WO2023212903A1 - Procédé de communication par relais, et dispositif - Google Patents

Procédé de communication par relais, et dispositif Download PDF

Info

Publication number
WO2023212903A1
WO2023212903A1 PCT/CN2022/091125 CN2022091125W WO2023212903A1 WO 2023212903 A1 WO2023212903 A1 WO 2023212903A1 CN 2022091125 W CN2022091125 W CN 2022091125W WO 2023212903 A1 WO2023212903 A1 WO 2023212903A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal device
key
message
information
relay
Prior art date
Application number
PCT/CN2022/091125
Other languages
English (en)
Chinese (zh)
Inventor
熊丽晖
甘露
曹进
任雄鹏
马如慧
李晖
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to CN202280084321.7A priority Critical patent/CN118402207A/zh
Priority to PCT/CN2022/091125 priority patent/WO2023212903A1/fr
Publication of WO2023212903A1 publication Critical patent/WO2023212903A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • Embodiments of the present application relate to the field of communications, and more specifically, to a method and device for relaying communications.
  • Embodiments of the present application provide a method and device for relay communication, which can ensure the security of terminal identities and the confidentiality and integrity of communication data, thereby ensuring the confidentiality and integrity of data transmitted by both parties and preventing other devices and even relay devices from of eavesdropping.
  • a method for relaying communication which method includes:
  • the first terminal device receives the authentication request message sent by the second terminal device through the relay device;
  • the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, the first temporary public key generated by the second terminal device, Signature, the signature of the relay device, and relevant information of the relay device;
  • the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; the information of the user to which the relay device belongs includes the identification of the relay device and the relay device. PVT and KPAK; the input parameters of the signature of the second terminal device include at least one of the following: the information of the user to which the second terminal device belongs and the first temporary public key; the input parameters of the signature of the relay device include at least one of the following: One: the signature of the second terminal device and the information of the user to which the relay device belongs; the first temporary public key and the relevant information of the relay device are used for the first terminal device to derive the first key; the relay The relevant information of the device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.
  • a method for relaying communication which method includes:
  • the second terminal device sends an authentication request message to the first terminal device through the relay device;
  • the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first temporary public key generated by the second terminal device, the signature of the second terminal device, and relevant information about the relay device. ;
  • the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device;
  • the input parameters of the signature of the second terminal device include at least one of the following: the second terminal The information of the user to which the device belongs and the first temporary public key; the first temporary public key and the relevant information of the relay device are used for the first terminal device to derive the first key;
  • the relevant information of the relay device includes the following: 1: The identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.
  • a method for relaying communication which method includes:
  • the relay device receives an authentication request message sent by the second terminal device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first temporary public key generated by the second terminal device, the The signature of the second terminal device; wherein the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; the input parameters of the signature of the second terminal device include at least the following: One: the information of the user to which the second terminal device belongs and the first temporary public key; the first temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key;
  • the relay device sends a message to the first terminal device.
  • the device sends an authentication request message after verification; wherein the authentication request message after verification includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, the first temporary public key, The signature of the second terminal device, the signature of the relay device, and the relevant information of the relay device; wherein the information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device;
  • the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; wherein the relevant information of the relay device includes one of the following: the relay device The identity information, the random number generated by the relay device, and the counter generated by the relay device.
  • the fourth aspect provides a method for relaying communication, which method includes:
  • the first terminal device sends the first message to the second terminal device through the relay device;
  • the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, a third message generated by the first terminal device.
  • security capability information of the first terminal device security policy information of the first terminal device
  • information of the user to which the first terminal device belongs a third message generated by the first terminal device.
  • the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device;
  • the input parameters of the signature of the first terminal device include at least one of the following: the first terminal Information about the user to whom the device belongs, the second temporary public key, the M bits, and the signature of the second terminal device;
  • the first message is integrity protected by the first message verification code generated based on the first key
  • the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device;
  • the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the third key generated by the second terminal device.
  • Two random numbers are used to derive a second key.
  • the second key is used to derive an integrity protection key and/or a confidentiality protection key.
  • the identity of the first key is composed of the M bits and the first The other N bits of the key's identification are combined, and M and N are both positive integers;
  • the relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.
  • the fifth aspect provides a method for relaying communication, which method includes:
  • the second terminal device receives the first message sent by the first terminal device through the relay device;
  • the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, and information of the user to which the relay device belongs. , the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, the M bits of the identification of the first key generated by the first terminal device, the first terminal device signature, the signature of the relay device, and the first message verification code;
  • the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device;
  • the information of the user to which the relay device belongs includes the identification of the relay device and the relay device.
  • the input parameters of the first terminal device's signature include at least one of the following: the information of the user to which the first terminal device belongs, the second temporary public key, the M bits, the second terminal device's Signature;
  • the input parameters of the relay device's signature include at least one of the following: information about the user to which the relay device belongs, the signature of the first terminal device, the signature of the second terminal device, and the first message;
  • the first message is integrity protected by the first message verification code generated based on the first key
  • the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device;
  • the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the third key generated by the second terminal device.
  • Two random numbers are used to derive a second key.
  • the second key is used to derive an integrity protection key and/or a confidentiality protection key.
  • the identity of the first key is composed of the M bits and the first The other N bits of the key's identification are combined, and M and N are both positive integers;
  • the relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.
  • a sixth aspect provides a method for relaying communications, which method includes:
  • the relay device receives the first message sent by the first terminal device; wherein the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, Information about the user to whom the device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, M bits of the identification of the first key generated by the first terminal device, The signature of the first terminal device, the first message verification code; wherein the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device;
  • the input parameters of the signature include at least one of the following: information about the user to which the first terminal device belongs, the second temporary public key, the M bits, and the signature of the second terminal device; wherein the first message is passed based on the The first message verification code generated by the first key is integrity protected, and the input parameters of the first message verification code include at least one of the following: the security capability information of the first terminal device, the security capability of the first terminal device Policy
  • the relay device sends a request to the second terminal device.
  • the device sends the first message after verification; wherein the first message after verification includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the The user's information, the information of the user to which the relay device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device and paired with the second temporary private key, the first M bits of the identification of the first key generated by the terminal device, the signature of the first terminal device, the signature of the relay device, the relevant information of the relay device, and the first message verification code; wherein, the The information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the relay device include at least one of the following: the information of the
  • the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the third key generated by the second terminal device.
  • Two random numbers are used to derive a second key.
  • the second key is used to derive an integrity protection key and/or a confidentiality protection key.
  • the identity of the first key is composed of the M bits and the first
  • the other N bits of the key's identification are combined, and M and N are both positive integers; among them, the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device. Count, the counter generated by this relay device.
  • a seventh aspect provides a method for relaying communications, which method includes:
  • the first terminal device sends a direct communication request to the second terminal device through the relay device;
  • the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, a first temporary public key generated by the first terminal device, The first random number generated;
  • the direct communication request is encrypted through a first encryption key, and the direct communication request is integrity protected through a first integrity protection key.
