WO2023212903A1

WO2023212903A1 - Relay communication method, and device

Info

Publication number: WO2023212903A1
Application number: PCT/CN2022/091125
Authority: WO
Inventors: 熊丽晖; 甘露; 曹进; 任雄鹏; 马如慧; 李晖
Original assignee: Oppo广东移动通信有限公司
Priority date: 2022-05-06
Filing date: 2022-05-06
Publication date: 2023-11-09

Abstract

Provided in the embodiments of the present application are a relay communication method, and a device. The identity security of a user equipment and the confidentiality and integrity of communication data can be guaranteed, such that the confidentiality and integrity of data transmission between two parties are ensured, and the eavesdropping of other devices and even a relay device is prevented.

Description

Methods and equipment for relay communications

Technical field

Embodiments of the present application relate to the field of communications, and more specifically, to a method and device for relaying communications.

Background technique

In the architecture that implements communication between the source terminal and the target terminal through a relay device (UE-to-UE relay), how to ensure the security of the terminal identity and the confidentiality and integrity of the communication data is A problem that needs to be solved.

Contents of the invention

Embodiments of the present application provide a method and device for relay communication, which can ensure the security of terminal identities and the confidentiality and integrity of communication data, thereby ensuring the confidentiality and integrity of data transmitted by both parties and preventing other devices and even relay devices from of eavesdropping.

In the first aspect, a method for relaying communication is provided, which method includes:

The first terminal device receives the authentication request message sent by the second terminal device through the relay device;

The authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, the first temporary public key generated by the second terminal device, Signature, the signature of the relay device, and relevant information of the relay device;

Wherein, the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; the information of the user to which the relay device belongs includes the identification of the relay device and the relay device. PVT and KPAK; the input parameters of the signature of the second terminal device include at least one of the following: the information of the user to which the second terminal device belongs and the first temporary public key; the input parameters of the signature of the relay device include at least one of the following: One: the signature of the second terminal device and the information of the user to which the relay device belongs; the first temporary public key and the relevant information of the relay device are used for the first terminal device to derive the first key; the relay The relevant information of the device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.

In the second aspect, a method for relaying communication is provided, which method includes:

The second terminal device sends an authentication request message to the first terminal device through the relay device;

The authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first temporary public key generated by the second terminal device, the signature of the second terminal device, and relevant information about the relay device. ;

Wherein, the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; the input parameters of the signature of the second terminal device include at least one of the following: the second terminal The information of the user to which the device belongs and the first temporary public key; the first temporary public key and the relevant information of the relay device are used for the first terminal device to derive the first key; the relevant information of the relay device includes the following: 1: The identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.

In a third aspect, a method for relaying communication is provided, which method includes:

The relay device receives an authentication request message sent by the second terminal device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first temporary public key generated by the second terminal device, the The signature of the second terminal device; wherein the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; the input parameters of the signature of the second terminal device include at least the following: One: the information of the user to which the second terminal device belongs and the first temporary public key; the first temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key;

When the KPAK of the second terminal device is valid and the signature verification of the second terminal device based on the identity of the second terminal device and the PVT of the second terminal device is successful, the relay device sends a message to the first terminal device. The device sends an authentication request message after verification; wherein the authentication request message after verification includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, the first temporary public key, The signature of the second terminal device, the signature of the relay device, and the relevant information of the relay device; wherein the information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; The input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; wherein the relevant information of the relay device includes one of the following: the relay device The identity information, the random number generated by the relay device, and the counter generated by the relay device.

The fourth aspect provides a method for relaying communication, which method includes:

The first terminal device sends the first message to the second terminal device through the relay device;

Wherein, the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, a third message generated by the first terminal device. A random number, the second temporary public key generated by the first terminal device, M bits of the identification of the first key generated by the first terminal device, the signature of the first terminal device, and the first message verification code;

Wherein, the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device; the input parameters of the signature of the first terminal device include at least one of the following: the first terminal Information about the user to whom the device belongs, the second temporary public key, the M bits, and the signature of the second terminal device;

Wherein, the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device;

Wherein, the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the third key generated by the second terminal device. Two random numbers are used to derive a second key. The second key is used to derive an integrity protection key and/or a confidentiality protection key. The identity of the first key is composed of the M bits and the first The other N bits of the key's identification are combined, and M and N are both positive integers;

The relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.

The fifth aspect provides a method for relaying communication, which method includes:

The second terminal device receives the first message sent by the first terminal device through the relay device;

Wherein, the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, and information of the user to which the relay device belongs. , the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, the M bits of the identification of the first key generated by the first terminal device, the first terminal device signature, the signature of the relay device, and the first message verification code;

Wherein, the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device; the information of the user to which the relay device belongs includes the identification of the relay device and the relay device. PVT and KPAK; the input parameters of the first terminal device's signature include at least one of the following: the information of the user to which the first terminal device belongs, the second temporary public key, the M bits, the second terminal device's Signature; the input parameters of the relay device's signature include at least one of the following: information about the user to which the relay device belongs, the signature of the first terminal device, the signature of the second terminal device, and the first message;

A sixth aspect provides a method for relaying communications, which method includes:

The relay device receives the first message sent by the first terminal device; wherein the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, Information about the user to whom the device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, M bits of the identification of the first key generated by the first terminal device, The signature of the first terminal device, the first message verification code; wherein the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device; The input parameters of the signature include at least one of the following: information about the user to which the first terminal device belongs, the second temporary public key, the M bits, and the signature of the second terminal device; wherein the first message is passed based on the The first message verification code generated by the first key is integrity protected, and the input parameters of the first message verification code include at least one of the following: the security capability information of the first terminal device, the security capability of the first terminal device Policy information, information about the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device;

When the KPAK of the first terminal device is valid and the signature verification of the first terminal device based on the identity of the first terminal device and the PVT of the first terminal device is successful, the relay device sends a request to the second terminal device. The device sends the first message after verification; wherein the first message after verification includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the The user's information, the information of the user to which the relay device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device and paired with the second temporary private key, the first M bits of the identification of the first key generated by the terminal device, the signature of the first terminal device, the signature of the relay device, the relevant information of the relay device, and the first message verification code; wherein, the The information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the relay device include at least one of the following: the information of the user to which the relay device belongs, the third The signature of a terminal device, the signature of the second terminal device, and the first message after verification;

Wherein, the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the third key generated by the second terminal device. Two random numbers are used to derive a second key. The second key is used to derive an integrity protection key and/or a confidentiality protection key. The identity of the first key is composed of the M bits and the first The other N bits of the key's identification are combined, and M and N are both positive integers; among them, the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device. Count, the counter generated by this relay device.

A seventh aspect provides a method for relaying communications, which method includes:

The first terminal device sends a direct communication request to the second terminal device through the relay device;

Wherein, the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, a first temporary public key generated by the first terminal device, The first random number generated;

Wherein, the direct communication request is encrypted through a first encryption key, and the direct communication request is integrity protected through a first integrity protection key. The first encryption key is based on the registered and authorized use of the UE-to - an encryption key derived from the symmetric key of the terminal for UE relay communication, the first integrity protection key is an integrity protection key derived based on the symmetric key of the terminal that has been registered and authorized to use UE-to-UE relay communication key;

Among them, the first temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key; the first random number, the first key and the second key generated by the second terminal device. The random number is used to derive a second key, and the second key is used to derive a second encryption key and/or a second integrity protection key, or the first random number, the first key and the The second random number generated by the second terminal device is used to derive the second encryption key and/or the second integrity protection key;

An eighth aspect provides a method for relaying communications, which method includes:

The second terminal device receives the direct communication request sent by the first terminal device through the relay device;

Wherein, the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, a first temporary public key generated by the first terminal device, The first random number generated, the identification of the relay device, and the relevant information of the relay device;

Among them, the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter generated by the relay device; the first temporary public key and the relay device The relevant information is used by the second terminal device to derive the first key; the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key, and the first random number is used to derive the second key. The second key is used to derive the second encryption key and/or the second integrity protection key, or the first random number, the first key and the second random number generated by the second terminal device are used to derive A second encryption key and/or a second integrity protection key.

A ninth aspect provides a method for relaying communications, which method includes:

The relay device receives a direct communication request sent by the first terminal device; wherein the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, The first temporary public key generated by the device, the first random number generated by the first terminal device; wherein the direct communication request is encrypted through the first encryption key, and the direct communication request is performed through the first integrity protection key Integrity protection, the first encryption key is an encryption key derived based on the symmetric key of the terminal that has been registered and authorized to use UE-to-UE relay communication, and the first integrity protection key is based on the registered and Integrity protection key derived from the symmetric key of the terminal authorized to use UE-to-UE relay communication;

The relay device verifies whether it is configured to forward the direct communication request, and after the verification is passed, the relay device uses the first encryption key to decrypt the direct communication request to obtain QoS and charging information, and the relay device uses the third An integrity protection key verifies the integrity of the direct communication request. After the verification is passed, the relay device adds the relevant information of the relay device and the identification of the relay device in the direct communication request, and the relay device Use the first encryption key to encrypt the direct communication request, and use the first integrity protection key to protect the integrity of the direct communication request;

Among them, the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter generated by the relay device; the first temporary public key and the relay device The relevant information is used by the second terminal device to derive the first key; the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key, and the second The key is used to derive the second encryption key and/or the second integrity protection key, or the first random number, the first key and the second random number generated by the second terminal device are used to derive the second random number. A second encryption key and/or a second integrity protection key.

A tenth aspect provides a terminal device for executing the method in the first aspect.

Specifically, the terminal device includes a functional module for executing the method in the first aspect.

An eleventh aspect provides a terminal device for executing the method in the above second aspect.

Specifically, the terminal device includes a functional module for executing the method in the above second aspect.

A twelfth aspect provides a relay device for performing the method in the above third aspect.

Specifically, the relay device includes a functional module for executing the method in the above third aspect.

A thirteenth aspect provides a terminal device for performing the method in the fourth aspect.

Specifically, the terminal device includes a functional module for executing the method in the fourth aspect.

A fourteenth aspect provides a terminal device for performing the method in the fifth aspect.

Specifically, the terminal device includes a functional module for executing the method in the fifth aspect.

A fifteenth aspect provides a relay device for performing the method in the above-mentioned sixth aspect.

Specifically, the relay device includes a functional module for executing the method in the sixth aspect.

A sixteenth aspect provides a terminal device for performing the method in the seventh aspect.

Specifically, the terminal device includes a functional module for executing the method in the seventh aspect.

A seventeenth aspect provides a terminal device for performing the method in the eighth aspect.

Specifically, the terminal device includes a functional module for executing the method in the eighth aspect.

An eighteenth aspect provides a relay device for performing the method in the ninth aspect.

Specifically, the relay device includes a functional module for executing the method in the ninth aspect.

A nineteenth aspect provides a terminal device, including a processor and a memory; the memory is used to store a computer program, and the processor is used to call and run the computer program stored in the memory, so that the terminal device executes the above first aspect or the method in the second aspect, or causing the terminal device to perform the method in the fourth or fifth aspect, or causing the terminal device to perform the method in the seventh or eighth aspect.

In a twentieth aspect, a relay device is provided, including a processor and a memory; the memory is used to store a computer program, and the processor is used to call and run the computer program stored in the memory, so that the relay device executes the above-mentioned The method in the third aspect either causes the relay device to perform the method in the sixth aspect, or causes the relay device to perform the method in the ninth aspect.

A twenty-first aspect provides a device for implementing the method in any one of the above-mentioned first to ninth aspects.

Specifically, the device includes: a processor, configured to call and run a computer program from a memory, so that a device installed with the device executes the method in any one of the above-mentioned first to ninth aspects.

A twenty-second aspect provides a computer-readable storage medium for storing a computer program that causes a computer to execute the method in any one of the above-mentioned first to ninth aspects.

In a twenty-third aspect, a computer program product is provided, including computer program instructions that cause a computer to execute the method in any one of the above-mentioned first to ninth aspects.

A twenty-fourth aspect provides a computer program that, when run on a computer, causes the computer to execute the method in any one of the above-mentioned first to ninth aspects.

Through the technical solutions of the first to third aspects, the first terminal device can generate the first key based on the authentication request message sent by the second terminal device through the relay device, and the authentication request message is protected through signature verification. . and a first random number generated by the first terminal device, a first key and a second random number generated by the second terminal device for deriving a second key, the second key being used for deriving an integrity protection key and/or The confidentiality protection key can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing other devices and even relay devices from being intercepted. tapping.

Through the technical solutions of the fourth aspect to the sixth aspect, the first random number and the first key generated by the first terminal device and the second random number generated by the second terminal device are used to derive the second key. The key is used to derive the integrity protection key and/or the confidentiality protection key, which can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality of the data transmitted by both parties. and integrity to prevent eavesdropping by other devices or even relay devices.

Through the technical solutions of the seventh to ninth aspects, the first terminal device can generate the first key based on the direct communication request sent by the second terminal device through the relay device, and the direct communication request is performed through the first encryption key. Encryption, and direct communication requests are integrity protected via a first integrity protection key. and a first random number generated by the first terminal device, a first key and a second random number generated by the second terminal device for deriving the second key, the second key being used for deriving the second encryption key and/or The second integrity protection key, or the first random number generated by the first terminal device, the first key and the second terminal device are used to derive the second random number to generate the second encryption key and/or the second integrity Protecting the key can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing eavesdropping by other devices and even relay devices.

Description of the drawings

Figure 1 is a schematic diagram of a communication system architecture applied in an embodiment of the present application.

Figures 2 to 4 are respectively schematic flow charts for establishing secure communication in the UE-to-UE relay scenario provided by this application.

Figure 5 is a schematic flow chart of UE-to-UE relay communication provided by this application.

Figure 6 is a schematic flow chart of another UE-to-UE relay communication provided by this application.

Figure 7 is a schematic flowchart of a method for relaying communications provided according to an embodiment of the present application.

Figure 8 is a schematic diagram of the key hierarchical structure involved in the embodiment of the present application.

Figure 9 is a schematic flowchart of another method of relaying communications provided according to an embodiment of the present application.

Figure 10 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.

Figure 11 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.

Figure 12 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.

Figure 13 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.

Figures 14 to 15 are respectively schematic flow charts for establishing secure communication in a UE-to-UE relay scenario provided by embodiments of the present application.

Figure 16 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.

Figure 17 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.

Figure 18 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.

Figures 19 to 22 are respectively schematic flow charts for establishing secure communication in a UE-to-UE relay scenario provided by embodiments of the present application.

Figures 23 to 31 are respectively schematic block diagrams of terminal equipment provided according to embodiments of the present application.

Figure 32 is a schematic block diagram of a communication device provided according to an embodiment of the present application.

Figure 33 is a schematic block diagram of a device provided according to an embodiment of the present application.

Figure 34 is a schematic block diagram of a communication system provided according to an embodiment of the present application.

Detailed ways

The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, but not all of the embodiments. Regarding the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the scope of protection of this application.

The technical solutions of the embodiments of the present application can be applied to various communication systems, such as: Global System of Mobile communication (GSM) system, Code Division Multiple Access (Code Division Multiple Access, CDMA) system, broadband code division multiple access (Wideband Code Division Multiple Access, WCDMA) system, General Packet Radio Service (GPRS), Long Term Evolution (LTE) system, Advanced long term evolution (LTE-A) system , New Radio (NR) system, evolution system of NR system, LTE (LTE-based access to unlicensed spectrum, LTE-U) system on unlicensed spectrum, NR (NR-based access to unlicensed spectrum) unlicensed spectrum (NR-U) system, Non-Terrestrial Networks (NTN) system, Universal Mobile Telecommunication System (UMTS), Wireless Local Area Networks (WLAN), Internet of Things ( internet of things (IoT), wireless fidelity (Wireless Fidelity, WiFi), fifth-generation communication (5th-Generation, 5G) system or other communication systems, etc.

Generally speaking, traditional communication systems support a limited number of connections and are easy to implement. However, with the development of communication technology, mobile communication systems will not only support traditional communication, but also support, for example, Device to Device, D2D) communication, Machine to Machine (M2M) communication, Machine Type Communication (MTC), Vehicle to Vehicle (V2V) communication, or Vehicle to everything (V2X) communication, etc. , the embodiments of the present application can also be applied to these communication systems.

In some embodiments, the communication system in the embodiments of the present application can be applied to a carrier aggregation (Carrier Aggregation, CA) scenario, a dual connectivity (Dual Connectivity, DC) scenario, or a standalone (Standalone, SA) scenario. ) network deployment scenario, or applied to Non-Standalone (NSA) network deployment scenario.

In some embodiments, the communication system in the embodiments of the present application can be applied to unlicensed spectrum, where the unlicensed spectrum can also be considered as shared spectrum; or, the communication system in the embodiments of the present application can also be applied to licensed spectrum, Among them, licensed spectrum can also be considered as unshared spectrum.

In some embodiments, the communication system in the embodiment of the present application can be applied to the FR1 frequency band (corresponding to the frequency band range 410MHz to 7.125GHz), can also be applied to the FR2 frequency band (corresponding to the frequency band range 24.25GHz to 52.6GHz), and can also be applied to The new frequency band, for example, corresponds to the frequency band range of 52.6 GHz to 71 GHz or the high frequency band corresponding to the frequency band range of 71 GHz to 114.25 GHz.

The embodiments of this application describe various embodiments in combination with network equipment and terminal equipment. The terminal equipment may also be called user equipment (User Equipment, UE), access terminal, user unit, user station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, terminal, wireless communication equipment, user agent or user device, etc.

The terminal device can be a station (STATION, ST) in the WLAN, a cellular phone, a cordless phone, a Session Initiation Protocol (Session Initiation Protocol, SIP) phone, a wireless local loop (Wireless Local Loop, WLL) station, or a personal digital assistant. (Personal Digital Assistant, PDA) devices, handheld devices with wireless communication capabilities, computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, wearable devices, next-generation communication systems such as terminal devices in NR networks, or in the future Terminal equipment in the evolved Public Land Mobile Network (PLMN) network, etc.

In the embodiment of this application, the terminal device can be deployed on land, including indoor or outdoor, handheld, wearable or vehicle-mounted; it can also be deployed on water (such as ships, etc.); it can also be deployed in the air (such as aircraft, balloons and satellites). superior).

In the embodiment of this application, the terminal device may be a mobile phone (Mobile Phone), a tablet computer (Pad), a computer with a wireless transceiver function, a virtual reality (Virtual Reality, VR) terminal device, or an augmented reality (Augmented Reality, AR) terminal. Equipment, wireless terminal equipment in industrial control, wireless terminal equipment in self-driving, wireless terminal equipment in remote medical, wireless terminal equipment in smart grid , wireless terminal equipment in transportation safety, wireless terminal equipment in smart city (smart city) or wireless terminal equipment in smart home (smart home), vehicle-mounted communication equipment, wireless communication chip/application specific integrated circuit (ASIC)/system on chip (System on Chip, SoC), etc.

As an example and not a limitation, in this embodiment of the present application, the terminal device may also be a wearable device. Wearable devices can also be called wearable smart devices. It is a general term for applying wearable technology to intelligently design daily wear and develop wearable devices, such as glasses, gloves, watches, clothing and shoes, etc. A wearable device is a portable device that is worn directly on the body or integrated into the user's clothing or accessories. Wearable devices are not just hardware devices, but also achieve powerful functions through software support, data interaction, and cloud interaction. Broadly defined wearable smart devices include full-featured, large-sized devices that can achieve complete or partial functions without relying on smartphones, such as smart watches or smart glasses, and those that only focus on a certain type of application function and need to cooperate with other devices such as smartphones. Use, such as various types of smart bracelets, smart jewelry, etc. for physical sign monitoring.

In the embodiment of this application, the network device may be a device used to communicate with mobile devices. The network device may be an access point (Access Point, AP) in WLAN, or a base station (Base Transceiver Station, BTS) in GSM or CDMA. , or it can be a base station (NodeB, NB) in WCDMA, or an evolutionary base station (Evolutional Node B, eNB or eNodeB) in LTE, or a relay station or access point, or a vehicle-mounted device, a wearable device, and an NR network network equipment or base station (gNB) or network equipment in the future evolved PLMN network or network equipment in the NTN network, etc.

As an example and not a limitation, in the embodiment of the present application, the network device may have mobile characteristics, for example, the network device may be a mobile device. In some embodiments, network devices may be satellites or balloon stations. For example, the satellite can be a low earth orbit (LEO) satellite, a medium earth orbit (MEO) satellite, a geosynchronous orbit (geostationary earth orbit, GEO) satellite, a high elliptical orbit (High Elliptical Orbit, HEO) satellite ) satellite, etc. In some embodiments, the network device may also be a base station installed on land, water, or other locations.

In this embodiment of the present application, network equipment can provide services for a cell, and terminal equipment communicates with the network equipment through transmission resources (for example, frequency domain resources, or spectrum resources) used by the cell. The cell can be a network equipment ( For example, the cell corresponding to the base station) can belong to the macro base station or the base station corresponding to the small cell (Small cell). The small cell here can include: urban cell (Metro cell), micro cell (Micro cell), pico cell ( Pico cell), femto cell (Femto cell), etc. These small cells have the characteristics of small coverage and low transmission power, and are suitable for providing high-rate data transmission services.

Exemplarily, the communication system 100 applied in the embodiment of the present application is shown in Figure 1 . The communication system 100 may include a network device 110, which may be a device that communicates with a terminal device 120 (also referred to as a communication terminal or terminal). The network device 110 can provide communication coverage for a specific geographical area and can communicate with terminal devices located within the coverage area.

Figure 1 exemplarily shows one network device and two terminal devices. In some embodiments, the communication system 100 may include multiple network devices and other numbers of terminal devices may be included within the coverage of each network device. The embodiments of the present application do not limit this.

In some embodiments, the communication system 100 may also include other network entities such as a network controller and a mobility management entity, which are not limited in the embodiments of the present application.

It should be understood that in the embodiments of this application, devices with communication functions in the network/system may be called communication devices. Taking the communication system 100 shown in Figure 1 as an example, the communication device may include a network device 110 and a terminal device 120 with communication functions. The network device 110 and the terminal device 120 may be the specific devices described above, which will not be described again here. ; The communication device may also include other devices in the communication system 100, such as network controllers, mobility management entities and other network entities, which are not limited in the embodiments of this application.

It should be understood that the terms "system" and "network" are often used interchangeably herein. The term "and/or" in this article is just an association relationship that describes related objects, indicating that three relationships can exist. For example, A and/or B can mean: A exists alone, A and B exist simultaneously, and they exist alone. B these three situations. In addition, the character "/" in this article generally indicates that the related objects are an "or" relationship.

It should be understood that this article involves a first communication device and a second communication device. The first communication device may be a terminal device, such as a mobile phone, a machine facility, a Customer Premise Equipment (CPE), industrial equipment, a vehicle, etc.; the second communication device The device may be a peer communication device of the first communication device, such as a network device, a mobile phone, an industrial device, a vehicle, etc. This article takes the first communication device as a terminal device and the second communication device as a network device as a specific example for description.

The terms used in the embodiments of the present application are only used to explain specific embodiments of the present application and are not intended to limit the present application. The terms “first”, “second”, “third” and “fourth” in the description, claims and drawings of this application are used to distinguish different objects, rather than to describe a specific sequence. . Furthermore, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusion.

It should be understood that the "instruction" mentioned in the embodiments of this application may be a direct instruction, an indirect instruction, or an association relationship. For example, A indicates B, which can mean that A directly indicates B, for example, B can be obtained through A; it can also mean that A indirectly indicates B, for example, A indicates C, and B can be obtained through C; it can also mean that there is an association between A and B. relation.

In the description of the embodiments of this application, the term "correspondence" can mean that there is a direct correspondence or indirect correspondence between the two, it can also mean that there is an associated relationship between the two, or it can mean indicating and being instructed, configuration and being. Configuration and other relationships.

In the embodiment of this application, "predefinition" or "preconfiguration" can be achieved by pre-saving corresponding codes, tables or other methods that can be used to indicate relevant information in devices (for example, including terminal devices and network devices). The application does not limit its specific implementation method. For example, predefined can refer to what is defined in the protocol.

In the embodiments of this application, the "protocol" may refer to a standard protocol in the communication field, for example, it may be an evolution of the existing LTE protocol, NR protocol, Wi-Fi protocol or protocols related to other communication systems. The application does not limit the type of agreement.

In order to facilitate understanding of the technical solutions of the embodiments of the present application, the technical solutions of the present application are described in detail below through specific embodiments. The following related technologies can be arbitrarily combined with the technical solutions of the embodiments of the present application as optional solutions, and they all fall within the protection scope of the embodiments of the present application. The embodiments of this application include at least part of the following contents.

In order to achieve secure communication in UE-to-UE relay scenarios, the current stage mainly includes the following three solutions.

Solution 1, as shown in Figure 2, uses asymmetric encryption technology to protect communication between the source UE and the target UE. Based on the mutual authentication of the source UE and the target UE, and assuming that the relay is trustworthy, a connection is established between the source UE and the target UE, and the public keys of both parties are used to protect end-to-end security.

Option 2, as shown in Figure 3, the security establishment process between UE1 and UE2 in the UE-to-UE relay scenario. UE1 and UE2 establish PC5 connections with relay device 1 (relay 1) respectively, and then assume that UE1 and UE2 The shared key and key ID are configured. Finally, UE1 sends a message verification code (Message Authentication Code, MAC) to UE2 through relay device 1. UE2 verifies the message MAC and then replies to UE1.

Option 3, as shown in Figure 4, remote UE1 and remote UE2 establish secure PC5 links with the relay device. Remote UE1, relay device, and remote UE2 are directly discovered by the 5G Name Management Network Element (Direct Discovering Name Management). Function, DDNMF) and proximity communication service's key management network element (Prose Key Management Function, PKMF) provide discovery and relay of secure secret materials. The remote UE1 and the remote UE2 obtain the shared key (Identity, ID) and key from PKMF in advance. Then, the UE (remote UE1 and remote UE2) and the relay device will also obtain the corresponding keys from PKMF and establish PC5 secure connections respectively. Finally, the shared key is used to establish a secure channel between the remote UE1 and the remote UE2.

In order to facilitate a better understanding of the embodiments of this application, the terminal-to-UE relay (UE-to-UE relay) communication architecture and related processes involved in this application will be described.

In UE-to-UE relay communication, the communication architecture and corresponding processes are divided into two categories, namely connections for layer 2 (layer2, L2) and Internet Protocol-based connections for layer 3 (layer3, L3). , IP) connection. There are two situations in establishing L2 UE-to-UE relay connection: connection establishment is integrated in the discovery and selection of UE-to-UE relay, and connection establishment is after the discovery and selection of UE-to-UE relay. The following takes the connection establishment integrated in the discovery and selection of UE-to-UE relay as an example to introduce the relevant process. The flow chart is shown in Figure 5. The specific steps may include the following:

0.UE-to-UE Relay registers with the network and provides the UE-to-UE Relay function. UE-to-UE Relay is configured with relay policy parameters.

1. The target terminal (i.e. UE2, UE3 and UE4) determines the destination L2 ID for signaling reception when the PC5 unicast link is established.

2. On the source terminal (i.e. UE1), the application layer provides PC5 unicast communication information (such as broadcast L2 ID, ProSe application layer ID, terminal application layer ID, target terminal) to the Proximity-based Services (ProSe) layer Application layer ID, relay applicable indication), the ProSe layer triggers the terminal's discovery mechanism by sending an end-to-end broadcast direct communication request message. Messages are sent using the source L2 ID and broadcast L2 ID as destination, and contain other application-related parameters.

3. The UE-to-UE Relay receives the broadcast direct communication request message and verifies whether it is configured to forward this application. For example, it compares the announced ProSe application ID with the relay policy/parameters it provides. Compare. When UE-to-UE Relay forwards an end-to-end broadcast direct communication request message, it uses its own L2 ID as the source (Source) L2 ID, adds the relay (Relay) UE ID to the message, and specifies the identity at the adaptation layer. UE1 information. UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.

4a. The target UE3 is interested in the announced application. If there is no per-hop link between UE3 and UE-to-UE Relay, it will trigger the UE-to-UE Relay to establish a per-hop link. UE3 sends a link establishment process message for each hop. The source address is the UE3 L2 ID and the destination address is the relay's L2 ID.

4b. If there is no per-hop link between UE-to-UE relay and UE1, perform the per-hop link establishment process between UE-to-UE relay and UE1. UE1 uses its own L2 ID as the source address and the relay's L2 ID as the destination address.

5. If step 4a is successful, end-to-end authentication and security establishment messages are exchanged between UE1 and UE3 through UE-to-UE Relay. Includes an adaptation layer that identifies source terminals and/or target terminals. On receipt of the first message from UE3 via the relay, if there is no existing per-hop link between the relay and UE1, a per-hop link is performed between the UE-to-UE relay and UE1 Establish process.

6. Once an end-to-end secure connection is established between UE3 and UE1, UE3 completes the end-to-end link establishment between UE3 and UE1 by sending an end-to-end unicast direct communication accept message, which contains the identification number of UE1 Adaptation layer information.

7. UE-to-UE Relay forwards the end-to-end unicast direct communication acceptance message, including the adaptation layer information identifying UE3. During this process, the relay device sends messages to each terminal by modifying the source field and destination field.

In order to facilitate a better understanding of the embodiments of this application, the secure connection establishment process of one-to-many communication in ProSe involved in this application will be described.

The key management function in ProSe one-to-many communication and the key management function (PKMF) of the adjacent service (Prose Key Management Function, PKMF) network element generates symmetric keys for multiple UEs. The flow of the one-to-many ProSe secure communication process is shown in Figure 6 As shown, the specific steps may include the following:

0a or 0b: If necessary, in order to connect to PKMF, the terminal can configure any private key, related certificate or root certificate to ensure that the key can be kept confidential from the operator. If not provided, Universal Subscriber Identity Module (USIM) credentials are used to secure the interface. The terminal can also pre-configure the PKMF address. Note 1: PKMF is an independent logical entity that allows network operators to provide radio level parameters, while third parties (such as public safety services) can control the issuance of keys.

0c and 0d: Subscribers belonging to each group need to configure the ProSe function and ProSe key management function. PKMF requires pre-selecting encryption algorithms for each group based on local policies.

1a or 1b: The terminal obtains one-to-many communication parameters from the ProSe function. As part of this process, the endpoint obtains its group identity and is informed whether bearer layer security is required for the group. In addition, the UE may also be provided with the address of the PKMF used to obtain the set of keys.

2a.ii or 2b.ii: PKMF checks whether the UE supports the group encryption algorithm based on the UE's Evolved Packet System (EPS) security capabilities, that is, whether the group encryption algorithm is included in the EPS encryption algorithm set supported by the UE.

2a.iii or 2b.iii: PKMF responds with a key response message. If the check for a specific group in step 2a.ii or 2b.ii is successful, the message contains the group membership and the EPS encryption algorithm identifier that the UE should use when sending or receiving protected data for this group. Otherwise, the message contains an indicator that algorithm support failed because the UE does not support the required algorithm. If PKMF decides to use a new pairwise master key (PMK), the message may also contain the PMK and associated PMK ID.

