification information, the base station and the terminal device perform key consistency verification and privacy amplification operations, and finally form a key that can be used by both parties.
  • Step 509a and Step 509b enable encryption.
  • the terminal device and the base station encrypt and/or integrity protect the wireless signaling and data that are subsequently exchanged.
  • the AS layer signaling messages including NAS layer messages carried by RRC signaling, such as registration requests
  • user plane data exchanged between the terminal device and the base station will be transparently encrypted using the wireless key and/or Or integrity protection to ensure the security of all control plane signaling and user plane data.
  • the duration of the random access request/response message is short and the amount of information that can be carried is limited, it may not be suitable for carrying key consistency check information.
  • the consistency check information can be carried by the RRC connection request message and the RRC connection establishment message. Encryption is enabled after the key consistency verification and privacy amplification operations are completed, so as to perform encryption and/or integrity protection on the RRC connection establishment completion message and subsequent messages.
  • the RRC connection establishment complete message carries the NAS layer registration request message, so the IMSI identity can be prevented from leaking.
  • the method for generating a wireless key according to Embodiment 3 includes:
  • Step 401 to step 405, or step 501 to step 505 are executed first.
  • the first base performs steps 401 to 405, or steps 501 to 505, so that the base station and the terminal equipment generate sufficient keys.
  • Step 606 sending a first message (MSG1): a random access request message.
  • Step 607 sending a second message (MSG2): a random access response message.
  • Step 608 sending a third message (MSG3): an RRC connection request message, where the RRC connection request message carries key consistency check information.
  • MSG3 third message
  • the terminal device sends an RRC connection request message, which includes first verification information for completing key consistency verification.
  • Step 609 sending a fourth message (MSG4): an RRC connection establishment message, the RRC connection establishment message carrying key consistency check information.
  • the base station returns the RRC connection establishment message, which includes the second verification information for completing the key consistency verification.
  • Step 610a and step 610b key consistency verification and privacy amplification.
  • the base station and the terminal device Based on the received key consistency verification information, the base station and the terminal device perform key consistency verification and privacy amplification operations, and finally form a key that can be used by both parties.
  • Step 611a and Step 611b enable encryption.
  • the terminal device and the base station encrypt and/or integrity protect the wireless signaling and data that are subsequently exchanged.
  • the AS layer signaling messages (including NAS layer messages carried by RRC signaling, such as registration requests) and user plane data exchanged between the terminal device and the base station will be transparently encrypted using the wireless key and/or Or integrity protection to ensure the security of all control plane signaling and user plane data.
  • the specific pilot code can be carried in the RRC connection request message and the RRC connection establishment message to complete wireless channel state detection. Thereafter, the RRC connection request and RRC connection establishment messages are used again to complete the exchange of key consistency check messages, and a consistent key is negotiated between the terminal and the base station to encrypt the point-to-point transmission channel between the two parties.
  • the method for generating a wireless key in this application embodiment specifically includes:
  • Step 701 sending a first message (MSG1): a random access request message.
  • the terminal device sends a random access request message on the uplink RACH.
  • Step 702 sending a second message (MSG2): a random access response message.
  • the base station returns a random access response message on the DL-SCH channel.
  • Step 703 sending a third message (MSG3): an RRC connection request message.
  • the terminal device sends an RRC connection request message on the CCCH, which contains a specially designed pilot code (eg, m-sequence) for channel state detection.
  • a specially designed pilot code eg, m-sequence
  • Step 704 wireless channel state measurement, feature extraction, key generation.
  • the base station Based on the received uplink pilot signal, the base station measures the state of the wireless channel, extracts channel features, samples and quantizes, and generates a first key.
  • Step 705 sending a fourth message (MSG4): an RRC connection establishment message.