  • the first encryption key is based on the registered and authorized use of the UE-to - an encryption key derived from the symmetric key of the terminal for UE relay communication
  • the first integrity protection key is an integrity protection key derived based on the symmetric key of the terminal that has been registered and authorized to use UE-to-UE relay communication key;
  • the first temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key; the first random number, the first key and the second key generated by the second terminal device.
  • the random number is used to derive a second key
  • the second key is used to derive a second encryption key and/or a second integrity protection key, or the first random number, the first key and the
  • the second random number generated by the second terminal device is used to derive the second encryption key and/or the second integrity protection key;
  • the relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.
  • An eighth aspect provides a method for relaying communications, which method includes:
  • the second terminal device receives the direct communication request sent by the first terminal device through the relay device;
  • the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, a first temporary public key generated by the first terminal device, The first random number generated, the identification of the relay device, and the relevant information of the relay device;
  • the direct communication request is encrypted through a first encryption key, and the direct communication request is integrity protected through a first integrity protection key.
  • the first encryption key is based on the registered and authorized use of the UE-to - an encryption key derived from the symmetric key of the terminal for UE relay communication
  • the first integrity protection key is an integrity protection key derived based on the symmetric key of the terminal that has been registered and authorized to use UE-to-UE relay communication key;
  • the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter generated by the relay device; the first temporary public key and the relay device.
  • the relevant information is used by the second terminal device to derive the first key; the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key, and the first random number is used to derive the second key.
  • the second key is used to derive the second encryption key and/or the second integrity protection key, or the first random number, the first key and the second random number generated by the second terminal device are used to derive A second encryption key and/or a second integrity protection key.
  • a ninth aspect provides a method for relaying communications, which method includes:
  • the relay device receives a direct communication request sent by the first terminal device; wherein the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, The first temporary public key generated by the device, the first random number generated by the first terminal device; wherein the direct communication request is encrypted through the first encryption key, and the direct communication request is performed through the first integrity protection key Integrity protection, the first encryption key is an encryption key derived based on the symmetric key of the terminal that has been registered and authorized to use UE-to-UE relay communication, and the first integrity protection key is based on the registered and Integrity protection key derived from the symmetric key of the terminal authorized to use UE-to-UE relay communication;
  • the relay device verifies whether it is configured to forward the direct communication request, and after the verification is passed, the relay device uses the first encryption key to decrypt the direct communication request to obtain QoS and charging information, and the relay device uses the third An integrity protection key verifies the integrity of the direct communication request. After the verification is passed, the relay device adds the relevant information of the relay device and the identification of the relay device in the direct communication request, and the relay device Use the first encryption key to encrypt the direct communication request, and use the first integrity protection key to protect the integrity of the direct communication request;
  • the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter generated by the relay device; the first temporary public key and the relay device
  • the relevant information is used by the second terminal device to derive the first key; the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key, and the second
  • the key is used to derive the second encryption key and/or the second integrity protection key, or the first random number, the first key and the second random number generated by the second terminal device are used to derive the second random number.
  • a tenth aspect provides a terminal device for executing the method in the first aspect.
  • the terminal device includes a functional module for executing the method in the first aspect.
  • An eleventh aspect provides a terminal device for executing the method in the above second aspect.
  • the terminal device includes a functional module for executing the method in the above second aspect.
  • a twelfth aspect provides a relay device for performing the method in the above third aspect.
  • the relay device includes a functional module for executing the method in the above third aspect.
  • a thirteenth aspect provides a terminal device for performing the method in the fourth aspect.
  • the terminal device includes a functional module for executing the method in the fourth aspect.
  • a fourteenth aspect provides a terminal device for performing the method in the fifth aspect.
  • the terminal device includes a functional module for executing the method in the fifth aspect.
  • a fifteenth aspect provides a relay device for performing the method in the above-mentioned sixth aspect.
  • the relay device includes a functional module for executing the method in the sixth aspect.
  • a sixteenth aspect provides a terminal device for performing the method in the seventh aspect.
  • the terminal device includes a functional module for executing the method in the seventh aspect.
  • a seventeenth aspect provides a terminal device for performing the method in the eighth aspect.
  • the terminal device includes a functional module for executing the method in the eighth aspect.
  • An eighteenth aspect provides a relay device for performing the method in the ninth aspect.
  • the relay device includes a functional module for executing the method in the ninth aspect.
  • a nineteenth aspect provides a terminal device, including a processor and a memory; the memory is used to store a computer program, and the processor is used to call and run the computer program stored in the memory, so that the terminal device executes the above first aspect or the method in the second aspect, or causing the terminal device to perform the method in the fourth or fifth aspect, or causing the terminal device to perform the method in the seventh or eighth aspect.
  • a relay device including a processor and a memory; the memory is used to store a computer program, and the processor is used to call and run the computer program stored in the memory, so that the relay device executes the above-mentioned
  • the method in the third aspect either causes the relay device to perform the method in the sixth aspect, or causes the relay device to perform the method in the ninth aspect.
  • a twenty-first aspect provides a device for implementing the method in any one of the above-mentioned first to ninth aspects.
  • the device includes: a processor, configured to call and run a computer program from a memory, so that a device installed with the device executes the method in any one of the above-mentioned first to ninth aspects.
  • a twenty-second aspect provides a computer-readable storage medium for storing a computer program that causes a computer to execute the method in any one of the above-mentioned first to ninth aspects.
  • a computer program product including computer program instructions that cause a computer to execute the method in any one of the above-mentioned first to ninth aspects.
  • a twenty-fourth aspect provides a computer program that, when run on a computer, causes the computer to execute the method in any one of the above-mentioned first to ninth aspects.
  • the first terminal device can generate the first key based on the authentication request message sent by the second terminal device through the relay device, and the authentication request message is protected through signature verification. . and a first random number generated by the first terminal device, a first key and a second random number generated by the second terminal device for deriving a second key, the second key being used for deriving an integrity protection key and/or
  • the confidentiality protection key can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing other devices and even relay devices from being intercepted. tapping.
  • the first random number and the first key generated by the first terminal device and the second random number generated by the second terminal device are used to derive the second key.
  • the key is used to derive the integrity protection key and/or the confidentiality protection key, which can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality of the data transmitted by both parties. and integrity to prevent eavesdropping by other devices or even relay devices.
  • the first terminal device can generate the first key based on the direct communication request sent by the second terminal device through the relay device, and the direct communication request is performed through the first encryption key. Encryption, and direct communication requests are integrity protected via a first integrity protection key.
  • the second integrity protection key, or the first random number generated by the first terminal device, the first key and the second terminal device are used to derive the second random number to generate the second encryption key and/or the second integrity Protecting the key can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing eavesdropping by other devices and even relay devices.
  • Figure 1 is a schematic diagram of a communication system architecture applied in an embodiment of the present application.
  • Figures 2 to 4 are respectively schematic flow charts for establishing secure communication in the UE-to-UE relay scenario provided by this application.