2a.iv or 2b.iv: PKMF uses Multimedia Internet KEYing (MIKEY) to send the relevant ProSe Group Key (PGK), PGK ID and expiration time to the UE.

3a or 3b: The UE calculates the ProSe Transport Key (PTK) and the ProSe Encrypt Key (PEK) to protect the traffic it sends to the group. It does this by selecting a PGK and using the identity and counter combination of the next unused PTK. It then protects the data using the algorithm given in step 2x.ii.

4a or 4b: The receiving UE obtains the Logical Channel Identity (LC ID), group identity and group membership from the Layer 2 header. It then uses the received PGK identity bits to identify which PGK was used by the sender. The UE first checks whether the PGK is valid, and if valid, calculates the PTK and PEK to process the received message.

In order to facilitate a better understanding of the embodiments of the present application, the problems solved by the present application will be described.

UE-to-UE relay scenario security communication solutions all have some flaws. For example, in the above solution 1, the default relay is trustworthy, so there are restrictions on strong assumptions, and when the UE negotiates security capabilities, they are all clear text messages, which may suffer Tampering, in addition, the source and authenticity of the public key and the source of the communication key in Scheme 1 are not clear (for example, it is not determined whether to determine the source of the communication key through negotiation or one-way encryption), and it does not involve the use of public key technology. Key management solution. Solution 2 does not mention the process of preconfiguring the shared key, and the solution process is controversial. The process of option three is more complicated, has too many interactions, and is not light enough. Therefore, it is necessary to explore a simpler way to establish a secure connection without losing security, and explore a more efficient key management structure to ensure the confidentiality and integrity of UE identity security and communication data.

Based on the above problems, this application proposes a relay communication solution that can ensure the security of the terminal identity and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing other devices and even relay devices from of eavesdropping.

The technical solutions of the present application are described in detail below through specific examples.

Figure 7 is a schematic flowchart of a communication relay method 200 according to an embodiment of the present application. As shown in Figure 7, the communication relay method 200 may include at least part of the following content:

S210. The first terminal device receives the authentication request message sent by the second terminal device through the relay device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to whom the relay device belongs. information, the first temporary public key generated by the second terminal device, the signature of the second terminal device, the signature of the relay device, and relevant information of the relay device; wherein, the information of the user to which the second terminal device belongs includes The identifier of the second terminal device and the PVT and KPAK of the second terminal device; the information of the user to which the relay device belongs includes the identifier of the relay device and the PVT and KPAK of the relay device; the signature of the second terminal device The input parameters of the relay device include at least one of the following: the information of the user to which the second terminal device belongs and the first temporary public key; the input parameters of the signature of the relay device include at least one of the following: the signature of the second terminal device and the first temporary public key. The information of the user to which the relay device belongs; the first temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key; the relevant information of the relay device includes one of the following: the relay The identity information of the device, the random number generated by the relay device, and the counter generated by the relay device.

This embodiment is based on the ECCSI signature scheme to establish a secure connection in the UE-to-UE relay scenario under the L2 architecture. Specifically, the embodiments of this application are applied to the UE-to-UE relay scenario under the L2 architecture, that is, the first terminal device and the second terminal device communicate through the relay device. For example, the relay connection between the first terminal device and the second terminal device may be a PC5 link.

In this embodiment of the present application, the first terminal device may be a source device or a source terminal, and the second terminal device may be a target device or a target terminal. The relay device may be a relay terminal.

In this embodiment of the present application, the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key. That is, the second terminal device may generate a signature of the second terminal device based on at least one of the information of the user to which the second terminal device belongs and the first temporary public key.

In this embodiment of the present application, the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs. That is, the relay device may generate the signature of the relay device based on at least one of the signature of the second terminal device and the information of the user to which the relay device belongs.

In some embodiments, the signature of the second terminal device is generated by a secret signing key (Secret Signing Key, SSK) of the second terminal device. Optionally, the public verification token (Public Validation Token, PVT) of the second terminal device, the public authentication key (Key Management Service Public Authentication Key, KPAK) of the key management server, and the secret signing key (SSK) The second terminal device may be pre-configured by a trusted central key management server (Key Management Service, KMS) through a secure channel. The secure channel can establish a secure connection between the second terminal device and the KMS based on the Authentication and Key Management for Applications (AKMA) mechanism or the Generic Bootstrapping Architecture (GBA) mechanism. The KMS can be managed directly by the operator or be a third-party service provider that has a commercial relationship with the operator.

In some embodiments, the relay device's signature is generated by the relay device's secret signing key (SSK). Optionally, the PVT, KPAK, and secret signature key (SSK) of the relay device may be pre-configured for the relay device by the trusted center KMS through a secure channel. The secure channel can be based on the AKMA mechanism or the GBA mechanism to establish a secure connection between the relay device and the KMS. The KMS can be directly managed by the operator or a third-party service provider that has a commercial relationship with the operator.

In some embodiments, the KPAK of the second terminal device and the KPAK of the relay device are valid, and the signature verification of the second terminal device based on the identity of the second terminal device and the PVT of the second terminal device is successful. , and if the signature verification of the relay device based on the identity of the relay device and the PVT of the relay device is successful, the first terminal device generates a second temporary private key, and the first terminal device generates a second temporary private key according to the first terminal device. The first key is derived from a temporary public key, relevant information of the relay device and the second temporary private key.

Specifically, the first terminal device may verify the validity of the KPAK of the second terminal device and the KPAK of the relay device based on one or more KPAKs stored locally. For example, if there is a KPAK consistent with the KPAK of the second terminal device in the KPAK stored locally on the first terminal device, the KPAK of the second terminal device is valid; and there is a KPAK consistent with the KPAK stored locally on the first terminal device. In the case where the KPAK of the relay device is consistent with the KPAK, the KPAK of the relay device is valid. Optionally, one or more KPAKs stored locally on the first terminal device may be preconfigured by the KMS.

Specifically, in this embodiment of the present application, the first terminal device may derive the first secret key based on the first temporary public key generated by the second terminal device, the relevant information of the relay device, and the second temporary private key generated by the first terminal device. key. Optionally, the first terminal device may derive the first key based on the first temporary public key generated by the second terminal device, relevant information of the relay device, and the second temporary private key generated by the first terminal device; wherein, the The relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.

Correspondingly, the second terminal device may derive the first key based on the second temporary public key generated by the first terminal device, the relevant information of the relay device, and the first temporary private key generated by the second terminal device. Optionally, the second terminal device may derive the first key based on the second temporary public key generated by the first terminal device, relevant information of the relay device, and the first temporary private key generated by the second terminal device; wherein, the The relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.

Wherein, the first temporary public key generated by the second terminal device is paired with the first temporary private key generated by the second terminal device, and the second temporary public key generated by the first terminal device is paired with the second temporary private key generated by the first terminal device. pair.

For example, the first terminal device can calculate the first key based on the first temporary public key and the second temporary private key and use the ECIES algorithm; the second terminal device can calculate the first key based on the second temporary public key and the first temporary private key. And use the ECIES algorithm to calculate the first key.

In some embodiments, the first terminal device sends the first message to the second terminal device through the relay device;

Wherein, the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, a third message generated by the first terminal device. A random number, a second temporary public key generated by the first terminal device paired with the second temporary private key, M bits of the identification of the first key generated by the first terminal device, the first terminal Device signature, first message verification code;

Wherein, the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device; the input parameters of the signature of the first terminal device include at least one of the following: the first terminal Information about the user to whom the device belongs, the second temporary public key, M bits of the identification of the first key, and the signature of the second terminal device;

Wherein, the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device.

Specifically, the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the key generated by the second terminal device. The second random number is used to derive a second key. The second key is used to derive an integrity protection key and/or a confidentiality protection key. The identity of the first key is composed of the M bits and the first key. The other N bits of the identifier of a key are combined, and M and N are both positive integers.

In this embodiment of the present application, the first random number and the first key generated by the first terminal device and the second random number generated by the second terminal device are used to derive the second key. That is, the first terminal device derives the second key based on at least the first random number, the first key and the second random number, and the first terminal device can derive the integrity protection key and/or the secret based on the second key. The first terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key. Similarly, the second terminal device may derive the second key based on at least the first random number, the first key and the second random number, and the second terminal device may derive the integrity protection key and/or the secret based on the second key. The second terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key.

In this embodiment of the present application, the input parameters of the first message verification code include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the first random number, the third 2. Temporary public key, the M bits. That is, the first terminal device can be based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the information of the user to which the first terminal device belongs, and the second temporary At least one of the public key, the M bits, and the signature of the first terminal device is used to generate the first message verification code.

For example, assume that the input parameters of the first message verification code include: the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, and the information of the user to which the first terminal device belongs. , the second temporary public key, the M bits, and the signature of the first terminal device. The second terminal device may generate a first message verification based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. code and compare it with the first message verification code contained in the first message. If they are consistent, the first message verification code is valid.

In some embodiments, the first message is an authentication response message, or the first message is a safe mode command message.

In some embodiments, the security capability information of the first terminal device may be a list of cryptographic algorithms supported by the first terminal device.

In some embodiments, the security policy information of the first terminal device may be whether the first terminal device supports confidentiality protection or integrity protection. The security policy information of the first terminal device includes: the security policy information of the first terminal device on the control plane, and/or the security policy information of the first terminal device on the user plane.

In some embodiments, the M bits may be the highest M bits of the identity of the first key, and the N bits may be the lowest N bits of the identity of the first key; or, The M bits may be the first M bits of the identifier of the first key, and the N bits may be the last N bits of the identifier of the first key; or, the M bits may be are the even-numbered bits of the identifier of the first key, and the N bits may be the odd-numbered bits of the identifier of the first key.

In some embodiments, the values of M and N may be the same or different, which is not limited by this application.

In some embodiments, the first terminal device receives the second message sent by the second terminal device through the relay device;

Wherein, the second message includes at least one of the following: the second random number generated by the second terminal device, N bits of the identification of the first key generated by the second terminal device, x bits of the identifier of the generated second key, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second message verification code;

Wherein, the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the third integrity protection key generated based on the second key. The second message verification code performs integrity protection, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, and the second terminal device selected Security algorithm, the security policy selected by the second terminal device;

Wherein, the identifier of the second key is obtained by combining the x bits and the other y bits of the identifier of the second key, and both x and y are positive integers.

In some embodiments, the x bits may be the highest x bits of the identity of the second key, and the y bits may be the lowest y bits of the identity of the second key; or, The x bits may be the first x bits of the identifier of the second key, and the y bits may be the last y bits of the identifier of the second key; or, the x bits may be are the even-numbered bits of the identifier of the second key, and the y bits may be the odd-numbered bits of the identifier of the second key.

In some embodiments, the values of x and y may be the same or different, which is not limited by this application.

In some embodiments, if the information carried in the second message has not been tampered with, the first terminal device generates the second random number based on at least the first random number, the first key and the second random number. key, the first terminal device generates an integrity protection key and/or a confidentiality protection key based on the second key, and the first terminal device combines the M bits and the N bits to obtain the The identification of the first key, the first terminal device generates y bits of the identification of the second key, and combines the x bits and the y bits to obtain the identification of the second key;

When the second message verification code is valid, the first terminal device generates an integrity protection key and/or a secret based on the security algorithm selected by the second terminal device, the second key, and the second key. The security protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.

For example, assume that the input parameters of the second message verification code include: the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, the security strategy. The first terminal device may generate a second message verification code based on the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, and the security policy selected by the second terminal device. , and compared with the second message verification code contained in the second message. If they are consistent, the second message verification code is valid.

In some embodiments, the second message is encrypted with the first key. Of course, the second message may not be encrypted using the first key, or the second message may not be encrypted.

In some embodiments, the first terminal device decrypts the second message according to the first key; if the information carried in the second message is not tampered with, the first terminal device at least decrypts the second message according to the first random key. number, the first key and the second random number to generate the second key, the first terminal device generates an integrity protection key and/or a confidentiality protection key based on the second key, and the first The terminal device combines the M bits and the N bits to obtain the identity of the first key, the first terminal device generates y bits of the identity of the second key, and combines the x bits Combine with the y bits to obtain the identity of the second key;

Specifically, the second terminal device may select a security algorithm based on the security capability information of the first terminal device, and/or the second terminal device may select a security policy based on the security policy information of the first terminal device.

In some embodiments, the first terminal device may use the first random number, the first key, the second random number, the source identifier, the target identifier, the length of the first random number, the second random number. At least one of the length of the number, the length of the source identifier, and the length of the target identifier is used to generate the second key. Wherein, the source identifier is used to identify the source end of the relay connection between the first terminal device and the second terminal device, and the target identifier is used to identify the intermediate connection between the first terminal device and the second terminal device. The destination of the connection. In addition, the input parameters of the second key may also include other system setting parameters, such as one or more fixed parameters specified by 3GPP.

In some embodiments, the first message is an authentication response message, and the second message is a Secure Mode Command (Secure Mode Command, SMC) message.

In some embodiments, the first message is a safe mode command (SMC) message and the second message is a safe mode response message.

In some embodiments, the first terminal device sends the third message to the second terminal device through the relay device;

Wherein, the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the y bits of the identification of the second key, Third message verification code;

Wherein, the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;

Wherein, the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the third message verification code generated based on the integrity protection key derived based on the second key. The three-message verification code performs integrity protection, and the input parameters of the third message verification code include the y bits.

That is to say, the third message is integrity protected by the third message verification code, which is generated based on the second key, or the third message verification code is based on the integrity derived from the second key. Sexually protected key generation.

In some embodiments, for the second terminal device, the second terminal device decrypts the third message using the target key; provided that the information carried in the third message has not been tampered with, and the third message When the three-message verification code is valid, the second terminal device combines the x bits and the y bits to obtain the identity of the second key. Specifically, the second terminal device can generate a third message verification code based on the y bits, and compare it with the third message verification code contained in the third message. If the comparison is consistent, the third message verification code The message verification code is valid.

For example, the third message is a security mode complete message (security mode complete).

In some embodiments, the first terminal device receives an error message sent by the second terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein the error message The reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the second terminal device The security algorithm negotiation between the device and the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information;

If the fourth message verification code is valid, the first terminal device determines that the security mode establishment fails, and/or the first terminal device re-initiates the security mode establishment process.

In some embodiments, the error message may also be integrity protected.

Specifically, for example, the cause information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device. For example, the second terminal device does not support the security policy information of the first terminal device carried in the first message. .

Specifically, for example, the cause information is used to indicate that the security algorithm negotiation between the second terminal device and the first terminal device failed. For example, the second terminal device does not support the security capabilities of the first terminal device carried in the first message. information.

In some embodiments, the first key may be K _D , and the identifier of the first key may be K _D ID ; the second key may be K _{D -SESS} , and the identifier of the second key may be K _D-SESS ID.

In some embodiments, for the first terminal device, the input parameters when generating the first key include: a second temporary private key (Ephemeral private key2) generated by the first terminal device, a first temporary private key generated by the second terminal device. Temporary public key (Ephemeral public key1), and related information of the relay device (such as the identity information of the relay device, or the random number generated by the relay device, or the counter (COUNT) generated by the relay device). For the second terminal device, the input parameters when generating the first key include: the second temporary public key (Ephemeral public key2) generated by the first terminal device, the first temporary private key (Ephemeral private key2) generated by the second terminal device. key1), and related information of the relay device (such as the identity information of the relay device, or the random number generated by the relay device, or the counter (COUNT) generated by the relay device). The first temporary public key is paired with the first temporary private key, and the second temporary public key is paired with the second temporary private key.

In some embodiments, the integrity protection key includes an integrity protection key for the control plane (KD _-CPint ) and an integrity protection key for the user plane ( _KD-UPint ); and/or the confidentiality The protection keys include a confidentiality protection key for the control plane (K _D-CPenc ) and a confidentiality protection key for the user plane (K _D-UPenc ).

In some embodiments, the input parameters of the integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, and the integrity protection algorithm identifier. , the length of the integrity protection algorithm identifier. That is, the second key may be generated based on at least one of the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, and the length of the integrity protection algorithm identifier. Integrity protected key.

Optionally, the input parameters of the integrity protection key may also include some system setting parameters. When the second key is automatically refreshed, the integrity protection key is automatically updated.

In some embodiments, the input parameters of the confidentiality protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identification , the length of the confidentiality protection algorithm identifier. That is, the second key may be generated based on at least one of the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, and the length of the confidentiality protection algorithm identifier. Confidentiality protects keys.

Optionally, the input parameters of the confidentiality protection key may also include some system setting parameters. When the second key is automatically refreshed, the confidentiality protection key is automatically updated.

In some embodiments, for the control plane integrity protection key (K _D-CPint ), the selected algorithm type identifier may be represented by "Control Plane Integrity Protection Algorithm" or by setting a specific value.

In some embodiments, for the control plane confidentiality protected key (K _D-CPenc ), the selected algorithm type identifier may be represented by "Control Plane Confidentiality Protection Algorithm" or by setting a specific value.

In some embodiments, for the user plane integrity protection key (K _D-CPint ), the selected algorithm type identifier may be represented by "User Plane Integrity Protection Algorithm" or by setting a specific value.

In some embodiments, for user plane confidentiality protected keys (K _D-CPenc ), the selected algorithm type identifier may be represented by "user plane confidentiality protected algorithm" or by setting a specific value.

For example, the key hierarchical structure involved in this application can be shown in Figure 8.

Root key: Signature private key/secret signing key (Secret Signing Key, SSK) is the root of trust for UE-to-UE relay unicast link security. SSK, user identification (UE ID), and public key parameter PVT form the user's signature public and private key pair in the Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI) algorithm. Users each generate a temporary public and private key pair, and use the Elliptic Curve Integrated Encryption Scheme (ECIES) algorithm to generate K _D. In addition, the signature generated by the source device user ensures the authenticity of the identity and the authenticity of the temporary public key. Integrity and non-repudiation. The signature generated by the target device user ensures the authenticity of the identity and the integrity and non-repudiation of the temporary public key. This ensures that only the source device and the target device can obtain the key K _D . Therefore, the signature private key or SSK is the root of trust that ensures secure communication between the source device and the target device.

K _D : The key length is at least 256 bits (bits) and is generated by both the source device and the target device through temporary public and private key negotiation. Based on the root key, K _D is updated by rerunning the authentication process. K _D is used to generate the next layer key K _D-sess . The key can be saved even if there is no active communication session between the source and target devices. K _D ID can be used to identify K _D .

KD: For UE-1, the input parameters during generation include: UE-1’s temporary private key Ephemeral private key2, UE-2’s temporary public key Ephemeral public key1, and the identity information of UE-relay, or UE-relay The generated random number, or the counter COUNT generated by UE-relay; for UE-2, the input parameters during generation include: UE-1's temporary public key Ephemeral public key2, UE-2's temporary private key Ephemeral private key1, And the identity of UE-relay, or the random number generated by UE-relay, or the counter COUNT generated by UE-relay.

K _D-sess : The key length is at least 256 bits. K _D-sess is used to derive the next level of integrity protection or confidentiality protection key. K _{D -sess} can be refreshed based on K _D by rerunning the secure connection establishment process or the related key update process. K _D-sess ID is used to identify K _D-sess . _KD-sess is derived from _KD using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. The input parameters of K _D-sess must at least include the key K _D , the random number Nonce_1 (that is, the first random number generated by the first terminal device), and the random number Nonce_2 (that is, the second random number generated by the second terminal device). Optionally, the input parameters of K _D-sess may also include but are not limited to at least one of the following: source ID (Source ID), destination ID (Destination ID), the length of the random number Nonce_1, the length of the random number Nonce_2, the source ID (Source ID) length, destination ID (Destination ID) length. In addition, the input parameters of K _D-sess can also include other system setting parameters, such as one or more fixed parameters specified by 3GPP.

K _D-CPint : The key length is at least 128 bits. This key can be used for control plane data integrity protection. The key is derived by K _D-sess using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. Come. The input parameters of K _D-CPint must contain at least the key K _D-sess , the selected algorithm type identifier (such as "control plane integrity protection algorithm" or setting a specific value to represent it) and the selected algorithm type identifier. The length of the symbol, the integrity protection algorithm identifier and the length of the integrity protection algorithm identifier, and other system setting parameters can be used as optional input parameters. K _D _{-CPint is automatically updated when K D} -sess is automatically refreshed.

K _D-CPenc : The key length is at least 128 bits. This key can be used for control plane data confidentiality protection. The key is derived by K _D-sess using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. Come. The input parameters of K _D-CPenc must contain at least the key K _D-sess , the selected algorithm type identifier (such as "Control Plane Confidentiality Protection Algorithm" or set a specific value to represent it) and the selected algorithm type identifier The length, the confidentiality protection algorithm identifier and the length of the confidentiality protection algorithm identifier, and other system setting parameters can be used as optional input parameters. K _D _{-CPenc is automatically updated when K D-} sess is automatically refreshed.

K _D-UPint : The key length is at least 128 bits. This key can be used for user plane data integrity protection. The key is derived by K _D-sess using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. Come. The input parameters of K _D-UPint must contain at least the key K _D-sess , the selected algorithm type identifier (such as "user plane integrity protection algorithm" or setting a specific value to represent it) and the selected algorithm type identifier. The length of the symbol, the integrity protection algorithm identifier and the length of the integrity protection algorithm identifier, and other system setting parameters can be used as optional input parameters. K D _-UPint is automatically updated when K _D-sess is automatically refreshed.

K _D-UPenc : The key length is at least 128 bits. This key can be used for user plane data confidentiality protection. The key is derived by K _D-sess using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. Come. The input parameters of K _D-UPenc must contain at least the key K _D-sess , the selected algorithm type identifier (such as "user plane confidentiality protection algorithm" or setting a specific value to represent it) and the selected algorithm type identifier. The length of the character, the confidentiality protection algorithm identifier and the length of the confidentiality protection algorithm identifier, and other system setting parameters can be used as optional input parameters. K D _{-UPenc is automatically updated when K D} _-sess is automatically refreshed.

In some embodiments, ECCSI in this application is only an example and is not limited to this algorithm. It can also be replaced by other identity-based public key signature and public key encryption algorithms. While replacing the public key algorithm, all requests Parameters related to the public key algorithm in the message need to be replaced accordingly.

In some embodiments, the key derivation function used by the first terminal device and the second terminal device in this application is not limited to HMAC-SHA-256 or HMAC-SM3, and includes any key derivation function that meets computational security.

In some embodiments, the input parameters of the key derivation function in this application are not limited to the necessary parameters mentioned above, and may include other optional parameters, such as fixed parameters set by the application system.

In some embodiments, the key management center in this application is not limited to KMS, PKMF, and 5GPKMF. Legal key management centers managed by operators or managed by third-party service providers are all applicable to the technical solution of this application.

In this solution, the symmetric key issued by PKMF to the terminal device that has been registered and authorized to use the UE-to-UE relay function is not limited to the above solution. The specific configuration can be changed according to the operator or service provider's design of PKMF. .

In some embodiments, the information elements in all interactive messages in the secure communication establishment process in this application are not limited to the content mentioned in the above solution, and optional information elements due to application system requirements can also be added.

Therefore, in this embodiment of the present application, the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key, and the second key is used to derive the integrity protection key and /or confidentiality protection key, which can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing other devices from even relaying Device eavesdropping.

The embodiment of this application is suitable for the secure communication establishment process between the first terminal device (source device) and the second terminal device (target device) under the 5G L2 UE-to-UE relay architecture. With the help of public key signature technology, it can ensure the identity authenticity of the terminal device and the non-repudiation of the message, and can resist replay attacks, man-in-the-middle attacks, disguise and other active attacks, while ensuring the integrity of the authentication process messages, and using the 3GPP standard The ECIES algorithm is used to establish end-to-end security between the source UE and the target UE, ensuring the confidentiality and integrity of the data transmitted by both parties, and preventing eavesdropping by external adversaries and even relays; the embodiment of this application ensures The scalability of the secure communication establishment mechanism. In addition, the embodiments of this application can realize the security negotiation of the user plane and control plane security policies between the source UE and the target UE, as well as the encryption and integrity protection algorithms supported by both parties, and can achieve integrity. Protect against tampering and downgrade attacks.

The first terminal device side embodiment of the present application is described in detail above with reference to FIGS. 7 to 8 . The second terminal device side embodiment of the present application is described in detail below with reference to FIG. 9 . It should be understood that the second terminal device side implementation The example corresponds to the first terminal device side embodiment, and similar descriptions may refer to the first terminal device side embodiment.

Figure 9 is a schematic flowchart of a communication relay method 300 according to an embodiment of the present application. As shown in Figure 9, the communication relay method 300 may include at least part of the following content:

S310. The second terminal device sends an authentication request message to the first terminal device through the relay device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first user generated by the second terminal device. A temporary public key, the signature of the second terminal device, and relevant information of the relay device; wherein the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device. ; The input parameters of the signature of the second terminal device include at least one of the following: information about the user to which the second terminal device belongs and the first temporary public key; related information about the first temporary public key and the relay device for The first terminal device derives a first key; the relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.

In some embodiments, the signature of the second terminal device is generated by the secret signing key (SSK) of the second terminal device. Optionally, the PVT, KPAK, and secret signature key (SSK) of the second terminal device may be pre-configured by the trusted center KMS for the second terminal device through a secure channel. The secure channel may be based on the AKMA mechanism or the GBA mechanism to establish a secure connection between the second terminal device and the KMS. The KMS may be directly managed by the operator or be a third-party service provider that has a commercial relationship with the operator.

In some embodiments, the second terminal device receives the first message sent by the first terminal device through the relay device;

Wherein, the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, and information of the user to which the relay device belongs. , the first random number generated by the first terminal device, the second temporary public key paired with the second temporary private key generated by the first terminal device, the identification of the first key generated by the first terminal device M bits, the signature of the first terminal device, the signature of the relay device, and the first message verification code;

Wherein, the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device; the information of the user to which the relay device belongs includes the identification of the relay device and the relay device. PVT and KPAK; the input parameters of the signature of the first terminal device include at least one of the following: information of the user to which the first terminal device belongs, the second temporary public key, and M bits of the identification of the first key , the signature of the second terminal device; the input parameters of the signature of the relay device include at least one of the following: information of the user to which the relay device belongs, the signature of the first terminal device, the signature of the second terminal device;

Wherein, the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the information of the user to which the relay device belongs, the first random number, the second temporary public key, the M bits, The signature of the first terminal device and the signature of the relay device;

Wherein, the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the third key generated by the second terminal device. Two random numbers are used to derive a second key. The second key is used to derive an integrity protection key and/or a confidentiality protection key. The identity of the first key is composed of the M bits and the first The other N bits of the key's identifier are combined, and M and N are both positive integers.

In this embodiment of the present application, the input parameters of the first message verification code include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, user information of the user to which the first terminal device belongs. information, the information of the user to which the relay device belongs, the first random number, the second temporary public key, and the M bits. That is, the first terminal device can be based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, the M bits, and the At least one of the signature of the first terminal device and the signature of the relay device generates the first message verification code.

In some embodiments, the signature of the first terminal device is generated by the secret signature key of the first terminal device.

In some embodiments, the relay device's signature is generated by the relay device's secret signing key.

In some embodiments, the second terminal device checks the KPAK of the first terminal device and the KPAK of the relay device respectively. If the KPAK of the first terminal device and the KPAK of the relay device are valid, and based on The identity of the first terminal device and the PVT of the first terminal device are used to verify the signature of the first terminal device, and the signature of the relay device is verified based on the identity of the relay device and the PVT of the relay device. ;

When the signature of the first terminal device and the signature of the relay device are verified successfully, and the information carried in the first message has not been tampered with, the second terminal device generates a second random number, and the second terminal device generates a second random number. The second key is generated based on at least the first random number, the first key and the second random number, and the second terminal device generates an integrity protection key and/or a confidentiality protection key based on the second key. key, and the second terminal device generates N bits of the identifier of the first key, and combines the M bits and the N bits to obtain the identifier of the first key.

In some embodiments, the second terminal device may use the first random number, the first key, the second random number, the source identifier, the target identifier, the length of the first random number, the second random number. At least one of the length of the number, the length of the source identifier, and the length of the target identifier is used to generate the second key. Wherein, the source identifier is used to identify the source end of the relay connection between the first terminal device and the second terminal device, and the target identifier is used to identify the intermediate connection between the first terminal device and the second terminal device. The destination of the connection. In addition, the input parameters of the second key may also include other system setting parameters, such as one or more fixed parameters specified by 3GPP.

For example, assume that the input parameters of the first message verification code include: the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, the M bits. The second terminal device may generate a first message verification based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. code and compare it with the first message verification code contained in the first message. If they are consistent, the first message verification code is valid.

In some embodiments, when the first message verification code is valid, the second terminal device sends a second message to the first terminal device through the relay device; wherein the second message includes at least one of the following : the second random number, the N bits, the x bits of the identifier of the second key generated by the second terminal device, the security algorithm selected by the second terminal device, the Security policy, second message verification code;

In some embodiments, the first message is an authentication response message and the second message is a secure mode command (SMC) message.

Specifically, in this embodiment of the present application, the first terminal device may derive the first secret key based on the first temporary public key generated by the second terminal device, the relevant information of the relay device, and the second temporary private key generated by the first terminal device. key. Correspondingly, the second terminal device may derive the first key based on the second temporary public key generated by the first terminal device, the relevant information of the relay device, and the first temporary private key generated by the second terminal device. Wherein, the first temporary public key generated by the second terminal device is paired with the first temporary private key generated by the second terminal device, and the second temporary public key generated by the first terminal device is paired with the second temporary private key generated by the first terminal device. pair.

For example, the first terminal device can calculate the first key based on the first temporary public key, relevant information of the relay device, and the second temporary private key using the ECIES algorithm; the second terminal device can calculate the first key based on the second temporary public key. , the relevant information of the relay device and the first temporary private key, and use the ECIES algorithm to calculate the first key.

In some embodiments, the second terminal device receives the third message sent by the first terminal device through the relay device;

Wherein, the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the identification of the second key generated by the first terminal device y bits, the third message verification code;

In some embodiments, the second terminal device decrypts the third message using the target key; provided that the information carried in the third message has not been tampered with and the third message verification code is valid. Next, the second terminal device combines the x bits and the y bits to obtain the identity of the second key.

Specifically, the second terminal device can generate a third message verification code based on the y bits, and compare it with the third message verification code contained in the third message. If the comparison is consistent, the third message verification code The message verification code is valid.

In some embodiments, the second terminal device sends an error message to the first terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein the cause The information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the second terminal device The security algorithm negotiation with the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information.

Specifically, for the first terminal device, if the fourth message verification code is valid, the first terminal device determines that the security mode establishment fails, and/or the first terminal device re-initiates the security mode establishment process.

In some embodiments, the error message may also be integrity protected.