  • the base station sends an RRC connection establishment message on the CCCH channel, which contains a specially designed pilot code for channel state detection.
  • the base station may return instruction information to request the terminal equipment to continue to initiate an RRC connection request message for uplink channel detection. If the base station has generated enough keys, it can normally feed back a random access response message, requiring the terminal device to continue to perform subsequent operations.
  • Step 706 wireless channel state measurement, feature extraction, key generation.
  • the terminal device Based on the received downlink pilot signal, the terminal device measures the state of the wireless channel, extracts channel features, and generates a second key after sampling and quantizing.
  • Step 707 judging whether sufficient keys are generated, if yes, execute step 708; if not, return to step 703.
  • the terminal device determines that sufficient keys have been generated, subsequent operations will be performed. If sufficient keys have not been generated, the terminal device resends the random access request message, repeats steps 703-706, and continues to generate keys until sufficient keys are generated.
  • Step 708 sending a third message (MSG3): an RRC connection request message, where the RRC connection request message carries key consistency check information.
  • the terminal device resends the RRC connection request message, which includes the first verification information for completing the key consistency verification.
  • Step 709 sending a fourth message (MSG4): an RRC connection establishment message, the RRC connection establishment message carrying key consistency check information.
  • the base station returns the RRC connection establishment message, which includes the second verification information for completing the key consistency verification.
  • Step 710a and step 710b key consistency verification and privacy amplification.
  • the base station and the terminal device Based on the received key consistency verification information, the base station and the terminal device perform key consistency verification and privacy amplification operations, and finally form a key that can be used by both parties.
  • Step 711a and Step 711b, enable encryption.
  • the terminal device and the base station encrypt and/or integrity protect the wireless signaling and data that are subsequently exchanged.
  • the AS layer signaling messages (including NAS layer messages carried by RRC signaling, such as registration requests) and user plane data exchanged between the terminal device and the base station will be transparently encrypted using the wireless key and/or Or integrity protection to ensure the security of all control plane signaling and user plane data.
  • both the RRC connection request message and the RRC connection establishment message are carried by the CCCH logical channel, corresponding to the L1 physical layer UL-SCH and DL-SCH transport channels and the PUSCH and PDSCH physical channels.
  • PUSCH and PDSCH use the same physical time-frequency resource block for time division. Therefore, compared with the scheme of using PRACH and PDSCH to carry channel detection information in application embodiment 1 to application embodiment 3, the method proposed in application embodiment 4 can Channel state detection and feature extraction are carried out on the uplink and downlink wireless channels with the same frequency to ensure better reciprocity of the wireless channel, so it can better ensure that the base station and the terminal generate a more consistent key and improve the system key build performance.
  • the embodiment of the present application also provides a wireless key generation device, which is applied to the second device, and the wireless key generation device corresponds to the above-mentioned wireless key generation method applied to the second device , each step in the above embodiment of the wireless key generation method is also fully applicable to this embodiment of the wireless key generation device.
  • the wireless key generating device includes: a first receiving module 801 , a first key generating module 802 and a first sending module 803 .
  • the first receiving module 801 is configured to receive a first message sent by the first device;
  • the first key generation module 802 is configured to extract wireless channel characteristics based on the first message, and generate a first key;
  • the first sending module 803 is configured to Based on the length of the first key, a second message is sent to the first device.
  • the first sending module 803 is specifically configured as:
  • the first sending module 803 is specifically configured as:
  • the first key generation module 802 is specifically configured as:
  • the first message itself and/or the channel detection information carried in the first message, perform channel detection and/or channel estimation, extract wireless channel features, and generate a first key.
  • the channel detection information is at least one of a preamble, a pilot code, and a preset information code.
  • the first message is a random access request message