  • Figure 5 is a schematic flow chart of UE-to-UE relay communication provided by this application.
  • Figure 6 is a schematic flow chart of another UE-to-UE relay communication provided by this application.
  • Figure 7 is a schematic flowchart of a method for relaying communications provided according to an embodiment of the present application.
  • Figure 8 is a schematic diagram of the key hierarchical structure involved in the embodiment of the present application.
  • Figure 9 is a schematic flowchart of another method of relaying communications provided according to an embodiment of the present application.
  • Figure 10 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.
  • Figure 11 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.
  • Figure 12 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.
  • Figure 13 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.
  • Figures 14 to 15 are respectively schematic flow charts for establishing secure communication in a UE-to-UE relay scenario provided by embodiments of the present application.
  • Figure 16 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.
  • Figure 17 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.
  • Figure 18 is a schematic flowchart of yet another method of relaying communication provided according to an embodiment of the present application.
  • Figures 19 to 22 are respectively schematic flow charts for establishing secure communication in a UE-to-UE relay scenario provided by embodiments of the present application.
  • FIGS 23 to 31 are respectively schematic block diagrams of terminal equipment provided according to embodiments of the present application.
  • Figure 32 is a schematic block diagram of a communication device provided according to an embodiment of the present application.
  • Figure 33 is a schematic block diagram of a device provided according to an embodiment of the present application.
  • Figure 34 is a schematic block diagram of a communication system provided according to an embodiment of the present application.
  • GSM Global System of Mobile communication
  • CDMA Code Division Multiple Access
  • WCDMA Wideband Code Division Multiple Access
  • GPRS General Packet Radio Service
  • LTE Long Term Evolution
  • LTE-A Advanced long term evolution
  • NR New Radio
  • NTN Non-Terrestrial Networks
  • UMTS Universal Mobile Telecommunication System
  • WLAN Wireless Local Area Networks
  • IoT Internet of Things
  • WiT wireless fidelity
  • 5G fifth-generation communication
  • the communication system in the embodiments of the present application can be applied to a carrier aggregation (Carrier Aggregation, CA) scenario, a dual connectivity (Dual Connectivity, DC) scenario, or a standalone (Standalone, SA) scenario. ) network deployment scenario, or applied to Non-Standalone (NSA) network deployment scenario.
  • Carrier Aggregation, CA Carrier Aggregation
  • DC Dual Connectivity
  • SA standalone
  • NSA Non-Standalone
  • the communication system in the embodiments of the present application can be applied to unlicensed spectrum, where the unlicensed spectrum can also be considered as shared spectrum; or, the communication system in the embodiments of the present application can also be applied to licensed spectrum, Among them, licensed spectrum can also be considered as unshared spectrum.
  • the communication system in the embodiment of the present application can be applied to the FR1 frequency band (corresponding to the frequency band range 410MHz to 7.125GHz), can also be applied to the FR2 frequency band (corresponding to the frequency band range 24.25GHz to 52.6GHz), and can also be applied to The new frequency band, for example, corresponds to the frequency band range of 52.6 GHz to 71 GHz or the high frequency band corresponding to the frequency band range of 71 GHz to 114.25 GHz.
  • the embodiments of this application describe various embodiments in combination with network equipment and terminal equipment.
  • the terminal equipment may also be called user equipment (User Equipment, UE), access terminal, user unit, user station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, terminal, wireless communication equipment, user agent or user device, etc.
  • User Equipment User Equipment
  • the terminal device can be a station (STATION, ST) in the WLAN, a cellular phone, a cordless phone, a Session Initiation Protocol (Session Initiation Protocol, SIP) phone, a wireless local loop (Wireless Local Loop, WLL) station, or a personal digital assistant.
  • PDA Personal Digital Assistant
  • handheld devices with wireless communication capabilities computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, wearable devices, next-generation communication systems such as terminal devices in NR networks, or in the future Terminal equipment in the evolved Public Land Mobile Network (PLMN) network, etc.
  • PLMN Public Land Mobile Network
  • the terminal device can be deployed on land, including indoor or outdoor, handheld, wearable or vehicle-mounted; it can also be deployed on water (such as ships, etc.); it can also be deployed in the air (such as aircraft, balloons and satellites). superior).
  • the terminal device may be a mobile phone (Mobile Phone), a tablet computer (Pad), a computer with a wireless transceiver function, a virtual reality (Virtual Reality, VR) terminal device, or an augmented reality (Augmented Reality, AR) terminal.
  • Equipment wireless terminal equipment in industrial control, wireless terminal equipment in self-driving, wireless terminal equipment in remote medical, wireless terminal equipment in smart grid , wireless terminal equipment in transportation safety, wireless terminal equipment in smart city (smart city) or wireless terminal equipment in smart home (smart home), vehicle-mounted communication equipment, wireless communication chip/application specific integrated circuit (ASIC)/system on chip (System on Chip, SoC), etc.
  • ASIC application specific integrated circuit
  • the terminal device may also be a wearable device.
  • Wearable devices can also be called wearable smart devices. It is a general term for applying wearable technology to intelligently design daily wear and develop wearable devices, such as glasses, gloves, watches, clothing and shoes, etc.
  • a wearable device is a portable device that is worn directly on the body or integrated into the user's clothing or accessories. Wearable devices are not just hardware devices, but also achieve powerful functions through software support, data interaction, and cloud interaction.
  • wearable smart devices include full-featured, large-sized devices that can achieve complete or partial functions without relying on smartphones, such as smart watches or smart glasses, and those that only focus on a certain type of application function and need to cooperate with other devices such as smartphones.
  • the network device may be a device used to communicate with mobile devices.
  • the network device may be an access point (Access Point, AP) in WLAN, or a base station (Base Transceiver Station, BTS) in GSM or CDMA.
  • BTS Base Transceiver Station
  • it can be a base station (NodeB, NB) in WCDMA, or an evolutionary base station (Evolutional Node B, eNB or eNodeB) in LTE, or a relay station or access point, or a vehicle-mounted device, a wearable device, and an NR network network equipment or base station (gNB) or network equipment in the future evolved PLMN network or network equipment in the NTN network, etc.
  • NodeB base station
  • gNB NR network network equipment or base station
  • the network device may have mobile characteristics, for example, the network device may be a mobile device.
  • network devices may be satellites or balloon stations.
  • the satellite can be a low earth orbit (LEO) satellite, a medium earth orbit (MEO) satellite, a geosynchronous orbit (geostationary earth orbit, GEO) satellite, a high elliptical orbit (High Elliptical Orbit, HEO) satellite ) satellite, etc.
  • the network device may also be a base station installed on land, water, or other locations.
  • network equipment can provide services for a cell, and terminal equipment communicates with the network equipment through transmission resources (for example, frequency domain resources, or spectrum resources) used by the cell.
  • the cell can be a network equipment (
  • the cell corresponding to the base station) can belong to the macro base station or the base station corresponding to the small cell (Small cell).