The first terminal device side embodiment and the second terminal device side embodiment of the present application are described in detail above with reference to Figures 7 to 9. Hereinafter, the relay device side embodiment of the present application is described in detail with reference to Figure 10. It should be understood that , the relay device side embodiment corresponds to the first terminal device side embodiment and the second terminal device side embodiment. Similar descriptions can be made with reference to the first terminal device side embodiment and the second terminal device side embodiment.

Figure 10 is a schematic flowchart of a method 400 for relaying communication according to an embodiment of the present application. As shown in Figure 10, the method 400 for relaying communication may include at least part of the following content:

S410. The relay device receives the authentication request message sent by the second terminal device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, and the first temporary public key generated by the second terminal device. , the signature of the second terminal device; wherein the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; the input parameters of the signature of the second terminal device include At least one of the following: information about the user to which the second terminal device belongs and the first temporary public key;

S420: When the KPAK of the second terminal device is valid and the signature verification of the second terminal device based on the identifier of the second terminal device and the PVT of the second terminal device is successful, the relay device sends a request to the first terminal device. The terminal device sends an authentication request message after verification; wherein the authentication request message after verification includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, and the first temporary public key. , the signature of the second terminal device, the signature of the relay device, and the relevant information of the relay device; wherein the information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device. ; The input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; wherein, the first temporary public key and the relevant information of the relay device are used The first key is derived from the first terminal device; the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.

Specifically, the relay device may verify the validity of the KPAK of the second terminal device based on one or more KPAKs stored locally. For example, if there is a KPAK consistent with the KPAK of the second terminal device among the KPAKs stored locally on the relay device, the KPAK of the second terminal device is valid. Optionally, one or more KPAKs stored locally on the first terminal device may be preconfigured by the KMS.

In this embodiment of the present application, the first terminal device may derive the first key based on the first temporary public key generated by the second terminal device, relevant information of the relay device, and the second temporary private key generated by the first terminal device. Correspondingly, the second terminal device may derive the first key based on the second temporary public key generated by the first terminal device, the relevant information of the relay device, and the first temporary private key generated by the second terminal device. Wherein, the first temporary public key generated by the second terminal device is paired with the first temporary private key generated by the second terminal device, and the second temporary public key generated by the first terminal device is paired with the second temporary private key generated by the first terminal device. pair.

In some embodiments, when the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device, the signature of the second terminal device is determined by the second terminal device. The device's Secret Signing Key (SSK) is generated. Optionally, the PVT, KPAK, and secret signature key (SSK) of the second terminal device may be pre-configured by the trusted center KMS for the second terminal device through a secure channel. The secure channel may be based on the AKMA mechanism or the GBA mechanism to establish a secure connection between the second terminal device and the KMS. The KMS may be directly managed by the operator or be a third-party service provider that has a commercial relationship with the operator.

In some embodiments, when the information about the user of the relay device includes the identity of the relay device, the PVT and KPAK of the relay device, the signature of the relay device is encrypted by the secret signature of the relay device. Key (SSK) is generated. Optionally, the PVT, KPAK, and secret signature key (SSK) of the relay device may be pre-configured for the relay device by the trusted center KMS through a secure channel. The secure channel can be based on the AKMA mechanism or the GBA mechanism to establish a secure connection between the relay device and the KMS. The KMS can be directly managed by the operator or a third-party service provider that has a commercial relationship with the operator.

In some embodiments, the relay device receives the first message sent by the first terminal device;

Wherein, the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, a third message generated by the first terminal device. A random number, the second temporary public key generated by the first terminal device, M bits of the identification of the first key generated by the first terminal device, the signature of the first terminal device, and the first message verification code ;

Specifically, when the KPAK of the first terminal device is valid and the signature verification of the first terminal device based on the identity of the first terminal device and the PVT of the first terminal device is successful, the relay device sends a message to the first terminal device. The second terminal device sends the first message after verification; wherein the first message after verification includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, Information about the user to whom the terminal device belongs, information about the user to whom the relay device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device and paired with the second temporary private key, M bits of the identification of the first key generated by the first terminal device, the signature of the first terminal device, the signature of the relay device, and the first message verification code; wherein, the user to whom the relay device belongs The information includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the relay device include at least one of the following: information of the user to which the relay device belongs, the signature of the first terminal device, The signature of the second terminal device, the first message after the verification;

In this embodiment of the present application, the input parameters of the first message verification code include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the first random number, the third 2. Temporary public key, the M bits. That is, the first terminal device can be based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. At least one of them generates the first message verification code.

In some embodiments, the relay device forwards the second message sent by the second terminal device to the first terminal device;

In some embodiments, the first terminal device may use the first random number, the first key, the second random number, the source identifier, the target identifier, the length of the first random number, the second random number. At least one of the length of the number, the length of the source identifier, and the length of the target identifier is used to generate the second key. And the second terminal device can use the first random number, the first key, the second random number, the source identifier, the target identifier, the length of the first random number, the length of the second random number, the The second key is generated using at least one of the length of the source identifier and the length of the target identifier.

Wherein, the source identifier is used to identify the source end of the relay connection between the first terminal device and the second terminal device, and the target identifier is used to identify the intermediate connection between the first terminal device and the second terminal device. The destination of the connection. In addition, the input parameters of the second key may also include other system setting parameters, such as one or more fixed parameters specified by 3GPP.

In some embodiments, the relay device forwards the third message sent by the first terminal device to the second terminal device;

In some embodiments, for the second terminal device, the second terminal device decrypts the third message using the target key; provided that the information carried in the third message has not been tampered with, and the third message When the three-message verification code is valid, the second terminal device combines the x bits and the y bits to obtain the identity of the second key.

In some embodiments, the relay device forwards the error message sent by the second terminal device to the first terminal device; wherein the error message includes at least one of the following: cause information, fourth message verification code; wherein, The reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the second terminal device The security algorithm negotiation between the terminal device and the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information.

Specifically, when the fourth message verification code is valid, the first terminal device determines that the security mode establishment fails, and/or the first terminal device re-initiates the security mode establishment process.

In some embodiments, the error message may also be integrity protected.

The embodiment of this application is suitable for the secure communication establishment process between the source device (first terminal device) and the target device (second terminal device) under the 5G L2 UE-to-UE relay architecture. With the help of public key signature technology, it can ensure the identity authenticity of the terminal device and the non-repudiation of the message, and can resist replay attacks, man-in-the-middle attacks, disguise and other active attacks, while ensuring the integrity of the authentication process messages, and using the 3GPP standard The ECIES algorithm is used to establish end-to-end security between the source UE and the target UE, ensuring the confidentiality and integrity of the data transmitted by both parties, and preventing eavesdropping by external adversaries and even relays; the embodiment of this application ensures The scalability of the secure communication establishment mechanism. In addition, the embodiments of this application can realize the security negotiation of the user plane and control plane security policies between the source UE and the target UE, as well as the encryption and integrity protection algorithms supported by both parties, and can achieve integrity. Protect against tampering and downgrade attacks.

The first terminal device side embodiment of the present application is described in detail above with reference to FIGS. 7 to 8 . Hereinafter, another embodiment of the first terminal device side of the present application is described in detail with reference to FIG. 11 . For similar descriptions, refer to A terminal device side embodiment.

Figure 11 is a schematic flowchart of a communication relay method 500 according to an embodiment of the present application. As shown in Figure 11, the communication relay method 500 may include at least part of the following content:

S510, the first terminal device sends a first message to the second terminal device through the relay device; wherein the first message includes at least one of the following: security capability information of the first terminal device, security policy of the first terminal device Information, information about the user to which the first terminal device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, and the identification of the first key generated by the first terminal device M bits, the signature of the first terminal device, and the first message verification code; wherein the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device; The input parameters of the signature of the first terminal device include at least one of the following: information of the user to which the first terminal device belongs, the second temporary public key, M bits of the identification of the first key, the second terminal Signature of the device; wherein the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the first terminal The security capability information of the device, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, the first terminal device signature; wherein the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the second terminal device The generated second random number is used to derive a second key, which is used to derive an integrity protection key and/or a confidentiality protection key. The identity of the first key is composed of the M bits and The other N bits of the identification of the first key are combined, and M and N are both positive integers; where the relevant information of the relay device includes one of the following: the identity information of the relay device, the relay device The random number generated by this relay device.

Wherein, the identifier of the second key is obtained by combining the x bits and the other y bits of the identifier of the second key, and x and y are both positive integers.

When the second message verification code is valid and the third message verification code is valid, the first terminal device generates a complete message based on the security algorithm selected by the second terminal device, the second key, and the second key. The security protection key and/or the confidentiality protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.

In some embodiments, the first message is an authentication response message, and the second message is an SMC message.

In some embodiments, the first message is an SMC message, and the second message is a safe mode response message.

In some embodiments, the first terminal device receives an error message sent by the second terminal device through the relay device; wherein, the error message includes at least one of the following: cause information, a fourth message verification code; wherein, the error message The reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the second terminal device The security algorithm negotiation between the device and the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information;

In some embodiments, the error message may also be integrity protected.

In some embodiments, the first terminal device receives the authentication request message sent by the second terminal device through the relay device;

Wherein, the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; the information of the user to which the relay device belongs includes the identification of the relay device and the relay device. PVT and KPAK; the input parameters of the signature of the second terminal device include at least one of the following: the information of the user to which the second terminal device belongs and the first temporary public key; the input parameters of the signature of the relay device include at least one of the following: One: the signature of the second terminal device and the information of the user to which the relay device belongs; the first temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key.

The first terminal device side embodiment of the present application is described in detail above with reference to FIGS. 7 to 8 . The second terminal device side embodiment of the present application is described in detail below with reference to FIG. 12 . It should be understood that the second terminal device side implementation The example corresponds to the first terminal device side embodiment, and similar descriptions may refer to the first terminal device side embodiment.

Figure 12 is a schematic flowchart of a communication relay method 600 according to an embodiment of the present application. As shown in Figure 12, the communication relay method 600 may include at least part of the following content:

S610. The second terminal device receives the first message sent by the first terminal device through the relay device; wherein the first message includes at least one of the following: the security capability information of the first terminal device, the security capability information of the first terminal device. Policy information, information about the user to which the first terminal device belongs, information about the user to which the relay device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, the first M bits of the identification of the first key generated by the terminal device, the signature of the first terminal device, the signature of the relay device, and the first message verification code; wherein, the information of the user to which the first terminal device belongs includes the The identity of the first terminal device and the PVT and KPAK of the first terminal device; the information of the user to which the relay device belongs includes the identity of the relay device and the PVT and KPAK of the relay device; the signature of the first terminal device The input parameters include at least one of the following: information about the user to which the first terminal device belongs, the second temporary public key, M bits of the identification of the first key, the signature of the second terminal device; the relay device The input parameters of the signature include at least one of the following: information of the user to which the relay device belongs, the signature of the first terminal device, and the signature of the second terminal device; wherein the first message is generated based on the first key The first message verification code is integrity protected, and the input parameters of the first message verification code include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, Information about the user to which a terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device; where the second temporary public key is related to the relay device The information is used by the second terminal device to derive the first key. The first random number, the first key and the second random number generated by the second terminal device are used to derive the second key. The key is used to derive the integrity protection key and/or the confidentiality protection key. The identity of the first key is obtained by combining the M bits with the other N bits of the identity of the first key. M and N is a positive integer; wherein, the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.

In this embodiment of the present application, the input parameters of the first message verification code include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the first random number, the third 2. Temporary public key, the M bits. That is, the first terminal device may be based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. At least one of them generates the first message verification code.

In some embodiments, the signature of the first terminal device is generated by the secret signature key of the first terminal device; and/or the signature of the relay device is generated by the secret signature key of the relay device.

In some embodiments, the second terminal device checks the KPAK of the first terminal device and the KPAK of the relay device respectively. If the KPAK of the first terminal device and the KPAK of the relay device are valid, and based on The identity of the first terminal device and the PVT of the first terminal device are used to verify the signature of the first terminal device, and the signature of the relay device is verified based on the identity of the relay device and the PVT of the relay device. ; When the signature of the first terminal device and the signature of the relay device are successfully verified, and the information carried in the first message has not been tampered with, the second terminal device generates a second random number, and the second terminal The device generates the second key based on at least the first random number, the first key and the second random number, and the second terminal device generates an integrity protection key and/or confidentiality protection based on the second key. key, and the second terminal device generates N bits of the identifier of the first key, and combines the M bits and the N bits to obtain the identifier of the first key.

In some embodiments, the second terminal device decrypts the third message using the target key;

When the information carried in the third message has not been tampered with and the third message verification code is valid, the second terminal device combines the x bits and the y bits to obtain the second The identity of the key.

In some embodiments, the error message may also be integrity protected.

In some embodiments, the second terminal device sends an authentication request message to the first terminal device through the relay device;

Wherein, the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; the input parameters of the signature of the second terminal device include at least one of the following: the second terminal The information of the user to which the device belongs and the first temporary public key; the first temporary public key and the relevant information of the relay device are used for the first terminal device to derive the first key.

The first terminal device side embodiment of the present application is described in detail above with reference to FIGS. 7 to 8 . Hereinafter, the relay device side embodiment of the present application is described in detail with reference to FIG. 13 . It should be understood that the relay device side embodiment is the same as the relay device side embodiment. The first terminal device side embodiments correspond to each other, and similar descriptions may refer to the first terminal device side embodiment.

Figure 13 is a schematic flowchart of a communication relay method 700 according to an embodiment of the present application. As shown in Figure 13, the communication relay method 700 may include at least part of the following content:

S710. The relay device receives the first message sent by the first terminal device; wherein the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, Information about the user to which a terminal device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, and the M bits of the identification of the first key generated by the first terminal device. bit, the signature of the first terminal device, and the first message verification code; wherein the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device; the first terminal The input parameters of the device's signature include at least one of the following: information about the user to which the first terminal device belongs, the second temporary public key, M bits of the identification of the first key, and the signature of the second terminal device; Wherein, the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device;

S720: When the KPAK of the first terminal device is valid and the signature verification of the first terminal device based on the identity of the first terminal device and the PVT of the first terminal device is successful, the relay device sends a message to the first terminal device. The two terminal devices send the first message after verification; wherein the first message after verification includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, Information about the user to whom the device belongs, information about the user to whom the relay device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device and paired with the second temporary private key, the M bits of the identification of the first key generated by the first terminal device, the signature of the first terminal device, the signature of the relay device, the relevant information of the relay device, and the first message verification code; wherein , the information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the relay device include at least one of the following: the information of the user to which the relay device belongs, The signature of the first terminal device, the signature of the second terminal device, and the first message after verification; wherein the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the third A key, the first random number, the first key and the second random number generated by the second terminal device are used to derive a second key, the second key is used to derive the integrity protection key and/ Or a confidentiality protection key, the identity of the first key is obtained by combining the M bits and the other N bits of the identity of the first key, where M and N are both positive integers; where, the relay The relevant information of the device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.

In some embodiments, the error message may also be integrity protected.

In some embodiments, the relay device receives an authentication request message sent by the second terminal device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, and generated by the second terminal device. The first temporary public key, the signature of the second terminal device; wherein the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; the second terminal device The input parameters of the signature include at least one of the following: the information of the user to which the second terminal device belongs and the first temporary public key; the first temporary public key and the relevant information of the relay device are used to derive the first terminal device the first key;

When the KPAK of the second terminal device is valid and the signature verification of the second terminal device based on the identity of the second terminal device and the PVT of the second terminal device is successful, the relay device sends a message to the first terminal device. The device sends an authentication request message after verification; wherein the authentication request message after verification includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, the first temporary public key, The signature of the second terminal device, the signature of the relay device, and the relevant information of the relay device; wherein the information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; The input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs.

Specifically, the relay device may verify the validity of the KPAK of the second terminal device based on one or more KPAKs stored locally. For example, if there is a KPAK consistent with the KPAK of the second terminal device among the KPAKs stored locally on the relay device, the KPAK of the second terminal device is valid. Optionally, one or more KPAKs stored locally on the first terminal device may be pre-configured by the KMS.

The signature-based secure communication establishment process in the UE-to-UE relay scenario under the L2 architecture of this application is described in detail below through Embodiment 1 to Embodiment 2.

Embodiment 1, as shown in Figure 14, assuming that no secure connection has been established between all devices before, UE-to-UE under the L2 architecture can be established through some or all of the steps from S1-0 to S1-8. Signature-based secure communication connection in subsequent scenarios. Specifically, UE1 may be the first terminal device, UE2 may be the second terminal device, UE-to-UE relay may be the relay device, K _D may be the first key, and K _D-SESS may be the second key .

S1-0.UE1, UE2, and terminal-to-UE relay equipment (UE-to-UE relay) obtained the signature public key (KPAK) issued by the key management server (KMS) and a set of credentials related to the UE identity. , namely the Secret Signing Key (SSK) and Public Verification Parameters (PVT), can use the UE-to-UE relay service. UE-to-UE relay registers with the network to provide the UE-to-UE Relay function, and the UE-to-UE Relay is configured with relay policy parameters.

S1-1.UE2 determines the destination L2 ID for signaling reception when the PC5 unicast link is established.

S1-2.UE1 sends an end-to-end direct communication request message through broadcast. Specifically, on the source terminal (i.e. UE1), the application layer provides PC5 unicast communication information (such as broadcast L2 ID, ProSe application layer) to the ProSe layer. ID, terminal application layer ID, target terminal application layer ID, relay applicable indication), the ProSe layer triggers the terminal's discovery mechanism by sending an end-to-end broadcast direct communication request message. Messages are sent using the source L2 ID and broadcast L2 ID as destination, and contain other application-related parameters.

S1-3.UE-to-UE Relay receives the broadcast direct communication request message and verifies whether the UE-to-UE Relay is configured to forward this application. For example, the UE-to-UE Relay will announce the same ProSe application ID as it The provided relay policies/parameters are compared. When UE-to-UE Relay forwards the direct communication request message broadcast end-to-end, it uses its own L2 ID as the source (Source) L2 ID, and adds the UE ID of UE-to-UE Relay in the message. In the adaptation layer Specify information identifying UE1. UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.

S1-4a.UE2 is interested in the announced application. If there is no per-hop link between UE2 and UE-to-UE Relay, UE2 will trigger the UE-to-UE Relay to establish a per-hop link. UE2 sends a link establishment process message for each hop. The source address is the UE2 L2 ID and the destination address is the relay's L2 ID.

S1-4b. If there is no per-hop link between UE-to-UE relay and UE1, perform a per-hop link establishment process between UE-to-UE relay and UE1. UE1 uses its own L2 ID as the source address and the relay's L2 ID as the destination address.

S1-5a. When UE-2 and UE-to-UE relay successfully establish a per hop link, the establishment of end-to-end security between UE2 and UE1 will be further triggered. If UE2 already has a K _D ID and security environment, and a link security context between different (Source ID, Destination ID) groups is established between UE1 and UE2, then optionally, UE2 can omit the authentication process and directly perform security mode command message, or considering higher security, continue the authentication process to create a new security environment under the Source ID and Destination ID group; if UE1 and UE2 establish a secure connection for the first time, then UE2 must pass the UE-to-UE relay Perform the authentication process with UE1. When performing the authentication process, UE2 first generates a pair of temporary public and private keys, namely the first temporary public key (Ephemeral public key1) and the first temporary private key (Ephemeral private key1), and then communicates with UE1 through the UE-to-UE relay. .

Specifically, UE2 sends an authentication request message, including the following parameters:

Information about the user to which UE2 belongs, where the information about the user to which UE2 belongs includes the identity of UE2 and the PVT and KPAK of UE2;

The first temporary public key (Ephemeral public key1);

The signature of UE2, wherein the input parameters of the signature of UE2 include at least one of the following: "information of the user to which UE2 belongs" and "first temporary public key".

S1-5b. After receiving the authentication request message, the UE-to-UE relay verifies the validity of the KPAK of UE2 in the information of the user to which UE2 belongs (specifically, the UE-to-UE relay verifies that the KPAK of UE2 is valid based on the locally stored information. For example, in the KPAK stored locally in the UE-to-UE relay, there is a KPAK consistent with the KPAK of UE2, and the KPAK of UE2 is valid). The UE-to-UE relay performs the signature of UE2 based on the identity of UE2 and the PVT of UE2. verify.

Finally, if the signature verification of UE2 is valid, then the UE-to-UE relay sends a verified authentication request message to UE1. In addition to all the contents in the above authentication request message, the verified authentication request message also includes the following parameters:

The information of the user to which the UE-to-UE relay belongs. The information of the user to which the UE-to-UE relay belongs includes the identification of the UE-to-UE relay and the PVT and KPAK of the UE-to-UE relay;

The signature of the UE-to-UE relay, where the input parameters in the signature of the UE-to-UE relay include at least one of the following: "UE2's signature" and "information of the user to which the UE-to-UE relay belongs";

The relevant information of the UE-to-UE relay, where the relevant information of the UE-to-UE relay includes one of the following: the identity information of the UE-to-UE relay, the random number generated by the UE-to-UE relay, Counter generated by this UE-to-UE relay.

S1-6a. After receiving the authentication request message, UE1 checks the KPAK of UE2 and the KPAK of the UE-to-UE relay respectively. If the KPAK of UE2 and the KPAK of the UE-to-UE relay are valid, and based on the KPAK of UE2 The signature of UE2 is verified based on the identity and the PVT of UE2, and the signature of the UE-to-UE relay is verified based on the identity of the UE-to-UE relay and the PVT of the UE-to-UE relay. If the signature of UE2 and the signature of UE-to-UE relay are verified successfully, then UE1 generates a temporary public and private key pair, that is, the second temporary public key (Ephemeral public key2) and the second temporary private key (Ephemeral private key2). Then, UE1 According to the first temporary public key, UE-to-UE relay related information and the second temporary private key, use the ECIES algorithm to calculate the shared key K _D and generate M bits of K _D ID. K _D ID is At the mark K _D .

Finally, UE1 sends an authentication response message through UE-to-UE relay, including the following parameters:

UE1’s security capability information (optional);

Security policy information of UE1 (optional);

Information about the user to which UE1 belongs, where the information about the user to which UE1 belongs includes the identity of UE1 and the PVT and KPAK of UE1;

The first random number (Nonce_1);

The second temporary public key (Ephemeral public key2);

M bits of K _D ID;

The signature of UE1, where the signature input parameters of UE1 include but are not limited to at least one of the following: "information of the user to which UE1 belongs", "second temporary public key", "first random number (Nonce_1)", "K _D ID "M bits" and "UE2's signature";

First message verification code.

Specifically, the authentication response message is integrity protected through the first message verification code generated based on K _D , and the input parameters of the first message verification code include at least one of the following: UE1's security capability information, UE1's security policy Information, the information of the user to which UE1 belongs, the first random number (Nonce_1), the second temporary public key, the M bits of K _D ID, and the signature of UE1.

If the security capabilities of UE1 and the security policy of UE1 have not been updated, the security capability information of UE1 and the security policy information of UE1 may not be sent in the authentication response message.

S1-6b. After receiving the authentication response message, the UE-to-UE relay verifies the validity of the KPAK of UE1 in the information of the user to which UE1 belongs (specifically, the UE-to-UE relay verifies that the KPAK of UE1 is valid based on the locally stored information. For example, in the KPAK stored locally in the UE-to-UE relay, there is a KPAK consistent with the KPAK of UE1, and the KPAK of UE1 is valid). The UE-to-UE relay performs the signature of UE1 based on the identity of UE1 and the PVT of UE1. verify. Finally, if the signature verification of UE1 is successful, the UE-to-UE relay sends the verification response message to UE2. The verification response message contains the following parameters:

UE1’s security capability information (optional);

Security policy information of UE1 (optional);

The first random number (Nonce_1);

second temporary public key;

M bits of K _D ID;

UE1’s signature;

Information about the user to whom the UE-to-UE relay belongs;

Signature 2 of the UE-to-UE relay, where the input parameters of the signature 2 of the UE-to-UE relay include at least one of the following: "Information of the user to which the UE-to-UE relay belongs", "Signature of UE1", " UE2's signature" and "authentication response message after verification";

First message verification code.

S1-7. After receiving the authentication response message after verification, UE2 checks the KPAK of UE1 and the KPAK of UE-to-UE relay respectively. If the KPAK of UE1 and the KPAK of UE-to-UE relay are valid, and based on The signature of UE1 is verified based on the identity of UE1 and the PVT of UE1, and the signature of the UE-to-UE relay is verified based on the identity of the UE-to-UE relay and the PVT of the UE-to-UE relay. If the verification of UE1's signature and the UE-to-UE relay's signature is successful, UE2 verifies the integrity of the information contained in the authentication response message based on the first temporary private key, UE-to-UE relay related information and the second temporary Public key, use the ECIES algorithm to calculate the shared key K _D . When the first message verification code is qualified, UE2 generates N bits of K _D ID, combines the N bits of K _D ID with the M bits of the received K _D ID, generates and stores the complete K _D ID, which is subsequently used to identify K _D . At this time, both UE1 and UE2 have performed authentication and root key negotiation, and then UE2 starts processing the authentication response message. If the authentication response message contains UE1's security capability information and UE1's security policy information, UE2 negotiates the security policy and security algorithm, then generates a second random number (Nonce_2), and uses the first random number and the second random number to and _KD to calculate KD _-SESS and other keys (i.e. KD _-CPint , KD _-CPenc , KD _-UPint , KD _-UPenc ). In addition, UE2 generates x bits of K _D-SESS .

Finally, UE2 sends an integrity-protected security mode command message to UE1 through UE-to-UE relay. The security mode command message contains the following parameters:

The second random number (Nonce_2);

K _D N bits of ID;

K _{D-x bits of SESS} ID;

The security algorithm selected by UE2;

The security policy selected by UE2;

The second message verification code, wherein the security mode command message is integrity protected by the second message verification code generated based on K _D-SESS , or the security mode command message is integrity protected by the integrity derived based on K _D-SESS The second message verification code generated by the key is integrity protected, and the input parameters of the second message verification code include at least one of the following: a second random number (Nonce_2), N bits of K _D ID, K _D - x bits of _{the SESS} ID, the security algorithm selected by UE2, and the security policy selected by UE2.

It should be noted that if the security policies of UE2 and UE1 conflict with each other, or the first message verification code fails to be verified, or the security algorithm negotiation between UE2 and UE1 fails, UE2 will reply with an error message, where the error message includes cause information. and the fourth message verification code; wherein the reason information is used to indicate that the security policies of UE2 and UE1 conflict, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that UE2 and UE1 The security algorithm negotiation of UE1 failed; the input parameters of the fourth message verification code at least include: the reason information. When the fourth message verification code is valid, UE1 determines that the security mode establishment fails, and/or UE1 re-initiates the security mode establishment process.

S1-8. After receiving the security mode command message, UE1 determines whether the information carried in the security mode command message has been tampered with. If it has not been tampered with, then UE1 changes the M bits of the K _D ID and the N bits of the K _D ID. The K _D ID is obtained by merging, and UE1 calculates K _D-SESS and other keys (i.e. K _D-CPint , K _D-CPenc , K _D-UPint , K _D-UPenc ) in the same way as UE2, and UE1 generates K _D - y bits of the _SESS ID, and UE1 combines the x bits of the K _D-SESS ID and the y bits of the K _D-SESS ID to obtain the K _D-SESS ID, and saves the K _D-SESS ID. Then, UE1 verifies whether the second message check code is valid. If valid, UE1 prepares to use the new security environment to protect subsequent communications.

Specifically, when the second message verification code is valid, UE1 generates the integrity protection key and/or confidentiality protection key based on the security algorithm selected by UE2, K _D-SESS , and the K _D-SESS selected by UE2. Security policy to communicate with UE2.

Further, UE1 sends a security mode end message to UE2. The security mode end message is encrypted by the target key, and the security mode end message includes at least one of the following: y bits of K _D-SESS ID, the third message Verification code; wherein, the target key includes one of the following: K _D , K _D-SESS , K _D-CPenc , K _D-UPenc ; wherein, the security mode end message passes the third party generated based on K _D-SESS The message verification code performs integrity protection, or the security mode end message performs integrity protection through the third message verification code generated based on the integrity protection key derived from _KD-SESS , and the input parameters of the third message verification code Includes y bits of K _D-SESS ID.

Specifically, UE2 verifies whether the third message check code is valid. If valid, UE2 combines x bits of K _D-SESS ID and y bits of K _D-SESS ID to obtain K _D-SESS ID, and saves it. K _D-SESS ID. UE2 communicates with UE1 according to the security algorithm and K _D-SESS selected by UE2, generates an integrity protection key and/or a confidentiality protection key based on K _D-SESS , and a security policy selected by UE2.

Embodiment 2, as shown in Figure 15, assuming that no secure connection has been established between all devices before, a UE-to-UE relay under the L2 architecture can be established through some or all of the steps from S2-0 to S2-8. Signature-based secure communication connection in scenarios. Specifically, UE1 may be the first terminal device, UE2 may be the second terminal device, UE-to-UE relay may be the relay device, K _D may be the first key, and K _D-SESS may be the second key .

S2-0.UE1, UE2, and terminal-to-UE relay equipment (UE-to-UE relay) obtained the signature public key (KPAK) issued by the key management server (KMS) and a set of credentials related to the UE identity. , namely the Secret Signing Key (SSK) and Public Verification Parameters (PVT), can use the UE-to-UE relay service. UE-to-UE relay registers with the network to provide the UE-to-UE Relay function, and the UE-to-UE Relay is configured with relay policy parameters.

S2-1.UE2 determines the destination L2 ID for signaling reception when the PC5 unicast link is established.

S2-2.UE1 sends an end-to-end direct communication request message through broadcast. Specifically, on the source terminal (i.e. UE1), the application layer provides PC5 unicast communication information (such as broadcast L2 ID, ProSe application layer) to the ProSe layer. ID, terminal application layer ID, target terminal application layer ID, relay applicable indication), the ProSe layer triggers the terminal's discovery mechanism by sending an end-to-end broadcast direct communication request message. Messages are sent using the source L2 ID and broadcast L2 ID as destination, and contain other application-related parameters.

S2-3.UE-to-UE Relay receives the broadcasted direct communication request message and verifies whether the UE-to-UE Relay is configured to forward this application. For example, the UE-to-UE Relay will announce the same ProSe application ID as it The provided relay policies/parameters are compared. When UE-to-UE Relay forwards the direct communication request message broadcast end-to-end, it uses its own L2 ID as the source (Source) L2 ID, and adds the UE ID of UE-to-UE Relay in the message. In the adaptation layer Specify information identifying UE1. UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.

S2-4a.UE2 is interested in the announced application. If there is no per-hop link between UE2 and UE-to-UE Relay, UE2 will trigger UE-to-UE Relay to establish a per-hop link. UE2 sends a link establishment process message for each hop. The source address is the UE2 L2 ID and the destination address is the relay's L2 ID.

S2-4b. If there is no per-hop link between UE-to-UE relay and UE1, perform the per-hop link establishment process between UE-to-UE relay and UE1. UE1 uses its own L2 ID as the source address and the relay's L2 ID as the destination address.