  • the second message is a random access response message
  • the first message is a radio resource control RRC connection request message
  • the second message is an RRC connection establishment message.
  • the first receiving module 801 is further configured to:
  • a third message sent by the first device is received, where the third message carries first verification information used for key consistency verification.
  • the first check information is an error correction code or a check code.
  • the first sending module 803 is further configured to:
  • the second check information is a check code.
  • the third message is a random access request message
  • the fourth message is a random access response message
  • the third message is an RRC connection request message
  • the fourth message is an RRC connection establishment message.
  • the first receiving module 801, the first key generating module 802 and the first sending module 803 may be implemented by a processor in the wireless key generating device.
  • a processor needs to run a computer program in memory to carry out its functions.
  • the embodiment of the present application also provides a wireless key generation device, which is applied to the first device, and the wireless key generation device corresponds to the above-mentioned wireless key generation method applied to the first device , each step in the above embodiment of the wireless key generation method is also fully applicable to this embodiment of the wireless key generation device.
  • the wireless key generating device includes: a second sending module 901 , a second receiving module 902 and a second key generating module 903 .
  • the second sending module 901 is configured to send the first message to the second device;
  • the second receiving module 902 is configured to receive the second message sent by the second device;
  • the second key generating module 903 is configured to extract the wireless key based on the second message.
  • the second sending module 901 is further configured to send the first message or the third message to the second device based on the length of the second key and/or the indication information of the second message.
  • the second message is used to indicate that the length of the first key is smaller than the threshold, or indicate the length of the first key, or instruct the first device to continue sending the first message.
  • the second message is used to indicate that the length of the first key is greater than or equal to the threshold, or indicate the length of the first key, or indicate that the first device does not need to send the first message, or does not carry additional indication information.
  • the second sending module 901 sends the first message to the second device based on the length of the second key and/or the indication information of the second message, including:
  • the second message is used to instruct the first device to continue sending the first message, and to send the first message to the second device.
  • the second sending module 901 sends the third message to the second device based on the length of the second key and/or the indication information of the second message, including:
  • a third message is sent to the second device:
  • the second message indicates that the first device does not need to send the first message
  • the second message does not carry additional indication information.
  • the second key generation module 903 is specifically configured as:
  • the second message itself and/or the channel detection information carried in the second message, perform channel detection and/or channel estimation, extract wireless channel features, and generate a second key.
  • the channel detection information is at least one of a preamble (Preamble), a pilot code, and a preset information code.
  • Preamble a preamble
  • pilot code a pilot code
  • preset information code a preset information code
  • the first message is a random access request message
  • the second message is a random access response message
  • the first message is a radio resource control RRC connection request message
  • the second message is an RRC connection establishment message.
  • the third message carries first verification information used for password consistency verification.
  • the first check information is an error correction code or a check code.
  • the second receiving module 902 is further configured to: receive a fourth message sent by the second device.
  • the second check information is a check code.
  • the third message is a random access request message
  • the fourth message is a random access response message
  • the third message is an RRC connection request message
  • the fourth message is an RRC connection establishment message.
  • the second sending module 901, the second receiving module 902 and the second key generating module 903 may be implemented by a processor in the wireless key generating device.
  • a processor needs to run a computer program in memory to carry out its functions.