  • the small cell here can include: urban cell (Metro cell), micro cell (Micro cell), pico cell ( Pico cell), femto cell (Femto cell), etc. These small cells have the characteristics of small coverage and low transmission power, and are suitable for providing high-rate data transmission services.
  • the communication system 100 may include a network device 110, which may be a device that communicates with a terminal device 120 (also referred to as a communication terminal or terminal).
  • the network device 110 can provide communication coverage for a specific geographical area and can communicate with terminal devices located within the coverage area.
  • Figure 1 exemplarily shows one network device and two terminal devices.
  • the communication system 100 may include multiple network devices and other numbers of terminal devices may be included within the coverage of each network device. The embodiments of the present application do not limit this.
  • the communication system 100 may also include other network entities such as a network controller and a mobility management entity, which are not limited in the embodiments of the present application.
  • the communication device may include a network device 110 and a terminal device 120 with communication functions.
  • the network device 110 and the terminal device 120 may be the specific devices described above, which will not be described again here.
  • the communication device may also include other devices in the communication system 100, such as network controllers, mobility management entities and other network entities, which are not limited in the embodiments of this application.
  • the first communication device may be a terminal device, such as a mobile phone, a machine facility, a Customer Premise Equipment (CPE), industrial equipment, a vehicle, etc.; the second communication device The device may be a peer communication device of the first communication device, such as a network device, a mobile phone, an industrial device, a vehicle, etc.
  • CPE Customer Premise Equipment
  • This article takes the first communication device as a terminal device and the second communication device as a network device as a specific example for description.
  • the "instruction” mentioned in the embodiments of this application may be a direct instruction, an indirect instruction, or an association relationship.
  • a indicates B which can mean that A directly indicates B, for example, B can be obtained through A; it can also mean that A indirectly indicates B, for example, A indicates C, and B can be obtained through C; it can also mean that there is an association between A and B. relation.
  • correlate can mean that there is a direct correspondence or indirect correspondence between the two, it can also mean that there is an associated relationship between the two, or it can mean indicating and being instructed, configuration and being. Configuration and other relationships.
  • predefinition or “preconfiguration” can be achieved by pre-saving corresponding codes, tables or other methods that can be used to indicate relevant information in devices (for example, including terminal devices and network devices).
  • devices for example, including terminal devices and network devices.
  • predefined can refer to what is defined in the protocol.
  • the "protocol” may refer to a standard protocol in the communication field, for example, it may be an evolution of the existing LTE protocol, NR protocol, Wi-Fi protocol or protocols related to other communication systems.
  • the application does not limit the type of agreement.
  • the current stage mainly includes the following three solutions.
  • Solution 1 uses asymmetric encryption technology to protect communication between the source UE and the target UE. Based on the mutual authentication of the source UE and the target UE, and assuming that the relay is trustworthy, a connection is established between the source UE and the target UE, and the public keys of both parties are used to protect end-to-end security.
  • Option 2 the security establishment process between UE1 and UE2 in the UE-to-UE relay scenario.
  • UE1 and UE2 establish PC5 connections with relay device 1 (relay 1) respectively, and then assume that UE1 and UE2 The shared key and key ID are configured.
  • UE1 sends a message verification code (Message Authentication Code, MAC) to UE2 through relay device 1.
  • MAC message Authentication Code
  • remote UE1 and remote UE2 establish secure PC5 links with the relay device.
  • Remote UE1, relay device, and remote UE2 are directly discovered by the 5G Name Management Network Element (Direct Discovering Name Management).
  • Function, DDNMF DDNMF
  • proximity communication service's key management network element Prose Key Management Function, PKMF
  • the remote UE1 and the remote UE2 obtain the shared key (Identity, ID) and key from PKMF in advance.
  • the UE (remote UE1 and remote UE2) and the relay device will also obtain the corresponding keys from PKMF and establish PC5 secure connections respectively.
  • the shared key is used to establish a secure channel between the remote UE1 and the remote UE2.
  • terminal-to-UE relay (UE-to-UE relay) communication architecture and related processes involved in this application will be described.
  • connection establishment is integrated in the discovery and selection of UE-to-UE relay
  • connection establishment is after the discovery and selection of UE-to-UE relay.
  • the following takes the connection establishment integrated in the discovery and selection of UE-to-UE relay as an example to introduce the relevant process.
  • the flow chart is shown in Figure 5. The specific steps may include the following:
  • UE-to-UE Relay registers with the network and provides the UE-to-UE Relay function.
  • UE-to-UE Relay is configured with relay policy parameters.
  • the target terminal determines the destination L2 ID for signaling reception when the PC5 unicast link is established.
  • the application layer provides PC5 unicast communication information (such as broadcast L2 ID, ProSe application layer ID, terminal application layer ID, target terminal) to the Proximity-based Services (ProSe) layer Application layer ID, relay applicable indication), the ProSe layer triggers the terminal's discovery mechanism by sending an end-to-end broadcast direct communication request message. Messages are sent using the source L2 ID and broadcast L2 ID as destination, and contain other application-related parameters.
  • PC5 unicast communication information such as broadcast L2 ID, ProSe application layer ID, terminal application layer ID, target terminal
  • Proximity-based Services (ProSe) layer Application layer ID, relay applicable indication the ProSe layer triggers the terminal's discovery mechanism by sending an end-to-end broadcast direct communication request message. Messages are sent using the source L2 ID and broadcast L2 ID as destination, and contain other application-related parameters.
  • the UE-to-UE Relay receives the broadcast direct communication request message and verifies whether it is configured to forward this application. For example, it compares the announced ProSe application ID with the relay policy/parameters it provides. Compare.
  • UE-to-UE Relay forwards an end-to-end broadcast direct communication request message, it uses its own L2 ID as the source (Source) L2 ID, adds the relay (Relay) UE ID to the message, and specifies the identity at the adaptation layer.
  • UE1 information UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.
  • the target UE3 is interested in the announced application. If there is no per-hop link between UE3 and UE-to-UE Relay, it will trigger the UE-to-UE Relay to establish a per-hop link. UE3 sends a link establishment process message for each hop.
  • the source address is the UE3 L2 ID and the destination address is the relay's L2 ID.
  • UE-to-UE relay If there is no per-hop link between UE-to-UE relay and UE1, perform the per-hop link establishment process between UE-to-UE relay and UE1.
  • UE1 uses its own L2 ID as the source address and the relay's L2 ID as the destination address.
  • step 4a end-to-end authentication and security establishment messages are exchanged between UE1 and UE3 through UE-to-UE Relay. Includes an adaptation layer that identifies source terminals and/or target terminals. On receipt of the first message from UE3 via the relay, if there is no existing per-hop link between the relay and UE1, a per-hop link is performed between the UE-to-UE relay and UE1 Establish process.
  • UE3 completes the end-to-end link establishment between UE3 and UE1 by sending an end-to-end unicast direct communication accept message, which contains the identification number of UE1 Adaptation layer information.
  • UE-to-UE Relay forwards the end-to-end unicast direct communication acceptance message, including the adaptation layer information identifying UE3. During this process, the relay device sends messages to each terminal by modifying the source field and destination field.