S2-5a. When UE-2 and UE-to-UE relay successfully establish a per hop link, the establishment of end-to-end security between UE2 and UE1 will be further triggered. If UE2 already has a K _D ID and security environment, and a link security context between different (Source ID, Destination ID) groups is established between UE1 and UE2, then optionally, UE2 can omit the authentication process and directly perform security mode command message, or considering higher security, continue the authentication process to create a new security environment under the Source ID and Destination ID group; if UE1 and UE2 establish a secure connection for the first time, then UE2 must pass the UE-to-UE relay Perform the authentication process with UE1. When performing the authentication process, UE2 first generates a pair of temporary public and private keys, namely the first temporary public key (Ephemeral public key1) and the first temporary private key (Ephemeral private key1), and then communicates with UE1 through the UE-to-UE relay. .

The first temporary public key (Ephemeral public key1);

S2-5b. After receiving the authentication request message, UE-to-UE relay verifies the validity of UE2's KPAK in the information of the user to which UE2 belongs (specifically, UE-to-UE relay verifies that UE2's KPAK is valid based on locally stored information For example, in the KPAK stored locally in the UE-to-UE relay, there is a KPAK consistent with the KPAK of UE2, and the KPAK of UE2 is valid). The UE-to-UE relay performs the signature of UE2 based on the identity of UE2 and the PVT of UE2. verify.

Finally, if the signature verification of UE2 is valid, then the UE-to-UE relay forwards the authentication request message, which in addition to all the contents in the above authentication request message, also includes the following parameters:

S2-6a. After receiving the authentication request message, UE1 checks the KPAK of UE2 and the KPAK of the UE-to-UE relay respectively. If the KPAK of UE2 and the KPAK of the UE-to-UE relay are valid, and based on the KPAK of UE2 The signature of UE2 is verified based on the identity and the PVT of UE2, and the signature of the UE-to-UE relay is verified based on the identity of the UE-to-UE relay and the PVT of the UE-to-UE relay. If the signature of UE2 and the signature of UE-to-UE relay are verified successfully, then UE1 generates a temporary public and private key pair, that is, the second temporary public key (Ephemeral public key2) and the second temporary private key (Ephemeral private key2). Then, UE1 According to the first temporary public key, UE-to-UE relay related information and the second temporary private key, use the ECIES algorithm to calculate the shared key K _D and generate M bits of K _D ID. K _D ID is At the mark K _D .

Finally, UE1 sends the safe mode command through the UE-to-UE relay, including the following parameters:

UE1’s security capability information (optional);

Security policy information of UE1 (optional);

The first random number (Nonce_1);

The second temporary public key (Ephemeral public key2);

M bits of K _D ID;

First message verification code.

Specifically, the security mode command performs integrity protection through the first message verification code generated based on _KD , and the input parameters of the first message verification code include at least one of the following: UE1's security capability information, UE1's security policy Information, the information of the user to which UE1 belongs, the first random number (Nonce_1), the second temporary public key, the M bits of K _D ID, and the signature of UE1.

If the security capability of UE1 and the security policy of UE1 have not been updated, the security capability information of UE1 and the security policy information of UE1 do not need to be sent in the security mode command.

S2-6b. After receiving the security mode command, UE-to-UE relay verifies the validity of UE1's KPAK in the information of the user to which UE1 belongs (specifically, UE-to-UE relay verifies that UE1's KPAK is valid based on local storage information For example, in the KPAK stored locally in the UE-to-UE relay, there is a KPAK consistent with the KPAK of UE1, and the KPAK of UE1 is valid). The UE-to-UE relay performs the signature of UE1 based on the identity of UE1 and the PVT of UE1. verify. Finally, if the signature verification of UE1 is successful, the UE-to-UE relay sends the security mode command after verification to UE2. The security mode command after verification contains the following parameters:

UE1’s security capability information (optional);

Security policy information of UE1 (optional);

The first random number (Nonce_1);

second temporary public key;

M bits of K _D ID;

UE1’s signature;

Information about the user to whom the UE-to-UE relay belongs;

Signature 2 of the UE-to-UE relay, where the input parameters of the signature 2 of the UE-to-UE relay include at least one of the following: "Information of the user to which the UE-to-UE relay belongs", "Signature of UE1", " Signature of UE2" and "Safe mode command after verification".

First message verification code.

S2-7. After receiving the security mode command after verification, UE2 checks the KPAK of UE1 and the KPAK of UE-to-UE relay respectively. If the KPAK of UE1 and the KPAK of UE-to-UE relay are valid, and based on The signature of UE1 is verified based on the identity of UE1 and the PVT of UE1, and the signature of the UE-to-UE relay is verified based on the identity of the UE-to-UE relay and the PVT of the UE-to-UE relay. If the verification of UE1's signature and the UE-to-UE relay's signature is successful, UE2 verifies the integrity of the information contained in the authentication response message based on the first temporary private key, UE-to-UE relay related information and the second temporary Public key, use the ECIES algorithm to calculate the shared key K _D . When the first message verification code is qualified, UE2 generates N bits of K _D ID, combines the N bits of K _D ID with the M bits of the received K _D ID, generates and stores the complete K _D ID, which is subsequently used to identify K _D . At this time, both UE1 and UE2 have performed authentication and root key negotiation, and then UE2 starts processing the security mode command. If the security mode command contains the security capability information of UE1 and the security policy information of UE1, UE2 negotiates the security policy and security algorithm, and then generates a second random number (Nonce_2), and uses the first random number and the second random number according to the and _KD to calculate KD _-SESS and other keys (i.e. KD _-CPint , KD _-CPenc , KD _-UPint , KD _-UPenc ). In addition, UE2 generates x bits of K _D-SESS .

Finally, UE2 sends an integrity-protected security mode response to UE1 through the UE-to-UE relay. The security mode response is encrypted by _KD , and the security mode response contains the following parameters:

The second random number (Nonce_2);

K _D N bits of ID;

K _{D-x bits of SESS} ID;

The security algorithm selected by UE2;

The security policy selected by UE2;

The second message verification code, wherein the security mode response is integrity protected through the second message verification code generated based on K _D-SESS , or the security mode response is integrity protected through the integrity key derived based on K _D-SESS The generated second message verification code is integrity protected, and the input parameters of the second message verification code include at least one of the following: second random number (Nonce_2), N bits of K _D ID, K _D-SESS x bits of the ID, the security algorithm selected by UE2, and the security policy selected by UE2.

S2-8. After receiving the security mode response, UE1 decrypts the security mode response based on K _D. After decryption, UE1 determines whether the information carried in the security mode response has been tampered with. If it has not been tampered with, then UE1 will K _D ID M bits and N bits of K _D ID are combined to obtain K _D ID, and UE1 calculates K _D-SESS and other keys (i.e., K _D-CPint , K _D-CPenc , K _{D -UPint} , K _D-UPenc ), UE1 generates y bits of K _D-SESS ID, and UE1 combines x bits of K _D-SESS ID and y bits of K _D-SESS ID to obtain K _{D -SESS} ID, and save K _D-SESS ID. Then, UE1 verifies whether the second message check code is valid. If valid, UE1 prepares to use the new security environment to protect subsequent communications.

Figure 16 is a schematic flow chart of a communication relay method 800 according to an embodiment of the present application. As shown in Figure 16, the communication relay method 800 may include at least part of the following content:

S810, the first terminal device sends a direct communication request to the second terminal device through the relay device; wherein the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy of the first terminal device information, the first temporary public key generated by the first terminal device, and the first random number generated by the first terminal device; wherein the direct communication request is encrypted by the first encryption key, and the direct communication request is encrypted by the first encryption key. The integrity protection key performs integrity protection, and the first encryption key is an encryption key derived based on the symmetric key of the terminal that has been registered and authorized to use terminal-to-UE relay (UE-to-UE relay) communication, The first integrity protection key is an integrity protection key derived based on the symmetric key of a terminal that has been registered and authorized to use UE-to-UE relay communication; wherein, the first temporary public key and the relay device The relevant information is used by the second terminal device to derive the first key; the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key, and the first random number is used to derive the second key. The second key is used to derive the second encryption key and/or the second integrity protection key, or the first random number, the first key and the second random number generated by the second terminal device are used to derive The second encryption key and/or the second integrity protection key; wherein the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the relay device Counter generated by the device.

This embodiment establishes a secure communication solution based on the symmetric key distributed by 5G PKMT, and establishes a secure connection in the UE-to-UE relay scenario under the L2 architecture. Specifically, the embodiments of this application are applied to the UE-to-UE relay scenario under the L2 architecture, that is, the first terminal device and the second terminal device communicate through the relay device. For example, the relay connection between the first terminal device and the second terminal device may be a PC5 link.

In some embodiments, the first encryption key may be a Proximity Service Encryption Key (PEK), and the first integrity protection key may be a Proximity Service Integrity Protection Key (PIK). Of course, the first encryption key can also be other encryption keys, and the first integrity protection key can also be other integrity protection keys, which is not limited by this application.

In some embodiments, the symmetric key of a terminal that is registered and authorized to use UE-to-UE relay communication may be assigned by ProSe Key Management Function (PKMF) or 5G PKMF. For example, in 5G PKMF, the name and number of symmetric keys allocated and managed by 5G PKMF to the UE may not be specifically defined. For example, in 4G PKMF and 4G ProSe, PKMF uses the MIKEY mechanism to issue a shared key to the UE, that is, the ProSe Group Key (PGK).

Specifically, the group key (PGK) is securely issued between the 5G PKMF and the UE based on the MIKEY mechanism, and the ProSe transmission key (Prose Traffic Key, PTK) is derived between the first terminal device and the second terminal device based on the PGK. and the further derived ProSe integrity key (Prose Integrity Key, PIK) and ProSe encryption key (Prose Encrypt Key, PEK) to protect the information transmitted by the first terminal device and/or the second terminal device so that the first terminal device can An end-to-end security context is generated between the terminal device and the second terminal device.

In some embodiments, the key types involved in this embodiment may be as shown in Table 1.

Table 1

PGKPGK	群组密钥group key	UE向PKMF请求，由PKMF使用MIKEY机制安全下发The UE makes a request to PKMF, which sends it securely using the MIKEY mechanism.
PTKPTK	传输密钥transport key	由PGK衍生Derived from PGK
PEKPEK	加密密钥encryption key	由PTK衍生Derived from PTK
PIKPIK	完整性保护密钥integrity protection key	由PTK衍生Derived from PTK

In some embodiments, the PTK derived input parameters may be as shown in Table 2.

Table 2

In some embodiments, the PEK/PIK derived input parameters may be as shown in Table 3.

table 3

In this embodiment of the present application, the second encryption key is used to encrypt end-to-end messages exchanged between the first terminal device and the second terminal device, and the second integrity protection key is used to encrypt the first terminal device. End-to-end messages exchanged between the terminal device and the second terminal device are integrity protected. Wherein, the second encryption key may be a confidentiality protection key (K _D-enc ), and the second integrity protection key may be an integrity protection key (K _D-int ).

In some embodiments, the second integrity protection key includes an integrity protection key for the control plane (K _D-CPint ) and an integrity protection key for the user plane (K _D-UPint ); and/or, the The second encryption key includes a confidentiality protection key for the control plane (K _D-CPenc ) and a confidentiality protection key for the user plane (K _D-UPenc ).

In some embodiments, the input parameters of the second integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection Algorithm identifier, the length of the integrity protection algorithm identifier. That is, the second key may be generated based on at least one of the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, and the length of the integrity protection algorithm identifier. Second integrity protection key. Alternatively, the input parameters of the second integrity protection key include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, the selected algorithm type The length of the identifier, the integrity protection algorithm identifier, and the length of the integrity protection algorithm identifier.

Optionally, the input parameters of the second integrity protection key may also include some system setting parameters. When the second key is automatically refreshed, the second integrity protection key is automatically updated.

In some embodiments, the input parameters of the second encryption key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, and the confidentiality protection algorithm identifier. , the length of the confidentiality protection algorithm identifier. That is, the second key may be generated based on at least one of the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, and the length of the confidentiality protection algorithm identifier. Second encryption key. Alternatively, the input parameters of the second encryption key include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, the selected algorithm type identifier The length of Confidentiality Protection Algorithm Identifier, the length of Confidentiality Protection Algorithm Identifier.

Optionally, the input parameters of the second encryption key may also include some system setting parameters. When the second key is automatically refreshed, the second encryption key is automatically updated.

In some embodiments, the first terminal device receives the safe mode command sent by the second terminal device through the relay device;

Wherein, the security mode command includes at least one of the following: a security algorithm selected by the second terminal device, a security policy selected by the second terminal device, a second temporary public key generated by the second terminal device, The generated second random number, the M bits of the identification of the first key generated by the second terminal device, the relevant information of the relay device, and the first message verification code;

Wherein, the security mode command is encrypted by the first encryption key, the security mode command is integrity protected by the first integrity protection key, and the first message verification code is generated based on the second integrity protection key. , and the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key, and the second random number, The M bits, the relevant information of the relay device;

Wherein, the second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key, and the identification of the first key consists of the M bits and the first key. The other N bits of the identifier are combined, and M and N are both positive integers.

In some embodiments, the second terminal device may select a security algorithm based on the security capability information of the first terminal device, and/or the second terminal device may select a security policy based on the security policy information of the first terminal device.

In some embodiments, in the case where the first random number, the first key and the second random number are used to derive the second key, the security mode command further includes the generated by the second terminal device. x bits of the identifier of the second key, and the input parameter of the first message verification code includes the x bits; wherein, the identifier of the second key consists of the x bits and the second key The other y bits of the identifier are combined, and x and y are both positive integers.

In some embodiments, in the case where the first random number, the first key and the second random number are used to derive the second key, the first terminal device uses the first encryption key to decrypt the a security mode command, and using the first integrity protection key to determine the integrity of the security mode command;

When the information carried in the security mode command has not been tampered with, the first terminal device uses the first temporary private key paired with the first temporary public key, the second temporary public key, and the relay device to The information derives the first key, and the first terminal device generates the N bits of the identification of the first key, and combines the M bits and the N bits to obtain the first key logo;

The first terminal device generates the second key based on at least the first random number, the first key and the second random number, and the first terminal device generates the second integrity protection key based on the second key. key and/or the second encryption key, and the y bits of the identification of the second key generated by the first terminal device, and the x bits and the y bits are combined to obtain the second The identification of the key;

When the first message verification code is valid, the first terminal device uses the security algorithm selected by the second terminal device, the second integrity protection key and/or the second encryption key, the second terminal device The security policy selected by the device communicates with the second terminal device.

In some embodiments, in the case where the first random number, the first key and the second random number are used to derive the second key, the first terminal device transmits data to the second key through the relay device. The terminal device sends a security mode establishment completion message; wherein the security mode establishment completion message is encrypted by the second key or the second encryption key, and the security mode establishment completion message is encrypted by the second key or the second complete encryption key. The security mode establishment completion message includes at least the y bits of the identification of the second key.

In some embodiments, where the first random number, the first key and the second random number are used to derive the second key, the input parameters of the second integrity protection key include at least the following: One: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, the length of the integrity protection algorithm identifier; and/or the second encryption key The input parameters of the key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, and the length of the confidentiality protection algorithm identifier.

In some embodiments, where the first random number, the first key and the second random number are used to derive the second encryption key and/or the second integrity protection key, the second random number A terminal device uses the first encryption key to decrypt the security mode command, and uses the first integrity protection key to determine the integrity of the security mode command;

When the information carried in the security mode command has not been tampered with, the first terminal device uses the first temporary private key paired with the first temporary public key, the second temporary public key, and the relay device to The information derives the first key, and the first terminal device generates the N bits of the first key, and combines the M bits and the N bits to obtain the identity of the first key;

The first terminal device generates the second integrity protection key and/or the second encryption key based on at least the first random number, the first key and the second random number;

In some embodiments, where the first random number, the first key and the second random number are used to derive the second encryption key and/or the second integrity protection key, the second random number A terminal device sends a security mode establishment completion message to the second terminal device through the relay device; wherein the security mode establishment completion message is encrypted by the second encryption key, and the security mode establishment completion message is encrypted by the second complete encryption key. Integrity protection using a sex-protected key.

In some embodiments, where the first random number, the first key and the second random number are used to derive the second encryption key and/or the second integrity protection key, the second random number The input parameters of the two integrity protection keys include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, and the length of the selected algorithm type identifier. , the integrity protection algorithm identifier, the length of the integrity protection algorithm identifier; and/or, the input parameters of the second encryption key include at least one of the following: the first random number, the first key, the second random number Number, selected algorithm type identifier, length of selected algorithm type identifier, confidentiality protected algorithm identifier, length of confidentiality protected algorithm identifier.

K _D-CPint : The key length is at least 128 bits. This key can be used for control plane data integrity protection. The key is derived by K _D-sess using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. Come. The input parameters of K _D-CPint must contain at least the key K _D-sess , the selected algorithm type identifier (such as "control plane integrity protection algorithm" or setting a specific value to represent it) and the selected algorithm type identifier. The length of the symbol, the integrity protection algorithm identifier and the length of the integrity protection algorithm identifier, and other system setting parameters can be used as optional input parameters. K _D _{-CPint is automatically updated when K D-} sess is automatically refreshed.

Therefore, in this embodiment of the present application, the first terminal device can generate the first key based on the direct communication request sent by the second terminal device through the relay device, and the direct communication request is encrypted by the first encryption key, and directly The communication request is integrity protected via the first integrity protection key. and a first random number generated by the first terminal device, a first key and a second random number generated by the second terminal device for deriving the second key, the second key being used for deriving the second encryption key and/or The second integrity protection key, or the first random number generated by the first terminal device, the first key and the second terminal device are used to derive the second random number to generate the second encryption key and/or the second integrity Protecting the key can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing eavesdropping by other devices and even relay devices.

The embodiment of this application is suitable for the secure communication establishment process between the first terminal device (source device) and the second terminal device (target device) under the 5G L2 UE-to-UE relay architecture. By using PKMF's key generation and secure delivery functions, PKMF delivers symmetric keys, protection algorithms and key negotiation to terminal devices that have registered and are authorized to use the UE-to-UE relay function, thereby efficiently establishing source End-to-end secure channel between UE and target UE. The embodiments of this application have very high efficiency in calculation and communication, and can also achieve authentication, encryption protection, integrity protection, and resistance to tampering and downgrade attacks.

The first terminal device side embodiment of the present application is described in detail above with reference to FIG. 16 , and the second terminal device side embodiment of the present application is described in detail below with reference to FIG. 17 . It should be understood that the second terminal device side embodiment is different from the second terminal device side embodiment. The terminal device side embodiments correspond to each other, and similar descriptions may refer to the first terminal device side embodiment.

Figure 17 is a schematic flow chart of a communication relay method 900 according to an embodiment of the present application. As shown in Figure 17, the communication relay method 900 may include at least part of the following content:

S910. The second terminal device receives the direct communication request sent by the first terminal device through the relay device; wherein the direct communication request includes at least one of the following: the security capability information of the first terminal device, the security capability information of the first terminal device. Policy information, the first temporary public key generated by the first terminal device, the first random number generated by the first terminal device, the identification of the relay device, and the relevant information of the relay device; wherein the direct communication request passes The first encryption key is encrypted, and the direct communication request is integrity protected by a first integrity protection key based on the first encryption key that is registered and authorized to use the UE-to-UE relay. The first integrity protection key is an encryption key derived from the symmetric key of the terminal for UE-to-UE relay communication. The first integrity protection key is an integrity protection key derived from the symmetric key of the terminal that has been registered and authorized to use UE-to-UE relay communication. Key; wherein, the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter generated by the relay device; the first temporary public key and the The relevant information of the relay device is used by the second terminal device to derive the first key; the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key, And the second key is used to derive a second encryption key and/or a second integrity protection key, or the first random number, the first key and the second random number generated by the second terminal device For deriving a second encryption key and/or a second integrity protection key.

In some embodiments, in the case where the first random number, the first key and the second random number are used to derive the second key, the second terminal device uses the first encryption key to decrypt the Direct communication request, and using the first integrity protection key to determine the integrity of the direct communication request;

In the case that the information carried in the direct communication request has not been tampered with, the second terminal device generates a second temporary private key, and the second terminal device generates a second temporary private key based on the first temporary public key, the second temporary private key and the The first key is derived from the relevant information of the relay device, and the second terminal device generates M bits of the identification of the first key;

The second terminal device generates the second random number, and the second terminal device generates the second key according to at least the first random number, the first key and the second random number. The second terminal device generates the second key according to at least the first random number, the first key and the second random number. The second key generates the second integrity protection key and/or the second encryption key, and the second terminal device generates x bits of the identification of the second key;

Wherein, the identification of the first key is obtained by combining the M bits and the other N bits of the identification of the first key, M and N are both positive integers, and the identification of the second key is obtained by the x bits are combined with other y bits of the identifier of the second key, and x and y are both positive integers.

In some embodiments, in the case where the first random number, the first key and the second random number are used to derive the second key, the second terminal device transmits data to the first through the relay device. The terminal device sends a safe mode command;

Wherein, the security mode command includes at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second temporary private key generated by the second terminal device and paired with the second temporary private key. The temporary public key, the second random number, the M bits of the identifier of the first key, the x bits of the identifier of the second key, and the first message verification code;

Wherein, the security mode command is encrypted by the first encryption key, the security mode command is integrity protected by the first integrity protection key, and the first message verification code is generated based on the second integrity protection key. , and the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key, and the second random number, The M bits, the x bits, the relevant information of the relay device; the second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key.

In some embodiments, in the case where the first random number, the first key and the second random number are used to derive the second key, the second terminal device receives the first terminal device through the Following the safe mode establishment completion message sent by the device;

Wherein, the security mode establishment completion message is encrypted by the second key or the second encryption key, and the security mode establishment completion message is integrity protected by the second key or the second integrity protection key;

Wherein, the security mode establishment completion message includes at least the y bits of the identification of the second key.

In some embodiments, where the first random number, the first key and the second random number are used to derive the second key, the input parameters of the second integrity protection key include at least the following: One: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, the length of the integrity protection algorithm identifier; and/or,

The input parameters of the second encryption key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, the confidentiality protection algorithm identifier length.

In some embodiments, where the first random number, the first key and the second random number are used to derive the second encryption key and/or the second integrity protection key, the second random number The second terminal device uses the first encryption key to decrypt the direct communication request, and uses the first integrity protection key to determine the integrity of the direct communication request;

The second terminal device generates the second random number, and the second terminal device generates the second integrity protection key and/or the second random number based on at least the first random number, the first key and the second random number. second encryption key;

Wherein, the identifier of the first key is obtained by combining the M bits and the other N bits of the identifier of the first key, and M and N are both positive integers.

In some embodiments, where the first random number, the first key and the second random number are used to derive the second encryption key and/or the second integrity protection key, the second random number The second terminal device sends a safe mode command to the first terminal device through the relay device;

Wherein, the security mode command includes at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second temporary private key generated by the second terminal device and paired with the second temporary private key. The temporary public key, the second random number, the M bits of the identification of the first key, and the first message verification code;

Wherein, the security mode command is encrypted by the first encryption key, the security mode command is integrity protected by the first integrity protection key, and the first message verification code is generated based on the second integrity protection key. , and the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key, and the second random number, The M bits; the second temporary public key and the related information of the relay device are used by the first terminal device to derive the first key.

In some embodiments, where the first random number, the first key and the second random number are used to derive the second encryption key and/or the second integrity protection key, the second random number The second terminal device receives the security mode establishment completion message sent by the first terminal device through the relay device;

Wherein, the security mode establishment completion message is encrypted by the second encryption key, and the security mode establishment completion message is integrity protected by the second integrity protection key.

In some embodiments, where the first random number, the first key and the second random number are used to derive the second encryption key and/or the second integrity protection key, the second random number The input parameters of the two integrity protection keys include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, and the length of the selected algorithm type identifier. , the integrity protection algorithm identifier, the length of the integrity protection algorithm identifier; and/or,

The input parameters of the second encryption key include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, and the length of the selected algorithm type identifier. , confidentiality protection algorithm identifier, the length of the confidentiality protection algorithm identifier.

In some embodiments, the safe mode command also includes information related to the relay device, and the input parameter of the first message verification code also includes information related to the relay device.

In some embodiments, the second terminal device selects the security algorithm according to the second terminal device, the second integrity protection key and/or the second encryption key, and the security policy selected by the second terminal device. Communicate with the first terminal device.

The first terminal device side embodiment of the present application is described in detail above with reference to Figure 16. The relay device side embodiment of the present application is described in detail below with reference to Figure 18. It should be understood that the relay device side embodiment is different from the first terminal device side embodiment. The device side embodiments correspond to each other, and similar descriptions may refer to the first terminal device side embodiment.

Figure 18 is a schematic flowchart of a communication relay method 1000 according to an embodiment of the present application. As shown in Figure 18, the communication relay method 1000 may include at least part of the following content:

S1010. The relay device receives a direct communication request sent by the first terminal device; wherein the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, A first temporary public key generated by a terminal device, a first random number generated by the first terminal device; wherein the direct communication request is encrypted by a first encryption key, and the direct communication request is encrypted by a first integrity protection key For integrity protection, the first encryption key is an encryption key derived based on the symmetric key of a terminal that has been registered and authorized to use UE-to-UE relay communication. The first complete encryption key is The integrity protection key is an integrity protection key derived based on the symmetric key of the terminal that is registered and authorized to use UE-to-UE relay communication;

S1010, the relay device verifies whether it is configured to forward the direct communication request. After the verification is passed, the relay device uses the first encryption key to decrypt the direct communication request to obtain QoS and charging information, and the relay device uses The first integrity protection key verifies the integrity of the direct communication request. After the verification is passed, the relay device adds the relevant information of the relay device and the identification of the relay device in the direct communication request, and the The relay device uses the first encryption key to encrypt the direct communication request, uses the first integrity protection key to protect the integrity of the direct communication request, and forwards the direct communication request to the second terminal device; wherein, the The relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter generated by the relay device; the first temporary public key and the relevant information of the relay device The second terminal device is used to derive a first key; the first random number, the first key and the second random number generated by the second terminal device are used to derive a second key, and the second key used to derive the second encryption key and/or the second integrity protection key, or the first random number, the first key and the second random number generated by the second terminal device are used to derive the second encryption key key and/or a second integrity protection key.

In this embodiment of the present application, the second encryption key is used to encrypt end-to-end messages exchanged between the first terminal device and the second terminal device, and the second integrity protection key is used to encrypt the first terminal device. End-to-end messages exchanged between the terminal device and the second terminal device are integrity protected. Wherein, the second encryption key may be a confidentiality protection key.

In some embodiments, in the case where the first random number, the first key and the second random number are used to derive the second key, the relay device receives the security mode sent by the second terminal device command; wherein, the security mode command includes at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key generated by the second terminal device, the second The second random number generated by the terminal device, M bits of the identifier of the first key generated by the second terminal device, x bits of the identifier of the second key generated by the second terminal device, A first message verification code; wherein, the security mode command is encrypted by the first encryption key, the security mode command is integrity protected by the first integrity protection key, and the first message verification code is based on the second The integrity protection key is generated, and the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key, The second random number, the M bits, the x bits, and the relevant information of the relay device; the second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the third a key;

The relay device uses the first encryption key to decrypt the security mode command to obtain Quality of Service (QoS) and billing information, and forwards the security mode command to the first terminal device; wherein, the The second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key. The identification of the first key is composed of the M bits and the identification of the first key. N bits are combined, and M and N are both positive integers. The identity of the second key is obtained by combining the x bits and the other y bits of the identity of the second key. Both x and y are Positive integer.

In some embodiments, in the case where the first random number, the first key and the second random number are used to derive the second key, the relay device forwards the first random number to the second terminal device. The security mode establishment completion message sent by the terminal device;

In some embodiments, where the first random number, the first key and the second random number are used to derive the second encryption key and/or the second integrity protection key, the The relay device receives the security mode command sent by the second terminal device; wherein the security mode command includes at least one of the following: a security algorithm selected by the second terminal device, a security policy selected by the second terminal device, The second temporary public key generated by the device, the second random number generated by the second terminal device, the M bits of the identification of the first key generated by the second terminal device, and the first message verification code; wherein, The security mode command is encrypted by the first encryption key, the security mode command is integrity protected by the first integrity protection key, the first message verification code is generated based on the second integrity protection key, and The input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key, the second random number, the M bits, the relevant information of the relay device; the second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key;

The relay device uses the first encryption key to decrypt the security mode command to obtain QoS and accounting information, and forwards the security mode command to the first terminal device; wherein the second temporary public key and the intermediate The relevant information of the relay device is used by the first terminal device to derive the first key. The identification of the first key is obtained by combining the M bits and the other N bits of the identification of the first key. M and N are both positive integers.

In some embodiments, where the first random number, the first key and the second random number are used to derive the second encryption key and/or the second integrity protection key, the The relay device forwards the security mode establishment completion message sent by the first terminal device to the second terminal device; wherein the security mode establishment completion message is encrypted by the second encryption key, and the security mode establishment completion message is encrypted by the second encryption key. Integrity protection keys perform integrity protection.

In some embodiments, the safe mode command includes information related to the relay device, and the input parameters of the first message verification code also include information related to the relay device; or, the relay device sends a message to the first message verification code. The relevant information of the relay device is added to the safe mode command forwarded by the terminal device.

The following describes in detail the process of establishing secure communication based on the symmetric key distributed by 5G PKMT in the UE-to-UE relay scenario under the L2 architecture of this application through Embodiment 3 to Embodiment 6.

Embodiment 3, as shown in Figure 19, assuming that no secure connection has been established between all devices before, UE-to-UE under the L2 architecture can be established through some or all of the steps in S3-0 to S3-6. Signature-based secure communication connection in subsequent scenarios. Specifically, UE1 may be the first terminal device, UE2 may be the second terminal device, UE-to-UE relay may be the relay device, K _D may be the first key, and K _D-SESS may be the second key , the first encryption key is PEK, and the first integrity protection key is PIK.

S3-0.UE registers with the network and is authorized for UE-to-UE relay service. UE-to-UE relay registers with the network to provide the UE-to-UE Relay function, and the UE-to-UE relay is configured with relay policy parameters. PKMF uses the MIKEY mechanism to send the relevant PGK, PGK ID and expiration time to the above-mentioned registered and authorized UE.

S3-1.UE2 determines the destination L2 ID for signaling reception when the PC5 unicast link is established.

S3-2.UE1 sends an end-to-end direct communication request message through broadcast. Specifically, before broadcasting the direct communication request to surrounding terminal devices, UE1 first needs to derive the transmission key PTK based on PGK, and further generate the PTK Lower level keys, namely PEK and PIK. UE1 uses PEK to encrypt the broadcast message, and uses PIK to calculate the MAC of the direct communication request message to protect the integrity of the direct communication request message. That is, the direct communication request is encrypted by PEK, and the direct communication request is integrity protected by PIK. Among them, the direct communication request contains at least one of the following:

UE1 security capabilities information (UE1 security capabilities);

UE1 security policy information (UE1 security policy);

The first temporary public key (Ephemeral public key1) generated by UE1;

The first random number (Nonce-1) generated by UE1.