  • the wireless key generation device when the wireless key generation device provided by the above-mentioned embodiment performs wireless key generation, the division of the above-mentioned program modules is used as an example for illustration. In practical applications, the above-mentioned processing can be assigned to different Completion of program modules means that the internal structure of the device is divided into different program modules to complete all or part of the processing described above.
  • the wireless key generation device and the wireless key generation method embodiments provided in the above embodiments belong to the same idea, and the specific implementation process thereof is detailed in the method embodiments, and will not be repeated here.
  • FIG. 10 only shows an exemplary structure of the second device but not the entire structure, and some or all of the structures shown in FIG. 10 may be implemented as required.
  • the second device 1000 provided in this embodiment of the present application includes: at least one processor 1001, a memory 1002, a user interface 1003, and at least one network interface 1004.
  • Various components in the second device 1000 are coupled together through the bus system 1005 .
  • the bus system 1005 is used to realize connection and communication between these components.
  • the bus system 1005 also includes a power bus, a control bus and a status signal bus.
  • the various buses are labeled as bus system 1005 in FIG. 10 for clarity of illustration.
  • the user interface 1003 may include a display, a keyboard, a mouse, a trackball, a click wheel, keys, buttons, a touch panel or a touch screen, and the like.
  • the memory 1002 in the embodiment of the present application is used to store various types of data to support the operation of the second device. Examples of such data include: any computer program for operation on the second device.
  • the method for generating a wireless key disclosed in the embodiment of the present application may be applied to the processor 1001 or implemented by the processor 1001 .
  • the processor 1001 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the wireless key generation method may be implemented by an integrated logic circuit of hardware in the processor 1001 or instructions in the form of software.
  • the aforementioned processor 1001 may be a general-purpose processor, a digital signal processor (DSP, Digital Signal Processor), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like.
  • the processor 1001 may implement or execute various methods, steps, and logic block diagrams disclosed in the embodiments of the present application.
  • a general purpose processor may be a microprocessor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor.
  • the software module may be located in a storage medium, the storage medium is located in the memory 1002, the processor 1001 reads the information in the memory 1002, and combines its hardware to complete the steps of the wireless key generation method provided by the embodiment of the present application.
  • the second device may be implemented by one or more Application Specific Integrated Circuits (ASIC, Application Specific Integrated Circuit), DSP, Programmable Logic Device (PLD, Programmable Logic Device), Complex Programmable Logic Device (CPLD , Complex Programmable Logic Device), FPGA, general-purpose processor, controller, microcontroller (MCU, Micro Controller Unit), microprocessor (Microprocessor), or other electronic components are implemented for performing the aforementioned method.
  • ASIC Application Specific Integrated Circuit
  • DSP Programmable Logic Device
  • PLD Programmable Logic Device
  • CPLD Complex Programmable Logic Device
  • FPGA general-purpose processor
  • controller microcontroller
  • MCU Micro Controller Unit
  • microprocessor Microprocessor
  • FIG. 11 only shows an exemplary structure of the first device but not the entire structure, and some or all of the structures shown in FIG. 11 can be implemented as required.
  • a first device 1100 provided in this embodiment of the present application includes: at least one processor 1101 , a memory 1102 , a user interface 1103 and at least one network interface 1104 .
  • Various components in the first device 1100 are coupled together through the bus system 1105 .
  • the bus system 1105 is used to realize connection and communication between these components.
  • the bus system 1105 also includes a power bus, a control bus and a status signal bus.
  • the various buses are labeled bus system 1105 in FIG. 11 for clarity of illustration.
  • the user interface 1103 may include a display, a keyboard, a mouse, a trackball, a click wheel, keys, buttons, a touch panel or a touch screen, and the like.
  • the memory 1102 in the embodiment of the present application is used to store various types of data to support the operation of the first device. Examples of such data include: any computer programs for operating on the first device.
  • the method for generating a wireless key disclosed in the embodiment of the present application may be applied to the processor 1101 or implemented by the processor 1101 .