  • the key management function in ProSe one-to-many communication and the key management function (PKMF) of the adjacent service (Prose Key Management Function, PKMF) network element generates symmetric keys for multiple UEs.
  • the flow of the one-to-many ProSe secure communication process is shown in Figure 6 As shown, the specific steps may include the following:
  • PKMF is an independent logical entity that allows network operators to provide radio level parameters, while third parties (such as public safety services) can control the issuance of keys.
  • 0c and 0d Subscribers belonging to each group need to configure the ProSe function and ProSe key management function.
  • PKMF requires pre-selecting encryption algorithms for each group based on local policies.
  • the terminal obtains one-to-many communication parameters from the ProSe function. As part of this process, the endpoint obtains its group identity and is informed whether bearer layer security is required for the group. In addition, the UE may also be provided with the address of the PKMF used to obtain the set of keys.
  • PKMF checks whether the UE supports the group encryption algorithm based on the UE's Evolved Packet System (EPS) security capabilities, that is, whether the group encryption algorithm is included in the EPS encryption algorithm set supported by the UE.
  • EPS Evolved Packet System
  • PKMF responds with a key response message. If the check for a specific group in step 2a.ii or 2b.ii is successful, the message contains the group membership and the EPS encryption algorithm identifier that the UE should use when sending or receiving protected data for this group. Otherwise, the message contains an indicator that algorithm support failed because the UE does not support the required algorithm. If PKMF decides to use a new pairwise master key (PMK), the message may also contain the PMK and associated PMK ID.
  • PMK pairwise master key
  • PKMF uses Multimedia Internet KEYing (MIKEY) to send the relevant ProSe Group Key (PGK), PGK ID and expiration time to the UE.
  • MIKEY Multimedia Internet KEYing
  • the UE calculates the ProSe Transport Key (PTK) and the ProSe Encrypt Key (PEK) to protect the traffic it sends to the group. It does this by selecting a PGK and using the identity and counter combination of the next unused PTK. It then protects the data using the algorithm given in step 2x.ii.
  • PTK ProSe Transport Key
  • PEK ProSe Encrypt Key
  • the receiving UE obtains the Logical Channel Identity (LC ID), group identity and group membership from the Layer 2 header. It then uses the received PGK identity bits to identify which PGK was used by the sender. The UE first checks whether the PGK is valid, and if valid, calculates the PTK and PEK to process the received message.
  • LC ID Logical Channel Identity
  • group identity group identity
  • group membership group membership from the Layer 2 header. It then uses the received PGK identity bits to identify which PGK was used by the sender. The UE first checks whether the PGK is valid, and if valid, calculates the PTK and PEK to process the received message.
  • UE-to-UE relay scenario security communication solutions all have some flaws.
  • the default relay is trustworthy, so there are restrictions on strong assumptions, and when the UE negotiates security capabilities, they are all clear text messages, which may suffer Tampering, in addition, the source and authenticity of the public key and the source of the communication key in Scheme 1 are not clear (for example, it is not determined whether to determine the source of the communication key through negotiation or one-way encryption), and it does not involve the use of public key technology.
  • Key management solution. Solution 2 does not mention the process of preconfiguring the shared key, and the solution process is controversial. The process of option three is more complicated, has too many interactions, and is not light enough. Therefore, it is necessary to explore a simpler way to establish a secure connection without losing security, and explore a more efficient key management structure to ensure the confidentiality and integrity of UE identity security and communication data.
  • this application proposes a relay communication solution that can ensure the security of the terminal identity and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing other devices and even relay devices from of eavesdropping.
  • FIG. 7 is a schematic flowchart of a communication relay method 200 according to an embodiment of the present application. As shown in Figure 7, the communication relay method 200 may include at least part of the following content:
  • the first terminal device receives the authentication request message sent by the second terminal device through the relay device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to whom the relay device belongs. information, the first temporary public key generated by the second terminal device, the signature of the second terminal device, the signature of the relay device, and relevant information of the relay device; wherein, the information of the user to which the second terminal device belongs includes The identifier of the second terminal device and the PVT and KPAK of the second terminal device; the information of the user to which the relay device belongs includes the identifier of the relay device and the PVT and KPAK of the relay device; the signature of the second terminal device
  • the input parameters of the relay device include at least one of the following: the information of the user to which the second terminal device belongs and the first temporary public key; the input parameters of the signature of the relay device include at least one of the following: the signature of the second terminal device and the first temporary public key.
  • the information of the user to which the relay device belongs; the first temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key; the relevant information of the relay device includes one of the following: the relay The identity information of the device, the random number generated by the relay device, and the counter generated by the relay device.
  • This embodiment is based on the ECCSI signature scheme to establish a secure connection in the UE-to-UE relay scenario under the L2 architecture.
  • the embodiments of this application are applied to the UE-to-UE relay scenario under the L2 architecture, that is, the first terminal device and the second terminal device communicate through the relay device.
  • the relay connection between the first terminal device and the second terminal device may be a PC5 link.
  • the first terminal device may be a source device or a source terminal
  • the second terminal device may be a target device or a target terminal
  • the relay device may be a relay terminal
  • the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key. That is, the second terminal device may generate a signature of the second terminal device based on at least one of the information of the user to which the second terminal device belongs and the first temporary public key.
  • the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs. That is, the relay device may generate the signature of the relay device based on at least one of the signature of the second terminal device and the information of the user to which the relay device belongs.
  • the signature of the second terminal device is generated by a secret signing key (Secret Signing Key, SSK) of the second terminal device.
  • the public verification token (Public Validation Token, PVT) of the second terminal device, the public authentication key (Key Management Service Public Authentication Key, KPAK) of the key management server, and the secret signing key (SSK) The second terminal device may be pre-configured by a trusted central key management server (Key Management Service, KMS) through a secure channel.
  • KMS trusted central key management server
  • the secure channel can establish a secure connection between the second terminal device and the KMS based on the Authentication and Key Management for Applications (AKMA) mechanism or the Generic Bootstrapping Architecture (GBA) mechanism.
  • AKMA Authentication and Key Management for Applications
  • GBA Generic Bootstrapping Architecture
  • the KMS can be managed directly by the operator or be a third-party service provider that has a commercial relationship with the operator.
  • the relay device's signature is generated by the relay device's secret signing key (SSK).
  • the PVT, KPAK, and secret signature key (SSK) of the relay device may be pre-configured for the relay device by the trusted center KMS through a secure channel.
  • the secure channel can be based on the AKMA mechanism or the GBA mechanism to establish a secure connection between the relay device and the KMS.
  • the KMS can be directly managed by the operator or a third-party service provider that has a commercial relationship with the operator.
  • the KPAK of the second terminal device and the KPAK of the relay device are valid, and the signature verification of the second terminal device based on the identity of the second terminal device and the PVT of the second terminal device is successful.
  • the first terminal device generates a second temporary private key, and the first terminal device generates a second temporary private key according to the first terminal device.