S3-3.UE-to-UE Relay receives the broadcast direct communication request message and verifies whether the UE-to-UE Relay is configured to forward the direct communication request message. For example, the UE-to-UE Relay will announce the ProSe application ID and Compare the relay policies/parameters it provides. When UE-to-UE Relay forwards the direct communication request message broadcast end-to-end, it uses its own L2 ID as the source (Source) L2 ID, and adds the UE ID of UE-to-UE Relay in the message. In the adaptation layer Specify information identifying UE1. UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.

Specifically, after the verification passes, the UE-to-UE Relay uses PEK to decrypt the direct communication request to obtain QoS and charging information, and the UE-to-UE Relay uses PIK to verify the integrity of the direct communication request. After the verification passes, the UE- to-UE Relay adds the relevant information of UE-to-UE Relay and the identification of UE-to-UE Relay in the direct communication request, and the UE-to-UE Relay uses PEK to encrypt the direct communication request and uses PIK to protect the direct communication request. Integrity; among them, the relevant information of UE-to-UE Relay includes one of the following: the identity information of UE-to-UE Relay, the random number generated by UE-to-UE Relay, and the counter generated by UE-to-UE Relay.

S3-4a.UE2 is interested in the announced application. If there is no per-hop link between UE2 and UE-to-UE Relay, UE2 will trigger the UE-to-UE Relay to establish a per-hop link. UE2 sends a link establishment process message for each hop. The source address is the UE2 L2 ID and the destination address is the relay's L2 ID.

S3-4b. If there is no per-hop link between UE-to-UE relay and UE1, perform a per-hop link establishment process between UE-to-UE relay and UE1. UE1 uses its own L2 ID as the source address and the relay's L2 ID as the destination address.

S3-5a. When UE-2 and UE-to-UE relay successfully establish a per hop link, the establishment of end-to-end security between UE2 and UE1 will be further triggered. UE2 first uses PGK to generate the transmission key PTK, and further generates PEK and PIK, decrypts the received direct communication request, and verifies the integrity of the direct communication request. After successful verification, UE2 generates a pair of temporary public and private keys, namely the second temporary public key (Ephemeral public key2) and the second temporary private key (Ephemeral private key2), and uses the second temporary private key, the first temporary public key and the UE -To-UE relay related information, calculate the shared key K _D and MSB of K _D ID with UE-1. If the direct communication request contains the security policy and security algorithm, then UE2 negotiates the security policy and security algorithm, then generates the second random number (Nonce_2), and calculates the lower level derived from K _D -sess and K _D -sess based on K _D keys (ie, the second encryption key (K _D-enc ) and the second integrity protection key (K _{D -int} )), and in addition UE2 generates the MSB of K _D -sess ID.

Specifically, UE2 sends a security mode command to UE1 through UE-to-UE relay. The security mode command is encrypted through PEK, and the security mode command is integrity protected through PIK. The security mode command contains the following parameters:

The security algorithm selected by UE2 (chosen_algs);

The security policy chosen by UE2 (chosen_security policy);

The second temporary public key (Ephemeral private key2) generated by UE2;

The second random number (Nonce_2) generated by UE2;

MSB of K _D ID generated by UE2;

MSB of K _D -sess ID generated by UE2;

UE-to-UE relay related information (optional);

A first message verification code, wherein the first message verification code is generated based on a lower integrity protection key derived from K _D -sess (ie, the second integrity protection key (K _D-int )), and the first message verification code The input parameters of the verification code include at least one of the following: the security algorithm selected by UE2, the security policy selected by UE2, the second temporary public key, the second random number, MSB of K _D ID, and MSB of K _D -sess ID.

S3-5b. After receiving the security mode command, the UE-to-UE relay can use PEK to decrypt the security mode command to obtain information related to QoS and charging. Further, the UE-to-UE relay sends the security mode command to UE1. Optionally, if the security mode command does not include UE-to-UE relay related information, UE-to-UE relay can add UE-to-UE relay related information to the security mode command forwarded to UE1.

S3-6.UE1 first uses PEK to decrypt the security mode command, and uses PIK to determine the integrity of the security mode command. After successful verification, it further determines whether UE1's security capability information and UE1's security policy information have been tampered with. If not, then use Calculate K _D -sess and the subordinate keys derived from K _D -sess (i.e., the second encryption key (K _{D -enc} ) and the second integrity protection key (K _{D - int} )) in the same manner as UE2, and then UE1 verifies whether the first message verification code is valid. If valid, UE1 prepares to use the new security environment to protect subsequent communications. UE1 generates LSB of K _D ID, LSB of K _D -sess ID, combines the LSB of K _D ID with the received MSB of K _D ID to obtain the K _D ID, and combines the LSB of K D -sess ID with the received MSB of K _D ID. The MSB of K _D -sess ID is merged to obtain the K _D -sess ID, and the K _D ID and K _D -sess ID are saved, which are subsequently used to identify K _D and K _D -sess. UE1 sends a security-protected security mode completion message to UE2 through the UE-to-UE relay according to the negotiation policy and negotiation algorithm. The security mode completion message can be protected by K _D -sess for integrity and encryption, or the security mode completion message can be protected by KD-sess. The security mode completion message can be integrity protected using the lower-level integrity protection key (i.e., the second integrity protection key (K _D-int )) generated by K _D -sess, and the lower-level encryption key (K D -int ) generated by K _D -sess. That is, the second encryption key (K _D-enc )) is used for encryption protection. The security mode completion message may include LSB of K _D -sess ID. UE2 can combine the received LSB of K _D -sess ID with the MSB of K _D -sess ID generated by UE2 to obtain the K _D -sess ID, and save the K _D -sess ID, which is subsequently used to identify the K _D -sess.

Specifically, UE1 communicates with UE2 according to the security algorithm and K _D-SESS selected by UE2, generates an integrity protection key and/or confidentiality protection key based on K _D-SESS , and a security policy selected by UE2. UE2 communicates with UE1 according to the security algorithm and K _D-SESS selected by UE2, generates an integrity protection key and/or a confidentiality protection key based on K _D-SESS , and a security policy selected by UE2.

Embodiment 4, as shown in Figure 20, assuming that no secure connection has been established between all devices before, UE-to-UE under the L2 architecture can be established through some or all of the steps in S4-0 to S4-6. Signature-based secure communication connection in subsequent scenarios. Specifically, UE1 may be the first terminal device, UE2 may be the second terminal device, UE-to-UE relay may be the relay device, K _D may be the first key, and K _D-SESS may be the second key , the first encryption key is PEK, and the first integrity protection key is PIK.

S4-0. The UE registers with the network and is authorized for the UE-to-UE relay service. UE-to-UE relay registers with the network to provide the UE-to-UE Relay function, and the UE-to-UE relay is configured with relay policy parameters. PKMF uses the MIKEY mechanism to send the relevant PGK, PGK ID and expiration time to the above-mentioned registered and authorized UE.

S4-1.UE2 determines the destination L2 ID for signaling reception when the PC5 unicast link is established.

S4-2.UE1 sends an end-to-end direct communication request message through broadcast. Specifically, before broadcasting the direct communication request to surrounding terminal devices, UE1 first needs to derive the transmission key PTK based on PGK, and further generate the PTK Lower level keys, namely PEK and PIK. UE1 uses PEK to encrypt the broadcast message, and uses PIK to calculate the MAC of the direct communication request message to protect the integrity of the direct communication request message. That is, the direct communication request is encrypted by PEK, and the direct communication request is integrity protected by PIK. Among them, the direct communication request contains at least one of the following:

UE1 security capabilities information (UE1 security capabilities);

UE1 security policy information (UE1 security policy);

The first temporary public key (Ephemeral public key1) generated by UE1;

The first random number (Nonce-1) generated by UE1.

S4-3.UE-to-UE Relay receives the broadcast direct communication request message and verifies whether the UE-to-UE Relay is configured to forward the direct communication request message. For example, the UE-to-UE Relay will announce the ProSe application ID and Compare the relay policies/parameters it provides. When UE-to-UE Relay forwards the direct communication request message broadcast end-to-end, it uses its own L2 ID as the source (Source) L2 ID, and adds the UE ID of UE-to-UE Relay in the message. In the adaptation layer Specify information identifying UE1. UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.

S4-4a.UE2 is interested in the announced application. If there is no per-hop link between UE2 and UE-to-UE Relay, UE2 will trigger UE-to-UE Relay to establish a per-hop link. UE2 sends a link establishment process message for each hop. The source address is the UE2 L2 ID and the destination address is the relay's L2 ID.

S4-4b. If there is no per-hop link between UE-to-UE relay and UE1, perform a per-hop link establishment process between UE-to-UE relay and UE1. UE1 uses its own L2 ID as the source address and the relay's L2 ID as the destination address.

S4-5a. When UE-2 and UE-to-UE relay successfully establish a per hop link, the establishment of end-to-end security between UE2 and UE1 will be further triggered. UE2 first uses PGK to generate the transmission key PTK, and further generates PEK and PIK, decrypts the received direct communication request, and verifies the integrity of the direct communication request. After successful verification, UE2 generates a pair of temporary public and private keys, namely the second temporary public key (Ephemeral public key2) and the second temporary private key (Ephemeral private key2), and uses the second temporary private key, the first temporary public key and the UE -To-UE relay related information, calculate the shared key K _D and MSB of K _D ID with UE1. If the direct communication request contains the security policy and security algorithm, then UE2 negotiates the security policy and security algorithm, and then generates the second random number (Nonce_2), and uses the subordinate key derived from K _D (i.e. the second encryption key ( K _D-enc ) and the second integrity protection key (K _D-int )).

The security algorithm selected by UE2 (chosen_algs);

The security policy chosen by UE2 (chosen_security policy);

The second temporary public key (Ephemeral private key2) generated by UE2;

The second random number (Nonce_2) generated by UE2;

MSB of K _D ID generated by UE2;

UE-to-UE relay related information (optional);

A first message verification code, wherein the first message verification code is generated based on the second integrity protection key (K _D-int ), and the input parameters of the first message verification code include at least one of the following: the security selected by UE2 Algorithm, security policy selected by UE2, second temporary public key, second random number, MSB of K _D ID.

S4-5b. After receiving the security mode command, the UE-to-UE relay can use PEK to decrypt the security mode command to obtain information related to QoS and charging. Further, the UE-to-UE relay sends the security mode command to UE1. Optionally, if the security mode command does not include UE-to-UE relay related information, UE-to-UE relay can add UE-to-UE relay related information to the security mode command forwarded to UE1.

S4-6.UE1 first uses PEK to decrypt the security mode command, and uses PIK to determine the integrity of the security mode command. After successful verification, it further determines whether UE1's security capability information and UE1's security policy information have been tampered with. If not, then use The second encryption key (K _D-enc ) and the second integrity protection key (K _D-int ) are calculated in the same way as UE2, and then UE1 verifies whether the first message verification code is valid. If valid, UE1 is ready to use the new A secure environment to protect subsequent communications. UE1 generates the LSB of K _D ID, combines the LSB of K _D ID with the received MSB of K _D ID to obtain the K _D ID, and saves the K _D ID, which is subsequently used to identify K _D . According to the negotiation strategy and algorithm, UE1 sends a security-protected security mode completion message to UE2 through the UE-to-UE relay. The security mode completion message can use the derived lower-level integrity protection key (i.e., the second integrity The protection key (K _D-int )) performs integrity protection, and the derived lower-level encryption key (i.e., the second encryption key (K _D-enc )) performs encryption protection.

Specifically, UE1 communicates with UE2 according to the security algorithm selected by UE2, the second integrity protection key (K _D-int ) and/or the second encryption key (K _D-enc ), and the security policy selected by UE2. UE2 communicates with UE1 according to the security algorithm selected by UE2, the second integrity protection key (K _D-int ) and/or the second encryption key (K _D-enc ), and the security policy selected by UE2.

Embodiment 5, as shown in Figure 21, assuming that no secure connection has been established between all devices before, UE-to-UE under the L2 architecture can be established through some or all of the steps in S5-0 to S5-6. Signature-based secure communication connection in subsequent scenarios. Specifically, UE1 may be the first terminal device, UE2 may be the second terminal device, UE-to-UE relay may be the relay device, K _D may be the first key, and K _D-SESS may be the second key .

S5-0.UE registers with the network and is authorized for UE-to-UE relay service. UE-to-UE relay registers with the network to provide the UE-to-UE Relay function, and the UE-to-UE relay is configured with relay policy parameters. PKMF uses the MIKEY mechanism to send relevant symmetric keys to the above-mentioned registered and authorized UEs. The first encryption key and the third encryption key can be derived based on the symmetric keys of the terminals that have been registered and authorized to use UE-to-UE relay communication. An integrity protection key.

S5-1.UE2 determines the destination L2 ID for signaling reception when the PC5 unicast link is established.

S5-2.UE1 sends an end-to-end direct communication request message through broadcast. Specifically, UE1 broadcasts the direct communication request to surrounding terminal devices based on terminals that have registered and are authorized to use UE-to-UE relay communication. The first encryption key and the first integrity protection key are derived from the symmetric keys of UE1 and UE2. UE1 uses the first encryption key to encrypt the broadcast message, and uses the first integrity protection key to calculate the MAC of the direct communication request message to protect the integrity of the direct communication request message. That is, the direct communication request is processed through the first encryption key. Encryption, and the direct communication request is integrity protected by a first integrity protection key. Among them, the direct communication request contains at least one of the following:

UE1 security capabilities information (UE1 security capabilities);

UE1 security policy information (UE1 security policy);

The first temporary public key (Ephemeral public key1) generated by UE1;

The first random number (Nonce-1) generated by UE1.

S5-3.UE-to-UE Relay receives the broadcast direct communication request message and verifies whether the UE-to-UE Relay is configured to forward the direct communication request message. For example, the UE-to-UE Relay will announce the ProSe application ID and Compare the relay policies/parameters it provides. When UE-to-UE Relay forwards the direct communication request message broadcast end-to-end, it uses its own L2 ID as the source (Source) L2 ID, and adds the UE ID of UE-to-UE Relay in the message. In the adaptation layer Specify information identifying UE1. UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.

Specifically, after the verification is passed, the UE-to-UE Relay uses the first encryption key to decrypt the direct communication request to obtain QoS and charging information, and the UE-to-UE Relay uses the first integrity protection key to verify the direct communication request. Integrity, after passing the verification, the UE-to-UE Relay adds the relevant information of the UE-to-UE Relay and the identification of the UE-to-UE Relay in the direct communication request, and the UE-to-UE Relay uses the first encryption The key encrypts the direct communication request and uses the first integrity protection key to protect the integrity of the direct communication request; among which, the relevant information of the UE-to-UE Relay includes one of the following: the identity information of the UE-to-UE Relay, the UE Random number generated by -to-UE Relay, counter generated by UE-to-UE Relay.

S5-4a.UE2 is interested in the announced application. If there is no per-hop link between UE2 and UE-to-UE Relay, UE2 will trigger the UE-to-UE Relay to establish a per-hop link. UE2 sends a link establishment process message for each hop. The source address is the UE2 L2 ID and the destination address is the relay's L2 ID.

S5-4b. If there is no per-hop link between UE-to-UE relay and UE1, perform a per-hop link establishment process between UE-to-UE relay and UE1. UE1 uses its own L2 ID as the source address and the relay's L2 ID as the destination address.

S5-5a. When UE-2 and UE-to-UE relay successfully establish a per hop link, the establishment of end-to-end security between UE2 and UE1 will be further triggered. UE2 may derive the first encryption key and the first integrity protection key based on the symmetric key of the terminal that is registered and authorized to use UE-to-UE relay communication, decrypt the received direct communication request, and verify the direct communication request of integrity. After successful verification, UE2 generates a pair of temporary public and private keys, namely the second temporary public key (Ephemeral public key2) and the second temporary private key (Ephemeral private key2), and uses the second temporary private key, the first temporary public key and the UE -To-UE relay related information, calculate the shared key K _D and MSB of K _D ID with UE-1. If the direct communication request contains the security policy and security algorithm, then UE2 negotiates the security policy and security algorithm, then generates the second random number (Nonce_2), and calculates the lower level derived from K _D -sess and K _D -sess based on K _D keys (ie, the second encryption key (K _D-enc ) and the second integrity protection key (K _{D -int} )), and in addition UE2 generates the MSB of K _D -sess ID.

Specifically, UE2 sends a security mode command to UE1 through UE-to-UE relay. The security mode command is encrypted by the first encryption key. The security mode command is integrity protected by the first integrity protection key. The security mode command is encrypted by the first encryption key. The following parameters are included in the mode command:

The security algorithm selected by UE2 (chosen_algs);

The security policy chosen by UE2 (chosen_security policy);

The second temporary public key (Ephemeral private key2) generated by UE2;

The second random number (Nonce_2) generated by UE2;

MSB of K _D ID generated by UE2;

MSB of K _D -sess ID generated by UE2;

UE-to-UE relay related information (optional);

S5-5b. After receiving the security mode command, the UE-to-UE relay can use the first encryption key to decrypt the security mode command to obtain information related to QoS and charging. Further, the UE-to-UE relay sends the security mode command to UE1. Optionally, if the security mode command does not include UE-to-UE relay related information, UE-to-UE relay can add UE-to-UE relay related information to the security mode command forwarded to UE1.

S5-6. UE1 first uses the first encryption key to decrypt the security mode command, uses the first integrity protection key to determine the integrity of the security mode command, and after successful verification, further determines the security capability information of UE1 and the security policy information of UE1. Whether it has been tampered with. If it has not been tampered with, use the same method as UE2 to calculate K _D -sess and the subordinate key derived from K _D -sess (i.e., the second encryption key (K _D-enc ) and the second integrity protection key). key (K _D-int )), and then UE1 verifies whether the first message verification code is valid. If valid, UE1 is prepared to use the new security environment to protect subsequent communications. UE1 generates LSB of K _D ID, LSB of K _D -sess ID, combines the LSB of K _D ID with the received MSB of K _D ID to obtain the K _D ID, and combines the LSB of K _{D -sess ID with the received MSB of K D} ID. The MSB of K _D -sess ID is merged to obtain the K _D -sess ID, and the K _D ID and K _D -sess ID are saved, which are subsequently used to identify K _D and K _D -sess. UE1 sends a security-protected security mode completion message to UE2 through the UE-to-UE relay according to the negotiation policy and negotiation algorithm. The security mode completion message can be protected by K _D -sess for integrity and encryption, or the security mode completion message can be protected by KD-sess. The security mode completion message can be integrity protected using the lower-level integrity protection key (i.e., the second integrity protection key (K _D-int )) generated by K _D -sess, and the lower-level encryption key (K D -int ) generated by K _D -sess. That is, the second encryption key (K _D-enc )) is used for encryption protection. The security mode completion message may include LSB of K _D -sess ID. UE2 can combine the received LSB of K _D -sess ID with the MSB of K _D -sess ID generated by UE2 to obtain the K _D -sess ID, and save the K _D -sess ID, which is subsequently used to identify the K _D -sess.

Embodiment 6, as shown in Figure 22, assuming that no secure connection has been established between all devices before, UE-to-UE under the L2 architecture can be established through some or all of the steps in S6-0 to S6-6. Signature-based secure communication connection in subsequent scenarios. Specifically, UE1 may be the first terminal device, UE2 may be the second terminal device, UE-to-UE relay may be the relay device, K _D may be the first key, and K _D-SESS may be the second key .

S6-0. The UE registers with the network and is authorized for the UE-to-UE relay service. UE-to-UE relay registers with the network to provide the UE-to-UE Relay function, and the UE-to-UE relay is configured with relay policy parameters. PKMF uses the MIKEY mechanism to send relevant symmetric keys to the above-mentioned registered and authorized UEs. The first encryption key and the third encryption key can be derived based on the symmetric keys of the terminals that have been registered and authorized to use UE-to-UE relay communication. An integrity protection key.

S6-1.UE2 determines the destination L2 ID for signaling reception when the PC5 unicast link is established.

S6-2.UE1 sends an end-to-end direct communication request message through broadcast. Specifically, UE1 broadcasts the direct communication request to surrounding terminal devices based on terminals that have registered and are authorized to use UE-to-UE relay communication. The first encryption key and the first integrity protection key are derived from the symmetric keys of UE1 and UE2. UE1 uses the first encryption key to encrypt the broadcast message, and uses the first integrity protection key to calculate the MAC of the direct communication request message to protect the integrity of the direct communication request message. That is, the direct communication request is processed through the first encryption key. Encryption, and the direct communication request is integrity protected by a first integrity protection key. Among them, the direct communication request contains at least one of the following:

UE1 security capabilities information (UE1 security capabilities);

UE1 security policy information (UE1 security policy);

The first temporary public key (Ephemeral public key1) generated by UE1;

The first random number (Nonce-1) generated by UE1.

S6-3.UE-to-UE Relay receives the broadcast direct communication request message and verifies whether the UE-to-UE Relay is configured to forward the direct communication request message. For example, the UE-to-UE Relay will announce the ProSe application ID and Compare the relay policies/parameters it provides. When UE-to-UE Relay forwards the direct communication request message broadcast end-to-end, it uses its own L2 ID as the source (Source) L2 ID, and adds the UE ID of UE-to-UE Relay in the message. In the adaptation layer Specify information identifying UE1. UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.

S6-4a.UE2 is interested in the announced application. If there is no per-hop link between UE2 and UE-to-UE Relay, UE2 will trigger the UE-to-UE Relay to establish a per-hop link. UE2 sends a link establishment process message for each hop. The source address is the UE2 L2 ID and the destination address is the relay's L2 ID.

S6-4b. If there is no per-hop link between UE-to-UE relay and UE1, perform a per-hop link establishment process between UE-to-UE relay and UE1. UE1 uses its own L2 ID as the source address and the relay's L2 ID as the destination address.

S6-5a. When UE-2 and UE-to-UE relay successfully establish a per hop link, the establishment of end-to-end security between UE2 and UE1 will be further triggered. UE2 may derive the first encryption key and the first integrity protection key based on the symmetric key of the terminal that is registered and authorized to use UE-to-UE relay communication, decrypt the received direct communication request, and verify the direct communication request of integrity. After successful verification, UE2 generates a pair of temporary public and private keys, namely the second temporary public key (Ephemeral public key2) and the second temporary private key (Ephemeral private key2), and uses the second temporary private key, the first temporary public key and the UE -To-UE relay related information, calculate the shared key K _D and MSB of K _D ID with UE1. If the direct communication request contains the security policy and security algorithm, then UE2 negotiates the security policy and security algorithm, and then generates the second random number (Nonce_2), and uses the subordinate key derived from K _D (i.e. the second encryption key ( K _D-enc ) and the second integrity protection key (K _D-int )).

The security algorithm selected by UE2 (chosen_algs);

The security policy chosen by UE2 (chosen_security policy);

The second temporary public key (Ephemeral private key2) generated by UE2;

The second random number (Nonce_2) generated by UE2;

MSB of K _D ID generated by UE2;

UE-to-UE relay related information (optional);

S6-5b. After receiving the security mode command, the UE-to-UE relay can use the first encryption key to decrypt the security mode command to obtain information related to QoS and charging. Further, the UE-to-UE relay sends the security mode command to UE1. Optionally, if the security mode command does not include UE-to-UE relay related information, UE-to-UE relay can add UE-to-UE relay related information to the security mode command forwarded to UE1.

S6-6. UE1 first uses the first encryption key to decrypt the security mode command, uses the first integrity protection key to determine the integrity of the security mode command, and after successful verification, further determines the security capability information of UE1 and the security policy information of UE1. Whether it has been tampered with. If not, then the second encryption key (K _D-enc ) and the second integrity protection key (K _D-int ) are calculated in the same way as UE2, and then UE1 verifies the first message verification code. Is it valid? If valid, UE1 is prepared to use the new security environment to protect subsequent communications. UE1 generates the LSB of K _D ID, combines the LSB of K _D ID with the received MSB of K _D ID to obtain the K _D ID, and saves the K _D ID, which is subsequently used to identify K _D . According to the negotiation strategy and algorithm, UE1 sends a security-protected security mode completion message to UE2 through the UE-to-UE relay. The security mode completion message can use the derived lower-level integrity protection key (i.e., the second integrity The protection key (K _D-int )) performs integrity protection, and the derived lower-level encryption key (i.e., the second encryption key (K _D-enc )) performs encryption protection.

The method embodiments of the present application are described in detail above with reference to Figures 7 to 22. The device embodiments of the present application are described in detail below with reference to Figures 23 to 31. It should be understood that the device embodiments and the method embodiments correspond to each other, and are similar to The description may refer to the method embodiments.

Figure 23 shows a schematic block diagram of a terminal device 1100 according to an embodiment of the present application. The terminal device 1100 is a first terminal device. As shown in Figure 23, the terminal device 1100 includes:

Communication unit 1110, configured to receive an authentication request message sent by the second terminal device through the relay device;

Wherein, the information of the user to which the second terminal device belongs includes the identification of the second terminal device, the public verification token PVT of the second terminal device and the public authentication key KPAK of the key management server; The information includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key. ; The input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; the first temporary public key and the relevant information of the relay device are used for the The first terminal device derives the first key; the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.

In some embodiments, the signature of the second terminal device is generated by the secret signature key of the second terminal device, and/or the signature of the relay device is generated by the secret signature key of the relay device.

In some embodiments, the terminal device 1100 further includes: a processing unit 1120;

The KPAK of the second terminal device and the KPAK of the relay device are valid, and the signature verification of the second terminal device based on the identity of the second terminal device and the PVT of the second terminal device is successful, and based on the relay If the identification of the device and the PVT of the relay device successfully verify the signature of the relay device, the processing unit 1120 is configured to generate a second temporary private key, and the processing unit 1120 is configured to generate a second temporary public key based on the first temporary public key. , the relevant information of the relay device and the second temporary private key to derive the first key.

In some embodiments, the communication unit 1110 is also used to send the first message to the second terminal device through the relay device;

In some embodiments, the communication unit 1110 is also used to receive the second message sent by the second terminal device through the relay device;

Wherein, the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the third integrity protection key generated based on the second key. The second message verification code performs integrity protection, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, and the second terminal device selected Security algorithm, the security policy selected by the second terminal device; wherein, the identity of the second key is obtained by combining the x bits and the other y bits of the identity of the second key, x and y are both Positive integer.

In some embodiments, the second message is encrypted with the first key.

In some embodiments, if the information carried in the second message has not been tampered with, the processing unit 1120 is further configured to generate the first random number based on at least the first random number, the first key and the second random number. a second key, the processing unit 1120 is further configured to generate an integrity protection key and/or a confidentiality protection key according to the second key, and the processing unit 1120 is further configured to combine the M bits and the N The processing unit 1120 is also used to generate y bits of the identifier of the second key, and combine the x bits and the y bits to obtain the identifier of the first key. The identification of the second key;

If the second message verification code is valid, the processing unit 1120 is also configured to generate an integrity protection key based on the second key and/or the security algorithm selected by the second terminal device and the second key. Or the confidentiality protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.

In some embodiments, the processing unit 1120 is also configured to decrypt the second message according to the first key;

In the case that the information carried in the second message has not been tampered with, the processing unit 1120 is also configured to generate the second key based on at least the first random number, the first key and the second random number. The processing unit 1120 is further configured to generate an integrity protection key and/or a confidentiality protection key according to the second key, and the processing unit 1120 is further configured to combine the M bits and the N bits to obtain the The processing unit 1120 is also used to generate y bits of the identifier of the second key, and combine the x bits and the y bits to obtain the identifier of the second key. ;

In some embodiments, the input parameters of the integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, and the integrity protection algorithm identifier. , the length of the integrity protection algorithm identifier; and/or, the input parameters of the confidentiality protection key include at least one of the following: the second key, the selected algorithm type identifier, the selected algorithm type identifier Length, confidentiality protection algorithm identifier, length of the confidentiality protection algorithm identifier.

In some embodiments, the first message is an authentication response message, and the second message is a safe mode command message.

In some embodiments, the first message is a safe mode command message, and the second message is a safe mode response message.

In some embodiments, the communication unit 1110 is also used to send a third message to the second terminal device through the relay device;

In some embodiments, the communication unit 1110 is also configured to receive an error message sent by the second terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein , the reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the third The security algorithm negotiation between the second terminal device and the first terminal device fails; the input parameters of the fourth message verification code include at least one of the following: the reason information;

If the fourth message verification code is valid, the processing unit 1120 is also configured to determine that the security mode establishment fails, and/or, the processing unit 1120 is also configured to reinitiate the security mode establishment process.

In some embodiments, the integrity protection key includes an integrity protection key for the control plane and an integrity protection key for the user plane; and/or the confidentiality protection key includes a confidentiality protection key for the control plane. and user plane confidentiality protecting keys.

In some embodiments, the above-mentioned communication unit may be a communication interface or transceiver, or an input/output interface of a communication chip or a system on a chip. The above-mentioned processing unit may be one or more processors.

It should be understood that the terminal device 1100 according to the embodiment of the present application may correspond to the first terminal device in the method embodiment of the present application, and the above and other operations and/or functions of each unit in the terminal device 1100 are respectively to implement the functions shown in Figure 7 The corresponding process of the first terminal device in the method 200 is shown, and for the sake of simplicity, it will not be described again here.

Figure 24 shows a schematic block diagram of a terminal device 1200 according to an embodiment of the present application. The terminal device 1200 is a second terminal device. As shown in Figure 24, the terminal device 1200 includes:

Communication unit 1210, configured to send an authentication request message to the first terminal device through the relay device;

Wherein, the information of the user to which the second terminal device belongs includes the identification of the second terminal device, the public verification token PVT of the second terminal device and the public authentication key KPAK of the key management server; the signature of the second terminal device The input parameters include at least one of the following: the information of the user to which the second terminal device belongs and the first temporary public key; the first temporary public key and the relevant information of the relay device are used for the first terminal device to derive the first Key; the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.

In some embodiments, the signature of the second terminal device is generated by the secret signature key of the second terminal device.

In some embodiments, the communication unit 1210 is also configured to receive the first message sent by the first terminal device through the relay device;

In some embodiments, the signature of the first terminal device is generated by the secret signature key of the first terminal device, and/or the signature of the relay device is generated by the secret signature key of the relay device.

In some embodiments, the terminal device 1200 further includes: a processing unit 1220;

The processing unit 1220 is configured to check the KPAK of the first terminal device and the KPAK of the relay device respectively. If the KPAK of the first terminal device and the KPAK of the relay device are valid, and the processing unit 1220 is configured to Verify the signature of the first terminal device based on the identity of the first terminal device and the PVT of the first terminal device, and the processing unit 1220 is configured to verify the signature of the first terminal device based on the identity of the relay device and the PVT of the relay device. The signature of the relay device is verified;

When the signature of the first terminal device and the signature of the relay device are successfully verified and the information carried in the first message has not been tampered with, the processing unit 1220 is configured to generate a second random number. The processing unit 1220 The processing unit 1220 is configured to generate an integrity protection key and/or a secret based on at least the first random number, the first key and the second random number. Sexually protected key, and the processing unit 1220 is used to generate N bits of the identification of the first key, and combine the M bits and the N bits to obtain the identification of the first key;

When the first message verification code is valid, the communication unit 1210 is also configured to send a second message to the first terminal device through the relay device; wherein the second message includes at least one of the following: the second The random number, the N bits, the x bits of the identifier of the second key generated by the second terminal device, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the Two message verification code;

In some embodiments, the second message is encrypted with the first key.