  • the processor 1101 may be an integrated circuit chip with signal processing capability. In the implementation process, each step of the wireless key generation method may be implemented by an integrated logic circuit of hardware in the processor 1101 or instructions in the form of software.
  • the aforementioned processor 1101 may be a general-purpose processor, a digital signal processor (DSP, Digital Signal Processor), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like.
  • the processor 1101 may implement or execute various methods, steps, and logic block diagrams disclosed in the embodiments of the present application.
  • a general purpose processor may be a microprocessor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of this application can be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor.
  • the software module may be located in a storage medium, the storage medium is located in the memory 1102, the processor 1101 reads the information in the memory 1102, and combines its hardware to complete the steps of the wireless key generation method provided by the embodiment of the present application.
  • the first device 1100 may be implemented by one or more ASICs, DSPs, PLDs, CPLDs, FPGAs, general purpose processors, controllers, MCUs, Microprocessors, or other electronic components for performing the aforementioned methods.
  • the memory 1002, 1102 may be a volatile memory or a non-volatile memory, and may also include both volatile and non-volatile memory.
  • the non-volatile memory can be read-only memory (ROM, Read Only Memory), programmable read-only memory (PROM, Programmable Read-Only Memory), erasable programmable read-only memory (EPROM, Erasable Programmable Read-Only Memory) Only Memory), Electrically Erasable Programmable Read-Only Memory (EEPROM, Electrically Erasable Programmable Read-Only Memory), Magnetic Random Access Memory (FRAM, ferromagnetic random access memory), Flash Memory (Flash Memory), Magnetic Surface Memory , CD, or CD-ROM (Compact Disc Read-Only Memory); magnetic surface storage can be disk storage or tape storage.
  • the volatile memory may be random access memory (RAM, Random Access Memory), which is used as an external cache.
  • RAM random access memory
  • RAM Random Access Memory
  • many forms of RAM are available such as Static Random Access Memory (SRAM, Static Random Access Memory), Synchronous Static Random Access Memory (SSRAM, Synchronous Static Random Access Memory), Dynamic Random Access Memory Memory (DRAM, Dynamic Random Access Memory), synchronous dynamic random access memory (SDRAM, Synchronous Dynamic Random Access Memory), double data rate synchronous dynamic random access memory (DDRSDRAM, Double Data Rate Synchronous Dynamic Random Access Memory), enhanced Synchronous Dynamic Random Access Memory (ESDRAM, Enhanced Synchronous Dynamic Random Access Memory), Synchronous Link Dynamic Random Access Memory (SLDRAM, SyncLink Dynamic Random Access Memory), Direct Memory Bus Random Access Memory (DRRAM, Direct Rambus Random Access Memory ).
  • SRAM Static Random Access Memory
  • SSRAM Synchronous Static Random Access Memory
  • DRAM Dynamic Random Access Memory
  • SDRAM Synchronous Dynamic Random Access Memory
  • the embodiment of the present application also provides a storage medium, that is, a computer storage medium, specifically, it may be a computer-readable storage medium, for example, including a memory 1002 storing a computer program, and the above computer program may be used by the second device 1000 Executed by the processor 1001 of the first device 1100 to complete the steps of the wireless key generation method on the second device side of the embodiment of the present application; another example includes a memory 1102 storing a computer program, the above computer program can be executed by the processor 1101 of the first device 1100 to Complete the steps of the wireless key generation method on the first device side in the embodiment of this application.
  • the computer-readable storage medium may be memory such as ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface memory, optical disc, or CD-ROM.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Sont divulgués un procédé et un appareil de génération de clé sans fil, un dispositif et un support d'enregistrement. Le procédé comprend : un second dispositif recevant un premier message envoyé par un premier dispositif ; l'extraction de caractéristiques de canal sans fil sur la base du premier message, et la génération d'une première clé ; et l'envoi d'un second message au premier dispositif sur la base de la longueur de la première clé. Par conséquent, plusieurs extractions de caractéristiques de canal sans fil pour un canal sans fil entre le premier dispositif et le second dispositif peuvent être prises en charge, et le premier dispositif et le second dispositif sont autorisés à générer des clés suffisantes, de sorte que la fiabilité de génération de clé sans fil est améliorée.
PCT/CN2022/129917 2021-11-08 2022-11-04 Procédé et appareil de génération de clé sans fil, dispositif et support d'enregistrement WO2023078400A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111313718.2 2021-11-08
CN202111313718.2A CN116095677A (zh) 2021-11-08 2021-11-08 无线密钥生成方法、装置、设备及存储介质