  • the first key is derived from a temporary public key, relevant information of the relay device and the second temporary private key.
  • the first terminal device may verify the validity of the KPAK of the second terminal device and the KPAK of the relay device based on one or more KPAKs stored locally. For example, if there is a KPAK consistent with the KPAK of the second terminal device in the KPAK stored locally on the first terminal device, the KPAK of the second terminal device is valid; and there is a KPAK consistent with the KPAK stored locally on the first terminal device. In the case where the KPAK of the relay device is consistent with the KPAK, the KPAK of the relay device is valid.
  • one or more KPAKs stored locally on the first terminal device may be preconfigured by the KMS.
  • the first terminal device may derive the first secret key based on the first temporary public key generated by the second terminal device, the relevant information of the relay device, and the second temporary private key generated by the first terminal device. key.
  • the first terminal device may derive the first key based on the first temporary public key generated by the second terminal device, relevant information of the relay device, and the second temporary private key generated by the first terminal device; wherein, the The relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.
  • the second terminal device may derive the first key based on the second temporary public key generated by the first terminal device, the relevant information of the relay device, and the first temporary private key generated by the second terminal device.
  • the second terminal device may derive the first key based on the second temporary public key generated by the first terminal device, relevant information of the relay device, and the first temporary private key generated by the second terminal device; wherein, the The relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.
  • the first temporary public key generated by the second terminal device is paired with the first temporary private key generated by the second terminal device
  • the second temporary public key generated by the first terminal device is paired with the second temporary private key generated by the first terminal device. pair.
  • the first terminal device can calculate the first key based on the first temporary public key and the second temporary private key and use the ECIES algorithm; the second terminal device can calculate the first key based on the second temporary public key and the first temporary private key. And use the ECIES algorithm to calculate the first key.
  • the first terminal device sends the first message to the second terminal device through the relay device;
  • the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, a third message generated by the first terminal device.
  • security capability information of the first terminal device security policy information of the first terminal device
  • information of the user to which the first terminal device belongs a third message generated by the first terminal device.
  • a random number a second temporary public key generated by the first terminal device paired with the second temporary private key, M bits of the identification of the first key generated by the first terminal device, the first terminal Device signature, first message verification code;
  • the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device;
  • the input parameters of the signature of the first terminal device include at least one of the following: the first terminal Information about the user to whom the device belongs, the second temporary public key, M bits of the identification of the first key, and the signature of the second terminal device;
  • the first message is integrity protected by the first message verification code generated based on the first key
  • the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device.
  • the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the key generated by the second terminal device.
  • the second random number is used to derive a second key.
  • the second key is used to derive an integrity protection key and/or a confidentiality protection key.
  • the identity of the first key is composed of the M bits and the first key.
  • the other N bits of the identifier of a key are combined, and M and N are both positive integers.
  • the first random number and the first key generated by the first terminal device and the second random number generated by the second terminal device are used to derive the second key. That is, the first terminal device derives the second key based on at least the first random number, the first key and the second random number, and the first terminal device can derive the integrity protection key and/or the secret based on the second key.
  • the first terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key.
  • the second terminal device may derive the second key based on at least the first random number, the first key and the second random number, and the second terminal device may derive the integrity protection key and/or the secret based on the second key.
  • the second terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key.
  • the input parameters of the first message verification code include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the first random number, the third 2.
  • Temporary public key, the M bits that is, the first terminal device can be based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the information of the user to which the first terminal device belongs, and the second temporary At least one of the public key, the M bits, and the signature of the first terminal device is used to generate the first message verification code.
  • the input parameters of the first message verification code include: the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, and the information of the user to which the first terminal device belongs. , the second temporary public key, the M bits, and the signature of the first terminal device.
  • the second terminal device may generate a first message verification based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. code and compare it with the first message verification code contained in the first message. If they are consistent, the first message verification code is valid.
  • the first message is an authentication response message, or the first message is a safe mode command message.
  • the security capability information of the first terminal device may be a list of cryptographic algorithms supported by the first terminal device.
  • the security policy information of the first terminal device may be whether the first terminal device supports confidentiality protection or integrity protection.
  • the security policy information of the first terminal device includes: the security policy information of the first terminal device on the control plane, and/or the security policy information of the first terminal device on the user plane.
  • the M bits may be the highest M bits of the identity of the first key, and the N bits may be the lowest N bits of the identity of the first key; or, The M bits may be the first M bits of the identifier of the first key, and the N bits may be the last N bits of the identifier of the first key; or, the M bits may be are the even-numbered bits of the identifier of the first key, and the N bits may be the odd-numbered bits of the identifier of the first key.
  • the values of M and N may be the same or different, which is not limited by this application.
  • the first terminal device receives the second message sent by the second terminal device through the relay device;
  • the second message includes at least one of the following: the second random number generated by the second terminal device, N bits of the identification of the first key generated by the second terminal device, x bits of the identifier of the generated second key, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second message verification code;
  • the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the third integrity protection key generated based on the second key.
  • the second message verification code performs integrity protection, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, and the second terminal device selected Security algorithm, the security policy selected by the second terminal device;
  • the identifier of the second key is obtained by combining the x bits and the other y bits of the identifier of the second key, and both x and y are positive integers.
  • the x bits may be the highest x bits of the identity of the second key, and the y bits may be the lowest y bits of the identity of the second key; or, The x bits may be the first x bits of the identifier of the second key, and the y bits may be the last y bits of the identifier of the second key; or, the x bits may be are the even-numbered bits of the identifier of the second key, and the y bits may be the odd-numbered bits of the identifier of the second key.
  • the values of x and y may be the same or different, which is not limited by this application.
  • the first terminal device if the information carried in the second message has not been tampered with, the first terminal device generates the second random number based on at least the first random number, the first key and the second random number. key, the first terminal device generates an integrity protection key and/or a confidentiality protection key based on the second key, and the first terminal device combines the M bits and the N bits to obtain the The identification of the first key, the first terminal device generates y bits of the identification of the second key, and combines the x bits and the y bits to obtain the identification of the second key;
  • the first terminal device When the second message verification code is valid, the first terminal device generates an integrity protection key and/or a secret based on the security algorithm selected by the second terminal device, the second key, and the second key.
  • the security protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.
  • the input parameters of the second message verification code include: the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, the security strategy.
  • the first terminal device may generate a second message verification code based on the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, and the security policy selected by the second terminal device. , and compared with the second message verification code contained in the second message. If they are consistent, the second message verification code is valid.
  • the second message is encrypted with the first key.
  • the second message may not be encrypted using the first key, or the second message may not be encrypted.
  • the first terminal device decrypts the second message according to the first key; if the information carried in the second message is not tampered with, the first terminal device at least decrypts the second message according to the first random key. number, the first key and the second random number to generate the second key, the first terminal device generates an integrity protection key and/or a confidentiality protection key based on the second key, and the first The terminal device combines the M bits and the N bits to obtain the identity of the first key, the first terminal device generates y bits of the identity of the second key, and combines the x bits Combine with the y bits to obtain the identity of the second key;
  • the first terminal device When the second message verification code is valid, the first terminal device generates an integrity protection key and/or a secret based on the security algorithm selected by the second terminal device, the second key, and the second key.