In some embodiments, the communication unit 1210 is also configured to receive a third message sent by the first terminal device through the relay device;

In some embodiments, the processing unit 1220 is configured to decrypt the third message through the target key;

In some embodiments, the communication unit 1210 is also configured to send an error message to the first terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein, The reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the second terminal device The security algorithm negotiation between the terminal device and the first terminal device fails; the input parameters of the fourth message verification code include at least one of the following: the reason information.

It should be understood that the terminal device 1200 according to the embodiment of the present application may correspond to the second terminal device in the method embodiment of the present application, and the above and other operations and/or functions of each unit in the terminal device 1200 are respectively to implement the functions shown in Figure 9 The corresponding process of the second terminal device in method 300 is shown, and for the sake of simplicity, it will not be described again here.

Figure 25 shows a schematic block diagram of a terminal device 1300 according to an embodiment of the present application. The terminal device 1300 is a relay device. As shown in Figure 25, the terminal device 1300 includes:

The communication unit 1310 is configured to receive an authentication request message sent by the second terminal device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first temporary public address generated by the second terminal device. key, the signature of the second terminal device; wherein the information of the user to which the second terminal device belongs includes the identification of the second terminal device, the public verification token PVT of the second terminal device and the public authentication password of the key management server. Key KPAK; the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key;

When the KPAK of the second terminal device is valid and the signature verification of the second terminal device based on the identity of the second terminal device and the PVT of the second terminal device is successful, the communication unit 1310 is also used to send a message to the second terminal device. The first terminal device sends an authentication request message after verification; wherein the authentication request message after verification includes at least one of the following: information about the user to whom the second terminal device belongs, information about the user to whom the relay device belongs, the first temporary The public key, the signature of the second terminal device, the signature of the relay device, and the relevant information of the relay device; wherein the information of the user to which the relay device belongs includes the identification of the relay device and the PVT of the relay device. and KPAK; the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; wherein the first temporary public key and the information related to the relay device The information is used by the first terminal device to derive the first key; the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.

In some embodiments, the communication unit 1310 is also configured to receive a first message sent by the first terminal device; wherein the first message includes at least one of the following: security capability information of the first terminal device, the first The security policy information of the terminal device, the information of the user to which the first terminal device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, the M bits of the identification of the first key, the signature of the first terminal device, and the first message verification code; wherein the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the first terminal The PVT and KPAK of the device; the input parameters of the signature of the first terminal device include at least one of the following: the information of the user to which the first terminal device belongs, the second temporary public key, the M bits, the second terminal device signature; wherein the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the first terminal device The security capability information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, the first terminal device's sign;

When the KPAK of the first terminal device is valid and the signature verification of the first terminal device based on the identity of the first terminal device and the PVT of the first terminal device is successful, the communication unit 1310 is also used to send a message to the first terminal device. The second terminal device sends the first message after verification; wherein the first message after verification includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, Information about the user to whom the terminal device belongs, information about the user to whom the relay device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device and paired with the second temporary private key, M bits of the identification of the first key generated by the first terminal device, the signature of the first terminal device, the signature of the relay device, and the first message verification code; wherein, the user to whom the relay device belongs The information includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the relay device include at least one of the following: the information of the user to which the relay device belongs, the signature of the first terminal device , the signature of the second terminal device, the first message after the verification;

In some embodiments, the communication unit 1310 is also used to forward the second message sent by the second terminal device to the first terminal device;

In some embodiments, the second message is encrypted with the first key, or the second message is not encrypted with the first key.

In some embodiments, the communication unit 1310 is also used to forward the third message sent by the first terminal device to the second terminal device;

In some embodiments, the communication unit 1310 is also used to forward the error message sent by the second terminal device to the first terminal device; wherein the error message includes at least one of the following: cause information, fourth message verification code ; Wherein, the reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate The security algorithm negotiation between the second terminal device and the first terminal device fails; the input parameters of the fourth message verification code include at least one of the following: the reason information.

In some embodiments, the above-mentioned communication unit may be a communication interface or transceiver, or an input/output interface of a communication chip or a system on a chip.

It should be understood that the terminal device 1300 according to the embodiment of the present application may correspond to the relay device in the method embodiment of the present application, and the above and other operations and/or functions of each unit in the terminal device 1300 are respectively intended to implement what is shown in Figure 10 The corresponding process of the relay device in method 400 will not be described again for the sake of simplicity.

Figure 26 shows a schematic block diagram of a terminal device 1400 according to an embodiment of the present application. The terminal device 1400 is a first terminal device. As shown in Figure 26, the terminal device 1400 includes:

Communication unit 1410, configured to send the first message to the second terminal device through the relay device;

Wherein, the information of the user to which the first terminal device belongs includes the identification of the first terminal device, the public verification token PVT of the first terminal device and the public authentication key KPAK of the key management server; the signature of the first terminal device The input parameters include at least one of the following: information about the user to which the first terminal device belongs, the second temporary public key, the M bits, and the signature of the second terminal device;

In some embodiments, the communication unit 1410 is also used to receive the second message sent by the second terminal device through the relay device;

In some embodiments, the terminal device 1400 further includes: a processing unit 1420;

If the information carried in the second message has not been tampered with, the processing unit 1420 is configured to generate the second key based on at least the first random number, the first key and the second random number. The unit 1420 is further configured to generate an integrity protection key and/or a confidentiality protection key according to the second key, and the processing unit 1420 is further configured to combine the M bits and the N bits to obtain the first An identifier of a key, the processing unit 1420 is also used to generate y bits of the identifier of the second key, and combine the x bits and the y bits to obtain the identifier of the second key;

If the second message verification code is valid, the processing unit 1420 is also configured to generate an integrity protection key based on the second key and/or the security algorithm selected by the second terminal device and the second key. Or the confidentiality protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.

In some embodiments, the processing unit 1420 is also configured to decrypt the second message according to the first key;

If the information carried in the second message has not been tampered with, the processing unit 1420 is also configured to generate the second key based on at least the first random number, the first key and the second random number. The processing unit 1420 is further configured to generate an integrity protection key and/or a confidentiality protection key according to the second key, and the processing unit 1420 is further configured to combine the M bits and the N bits to obtain the The processing unit 1420 is also used to generate y bits of the identity of the second key, and combine the x bits and the y bits to obtain the identity of the second key. ;

In some embodiments, the communication unit 1410 is also used to send a third message to the second terminal device through the relay device;

In some embodiments, the communication unit 1410 is also used to receive an error message sent by the second terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein , the reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the third The security algorithm negotiation between the second terminal device and the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information;

If the fourth message verification code is valid, the processing unit 1420 is also configured to determine that the security mode establishment fails, and/or, the processing unit 1420 is also configured to reinitiate the security mode establishment process.

In some embodiments, the communication unit 1410 is also configured to receive an authentication request message sent by the second terminal device through the relay device;

Wherein, the information of the user to which the second terminal device belongs includes the identification of the second terminal device, the public verification token PVT of the second terminal device and the public authentication key KPAK of the key management server; The information includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key. ; The input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; the first temporary public key and the relevant information of the relay device are used for the The first terminal device derives the first key.

In some embodiments, the KPAK of the second terminal device and the KPAK of the relay device are valid, and the signature verification of the second terminal device based on the identity of the second terminal device and the PVT of the second terminal device is successful. , and if the signature verification of the relay device based on the identity of the relay device and the PVT of the relay device is successful, the processing unit 1420 is also configured to generate a second temporary private key paired with the second temporary public key. key, and the processing unit 1420 is also configured to derive the first key according to the first temporary public key, the relevant information of the relay device, and the second temporary private key.

It should be understood that the terminal device 1400 according to the embodiment of the present application may correspond to the first terminal device in the method embodiment of the present application, and the above and other operations and/or functions of each unit in the terminal device 1400 are respectively to implement the functions shown in Figure 11 The corresponding process of the first terminal device in method 500 is shown, and for the sake of simplicity, it will not be described again here.

Figure 27 shows a schematic block diagram of a terminal device 1500 according to an embodiment of the present application. The terminal device 1500 is a second terminal device. As shown in Figure 27, the terminal device 1500 includes:

Communication unit 1510, configured to receive the first message sent by the first terminal device through the relay device;

The information of the user to which the first terminal device belongs includes the identification of the first terminal device, the public verification token PVT of the first terminal device and the public authentication key KPAK of the key management server; The information includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the first terminal device include at least one of the following: information of the user to which the first terminal device belongs, the second temporary public key , the M bits, the signature of the second terminal device; the input parameters of the relay device's signature include at least one of the following: information about the user to which the relay device belongs, the signature of the first terminal device, the second The signature of the terminal device, the first message;

In some embodiments, the terminal device 1500 further includes: a processing unit 1520;

The processing unit 1520 is configured to check the KPAK of the first terminal device and the KPAK of the relay device respectively. When the KPAK of the first terminal device and the KPAK of the relay device are valid, the processing unit 1520 also uses Verifying the signature of the first terminal device based on the identity of the first terminal device and the PVT of the first terminal device, and the processing unit 1520 is also configured to verify the signature of the first terminal device based on the identity of the relay device and the PVT of the relay device. Verify the signature of the relay device;

When the signature of the first terminal device and the signature of the relay device are successfully verified, and the information carried in the first message has not been tampered with, the processing unit 1520 is also configured to generate a second random number. 1520 is also configured to generate the second key based on at least the first random number, the first key and the second random number. The processing unit 1520 is also configured to generate an integrity protection key based on the second key. /or confidentiality protection key, and the processing unit 1520 is also used to generate N bits of the identification of the first key, and combine the M bits and the N bits to obtain the first key logo;

When the first message verification code is valid, the communication unit 1510 is also configured to send a second message to the first terminal device through the relay device; wherein the second message includes at least one of the following: the second The random number, the N bits, the x bits of the identifier of the second key generated by the second terminal device, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the Two message verification code;

In some embodiments, the communication unit 1510 is also configured to receive a third message sent by the first terminal device through the relay device;

In some embodiments, the processing unit 1520 is also configured to decrypt the third message using the target key;

When the information carried in the third message has not been tampered with and the third message verification code is valid, the processing unit 1520 is also configured to combine the x bits and the y bits to obtain the The identifier of the second key.

In some embodiments, the communication unit 1510 is also configured to send an error message to the first terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein, The reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the second terminal device The security algorithm negotiation between the terminal device and the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information.

In some embodiments, the communication unit 1510 is also configured to send an authentication request message to the first terminal device through the relay device;

It should be understood that the terminal device 1500 according to the embodiment of the present application may correspond to the second terminal device in the method embodiment of the present application, and the above and other operations and/or functions of each unit in the terminal device 1500 are respectively to implement the functions shown in Figure 12 The corresponding process of the second terminal device in method 600 is shown, and for the sake of simplicity, it will not be described again here.

Figure 28 shows a schematic block diagram of a terminal device 1600 according to an embodiment of the present application. The terminal device 1600 is a relay device. As shown in Figure 28, the terminal device 1600 includes:

The communication unit 1610 is configured to receive a first message sent by a first terminal device; wherein the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, Information about the user to which the first terminal device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, M identification numbers of the first key generated by the first terminal device bits, the signature of the first terminal device, and the first message verification code; wherein the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the public verification token PVT and password of the first terminal device. The public authentication key KPAK of the key management server; the input parameters of the signature of the first terminal device include at least one of the following: the information of the user to which the first terminal device belongs, the second temporary public key, the M bits, the The signature of the second terminal device; wherein the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the The security capability information of the first terminal device, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, the A signature of the terminal device;

When the KPAK of the first terminal device is valid and the signature verification of the first terminal device based on the identity of the first terminal device and the PVT of the first terminal device is successful, the communication unit 1610 is also used to send a message to the first terminal device. The second terminal device sends the first message after verification; wherein the first message after verification includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, Information about the user to whom the terminal device belongs, information about the user to whom the relay device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device and paired with the second temporary private key, M bits of the identification of the first key generated by the first terminal device, the signature of the first terminal device, the signature of the relay device, the relevant information of the relay device, and the first message verification code; Wherein, the information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the relay device include at least one of the following: information of the user to which the relay device belongs. , the signature of the first terminal device, the signature of the second terminal device, the first message after verification;

In some embodiments, the communication unit 1610 is also used to forward the second message sent by the second terminal device to the first terminal device;

In some embodiments, the communication unit 1610 is also used to forward the third message sent by the first terminal device to the second terminal device;

In some embodiments, the communication unit 1610 is also used to forward the error message sent by the second terminal device to the first terminal device; wherein the error message includes at least one of the following: cause information, fourth message verification code ; Wherein, the reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate The security algorithm negotiation between the second terminal device and the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information.

In some embodiments, the communication unit 1610 is also configured to receive an authentication request message sent by the second terminal device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the second terminal device. The first temporary public key generated by the terminal device, the signature of the second terminal device; wherein the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; the third The input parameters of the signature of the two terminal devices include at least one of the following: the information of the user to which the second terminal device belongs and the first temporary public key; the first temporary public key and the relevant information of the relay device for the first The terminal device derives the first key;

When the KPAK of the second terminal device is valid and the signature verification of the second terminal device based on the identity of the second terminal device and the PVT of the second terminal device is successful, the communication unit 1610 is also used to send a message to the second terminal device. The first terminal device sends an authentication request message after verification; wherein the authentication request message after verification includes at least one of the following: information about the user to whom the second terminal device belongs, information about the user to whom the relay device belongs, the first temporary The public key, the signature of the second terminal device, the signature of the relay device, and the relevant information of the relay device; wherein the information of the user to which the relay device belongs includes the identification of the relay device and the PVT of the relay device. and KPAK; the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs.

It should be understood that the terminal device 1600 according to the embodiment of the present application may correspond to the relay device in the method embodiment of the present application, and the above and other operations and/or functions of each unit in the terminal device 1600 are respectively to implement what is shown in Figure 13 The corresponding process of the relay device in method 700 will not be described again for the sake of simplicity.

Figure 29 shows a schematic block diagram of a terminal device 1700 according to an embodiment of the present application. The terminal device 1700 is a first terminal device. As shown in Figure 29, the terminal device 1700 includes:

Communication unit 1710, configured to send a direct communication request to the second terminal device through the relay device;

Wherein, the direct communication request is encrypted through a first encryption key, and the direct communication request is integrity protected through a first integrity protection key. The first encryption key is based on a registered and authorized use terminal to terminal. An encryption key derived from the symmetric key of the terminal that relays the UE-to-UE relay communication. The first integrity protection key is based on the symmetric key of the terminal that is registered and authorized to use the UE-to-UE relay communication. Derived integrity protection keys;

In some embodiments, the communication unit 1710 is also used to receive a safe mode command sent by the second terminal device through the relay device;

In some embodiments, in the case where the first random number, the first key and the second random number are used to derive the second key, the security mode command further includes the generated by the second terminal device. x bits of the identifier of the second key, and the input parameter of the first message verification code includes the x bits;

In some embodiments, in the case where the first random number, the first key and the second random number are used to derive the second key, the terminal device 1700 further includes: a processing unit 1720;

The processing unit 1720 is configured to use the first encryption key to decrypt the security mode command, and to use the first integrity protection key to determine the integrity of the security mode command;

When the information carried in the security mode command has not been tampered with, the processing unit 1720 is also configured to use the first temporary private key paired with the first temporary public key, the second temporary public key, the relay device The first key is derived from the relevant information of the first key, and the processing unit 1720 is also used to generate the N bits of the identification of the first key, and combine the M bits and the N bits to obtain the Nth bit. The identification of a key;

The processing unit 1720 is also configured to generate the second key based on at least the first random number, the first key and the second random number, and the first terminal device generates the second integrity based on the second key. protect the key and/or the second encryption key, and the processing unit 1720 is also used to generate the y bits of the identification of the second key, and combine the x bits and the y bits Obtain the identity of the second key;

When the first message verification code is valid, the processing unit 1720 is also configured to use the security algorithm selected by the second terminal device, the second integrity protection key and/or the second encryption key, the third The security policy selected by the second terminal device communicates with the second terminal device.

In some embodiments, the communication unit 1710 is also configured to send a security mode establishment completion message to the second terminal device through the relay device;

In some embodiments, the input parameters of the second integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection Algorithm identifier, the length of the integrity protection algorithm identifier; and/or, the input parameters of the second encryption key include at least one of the following: the second key, the selected algorithm type identifier, the selected algorithm type identifier The length of the character, the confidentiality protection algorithm identifier, and the length of the confidentiality protection algorithm identifier.

In some embodiments, where the first random number, the first key, and the second random number are used to derive the second encryption key and/or the second integrity protection key, the process Unit 1720 is also configured to use the first encryption key to decrypt the security mode command, and to use the first integrity protection key to determine the integrity of the security mode command;

When the information carried in the security mode command has not been tampered with, the processing unit 1720 is also configured to use the first temporary private key paired with the first temporary public key, the second temporary public key, the relay device The first key is derived from the relevant information, and the processing unit 1720 is also used to generate the N bits of the first key, and combine the M bits and the N bits to obtain the first secret key. The identification of the key;

The processing unit 1720 is further configured to generate the second integrity protection key and/or the second encryption key based on at least the first random number, the first key and the second random number;

In some embodiments, the input parameters of the second integrity protection key include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, the selected The length of the specified algorithm type identifier, the integrity protection algorithm identifier, the length of the integrity protection algorithm identifier; and/or,

In some embodiments, the first encryption key is a proximity service encryption key PEK, and the first integrity protection key is a proximity service integrity protection key PIK.

It should be understood that the terminal device 1700 according to the embodiment of the present application may correspond to the first terminal device in the method embodiment of the present application, and the above and other operations and/or functions of each unit in the terminal device 1700 are respectively to implement the functions shown in Figure 16 The corresponding process of the first terminal device in method 800 is shown, and for the sake of simplicity, it will not be described again here.

Figure 30 shows a schematic block diagram of a terminal device 1800 according to an embodiment of the present application. The terminal device 1800 is a second terminal device. As shown in Figure 30, the terminal device 1800 includes:

Communication unit 1810, configured to receive a direct communication request sent by the first terminal device through the relay device;

Among them, the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter generated by the relay device; the first temporary public key and the relay device The relevant information is used by the second terminal device to derive the first key; the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key, and the first random number is used to derive the second key. The second key is used to derive the second encryption key and/or the second integrity protection key, or the first random number, the first key and the second random number generated by the second terminal device are used to derive a second encryption key and/or a second integrity protection key;

In some embodiments, in the case where the first random number, the first key and the second random number are used to derive the second key, the terminal device 1800 further includes: a processing unit 1820;

The processing unit 1820 is configured to use the first encryption key to decrypt the direct communication request, and use the first integrity protection key to determine the integrity of the direct communication request;

When the information carried in the direct communication request has not been tampered with, the processing unit 1820 is also configured to generate a second temporary private key, and the processing unit 1820 is also configured to generate a second temporary private key based on the first temporary public key, the second temporary public key, and the second temporary public key. The first key is derived from the private key and the relevant information of the relay device, and the second terminal device generates M bits of the identification of the first key;

The processing unit 1820 is also used to generate the second random number, and the processing unit 1820 is also used to generate the second key according to at least the first random number, the first key and the second random number. The unit 1820 is further configured to generate the second integrity protection key and/or the second encryption key according to the second key, and the processing unit 1820 is further configured to generate x bits of the identification of the second key. Bit;

In some embodiments, the communication unit 1810 is also used to send a safe mode command to the first terminal device through the relay device;

In some embodiments, the communication unit 1810 is also configured to receive a security mode establishment completion message sent by the first terminal device through the relay device;

In some embodiments, where the first random number, the first key and the second random number are used to derive the second encryption key and/or the second integrity protection key, the terminal Device 1800 also includes: a processing unit 1820;

When the information carried in the direct communication request has not been tampered with, the processing unit 1820 is also configured to generate a second temporary private key, and the processing unit 1820 is also configured to generate a second temporary private key based on the first temporary public key, the second temporary public key, and the second temporary public key. The first key is derived from the private key and the relevant information of the relay device, and the processing unit 1820 is also used to generate M bits of the identification of the first key;

The processing unit 1820 is further configured to generate the second random number, and the processing unit 1820 is further configured to generate the second integrity protection key according to at least the first random number, the first key and the second random number. And/or the second encryption key; wherein, the identifier of the first key is obtained by combining the M bits and the other N bits of the identifier of the first key, where M and N are both positive integers.

In some embodiments, the processing unit 1820 is also configured to perform the following steps according to the security algorithm selected by the second terminal device, the second integrity protection key and/or the second encryption key, and the security algorithm selected by the second terminal device. strategy to communicate with the first terminal device.

It should be understood that the terminal device 1800 according to the embodiment of the present application may correspond to the second terminal device in the method embodiment of the present application, and the above and other operations and/or functions of each unit in the terminal device 1800 are respectively to implement the functions shown in Figure 17 The corresponding process of the second terminal device in method 900 is shown, and for the sake of simplicity, it will not be described again here.

Figure 31 shows a schematic block diagram of a terminal device 1900 according to an embodiment of the present application. The terminal device 1900 is a relay device. As shown in Figure 31, the terminal device 1900 includes:

The communication unit 1910 is configured to receive a direct communication request sent by the first terminal device; wherein the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, a first temporary public key generated by the first terminal device, a first random number generated by the first terminal device; wherein the direct communication request is encrypted by a first encryption key, and the direct communication request is protected by a first integrity The key performs integrity protection. The first encryption key is an encryption key derived based on the symmetric key of a terminal that is registered and authorized to use terminal-to-terminal relay UE-to-UE relay communications. The first integrity key is The protection key is an integrity protection key derived based on the symmetric key of the terminal that is registered and authorized to use UE-to-UE relay communication;

The processing unit 1920 is configured to verify whether it is configured to forward the direct communication request. After the verification is passed, the processing unit 1920 is used to decrypt the direct communication request using the first encryption key to obtain the quality of service QoS and charging information, and the The processing unit 1920 is configured to use the first integrity protection key to verify the integrity of the direct communication request. After the verification is passed, the relay device adds relevant information of the relay device and the relay device in the direct communication request. identification, and the processing unit 1920 is configured to use the first encryption key to encrypt the direct communication request, and use the first integrity protection key to protect the integrity of the direct communication request. The communication unit 1910 is also configured to The direct communication request is forwarded to the second terminal device;

In some embodiments, when the first random number, the first key and the second random number are used to derive the second key, the communication unit 1910 is also used to receive the second terminal device sent The security mode command; wherein, the security mode command includes at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key generated by the second terminal device, The second random number generated by the second terminal device, M bits of the identifier of the first key generated by the second terminal device, x bits of the identifier of the second key generated by the second terminal device bit, the first message verification code; wherein, the security mode command is encrypted by the first encryption key, the security mode command is integrity protected by the first integrity protection key, and the first message verification code is based on The second integrity protection key is generated, and the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary The public key, the second random number, the M bits, the x bits, and the relevant information of the relay device; the second temporary public key and the relevant information of the relay device are used for the first terminal device derive the first key;

The processing unit 1920 is also configured to use the first encryption key to decrypt the security mode command to obtain QoS and charging information, and the communication unit 1910 is also configured to forward the security mode command to the first terminal device;

Wherein, the second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key, and the identification of the first key consists of the M bits and the first key. The other N bits of the identifier are combined. M and N are both positive integers. The identifier of the second key is obtained by combining the x bits and the other y bits of the identifier of the second key. x and y are all positive integers.

In some embodiments, the communication unit 1910 is also configured to forward the security mode establishment completion message sent by the first terminal device to the second terminal device;

In some embodiments, where the first random number, the first key and the second random number are used to derive the second encryption key and/or the second integrity protection key, the communication Unit 1910 is also configured to receive a security mode command sent by the second terminal device; wherein the security mode command includes at least one of the following: a security algorithm selected by the second terminal device, a security policy selected by the second terminal device, the The second temporary public key generated by the second terminal device, the second random number generated by the second terminal device, the M bits of the identification of the first key generated by the second terminal device, the first message verification code ; Wherein, the security mode command is encrypted by the first encryption key, the security mode command is integrity protected by the first integrity protection key, and the first message verification code is based on the second integrity protection key. Generated, and the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key, the second random number , the M bits, the relevant information of the relay device; the second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key;

It should be understood that the terminal device 1900 according to the embodiment of the present application may correspond to the relay device in the method embodiment of the present application, and the above and other operations and/or functions of each unit in the terminal device 1900 are respectively intended to implement what is shown in Figure 18 The corresponding process of the relay device in method 1000 will not be described again for the sake of simplicity.

Figure 32 is a schematic structural diagram of a communication device 2000 provided by an embodiment of the present application. The communication device 2000 shown in Figure 32 includes a processor 2010. The processor 2010 can call and run a computer program from the memory to implement the method in the embodiment of the present application.

In some embodiments, as shown in Figure 32, communication device 2000 may also include memory 2020. The processor 2010 can call and run the computer program from the memory 2020 to implement the method in the embodiment of the present application.

The memory 2020 may be a separate device independent of the processor 2010 , or may be integrated into the processor 2010 .

In some embodiments, as shown in Figure 32, the communication device 2000 may also include a transceiver 2030, and the processor 2010 may control the transceiver 2030 to communicate with other devices, specifically, may send information or data to other devices, or Receive information or data from other devices.

Among them, the transceiver 2030 may include a transmitter and a receiver. The transceiver 2030 may further include an antenna, and the number of antennas may be one or more.

In some embodiments, the communication device 2000 may be a terminal device according to the embodiment of the present application, and the communication device 2000 may implement the corresponding functions implemented by the first terminal device and/or the second terminal in the various methods of the embodiment of the present application. The process, for the sake of brevity, will not be repeated here.

In some embodiments, the communication device 2000 can be a terminal device according to the embodiment of the present application, and the communication device 2000 can implement the corresponding processes implemented by the relay device in the various methods of the embodiment of the present application. For the sake of simplicity, here No longer.

Figure 33 is a schematic structural diagram of the device according to the embodiment of the present application. The device 2100 shown in Figure 33 includes a processor 2110. The processor 2110 can call and run a computer program from the memory to implement the method in the embodiment of the present application.

In some embodiments, as shown in Figure 33, device 2100 may also include memory 2120. The processor 2110 can call and run the computer program from the memory 2120 to implement the method in the embodiment of the present application.

The memory 2120 may be a separate device independent of the processor 2110, or may be integrated into the processor 2110.

In some embodiments, the device 2100 may also include an input interface 2130. The processor 2110 can control the input interface 2130 to communicate with other devices or chips. Specifically, it can obtain information or data sent by other devices or chips.

In some embodiments, the device 2100 may also include an output interface 2140. The processor 2110 can control the output interface 2140 to communicate with other devices or chips. Specifically, it can output information or data to other devices or chips.

In some embodiments, the device can be applied to the terminal device in the embodiment of the present application, and the device can implement the corresponding processes implemented by the first terminal device and/or the second terminal in the various methods of the embodiment of the present application, in order to It’s concise and I won’t go into details here.

In some embodiments, the device can be applied to the terminal device in the embodiments of the present application, and the device can implement the corresponding processes implemented by the relay device in the various methods of the embodiments of the present application. For the sake of brevity, they will not be described again. .

In some embodiments, the devices mentioned in the embodiments of this application may also be chips. For example, it can be a system-on-a-chip, a system-on-a-chip, a system-on-a-chip or a system-on-a-chip, etc.

Figure 34 is a schematic block diagram of a communication system 2200 provided by an embodiment of the present application. As shown in Figure 34, the communication system 2200 includes a first terminal device 2210, a second terminal device 2220 and a relay device 2230.

Wherein, the first terminal device 2210 can be used to implement the corresponding functions implemented by the first terminal device in the above method, and the second terminal device 2220 can be used to implement the corresponding functions implemented by the second terminal device in the above method, And the relay device 2230 can be used to implement the corresponding functions implemented by the relay device in the above method. For the sake of simplicity, they will not be described again here.

It should be understood that the processor in the embodiment of the present application may be an integrated circuit chip and has signal processing capabilities. During the implementation process, each step of the above method embodiment can be completed through an integrated logic circuit of hardware in the processor or instructions in the form of software. The above-mentioned processor can be a general-purpose processor, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), an off-the-shelf programmable gate array (Field Programmable Gate Array, FPGA) or other available processors. Programmed logic devices, discrete gate or transistor logic devices, discrete hardware components. Each method, step and logical block diagram disclosed in the embodiment of this application can be implemented or executed. A general-purpose processor may be a microprocessor or the processor may be any conventional processor, etc. The steps of the method disclosed in conjunction with the embodiments of the present application can be directly implemented by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor. The software module can be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other mature storage media in this field. The storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.

It can be understood that the memory in the embodiment of the present application may be a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memories. Among them, non-volatile memory can be read-only memory (Read-Only Memory, ROM), programmable read-only memory (Programmable ROM, PROM), erasable programmable read-only memory (Erasable PROM, EPROM), electrically removable memory. Erase programmable read-only memory (Electrically EPROM, EEPROM) or flash memory. Volatile memory may be Random Access Memory (RAM), which is used as an external cache. By way of illustration, but not limitation, many forms of RAM are available, such as static random access memory (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), synchronous dynamic random access memory (Synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (Double Data Rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (Enhanced SDRAM, ESDRAM), synchronous link dynamic random access memory (Synchlink DRAM, SLDRAM) ) and direct memory bus random access memory (Direct Rambus RAM, DR RAM). It should be noted that the memory of the systems and methods described herein is intended to include, but is not limited to, these and any other suitable types of memory.

It should be understood that the above-mentioned memory is an exemplary but not restrictive description. For example, the memory in the embodiment of the present application can also be a static random access memory (static RAM, SRAM), a dynamic random access memory (dynamic RAM, DRAM), Synchronous dynamic random access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection Dynamic random access memory (synch link DRAM, SLDRAM) and direct memory bus random access memory (Direct Rambus RAM, DR RAM) and so on. That is, memories in embodiments of the present application are intended to include, but are not limited to, these and any other suitable types of memories.

Embodiments of the present application also provide a computer-readable storage medium for storing computer programs.

In some embodiments, the computer-readable storage medium can be applied to the terminal device in the embodiment of the present application, and the computer program causes the computer to perform the various methods of the embodiment of the present application by the first terminal device and/or the second terminal The corresponding process of equipment implementation will not be described here for the sake of simplicity.

In some embodiments, the computer-readable storage medium can be applied to the terminal device in the embodiment of the present application, and the computer program causes the computer to execute the corresponding processes implemented by the relay device in the various methods of the embodiment of the present application. For the sake of simplicity , which will not be described in detail here.