Publications (1)

Publication Number Publication Date
WO2023078400A1 true WO2023078400A1 (fr) 2023-05-11

Family

ID=86205042

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/129917 WO2023078400A1 (fr) 2021-11-08 2022-11-04 Procédé et appareil de génération de clé sans fil, dispositif et support d'enregistrement

Country Status (2)

Country Link
CN (1) CN116095677A (fr)
WO (1) WO2023078400A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101621795A (zh) * 2009-07-17 2010-01-06 中兴通讯股份有限公司 一种实现无线数据终端私有性的方法、系统及装置
CN102869013A (zh) * 2012-08-29 2013-01-09 北京邮电大学 基于无线信道特征的安全通信系统
CN104010299A (zh) * 2014-05-21 2014-08-27 中国人民解放军信息工程大学 基于物理层安全的移动通信会话私密性增强方法
CN107819760A (zh) * 2017-11-06 2018-03-20 中国运载火箭技术研究院 基于无线信道特征的对称密钥生成与分发的保密通信系统
US10129022B1 (en) * 2016-02-22 2018-11-13 The Regents Of The University Of California Secret key for wireless communication in cyber-physical automotive systems

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101621795A (zh) * 2009-07-17 2010-01-06 中兴通讯股份有限公司 一种实现无线数据终端私有性的方法、系统及装置
CN102869013A (zh) * 2012-08-29 2013-01-09 北京邮电大学 基于无线信道特征的安全通信系统
CN104010299A (zh) * 2014-05-21 2014-08-27 中国人民解放军信息工程大学 基于物理层安全的移动通信会话私密性增强方法
US10129022B1 (en) * 2016-02-22 2018-11-13 The Regents Of The University Of California Secret key for wireless communication in cyber-physical automotive systems
CN107819760A (zh) * 2017-11-06 2018-03-20 中国运载火箭技术研究院 基于无线信道特征的对称密钥生成与分发的保密通信系统

Also Published As

Publication number Publication date
CN116095677A (zh) 2023-05-09

Similar Documents

Publication Publication Date Title
US10555170B2 (en) Method and apparatus for authentication of wireless devices
US9713001B2 (en) Method and system for generating an identifier of a key
CN108605225B (zh) 一种安全处理方法及相关设备
US20180317276A1 (en) Connection management method and device in d2d relay communication, terminal and base station
KR101461236B1 (ko) 무선 호를 연결 과정에서 엔티티의 인증을 수행하는 방법
US11051333B2 (en) Data transmission method, network device, and terminal device
WO2021147029A1 (fr) Procédé, dispositif et support de stockage informatique de communication
WO2021051974A1 (fr) Procédé et appareil de protection de sécurité pour informations d'interface radio
WO2020259410A1 (fr) Procédé d'obtention d'une avance temporelle et dispositifs
WO2023078400A1 (fr) Procédé et appareil de génération de clé sans fil, dispositif et support d'enregistrement
US20230189384A1 (en) Signaling Transmission Method and Apparatus
WO2022116809A1 (fr) Procédé, appareil et système d'accès aléatoire
WO2022267723A1 (fr) Procédé et appareil de génération de clé de session
EP4322579A1 (fr) Procédé et appareil de communication
CN112601222B (zh) 一种空口信息的安全保护方法及装置
WO2021155591A1 (fr) Procédé d'accès aléatoire, appareil, terminal, dispositif de réseau et support de stockage
RU2749140C1 (ru) Способ индикации идентификатора контекста, способ получения данных, абонентское устройство и базовая станция
KR102450114B1 (ko) Lte 무선 구간 유니캐스트 메시지 인젝션을 통한 가짜 기지국 연결 공격 방법 및 시스템
US20220124673A1 (en) Fbs redirection attack method using unicast message injection in lte and the system thereof
CN101741551A (zh) 确保前向安全的方法、网络设备、用户设备和通信系统
CN117528837A (zh) 通信方法、装置、系统和终端
RU2682846C1 (ru) Способы, устройство беспроводной связи и узел сети беспроводной связи для управления разрешением конфликтов
WO2019140619A1 (fr) Procédé et dispositif d'indication d'informations, et support de stockage informatique
CN116113010A (zh) 无线接入方法、装置及计算机可读存储介质
CN110958609A (zh) 安全通信方法、智能终端、基站及具有存储功能的装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22889421

Country of ref document: EP

Kind code of ref document: A1