  • the security protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.
  • the second terminal device may select a security algorithm based on the security capability information of the first terminal device, and/or the second terminal device may select a security policy based on the security policy information of the first terminal device.
  • the first terminal device may use the first random number, the first key, the second random number, the source identifier, the target identifier, the length of the first random number, the second random number. At least one of the length of the number, the length of the source identifier, and the length of the target identifier is used to generate the second key.
  • the source identifier is used to identify the source end of the relay connection between the first terminal device and the second terminal device
  • the target identifier is used to identify the intermediate connection between the first terminal device and the second terminal device.
  • the destination of the connection may also include other system setting parameters, such as one or more fixed parameters specified by 3GPP.
  • the first message is an authentication response message
  • the second message is a Secure Mode Command (Secure Mode Command, SMC) message.
  • SMC Secure Mode Command
  • the first message is a safe mode command (SMC) message and the second message is a safe mode response message.
  • SMC safe mode command
  • the first terminal device sends the third message to the second terminal device through the relay device;
  • the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the y bits of the identification of the second key, Third message verification code;
  • the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;
  • the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the third message verification code generated based on the integrity protection key derived based on the second key.
  • the three-message verification code performs integrity protection, and the input parameters of the third message verification code include the y bits.
  • the third message is integrity protected by the third message verification code, which is generated based on the second key, or the third message verification code is based on the integrity derived from the second key.
  • the third message verification code is integrity protected by the third message verification code, which is generated based on the second key, or the third message verification code is based on the integrity derived from the second key.
  • the second terminal device decrypts the third message using the target key; provided that the information carried in the third message has not been tampered with, and the third message
  • the second terminal device combines the x bits and the y bits to obtain the identity of the second key.
  • the second terminal device can generate a third message verification code based on the y bits, and compare it with the third message verification code contained in the third message. If the comparison is consistent, the third message verification code The message verification code is valid.
  • the third message is a security mode complete message (security mode complete).
  • the first terminal device receives an error message sent by the second terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein the error message
  • the reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the second terminal device
  • the security algorithm negotiation between the device and the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information;
  • the first terminal device determines that the security mode establishment fails, and/or the first terminal device re-initiates the security mode establishment process.
  • the error message may also be integrity protected.
  • the cause information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device.
  • the second terminal device does not support the security policy information of the first terminal device carried in the first message. .
  • the cause information is used to indicate that the security algorithm negotiation between the second terminal device and the first terminal device failed.
  • the second terminal device does not support the security capabilities of the first terminal device carried in the first message. information.
  • the first key may be K D
  • the identifier of the first key may be K D ID
  • the second key may be K D -SESS
  • the identifier of the second key may be K D-SESS ID.
  • the input parameters when generating the first key include: a second temporary private key (Ephemeral private key2) generated by the first terminal device, a first temporary private key generated by the second terminal device.
  • Temporary public key (Ephemeral public key1), and related information of the relay device such as the identity information of the relay device, or the random number generated by the relay device, or the counter (COUNT) generated by the relay device).
  • the input parameters when generating the first key include: the second temporary public key (Ephemeral public key2) generated by the first terminal device, the first temporary private key (Ephemeral private key2) generated by the second terminal device.
  • the first temporary public key is paired with the first temporary private key
  • the second temporary public key is paired with the second temporary private key
  • the integrity protection key includes an integrity protection key for the control plane (KD -CPint ) and an integrity protection key for the user plane ( KD-UPint ); and/or the confidentiality
  • the protection keys include a confidentiality protection key for the control plane (K D-CPenc ) and a confidentiality protection key for the user plane (K D-UPenc ).
  • the input parameters of the integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, and the integrity protection algorithm identifier. , the length of the integrity protection algorithm identifier. That is, the second key may be generated based on at least one of the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, and the length of the integrity protection algorithm identifier. Integrity protected key.
  • the input parameters of the integrity protection key may also include some system setting parameters.
  • the integrity protection key is automatically updated.
  • the input parameters of the confidentiality protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identification , the length of the confidentiality protection algorithm identifier. That is, the second key may be generated based on at least one of the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, and the length of the confidentiality protection algorithm identifier. Confidentiality protects keys.
  • the input parameters of the confidentiality protection key may also include some system setting parameters.
  • the confidentiality protection key is automatically updated.
  • the selected algorithm type identifier may be represented by "Control Plane Integrity Protection Algorithm" or by setting a specific value.
  • the selected algorithm type identifier may be represented by "Control Plane Confidentiality Protection Algorithm" or by setting a specific value.
  • the selected algorithm type identifier may be represented by "User Plane Integrity Protection Algorithm" or by setting a specific value.
  • the selected algorithm type identifier may be represented by "user plane confidentiality protected algorithm” or by setting a specific value.
  • Root key Signature private key/secret signing key (Secret Signing Key, SSK) is the root of trust for UE-to-UE relay unicast link security.
  • SSK secret Signing Key
  • UE ID user identification
  • PVT public key parameter
  • K D Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption
  • Users each generate a temporary public and private key pair, and use the Elliptic Curve Integrated Encryption Scheme (ECIES) algorithm to generate K D.
  • ECIES Elliptic Curve Integrated Encryption Scheme
  • the signature generated by the source device user ensures the authenticity of the identity and the authenticity of the temporary public key. Integrity and non-repudiation.
  • the signature generated by the target device user ensures the authenticity of the identity and the integrity and non-repudiation of the temporary public key. This ensures that only the source device and the target device can obtain the key K D . Therefore, the signature private key or SSK is the root of trust that ensures secure communication between the source device and the target device.
  • K D The key length is at least 256 bits (bits) and is generated by both the source device and the target device through temporary public and private key negotiation. Based on the root key, K D is updated by rerunning the authentication process. K D is used to generate the next layer key K D-sess . The key can be saved even if there is no active communication session between the source and target devices. K D ID can be used to identify K D .
  • the input parameters during generation include: UE-1’s temporary private key Ephemeral private key2, UE-2’s temporary public key Ephemeral public key1, and the identity information of UE-relay, or UE-relay
  • the input parameters during generation include: UE-1's temporary public key Ephemeral public key2, UE-2's temporary private key Ephemeral private key1, And the identity of UE-relay, or the random number generated by UE-relay, or the counter COUNT generated by UE-relay.
  • K D-sess The key length is at least 256 bits. K D-sess is used to derive the next level of integrity protection or confidentiality protection key. K D -sess can be refreshed based on K D by rerunning the secure connection establishment process or the related key update process. K D-sess ID is used to identify K D-sess . KD-sess is derived from KD using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. The input parameters of K D-sess must at least include the key K D , the random number Nonce_1 (that is, the first random number generated by the first terminal device), and the random number Nonce_2 (that is, the second random number generated by the second terminal device).