An embodiment of the present application also provides a computer program product, including computer program instructions.

In some embodiments, the computer program product can be applied to the terminal device in the embodiment of the present application, and the computer program instructions cause the computer to perform the various methods of the embodiment of the present application by the first terminal device and/or the second terminal device. The corresponding process of implementation will not be repeated here for the sake of brevity.

In some embodiments, the computer program product can be applied to the terminal device in the embodiment of the present application, and the computer program instructions cause the computer to execute the corresponding processes implemented by the relay device in each method of the embodiment of the present application. For the sake of simplicity, I won’t go into details here.

An embodiment of the present application also provides a computer program.

In some embodiments, the computer program can be applied to the terminal device in the embodiment of the present application. When the computer program is run on the computer, the computer performs the various methods in the embodiment of the present application by the first terminal device and/or The corresponding process implemented by the second terminal device will not be described again for the sake of simplicity.

In some embodiments, the computer program can be applied to the terminal device in the embodiments of the present application. When the computer program is run on the computer, it causes the computer to execute the corresponding processes implemented by the relay device in each method of the embodiments of the present application. , for the sake of brevity, will not be repeated here.

Those of ordinary skill in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented with electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each specific application, but such implementations should not be considered beyond the scope of this application.

Those skilled in the art can clearly understand that for the convenience and simplicity of description, the specific working processes of the systems, devices and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be described again here.

In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or can be integrated into another system, or some features can be ignored, or not implemented. On the other hand, the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the devices or units may be in electrical, mechanical or other forms.

The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or they may be distributed to multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application can be integrated into one processing unit, each unit can exist physically alone, or two or more units can be integrated into one unit.

If the functions are implemented in the form of software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. In view of this understanding, the technical solution of the present application is essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product. The computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in various embodiments of this application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program code. .

The above are only specific embodiments of the present application, but the protection scope of the present application is not limited thereto. Any person familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the present application. should be covered by the protection scope of this application. Therefore, the protection scope of this application should be determined by the protection scope of the claims.

Claims

A method for relaying communications, characterized by including:

The first terminal device receives the authentication request message sent by the second terminal device through the relay device;

Wherein, the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, the first temporary public key generated by the second terminal device, the The signature of the second terminal device, the signature of the relay device, and the relevant information of the relay device;

Wherein, the information of the user to which the second terminal device belongs includes the identification of the second terminal device, the public verification token PVT of the second terminal device and the public authentication key KPAK of the key management server; the relay The information of the user to whom the device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the second terminal device include at least one of the following: information and the first temporary public key; the input parameters of the signature of the relay device include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; the first temporary The public key and the relevant information of the relay device are used by the first terminal device to derive the first key; the relevant information of the relay device includes one of the following: the identity information of the relay device, the The relay device generates a random number, and the relay device generates a counter.
The method of claim 1, characterized in that:

The signature of the second terminal device is generated by the secret signature key of the second terminal device, and/or the signature of the relay device is generated by the secret signature key of the relay device.
The method according to claim 1 or 2, characterized in that the method further includes:

The KPAK of the second terminal device and the KPAK of the relay device are valid, and the signature verification of the second terminal device based on the identification of the second terminal device and the PVT of the second terminal device is successful, And if the signature verification of the relay device is successful based on the identification of the relay device and the PVT of the relay device, the first terminal device generates a second temporary private key, and the first terminal The device derives the first key based on the first temporary public key, relevant information of the relay device, and the second temporary private key.
The method of claim 3, further comprising:

The first terminal device sends a first message to the second terminal device through the relay device;

Wherein, the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, the first The first random number generated by the terminal device, the second temporary public key paired with the second temporary private key generated by the first terminal device, the identification of the first key generated by the first terminal device M bits, the signature of the first terminal device, and the first message verification code;

Wherein, the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device; the input parameters of the signature of the first terminal device include at least one of the following: Information about the user to which the first terminal device belongs, the second temporary public key, the M bits, and the signature of the second terminal device;

Wherein, the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the first Security capability information of the terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits , the signature of the first terminal device;

Wherein, the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the The second random number generated by the second terminal device is used to derive a second key, the second key is used to derive an integrity protection key and/or a confidentiality protection key, and the identity of the first key is given by The M bits are combined with the other N bits of the identifier of the first key, and M and N are both positive integers.
The method of claim 4, further comprising:

The first terminal device receives the second message sent by the second terminal device through the relay device;

Wherein, the second message includes at least one of the following: the second random number generated by the second terminal device, N bits of the identification of the first key generated by the second terminal device, x bits of the identification of the second key generated by the second terminal device, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second message verification code;

Wherein, the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the integrity protection code derived based on the second key. The second message verification code generated by the key is integrity protected, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device; wherein, the identification of the second key is composed of the x bits and the second key The other y bits of the identifier are combined, and x and y are both positive integers.
The method of claim 5, characterized in that:

The second message is encrypted with the first key.
The method of claim 5, further comprising:

In the case that the information carried in the second message has not been tampered with, the first terminal device generates the second random number based on at least the first random number, the first key and the second random number. key, the first terminal device generates an integrity protection key and/or a confidentiality protection key based on the second key, and the first terminal device converts the M bits and the N The bits are combined to obtain the identification of the first key, the first terminal device generates y bits of the identification of the second key, and combines the x bits and the y bits Obtain the identification of the second key;

When the second message verification code is valid, the first terminal device generates an integrity protection password based on the security algorithm selected by the second terminal device, the second key, and the second key. The key and/or the confidentiality protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.
The method of claim 6, further comprising:

The first terminal device decrypts the second message according to the first key;

In the case that the information carried in the second message has not been tampered with, the first terminal device generates the second random number based on at least the first random number, the first key and the second random number. key, the first terminal device generates an integrity protection key and/or a confidentiality protection key based on the second key, and the first terminal device converts the M bits and the N The bits are combined to obtain the identification of the first key, the first terminal device generates y bits of the identification of the second key, and combines the x bits and the y bits Obtain the identification of the second key;

When the second message verification code is valid, the first terminal device generates an integrity protection password based on the security algorithm selected by the second terminal device, the second key, and the second key. The key and/or the confidentiality protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.
The method according to claim 7 or 8, characterized in that,

The input parameters of the integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, the integrity protection The length of the algorithm identifier; and/or,

The input parameters of the confidentiality protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, the confidentiality protection The length of the algorithm identifier.
The method according to claim 5 or 7, characterized in that,

The first message is an authentication response message, and the second message is a security mode command message.
The method according to claim 6 or 8, characterized in that,

The first message is a safe mode command message, and the second message is a safe mode response message.
The method according to any one of claims 7 to 9, characterized in that the method further includes:

The first terminal device sends a third message to the second terminal device through the relay device;

Wherein, the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the identification of the second key y bits, the third message verification code;

Wherein, the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;

Wherein, the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the integrity protection code derived based on the second key. The third message verification code generated by the key is used for integrity protection, and the input parameters of the third message verification code include the y bits.
The method of claim 4, further comprising:

The first terminal device receives an error message sent by the second terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein the cause The information is used to indicate that the security policy of the second terminal device conflicts with the security policy of the first terminal device, or the reason information is used to indicate that the first message verification code verification failed, or the reason information is used to indicate The security algorithm negotiation between the second terminal device and the first terminal device fails; the input parameters of the fourth message verification code include at least one of the following: the cause information;

If the fourth message verification code is valid, the first terminal device determines that the security mode establishment fails, and/or the first terminal device re-initiates the security mode establishment process.
The method according to any one of claims 4 to 13, characterized in that,

The integrity protection key includes an integrity protection key for the control plane and an integrity protection key for the user plane; and/or,

The confidentiality protection key includes a confidentiality protection key for the control plane and a confidentiality protection key for the user plane.
A method for relaying communications, characterized by including:

The second terminal device sends an authentication request message to the first terminal device through the relay device;

Wherein, the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first temporary public key generated by the second terminal device, the signature of the second terminal device, the Relevant information about relay equipment;

Wherein, the information of the user to which the second terminal device belongs includes the identification of the second terminal device, the public verification token PVT of the second terminal device and the public authentication key KPAK of the key management server; the second The input parameters of the terminal device's signature include at least one of the following: information about the user to which the second terminal device belongs and the first temporary public key; and information related to the first temporary public key and the relay device. The first terminal device derives a first key; the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter.
The method of claim 15, characterized in that:

The signature of the second terminal device is generated by the secret signature key of the second terminal device.
The method according to claim 15 or 16, characterized in that the method further includes:

The second terminal device receives the first message sent by the first terminal device through the relay device;

Wherein, the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, the relay Information about the user to whom the device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, and the identification of the first key generated by the first terminal device. M bits, the signature of the first terminal device, the signature of the relay device, and the first message verification code;

Wherein, the information about the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device; the information about the user to which the relay device belongs includes the identification of the relay device. and the PVT and KPAK of the relay device; the input parameters of the signature of the first terminal device include at least one of the following: information of the user to which the first terminal device belongs, the second temporary public key, the M bits, the signature of the second terminal device; the input parameters of the signature of the relay device include at least one of the following: information of the user to which the relay device belongs, the signature of the first terminal device, the The signature of the second terminal device, the first message;

Wherein, the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the first Security capability information of the terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits , the signature of the first terminal device;

Wherein, the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the The second random number generated by the second terminal device is used to derive a second key, the second key is used to derive an integrity protection key and/or a confidentiality protection key, and the identity of the first key is given by The M bits are combined with the other N bits of the identifier of the first key, and M and N are both positive integers.
The method of claim 17, characterized in that:

The signature of the first terminal device is generated by the secret signature key of the first terminal device, and/or the signature of the relay device is generated by the secret signature key of the relay device.
The method according to claim 17 or 18, characterized in that the method further includes:

The second terminal device checks the KPAK of the first terminal device and the KPAK of the relay device respectively. If the KPAK of the first terminal device and the KPAK of the relay device are valid, and based on the Verify the signature of the first terminal device based on the identification of the first terminal device and the PVT of the first terminal device, and verify the relay based on the identification of the relay device and the PVT of the relay device. The device’s signature is verified;

When the signature of the first terminal device and the signature of the relay device are verified successfully, and the information carried in the first message has not been tampered with, the second terminal device generates a second random number, so The second terminal device generates the second key based on at least the first random number, the first key and the second random number, and the second terminal device generates a complete key based on the second key. sexual protection key and/or confidentiality protection key, and the second terminal device generates N bits of the identification of the first key, and combines the M bits and the N bits Merge to obtain the identity of the first key;

When the first message verification code is valid, the second terminal device sends a second message to the first terminal device through the relay device; wherein the second message includes at least one of the following: The second random number, the N bits, the x bits of the identifier of the second key generated by the second terminal device, the security algorithm selected by the second terminal device, the third The second security policy selected by the terminal device, the second message verification code;

Wherein, the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the integrity protection code derived based on the second key. The second message verification code generated by the key is integrity protected, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device; wherein, the identification of the second key is composed of the x bits and the second key The other y bits of the identifier are combined, and x and y are both positive integers.
The method of claim 19, characterized in that:

The second message is encrypted with the first key.
The method of claim 19, characterized in that:

The first message is an authentication response message, and the second message is a security mode command message.
The method of claim 20, characterized in that:

The first message is a safe mode command message, and the second message is a safe mode response message.
The method according to any one of claims 19 to 22, characterized in that,

The input parameters of the integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, the integrity protection The length of the algorithm identifier; and/or,

The input parameters of the confidentiality protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, the confidentiality protection The length of the algorithm identifier.
The method according to any one of claims 19 to 23, characterized in that the method further includes:

The second terminal device receives the third message sent by the first terminal device through the relay device;

Wherein, the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by a target key, and the third message includes at least one of the following: the third message generated by the first terminal device. y bits of the identifier of the second key, and the third message verification code;

Wherein, the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;

Wherein, the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the integrity protection code derived based on the second key. The third message verification code generated by the key is used for integrity protection, and the input parameters of the third message verification code include the y bits.
The method of claim 24, further comprising:

The second terminal device decrypts the third message using the target key;

When the information carried in the third message has not been tampered with and the third message verification code is valid, the second terminal device combines the x bits with the y bits. Combined to obtain the identity of the second key.
The method according to claim 17 or 18, characterized in that the method further includes:

The second terminal device sends an error message to the first terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein the cause information The reason information is used to indicate that the security policy of the second terminal device conflicts with the security policy of the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the first message verification code verification fails. The security algorithm negotiation between the second terminal device and the first terminal device fails; the input parameter of the fourth message verification code includes at least one of the following: the cause information.
The method according to any one of claims 17 to 26, characterized in that,

The integrity protection key includes an integrity protection key for the control plane and an integrity protection key for the user plane; and/or,

The confidentiality protection key includes a confidentiality protection key for the control plane and a confidentiality protection key for the user plane.
A method for relaying communications, characterized by including:

The relay device receives an authentication request message sent by the second terminal device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, a first temporary public address generated by the second terminal device. key, the signature of the second terminal device; wherein the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the public verification token PVT and key management server of the second terminal device. The public authentication key KPAK; the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key;

When the KPAK of the second terminal device is valid and the signature verification of the second terminal device is successful based on the identification of the second terminal device and the PVT of the second terminal device, the relay device Send an authentication request message after verification to the first terminal device; wherein the authentication request message after verification includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, The first temporary public key, the signature of the second terminal device, the signature of the relay device, and the relevant information of the relay device; wherein the information of the user to which the relay device belongs includes the relay device. The identification of the device and the PVT and KPAK of the relay device; the input parameters of the signature of the relay device include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; wherein , the first temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key; the relevant information of the relay device includes one of the following: Identity information, random numbers generated by the relay device, and counters generated by the relay device.
The method of claim 28, characterized in that:

The signature of the second terminal device is generated by the secret signature key of the second terminal device, and/or the signature of the relay device is generated by the secret signature key of the relay device.
The method according to claim 28 or 29, characterized in that the method further includes:

The relay device receives the first message sent by the first terminal device; wherein the first message includes at least one of the following: security capability information of the first terminal device, security capability information of the first terminal device, Policy information, information about the user to which the first terminal device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, all the information generated by the first terminal device. M bits of the identification of the first key, the signature of the first terminal device, and the first message verification code; wherein the information of the user to which the first terminal device belongs includes the identification of the first terminal device and The PVT and KPAK of the first terminal device; the input parameters of the signature of the first terminal device include at least one of the following: information of the user to which the first terminal device belongs, the second temporary public key, the M bits, the signature of the second terminal device; wherein the first message is integrity protected by the first message verification code generated based on the first key, and the first message verification code The input parameters include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, the first random number, the The second temporary public key, the M bits, and the signature of the first terminal device;

When the KPAK of the first terminal device is valid and the signature verification of the first terminal device is successful based on the identity of the first terminal device and the PVT of the first terminal device, the relay device Send a first message after verification to the second terminal device; wherein the first message after verification includes at least one of the following: security capability information of the first terminal device, security capability information of the first terminal device, Policy information, information about the user to which the first terminal device belongs, information about the user to which the relay device belongs, the first random number generated by the first terminal device, the number generated by the first terminal device and the second random number generated by the first terminal device. The second temporary public key of the temporary private key pairing, M bits of the identification of the first key generated by the first terminal device, the signature of the first terminal device, the signature of the relay device, The first message verification code; wherein the information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the relay device include the following At least one of: the information of the user to which the relay device belongs, the signature of the first terminal device, the signature of the second terminal device, and the first message after the verification;

Wherein, the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the The second random number generated by the second terminal device is used to derive a second key, the second key is used to derive an integrity protection key and/or a confidentiality protection key, and the identity of the first key is given by The M bits are combined with the other N bits of the identifier of the first key, and M and N are both positive integers.
The method of claim 30, further comprising:

The relay device forwards the second message sent by the second terminal device to the first terminal device;

Wherein, the second message includes at least one of the following: the second random number generated by the second terminal device, N bits of the identification of the first key generated by the second terminal device, x bits of the identification of the second key generated by the second terminal device, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second message verification code;

Wherein, the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the integrity protection code derived based on the second key. The second message verification code generated by the key is integrity protected, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device; wherein, the identification of the second key is composed of the x bits and the second key The other y bits of the identifier are combined, and x and y are both positive integers.
The method of claim 31, wherein:

The second message is encrypted using the first key, or the second message is not encrypted using the first key.
The method of claim 31, wherein:

The first message is an authentication response message, and the second message is a security mode command message.
The method of claim 32, wherein:

The first message is a safe mode command message, and the second message is a safe mode response message.
The method according to any one of claims 30 to 34, wherein the method further includes:

The relay device forwards the third message sent by the first terminal device to the second terminal device;

Wherein, the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by a target key, and the third message includes at least one of the following: the third message generated by the first terminal device. y bits of the identifier of the second key, and the third message verification code;

Wherein, the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;

Wherein, the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the integrity protection code derived based on the second key. The third message verification code generated by the key is used for integrity protection, and the input parameters of the third message verification code include the y bits.
The method of claim 30, further comprising:

The relay device forwards the error message sent by the second terminal device to the first terminal device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein, the The reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to Indicates that the security algorithm negotiation between the second terminal device and the first terminal device failed; the input parameter of the fourth message verification code includes at least one of the following: the cause information.
The method according to any one of claims 30 to 35, characterized in that,

The integrity protection key includes an integrity protection key for the control plane and an integrity protection key for the user plane; and/or,

The confidentiality protection key includes a confidentiality protection key for the control plane and a confidentiality protection key for the user plane.
A method for relaying communications, characterized by including:

The first terminal device sends the first message to the second terminal device through the relay device;

Wherein, the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, the first The first random number generated by the terminal device, the second temporary public key generated by the first terminal device, the M bits of the identification of the first key generated by the first terminal device, the Signature, first message verification code;

Wherein, the information of the user to which the first terminal device belongs includes the identification of the first terminal device, the public verification token PVT of the first terminal device and the public authentication key KPAK of the key management server; the first The input parameters of the signature of the terminal device include at least one of the following: information of the user to which the first terminal device belongs, the second temporary public key, the M bits, and the signature of the second terminal device;

Wherein, the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the first Security capability information of the terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits , the signature of the first terminal device;

Wherein, the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the The second random number generated by the second terminal device is used to derive a second key, the second key is used to derive an integrity protection key and/or a confidentiality protection key, and the identity of the first key is given by The M bits are obtained by combining the other N bits of the identification of the first key, where M and N are both positive integers;

Wherein, the relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.
The method of claim 38, further comprising:

The first terminal device receives the second message sent by the second terminal device through the relay device;

Wherein, the second message includes at least one of the following: the second random number generated by the second terminal device, N bits of the identification of the first key generated by the second terminal device, x bits of the identification of the second key generated by the second terminal device, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second message verification code;

Wherein, the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the integrity protection code derived based on the second key. The second message verification code generated by the key is integrity protected, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device; wherein, the identification of the second key is composed of the x bits and the second key The other y bits of the identifier are combined, and x and y are both positive integers.
The method of claim 39, wherein:

The second message is encrypted using the first key, or the second message is not encrypted using the first key.
The method of claim 39, further comprising:

In the case that the information carried in the second message has not been tampered with, the first terminal device generates the second random number based on at least the first random number, the first key and the second random number. key, the first terminal device generates an integrity protection key and/or a confidentiality protection key based on the second key, and the first terminal device converts the M bits and the N The bits are combined to obtain the identification of the first key, the first terminal device generates y bits of the identification of the second key, and combines the x bits and the y bits Obtain the identification of the second key;

When the second message verification code is valid, the first terminal device generates an integrity protection password based on the security algorithm selected by the second terminal device, the second key, and the second key. The key and/or the confidentiality protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.
The method of claim 40, further comprising:

The first terminal device decrypts the second message according to the first key;

In the case that the information carried in the second message has not been tampered with, the first terminal device generates the second random number based on at least the first random number, the first key and the second random number. key, the first terminal device generates an integrity protection key and/or a confidentiality protection key based on the second key, and the first terminal device converts the M bits and the N The bits are combined to obtain the identification of the first key, the first terminal device generates y bits of the identification of the second key, and combines the x bits and the y bits Obtain the identification of the second key;

When the second message verification code is valid, the first terminal device generates an integrity protection password based on the security algorithm selected by the second terminal device, the second key, and the second key. The key and/or the confidentiality protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.
The method of claim 41 or 42, characterized in that,

The input parameters of the integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, the integrity protection The length of the algorithm identifier; and/or,

The input parameters of the confidentiality protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, the confidentiality protection The length of the algorithm identifier.
The method according to claim 39 or 41, characterized in that,

The first message is an authentication response message, and the second message is a security mode command message.
The method of claim 40 or 42, characterized in that,

The first message is a safe mode command message, and the second message is a safe mode response message.
The method according to any one of claims 41 to 43, characterized in that the method further includes:

The first terminal device sends a third message to the second terminal device through the relay device;

Wherein, the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the identification of the second key y bits, the third message verification code;

Wherein, the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;

Wherein, the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the integrity protection code derived based on the second key. The third message verification code generated by the key is used for integrity protection, and the input parameters of the third message verification code include the y bits.
The method of claim 38, further comprising:

The first terminal device receives an error message sent by the second terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein the cause The information is used to indicate that the security policy of the second terminal device conflicts with the security policy of the first terminal device, or the reason information is used to indicate that the first message verification code verification failed, or the reason information is used to indicate The security algorithm negotiation between the second terminal device and the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information;

If the fourth message verification code is valid, the first terminal device determines that the security mode establishment fails, and/or the first terminal device re-initiates the security mode establishment process.
The method according to any one of claims 38 to 47, characterized in that,

The integrity protection key includes an integrity protection key for the control plane and an integrity protection key for the user plane; and/or,

The confidentiality protection key includes a confidentiality protection key for the control plane and a confidentiality protection key for the user plane.
The method according to any one of claims 38 to 48, wherein the method further includes:

The first terminal device receives the authentication request message sent by the second terminal device through the relay device;

Wherein, the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, the first temporary public key generated by the second terminal device, the The signature of the second terminal device, the signature of the relay device, and the relevant information of the relay device;

Wherein, the information of the user to which the second terminal device belongs includes the identification of the second terminal device, the public verification token PVT of the second terminal device and the public authentication key KPAK of the key management server; the relay The information of the user to whom the device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the second terminal device include at least one of the following: information and the first temporary public key; the input parameters of the signature of the relay device include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; the first temporary The public key and related information of the relay device are used by the first terminal device to derive the first key.
The method of claim 49, wherein:

The signature of the second terminal device is generated by the secret signature key of the second terminal device, and/or the signature of the relay device is generated by the secret signature key of the relay device.
The method according to claim 49 or 50, characterized in that the method further includes:

The KPAK of the second terminal device and the KPAK of the relay device are valid, and the signature verification of the second terminal device based on the identification of the second terminal device and the PVT of the second terminal device is successful, And if the signature verification of the relay device is successful based on the identification of the relay device and the PVT of the relay device, the first terminal device generates a second temporary public key paired with the second temporary public key. The first terminal device derives the first key based on the first temporary public key, the relevant information of the relay device and the second temporary private key.
A method for relaying communications, characterized by including:

The second terminal device receives the first message sent by the first terminal device through the relay device;

Wherein, the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, the relay Information about the user to whom the device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, M identification numbers of the first key generated by the first terminal device bits, the signature of the first terminal device, the signature of the relay device, and the first message verification code;

Wherein, the information of the user to which the first terminal device belongs includes the identification of the first terminal device, the public verification token PVT of the first terminal device and the public authentication key KPAK of the key management server; the relay The information of the user to whom the device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the first terminal device include at least one of the following: information, the second temporary public key, the M bits, and the signature of the second terminal device; the input parameters of the signature of the relay device include at least one of the following: the user to whom the relay device belongs Information, the signature of the first terminal device, the signature of the second terminal device, the first message;

Wherein, the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the first Security capability information of the terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits , the signature of the first terminal device;

Wherein, the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the The second random number generated by the second terminal device is used to derive a second key, the second key is used to derive an integrity protection key and/or a confidentiality protection key, and the identity of the first key is given by The M bits are obtained by combining the other N bits of the identification of the first key, where M and N are both positive integers;

Wherein, the relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.
The method of claim 52, wherein:

The signature of the first terminal device is generated by the secret signature key of the first terminal device, and/or the signature of the relay device is generated by the secret signature key of the relay device.
The method according to claim 52 or 53, characterized in that the method further includes:

The second terminal device checks the KPAK of the first terminal device and the KPAK of the relay device respectively. If the KPAK of the first terminal device and the KPAK of the relay device are valid, and based on the Verify the signature of the first terminal device based on the identification of the first terminal device and the PVT of the first terminal device, and verify the relay based on the identification of the relay device and the PVT of the relay device. The device’s signature is verified;

When the signature of the first terminal device and the signature of the relay device are verified successfully, and the information carried in the first message has not been tampered with, the second terminal device generates a second random number, so The second terminal device generates the second key based on at least the first random number, the first key and the second random number, and the second terminal device generates a complete key based on the second key. sexual protection key and/or confidentiality protection key, and the second terminal device generates N bits of the identification of the first key, and combines the M bits and the N bits Merge to obtain the identity of the first key;

When the first message verification code is valid, the second terminal device sends a second message to the first terminal device through the relay device; wherein the second message includes at least one of the following: The second random number, the N bits, the x bits of the identifier of the second key generated by the second terminal device, the security algorithm selected by the second terminal device, the third The second security policy selected by the terminal device, the second message verification code;

Wherein, the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the integrity protection code derived based on the second key. The second message verification code generated by the key is integrity protected, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device; wherein, the identification of the second key is composed of the x bits and the second key The other y bits of the identifier are combined, and x and y are both positive integers.
The method of claim 54, wherein:

The second message is encrypted using the first key, or the second message is not encrypted using the first key.
The method of claim 54, wherein:

The first message is an authentication response message, and the second message is a security mode command message.
The method of claim 55, wherein:

The first message is a safe mode command message, and the second message is a safe mode response message.
The method according to any one of claims 54 to 57, characterized in that,

The input parameters of the integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, the integrity protection The length of the algorithm identifier; and/or,

The input parameters of the confidentiality protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, the confidentiality protection The length of the algorithm identifier.
The method according to any one of claims 54 to 58, wherein the method further includes:

The second terminal device receives the third message sent by the first terminal device through the relay device;

Wherein, the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by a target key, and the third message includes at least one of the following: the third message generated by the first terminal device. y bits of the identifier of the second key, and the third message verification code;

Wherein, the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;

Wherein, the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the integrity protection code derived based on the second key. The third message verification code generated by the key is used for integrity protection, and the input parameters of the third message verification code include the y bits.
The method of claim 59, further comprising:

The second terminal device decrypts the third message using the target key;

When the information carried in the third message has not been tampered with and the third message verification code is valid, the second terminal device combines the x bits with the y bits. Combined to obtain the identity of the second key.
The method according to claim 52 or 53, characterized in that the method further includes:

The second terminal device sends an error message to the first terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein the cause information The reason information is used to indicate that the security policy of the second terminal device conflicts with the security policy of the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the first message verification code verification fails. The security algorithm negotiation between the second terminal device and the first terminal device fails, and the input parameter of the fourth message verification code includes at least one of the following: the reason information.
The method according to any one of claims 52 to 61, characterized in that,

The integrity protection key includes an integrity protection key for the control plane and an integrity protection key for the user plane; and/or,

The confidentiality protection key includes a confidentiality protection key for the control plane and a confidentiality protection key for the user plane.
The method according to any one of claims 52 to 62, wherein the method further includes:

The second terminal device sends an authentication request message to the first terminal device through the relay device;

Wherein, the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first temporary public key generated by the second terminal device, the signature of the second terminal device, the Relevant information about relay equipment;

Wherein, the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; the input parameters of the signature of the second terminal device include at least one of the following: The information of the user to which the second terminal device belongs and the first temporary public key; the first temporary public key and the relevant information of the relay device are used for the first terminal device to derive the first key.
The method of claim 63, wherein:

The signature of the second terminal device is generated by the secret signature key of the second terminal device.
A method for relaying communications, characterized by including:

The relay device receives the first message sent by the first terminal device; wherein the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, The information of the user to which the first terminal device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, and the first key generated by the first terminal device. M bits of identification, the signature of the first terminal device, and the first message verification code; wherein the information about the user to which the first terminal device belongs includes the identification of the first terminal device and the first terminal device The public verification token PVT and the public authentication key KPAK of the key management server; the input parameters of the signature of the first terminal device include at least one of the following: information of the user to which the first terminal device belongs, the second Temporary public key, the M bits, and the signature of the second terminal device; wherein the first message is integrity protected by the first message verification code generated based on the first key, and the The input parameters of the first message verification code include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, information of the user of the first terminal device, A random number, the second temporary public key, the M bits, and the signature of the first terminal device;

When the KPAK of the first terminal device is valid and the signature verification of the first terminal device is successful based on the identity of the first terminal device and the PVT of the first terminal device, the relay device Send a first message after verification to the second terminal device; wherein the first message after verification includes at least one of the following: security capability information of the first terminal device, security capability information of the first terminal device, Policy information, information about the user to which the first terminal device belongs, information about the user to which the relay device belongs, the first random number generated by the first terminal device, the number generated by the first terminal device and the second random number generated by the first terminal device. The second temporary public key of the temporary private key pairing, M bits of the identification of the first key generated by the first terminal device, the signature of the first terminal device, the signature of the relay device, Relevant information of the relay device, the first message verification code; wherein the information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; the The input parameters of the signature of the relay device include at least one of the following: information of the user to which the relay device belongs, the signature of the first terminal device, the signature of the second terminal device, and the first message after the verification;

Wherein, the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the The second random number generated by the second terminal device is used to derive a second key, the second key is used to derive an integrity protection key and/or a confidentiality protection key, and the identity of the first key is given by The M bits are combined with the other N bits of the identification of the first key, and M and N are both positive integers; wherein the relevant information of the relay device includes one of the following: The identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.
The method of claim 65, further comprising:

The relay device forwards the second message sent by the second terminal device to the first terminal device;

Wherein, the second message includes at least one of the following: the second random number generated by the second terminal device, N bits of the identification of the first key generated by the second terminal device, x bits of the identification of the second key generated by the second terminal device, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second message verification code;

Wherein, the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the integrity protection code derived based on the second key. The second message verification code generated by the key is integrity protected, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device; wherein, the identification of the second key is composed of the x bits and the second key The other y bits of the identifier are combined, and x and y are both positive integers.
The method of claim 66, wherein:

The second message is encrypted using the first key, or the second message is not encrypted using the first key.
The method of claim 66, wherein:

The first message is an authentication response message, and the second message is a security mode command message.
The method of claim 67, wherein:

The first message is a safe mode command message, and the second message is a safe mode response message.
The method according to any one of claims 55 to 69, characterized in that the method further comprises:

The relay device forwards the third message sent by the first terminal device to the second terminal device;

Wherein, the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by a target key, and the third message includes at least one of the following: the third message generated by the first terminal device. y bits of the identifier of the second key, and the third message verification code;

Wherein, the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;

Wherein, the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the integrity protection code derived based on the second key. The third message verification code generated by the key is used for integrity protection, and the input parameters of the third message verification code include the y bits.
The method of claim 65, further comprising:

The relay device forwards the error message sent by the second terminal device to the first terminal device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein, the The reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to Indicating that the security algorithm negotiation between the second terminal device and the first terminal device failed, the input parameters of the fourth message verification code include at least one of the following: the cause information.
The method according to any one of claims 65 to 71, characterized in that,

The integrity protection key includes an integrity protection key for the control plane and an integrity protection key for the user plane; and/or,

The confidentiality protection key includes a confidentiality protection key for the control plane and a confidentiality protection key for the user plane.
The method according to any one of claims 65 to 72, further comprising:

The relay device receives an authentication request message sent by the second terminal device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, information generated by the second terminal device. The first temporary public key, the signature of the second terminal device; wherein the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; The input parameters of the signature of the second terminal device include at least one of the following: information about the user to which the second terminal device belongs and the first temporary public key; information related to the first temporary public key and the relay device Used by the first terminal device to derive the first key;

When the KPAK of the second terminal device is valid and the signature verification of the second terminal device is successful based on the identification of the second terminal device and the PVT of the second terminal device, the relay device Send an authentication request message after verification to the first terminal device; wherein the authentication request message after verification includes at least one of the following: information about the user to whom the second terminal device belongs, information about the user to whom the relay device belongs. information, the first temporary public key, the signature of the second terminal device, the signature of the relay device, and relevant information of the relay device; wherein the information of the user to which the relay device belongs includes the The identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the relay device include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs. .
The method of claim 73, wherein:

The signature of the second terminal device is generated by the secret signature key of the second terminal device, and/or the signature of the relay device is generated by the secret signature key of the relay device.
A method for relaying communications, characterized by including:

The first terminal device sends a direct communication request to the second terminal device through the relay device;

Wherein, the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the first temporary public key generated by the first terminal device, the The first random number generated by the first terminal device;

Wherein, the direct communication request is encrypted by a first encryption key, and the direct communication request is integrity protected by a first integrity protection key, and the first encryption key is based on being registered and authorized for use. An encryption key derived from the symmetric key of a terminal that relays UE-to-UE relay communications, where the first integrity protection key is based on a terminal that is registered and authorized to use UE-to-UE relay communications. An integrity-protected key derived from a symmetric key;

Wherein, the first temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key; the first random number, the first key and the second The second random number generated by the terminal device is used to derive a second key, and the second key is used to derive a second encryption key and/or a second integrity protection key, or the first random number , the first key and the second random number generated by the second terminal device are used to derive a second encryption key and/or a second integrity protection key;

Wherein, the relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.
The method of claim 75, further comprising:

The first terminal device receives the safe mode command sent by the second terminal device through the relay device;

Wherein, the security mode command includes at least one of the following: a security algorithm selected by the second terminal device, a security policy selected by the second terminal device, a second temporary public key generated by the second terminal device, the The second random number generated by the second terminal device, the M bits of the identification of the first key generated by the second terminal device, the relevant information of the relay device, and the first message verification code ;

Wherein, the security mode command is encrypted by the first encryption key, the security mode command is integrity protected by the first integrity protection key, and the first message verification code is based on the second The integrity protection key is generated, and the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second The temporary public key, the second random number, the M bits, and the relevant information of the relay device;

Wherein, the second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key, and the identification of the first key is composed of the M bits and The other N bits of the identifier of the first key are combined and obtained, and M and N are both positive integers.
The method of claim 76, wherein:

In the case where the first random number, the first key and the second random number are used to derive the second key, the security mode command further includes all the information generated by the second terminal device. x bits of the identifier of the second key, and the input parameter of the first message verification code includes the x bits;

Wherein, the identifier of the second key is obtained by combining the x bits and the other y bits of the identifier of the second key, and both x and y are positive integers.
The method of claim 77, further comprising:

The first terminal device uses the first encryption key to decrypt the security mode command, and uses the first integrity protection key to determine the integrity of the security mode command;

When the information carried in the security mode command has not been tampered with, the first terminal device uses the first temporary private key paired with the first temporary public key, the second temporary public key, and the The first key is derived from the relevant information of the relay device, and the first terminal device generates the N bits of the identification of the first key, and combines the M bits and the N Combining bits to obtain the identity of the first key;

The first terminal device generates the second key based on at least the first random number, the first key and the second random number, and the first terminal device generates the second key based on the second key. The second integrity protection key and/or the second encryption key, and the first terminal device generates the y bits of the identification of the second key, and converts the x bits and the y bits are combined to obtain the identity of the second key;

When the first message verification code is valid, the first terminal device uses the security algorithm selected by the second terminal device, the second integrity protection key and/or the second encryption key. . The security policy selected by the second terminal device is communicated with the second terminal device.
The method of claim 78, further comprising:

The first terminal device sends a security mode establishment completion message to the second terminal device through the relay device;

Wherein, the security mode establishment completion message is encrypted by the second key or the second encryption key, and the security mode establishment completion message is encrypted by the second key or the second integrity protection key. Key integrity protection;

Wherein, the security mode establishment completion message includes at least the y bits of the identification of the second key.
The method of claim 78 or 79, characterized in that,

The input parameters of the second integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, the complete The length of the sex protection algorithm identifier; and/or,

The input parameters of the second encryption key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, the confidentiality protection The length of the algorithm identifier.
The method of claim 76, wherein the first random number, the first key and the second random number are used to derive the second encryption key and/or the third In the case of two integrity protection keys, the method further includes:

The first terminal device uses the first encryption key to decrypt the security mode command, and uses the first integrity protection key to determine the integrity of the security mode command;

When the information carried in the security mode command has not been tampered with, the first terminal device uses the first temporary private key paired with the first temporary public key, the second temporary public key, and the The first key is derived from the relevant information of the relay device, and the first terminal device generates the N bits of the first key, and combines the M bits and the N bits Bit merging to obtain the identity of the first key;

The first terminal device generates the second integrity protection key and/or the second encryption key based on at least the first random number, the first key and the second random number;

When the first message verification code is valid, the first terminal device uses the security algorithm selected by the second terminal device, the second integrity protection key and/or the second encryption key. . The security policy selected by the second terminal device is communicated with the second terminal device.
The method of claim 81, further comprising:

The first terminal device sends a security mode establishment completion message to the second terminal device through the relay device;

Wherein, the security mode establishment completion message is encrypted by the second encryption key, and the security mode establishment completion message is integrity protected by the second integrity protection key.
The method of claim 81 or 82, characterized in that,

The input parameters of the second integrity protection key include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, the selected The length of the algorithm type identifier, the integrity protection algorithm identifier, the length of the integrity protection algorithm identifier; and/or,

The input parameters of the second encryption key include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, the selected algorithm type The length of the identifier, the confidentiality protection algorithm identifier, the length of the confidentiality protection algorithm identifier.
The method according to any one of claims 75 to 83, wherein the first encryption key is a proximity service encryption key PEK, and the first integrity protection key is a proximity service integrity protection key. Key PIK.
A method for relaying communications, characterized by including:

The second terminal device receives the direct communication request sent by the first terminal device through the relay device;

Wherein, the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the first temporary public key generated by the first terminal device, the The first random number generated by the first terminal device, the identification of the relay device, and the relevant information of the relay device;

Wherein, the direct communication request is encrypted by a first encryption key, and the direct communication request is integrity protected by a first integrity protection key, and the first encryption key is based on being registered and authorized for use. An encryption key derived from the symmetric key of a terminal that relays UE-to-UE relay communications, where the first integrity protection key is based on a terminal that is registered and authorized to use UE-to-UE relay communications. An integrity-protected key derived from a symmetric key;

Wherein, the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter generated by the relay device; the first temporary public key The information related to the relay device is used for the second terminal device to derive the first key; the first random number, the first key and the second random number generated by the second terminal device are used for to derive a second key, and the second key is used to derive a second encryption key and/or a second integrity protection key, or the first random number, the first key and the The second random number generated by the second terminal device is used to derive a second encryption key and/or a second integrity protection key.
The method of claim 85, wherein when the first random number, the first key and the second random number are used to derive the second key, the method Also includes:

The second terminal device uses the first encryption key to decrypt the direct communication request, and uses the first integrity protection key to determine the integrity of the direct communication request;

When the information carried in the direct communication request has not been tampered with, the second terminal device generates a second temporary private key, and the second terminal device generates a second temporary public key based on the first temporary public key, the second temporary public key, and the second temporary public key. The first key is derived from the temporary private key and the relevant information of the relay device, and the second terminal device generates M bits of the identification of the first key;

The second terminal device generates the second random number, and the second terminal device generates the second key based on at least the first random number, the first key and the second random number. , the second terminal device generates the second integrity protection key and/or the second encryption key according to the second key, and the second terminal device generates the second key x bits of identification;

Wherein, the identification of the first key is obtained by combining the M bits and the other N bits of the identification of the first key, M and N are both positive integers, and the second key The identification is obtained by combining the x bits and the other y bits of the identification of the second key, and x and y are both positive integers.
The method of claim 86, further comprising:

The second terminal device sends a safe mode command to the first terminal device through the relay device;

Wherein, the security mode command includes at least one of the following: a security algorithm selected by the second terminal device, a security policy selected by the second terminal device, and a security algorithm generated by the second terminal device that is consistent with the second temporary privacy policy. The second temporary public key of key pairing, the second random number, the M bits of the identification of the first key, the x bits of the identification of the second key, the first Message verification code;

Wherein, the security mode command is encrypted by the first encryption key, the security mode command is integrity protected by the first integrity protection key, and the first message verification code is based on the second The integrity protection key is generated, and the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second Temporary public key, the second random number, the M bits, the x bits, the relevant information of the relay device; the second temporary public key and the relevant information of the relay device Used by the first terminal device to derive the first key.
The method of claim 87, further comprising:

The second terminal device receives the security mode establishment completion message sent by the first terminal device through the relay device;

Wherein, the security mode establishment completion message is encrypted by the second key or the second encryption key, and the security mode establishment completion message is encrypted by the second key or the second integrity protection key. Key integrity protection;

Wherein, the security mode establishment completion message includes at least the y bits of the identification of the second key.
The method according to any one of claims 86 to 88, characterized in that,

The input parameters of the second integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, the complete The length of the sex protection algorithm identifier; and/or,

The input parameters of the second encryption key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, the confidentiality protection The length of the algorithm identifier.
The method of claim 85, wherein the first random number, the first key and the second random number are used to derive the second encryption key and/or the third In the case of two integrity protection keys, the method further includes:

The second terminal device uses the first encryption key to decrypt the direct communication request, and uses the first integrity protection key to determine the integrity of the direct communication request;

When the information carried in the direct communication request has not been tampered with, the second terminal device generates a second temporary private key, and the second terminal device generates a second temporary public key based on the first temporary public key and the second temporary public key. The first key is derived from the temporary private key and the relevant information of the relay device, and the second terminal device generates M bits of the identification of the first key;

The second terminal device generates the second random number, and the second terminal device generates the second integrity based on at least the first random number, the first key and the second random number. protecting the key and/or said second encryption key;

Wherein, the identifier of the first key is obtained by combining the M bits and the other N bits of the identifier of the first key, where M and N are both positive integers.
The method of claim 90, further comprising:

The second terminal device sends a safe mode command to the first terminal device through the relay device;

Wherein, the security mode command includes at least one of the following: a security algorithm selected by the second terminal device, a security policy selected by the second terminal device, and a security algorithm generated by the second terminal device that is consistent with the second temporary privacy policy. The second temporary public key of key pairing, the second random number, the M bits of the identification of the first key, and the first message verification code;

Wherein, the security mode command is encrypted by the first encryption key, the security mode command is integrity protected by the first integrity protection key, and the first message verification code is based on the second The integrity protection key is generated, and the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second The temporary public key, the second random number, the M bits; the second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key.
The method of claim 91, further comprising:

The second terminal device receives the security mode establishment completion message sent by the first terminal device through the relay device;

Wherein, the security mode establishment completion message is encrypted by the second encryption key, and the security mode establishment completion message is integrity protected by the second integrity protection key.
The method according to any one of claims 90 to 92, characterized in that,

The input parameters of the second integrity protection key include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, the selected The length of the algorithm type identifier, the integrity protection algorithm identifier, the length of the integrity protection algorithm identifier; and/or,

The input parameters of the second encryption key include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, the selected algorithm type The length of the identifier, the confidentiality protection algorithm identifier, the length of the confidentiality protection algorithm identifier.
The method according to claim 87 or 91, characterized in that the safe mode command also includes relevant information of the relay device, and the input parameters of the first message verification code also include the information of the relay device. Related Information.
The method of claim 88 or 92, further comprising:

The second terminal device, according to the security algorithm selected by the second terminal device, the second integrity protection key and/or the second encryption key, the security policy selected by the second terminal device, and The first terminal device communicates.
The method according to any one of claims 85 to 95, wherein the first encryption key is a proximity service encryption key PEK, and the first integrity protection key is a proximity service integrity protection key. Key PIK.
A method for relaying communications, characterized by including:

The relay device receives a direct communication request sent by the first terminal device; wherein the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, The first temporary public key generated by the first terminal device, the first random number generated by the first terminal device; wherein the direct communication request is encrypted by a first encryption key, and the direct communication request is encrypted by a first encryption key. An integrity protection key performs integrity protection, and the first encryption key is an encryption key derived based on a symmetric key of a terminal that is registered and authorized to use terminal-to-terminal relay UE-to-UE relay communications, The first integrity protection key is an integrity protection key derived based on a symmetric key of a terminal that has been registered and authorized to use UE-to-UE relay communication;

The relay device verifies whether it is configured to forward the direct communication request. After the verification is passed, the relay device uses the first encryption key to decrypt the direct communication request to obtain quality of service QoS and charging information, and the The relay device uses the first integrity protection key to verify the integrity of the direct communication request. After the verification is passed, the relay device adds relevant information of the relay device and an identification of the relay device, and the relay device encrypts the direct communication request using the first encryption key, protects the integrity of the direct communication request using the first integrity protection key, and Forward the direct communication request to the second terminal device;

Wherein, the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter generated by the relay device; the first temporary public key The information related to the relay device is used by the second terminal device to derive the first key; the first random number, the first key and the second random number generated by the second terminal device are used to derive the first key. a second key, and the second key is used to derive a second encryption key and/or a second integrity protection key, or the first random number, the first key and the second The second random number generated by the second terminal device is used to derive the second encryption key and/or the second integrity protection key.
The method of claim 97, wherein when the first random number, the first key and the second random number are used to derive the second key, the method Also includes:

The relay device receives a security mode command sent by the second terminal device; wherein the security mode command includes at least one of the following: a security algorithm selected by the second terminal device, a security algorithm selected by the second terminal device, Security policy, the second temporary public key generated by the second terminal device, the second random number generated by the second terminal device, the M of the identification of the first key generated by the second terminal device bits, x bits of the identification of the second key generated by the second terminal device, and the first message verification code; wherein the security mode command is encrypted by the first encryption key, The security mode command performs integrity protection through the first integrity protection key, the first message verification code is generated based on the second integrity protection key, and the input parameters of the first message verification code Including at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key, the second random number, the M bits, The x bits, the relevant information of the relay device; the second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key;

The relay device uses the first encryption key to decrypt the security mode command to obtain QoS and charging information, and forwards the security mode command to the first terminal device;

Wherein, the second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key, and the identification of the first key is composed of the M bits and The other N bits of the identification of the first key are combined. M and N are both positive integers. The identification of the second key is obtained by combining the x bits and the identification of the second key. In addition, y bits are combined, and x and y are both positive integers.
The method of claim 98, further comprising:

The relay device forwards the security mode establishment completion message sent by the first terminal device to the second terminal device;

Wherein, the security mode establishment completion message is encrypted by the second key or the second encryption key, and the security mode establishment completion message is encrypted by the second key or the second integrity protection key. Key integrity protection;

Wherein, the security mode establishment completion message includes at least the y bits of the identification of the second key.
The method of claim 97, wherein the first random number, the first key and the second random number are used to derive the second encryption key and/or the third In the case of two integrity protection keys, the method further includes:

The relay device receives a security mode command sent by the second terminal device; wherein the security mode command includes at least one of the following: a security algorithm selected by the second terminal device, a security algorithm selected by the second terminal device, Security policy, the second temporary public key generated by the second terminal device, the second random number generated by the second terminal device, the M of the identification of the first key generated by the second terminal device bits, the first message verification code; wherein the security mode command is encrypted by the first encryption key, the security mode command is integrity protected by the first integrity protection key, and the The first message verification code is generated based on the second integrity protection key, and the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the second terminal device The security policy selected by the device, the second temporary public key, the second random number, the M bits, the relevant information of the relay device; the second temporary public key and the relay device The relevant information is used by the first terminal device to derive the first key;

The relay device uses the first encryption key to decrypt the security mode command to obtain QoS and charging information, and forwards the security mode command to the first terminal device;

Wherein, the second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key, and the identification of the first key is composed of the M bits and The other N bits of the identifier of the first key are combined and obtained, and M and N are both positive integers.
The method of claim 100, further comprising:

The relay device forwards the security mode establishment completion message sent by the first terminal device to the second terminal device;

Wherein, the security mode establishment completion message is encrypted by the second encryption key, and the security mode establishment completion message is integrity protected by the second integrity protection key.
The method according to any one of claims 98 to 101, characterized in that,

The safe mode command includes relevant information of the relay device, and the input parameter of the first message verification code also includes relevant information of the relay device; or, the relay device transmits information to the first message verification code. The relevant information of the relay device is added to the safe mode command forwarded by the terminal device.
The method according to any one of claims 97 to 102, wherein the first encryption key is a proximity service encryption key PEK, and the first integrity protection key is a proximity service integrity protection key. Key PIK.
A terminal device, characterized in that the terminal device is a first terminal device, and the terminal device includes:

A communication unit, configured to receive an authentication request message sent by the second terminal device through the relay device;

Wherein, the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, the first temporary public key generated by the second terminal device, the The signature of the second terminal device, the signature of the relay device, and the relevant information of the relay device;

Wherein, the information of the user to which the second terminal device belongs includes the identification of the second terminal device, the public verification token PVT of the second terminal device and the public authentication key KPAK of the key management server; the relay The information of the user to whom the device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the second terminal device include at least one of the following: information and the first temporary public key; the input parameters of the signature of the relay device include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; the first temporary The public key and the relevant information of the relay device are used by the first terminal device to derive the first key; the relevant information of the relay device includes one of the following: the identity information of the relay device, the The relay device generates a random number, and the relay device generates a counter.
A terminal device, characterized in that the terminal device is a second terminal device, and the terminal device includes:

A communication unit, configured to send an authentication request message to the first terminal device through the relay device;

Wherein, the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first temporary public key generated by the second terminal device, the signature of the second terminal device, the Relevant information about relay equipment;

Wherein, the information of the user to which the second terminal device belongs includes the identification of the second terminal device, the public verification token PVT of the second terminal device and the public authentication key KPAK of the key management server; the second The input parameters of the terminal device's signature include at least one of the following: information about the user to which the second terminal device belongs and the first temporary public key; and information related to the first temporary public key and the relay device. The first terminal device derives a first key; the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter.
A terminal device, characterized in that the terminal device is a relay device, and the terminal device includes:

A communication unit configured to receive an authentication request message sent by a second terminal device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first message generated by the second terminal device. Temporary public key, the signature of the second terminal device; wherein the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the public verification token PVT and key of the second terminal device The public authentication key KPAK of the management server; the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key;

When the KPAK of the second terminal device is valid and the signature verification of the second terminal device is successful based on the identification of the second terminal device and the PVT of the second terminal device, the communication unit further Used to send an authentication request message after verification to the first terminal device; wherein the authentication request message after verification includes at least one of the following: information about the user to whom the second terminal device belongs, information about the user to whom the relay device belongs. information, the first temporary public key, the signature of the second terminal device, the signature of the relay device, and relevant information of the relay device; wherein the information of the user to which the relay device belongs includes the The identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the relay device include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs. ; Wherein, the first temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key; the relevant information of the relay device includes one of the following: the relay The identity information of the device, the random number generated by the relay device, and the counter generated by the relay device.
A terminal device, characterized in that the terminal device is a first terminal device, and the terminal device includes:

A communication unit, configured to send the first message to the second terminal device through the relay device;

Wherein, the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, the first The first random number generated by the terminal device, the second temporary public key generated by the first terminal device, the M bits of the identification of the first key generated by the first terminal device, the Signature, first message verification code;

Wherein, the information of the user to which the first terminal device belongs includes the identification of the first terminal device, the public verification token PVT of the first terminal device and the public authentication key KPAK of the key management server; the first The input parameters of the signature of the terminal device include at least one of the following: information of the user to which the first terminal device belongs, the second temporary public key, the M bits, and the signature of the second terminal device;

Wherein, the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the first Security capability information of the terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits , the signature of the first terminal device;

Wherein, the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the The second random number generated by the second terminal device is used to derive a second key, the second key is used to derive an integrity protection key and/or a confidentiality protection key, and the identity of the first key is given by The M bits are obtained by combining the other N bits of the identification of the first key, where M and N are both positive integers;

Wherein, the relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.
A terminal device, characterized in that the terminal device is a second terminal device, and the terminal device includes:

A communication unit, configured to receive the first message sent by the first terminal device through the relay device;

Wherein, the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, the relay Information about the user to whom the device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, M identification numbers of the first key generated by the first terminal device bits, the signature of the first terminal device, the signature of the relay device, and the first message verification code;

Wherein, the information of the user to which the first terminal device belongs includes the identification of the first terminal device, the public verification token PVT of the first terminal device and the public authentication key KPAK of the key management server; the relay The information of the user to whom the device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the first terminal device include at least one of the following: information, the second temporary public key, the M bits, and the signature of the second terminal device; the input parameters of the signature of the relay device include at least one of the following: the user to whom the relay device belongs Information, the signature of the first terminal device, the signature of the second terminal device, the first message;

Wherein, the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the first Security capability information of the terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits , the signature of the first terminal device;

Wherein, the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the The second random number generated by the second terminal device is used to derive a second key, the second key is used to derive an integrity protection key and/or a confidentiality protection key, and the identity of the first key is given by The M bits are obtained by combining the other N bits of the identification of the first key, where M and N are both positive integers;

Wherein, the relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.
A terminal device, characterized in that the terminal device is a relay device, and the terminal device includes:

A communication unit, configured to receive a first message sent by a first terminal device; wherein the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device , the information of the user to which the first terminal device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, the first password generated by the first terminal device M bits of the identification key, the signature of the first terminal device, and the first message verification code; wherein the information about the user to which the first terminal device belongs includes the identification of the first terminal device and the first message verification code. The public verification token PVT of the terminal device and the public authentication key KPAK of the key management server; the input parameters of the signature of the first terminal device include at least one of the following: information of the user to which the first terminal device belongs, the The second temporary public key, the M bits, and the signature of the second terminal device; wherein the first message is integrity protected through the first message verification code generated based on the first key. , and the input parameters of the first message verification code include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, and information of the user to which the first terminal device belongs. , the first random number, the second temporary public key, the M bits, and the signature of the first terminal device;

When the KPAK of the first terminal device is valid and the signature verification of the first terminal device is successful based on the identification of the first terminal device and the PVT of the first terminal device, the communication unit also For sending the first message after verification to the second terminal device; wherein the first message after verification includes at least one of the following: security capability information of the first terminal device, the first terminal device The security policy information, the information of the user to which the first terminal device belongs, the information of the user to which the relay device belongs, the first random number generated by the first terminal device, the number generated by the first terminal device and the The second temporary public key paired with the second temporary private key, the M bits of the identification of the first key generated by the first terminal device, the signature of the first terminal device, the Signature, relevant information of the relay device, and the first message verification code; wherein the information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; The input parameters of the signature of the relay device include at least one of the following: information of the user to which the relay device belongs, the signature of the first terminal device, the signature of the second terminal device, the first signature after the verification information;

Wherein, the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the The second random number generated by the second terminal device is used to derive a second key, the second key is used to derive an integrity protection key and/or a confidentiality protection key, and the identity of the first key is given by The M bits are combined with the other N bits of the identification of the first key, and M and N are both positive integers; wherein the relevant information of the relay device includes one of the following: The identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.
A terminal device, characterized in that the terminal device is a first terminal device, and the terminal device includes:

A communication unit, configured to send a direct communication request to the second terminal device through the relay device;

Wherein, the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the first temporary public key generated by the first terminal device, the The first random number generated by the first terminal device;

Wherein, the direct communication request is encrypted by a first encryption key, and the direct communication request is integrity protected by a first integrity protection key, and the first encryption key is based on being registered and authorized for use. An encryption key derived from the symmetric key of a terminal that relays UE-to-UE relay communications, where the first integrity protection key is based on a terminal that is registered and authorized to use UE-to-UE relay communications. An integrity-protected key derived from a symmetric key;

Wherein, the first temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key; the first random number, the first key and the second The second random number generated by the terminal device is used to derive a second key, and the second key is used to derive a second encryption key and/or a second integrity protection key, or the first random number , the first key and the second random number generated by the second terminal device are used to derive a second encryption key and/or a second integrity protection key;

Wherein, the relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.
A terminal device, characterized in that the terminal device is a second terminal device, and the terminal device includes:

A communication unit configured to receive a direct communication request sent by the first terminal device through the relay device;

Wherein, the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the first temporary public key generated by the first terminal device, the The first random number generated by the first terminal device, the identification of the relay device, and the relevant information of the relay device;

Wherein, the direct communication request is encrypted by a first encryption key, and the direct communication request is integrity protected by a first integrity protection key, and the first encryption key is based on being registered and authorized for use. An encryption key derived from the symmetric key of a terminal that relays UE-to-UE relay communications, where the first integrity protection key is based on a terminal that is registered and authorized to use UE-to-UE relay communications. An integrity-protected key derived from a symmetric key;

Wherein, the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter generated by the relay device; the first temporary public key The information related to the relay device is used for the second terminal device to derive the first key; the first random number, the first key and the second random number generated by the second terminal device are used for to derive a second key, and the second key is used to derive a second encryption key and/or a second integrity protection key, or the first random number, the first key and the The second random number generated by the second terminal device is used to derive a second encryption key and/or a second integrity protection key.
A terminal device, characterized in that the terminal device is a relay device, and the terminal device includes:

A communication unit configured to receive a direct communication request sent by a first terminal device; wherein the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device , the first temporary public key generated by the first terminal device, the first random number generated by the first terminal device; wherein the direct communication request is encrypted by a first encryption key, and the direct communication request Integrity protection is performed by a first integrity protection key, which is an encryption key derived based on the symmetric key of a terminal that is registered and authorized to use terminal-to-terminal relay UE-to-UE relay communications. key, the first integrity protection key is an integrity protection key derived based on the symmetric key of a terminal that has been registered and authorized to use UE-to-UE relay communication;

A processing unit configured to verify whether it is configured to forward the direct communication request. After the verification is passed, the processing unit is also configured to use the first encryption key to decrypt the direct communication request to obtain quality of service QoS and charging information, And the processing unit is further configured to use the first integrity protection key to verify the integrity of the direct communication request, and after the verification is passed, the processing unit is further configured to add the middle value to the direct communication request. The relevant information of the relay device and the identification of the relay device, and the processing unit is also configured to use the first encryption key to encrypt the direct communication request, and use the first integrity protection key to protect the Integrity of the direct communication request, the communication unit is also configured to forward the direct communication request to the second terminal device;

Wherein, the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter generated by the relay device; the first temporary public key The information related to the relay device is used by the second terminal device to derive the first key; the first random number, the first key and the second random number generated by the second terminal device are used to derive the first key. a second key, and the second key is used to derive a second encryption key and/or a second integrity protection key, or the first random number, the first key and the second The second random number generated by the second terminal device is used to derive the second encryption key and/or the second integrity protection key.
A terminal device, characterized in that it includes: a processor and a memory, the memory is used to store a computer program, the processor is used to call and run the computer program stored in the memory, so that the terminal device executes the steps as claimed in the right The method according to any one of claims 1 to 14, or causing the terminal device to perform the method according to any one of claims 15 to 27, or causing the terminal device to perform the method according to claims 28 to 37 The method according to any one of claims 38 to 51, or causing the terminal device to perform the method according to any one of claims 38 to 51, or causing the terminal device to perform the method according to any one of claims 52 to 64. The method, or causing the terminal device to perform the method as described in any one of claims 65 to 74, or causing the terminal device to perform the method as described in any one of claims 75 to 84 , or causing the terminal device to perform the method as described in any one of claims 85 to 96, or causing the terminal device to perform the method as described in any one of claims 97 to 103.
A chip, characterized in that it includes: a processor for calling and running a computer program from a memory, so that the device equipped with the chip executes the method according to any one of claims 1 to 14, or, Perform the method as described in any one of claims 15 to 27, or perform the method as described in any one of claims 28 to 37, or perform the method as described in any one of claims 38 to 51 Method, or perform the method according to any one of claims 52 to 64, or perform the method according to any one of claims 65 to 74, or perform the method according to any one of claims 75 to 84 The method described in the item, or the method described in any one of claims 85 to 96 is performed, or the method described in any one of claims 97 to 103 is performed.
A computer-readable storage medium, characterized in that it is used to store a computer program, the computer program causing the computer to perform the method as described in any one of claims 1 to 14, or to perform the method as described in any one of claims 15 to 27 The method according to any one of claims 28 to 37, or the method according to any one of claims 38 to 51, or the method according to any one of claims 38 to 51. The method of any one of claims 52 to 64, or performing the method of any one of claims 65 to 74, or performing the method of any one of claims 75 to 84, or, Perform a method as claimed in any one of claims 85 to 96, or perform a method as described in any one of claims 97 to 103.
A computer program product, characterized by comprising computer program instructions, the computer program instructions causing the computer to perform the method according to any one of claims 1 to 14, or to perform the method according to any one of claims 15 to 27 The method, or performs the method as described in any one of claims 28 to 37, or performs the method as described in any one of claims 38 to 51, or performs as claimed in claims 52 to 64 The method according to any one of claims 65 to 74, or the method according to any one of claims 75 to 84, or the method according to any one of claims 75 to 84. The method of any one of claims 85 to 96, or performing the method of any one of claims 97 to 103.
A computer program, characterized in that the computer program causes the computer to perform the method as described in any one of claims 1 to 14, or to perform the method as described in any one of claims 15 to 27, or , perform the method as described in any one of claims 28 to 37, or perform the method as described in any one of claims 38 to 51, or perform the method as described in any one of claims 52 to 64 The method, or perform the method as described in any one of claims 65 to 74, or perform the method as described in any one of claims 75 to 84, or perform the method as described in any one of claims 85 to 96 The method according to one of the claims 97 to 103, or performing the method according to any one of claims 97 to 103.