  • the input parameters of K D-sess may also include but are not limited to at least one of the following: source ID (Source ID), destination ID (Destination ID), the length of the random number Nonce_1, the length of the random number Nonce_2, the source ID (Source ID) length, destination ID (Destination ID) length.
  • the input parameters of K D-sess can also include other system setting parameters, such as one or more fixed parameters specified by 3GPP.
  • K D-CPint The key length is at least 128 bits. This key can be used for control plane data integrity protection.
  • the key is derived by K D-sess using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. Come.
  • the input parameters of K D-CPint must contain at least the key K D-sess , the selected algorithm type identifier (such as "control plane integrity protection algorithm” or setting a specific value to represent it) and the selected algorithm type identifier.
  • the length of the symbol, the integrity protection algorithm identifier and the length of the integrity protection algorithm identifier, and other system setting parameters can be used as optional input parameters.
  • K D -CPint is automatically updated when K D -sess is automatically refreshed.
  • K D-CPenc The key length is at least 128 bits. This key can be used for control plane data confidentiality protection.
  • the key is derived by K D-sess using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. Come.
  • the input parameters of K D-CPenc must contain at least the key K D-sess , the selected algorithm type identifier (such as "Control Plane Confidentiality Protection Algorithm" or set a specific value to represent it) and the selected algorithm type identifier
  • the length, the confidentiality protection algorithm identifier and the length of the confidentiality protection algorithm identifier, and other system setting parameters can be used as optional input parameters.
  • K D -CPenc is automatically updated when K D- sess is automatically refreshed.
  • K D-UPint The key length is at least 128 bits. This key can be used for user plane data integrity protection.
  • the key is derived by K D-sess using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. Come.
  • the input parameters of K D-UPint must contain at least the key K D-sess , the selected algorithm type identifier (such as "user plane integrity protection algorithm” or setting a specific value to represent it) and the selected algorithm type identifier.
  • the length of the symbol, the integrity protection algorithm identifier and the length of the integrity protection algorithm identifier, and other system setting parameters can be used as optional input parameters.
  • K D -UPint is automatically updated when K D-sess is automatically refreshed.
  • K D-UPenc The key length is at least 128 bits. This key can be used for user plane data confidentiality protection.
  • the key is derived by K D-sess using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. Come.
  • the input parameters of K D-UPenc must contain at least the key K D-sess , the selected algorithm type identifier (such as "user plane confidentiality protection algorithm” or setting a specific value to represent it) and the selected algorithm type identifier.
  • the length of the character, the confidentiality protection algorithm identifier and the length of the confidentiality protection algorithm identifier, and other system setting parameters can be used as optional input parameters.
  • K D -UPenc is automatically updated when K D -sess is automatically refreshed.
  • ECCSI in this application is only an example and is not limited to this algorithm. It can also be replaced by other identity-based public key signature and public key encryption algorithms. While replacing the public key algorithm, all requests Parameters related to the public key algorithm in the message need to be replaced accordingly.
  • the key derivation function used by the first terminal device and the second terminal device in this application is not limited to HMAC-SHA-256 or HMAC-SM3, and includes any key derivation function that meets computational security.
  • the input parameters of the key derivation function in this application are not limited to the necessary parameters mentioned above, and may include other optional parameters, such as fixed parameters set by the application system.
  • the key management center in this application is not limited to KMS, PKMF, and 5GPKMF.
  • Legal key management centers managed by operators or managed by third-party service providers are all applicable to the technical solution of this application.
  • the symmetric key issued by PKMF to the terminal device that has been registered and authorized to use the UE-to-UE relay function is not limited to the above solution.
  • the specific configuration can be changed according to the operator or service provider's design of PKMF. .
  • the information elements in all interactive messages in the secure communication establishment process in this application are not limited to the content mentioned in the above solution, and optional information elements due to application system requirements can also be added.
  • the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key
  • the second key is used to derive the integrity protection key and /or confidentiality protection key, which can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing other devices from even relaying Device eavesdropping.
  • the embodiment of this application is suitable for the secure communication establishment process between the first terminal device (source device) and the second terminal device (target device) under the 5G L2 UE-to-UE relay architecture.
  • public key signature technology it can ensure the identity authenticity of the terminal device and the non-repudiation of the message, and can resist replay attacks, man-in-the-middle attacks, disguise and other active attacks, while ensuring the integrity of the authentication process messages, and using the 3GPP standard
  • the ECIES algorithm is used to establish end-to-end security between the source UE and the target UE, ensuring the confidentiality and integrity of the data transmitted by both parties, and preventing eavesdropping by external adversaries and even relays; the embodiment of this application ensures The scalability of the secure communication establishment mechanism.
  • the embodiments of this application can realize the security negotiation of the user plane and control plane security policies between the source UE and the target UE, as well as the encryption and integrity protection algorithms supported by both parties, and can achieve integrity. Protect against tampering and downgrade attacks.
  • the first terminal device side embodiment of the present application is described in detail above with reference to FIGS. 7 to 8 .
  • the second terminal device side embodiment of the present application is described in detail below with reference to FIG. 9 . It should be understood that the second terminal device side implementation The example corresponds to the first terminal device side embodiment, and similar descriptions may refer to the first terminal device side embodiment.
  • FIG. 9 is a schematic flowchart of a communication relay method 300 according to an embodiment of the present application.
  • the communication relay method 300 may include at least part of the following content:
  • the second terminal device sends an authentication request message to the first terminal device through the relay device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first user generated by the second terminal device. A temporary public key, the signature of the second terminal device, and relevant information of the relay device; wherein the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device.
  • the input parameters of the signature of the second terminal device include at least one of the following: information about the user to which the second terminal device belongs and the first temporary public key; related information about the first temporary public key and the relay device for The first terminal device derives a first key; the relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.
  • This embodiment is based on the ECCSI signature scheme to establish a secure connection in the UE-to-UE relay scenario under the L2 architecture.
  • the embodiments of this application are applied to the UE-to-UE relay scenario under the L2 architecture, that is, the first terminal device and the second terminal device communicate through the relay device.
  • the relay connection between the first terminal device and the second terminal device may be a PC5 link.
  • the first terminal device may be a source device or a source terminal
  • the second terminal device may be a target device or a target terminal
  • the relay device may be a relay terminal
  • the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key. That is, the second terminal device may generate a signature of the second terminal device based on at least one of the information of the user to which the second terminal device belongs and the first temporary public key.
  • the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs. That is, the relay device may generate the signature of the relay device based on at least one of the signature of the second terminal device and the information of the user to which the relay device belongs.
  • the signature of the second terminal device is generated by the secret signing key (SSK) of the second terminal device.
  • the PVT, KPAK, and secret signature key (SSK) of the second terminal device may be pre-configured by the trusted center KMS for the second terminal device through a secure channel.
  • the secure channel may be based on the AKMA mechanism or the GBA mechanism to establish a secure connection between the second terminal device and the KMS.
  • the KMS may be directly managed by the operator or be a third-party service provider that has a commercial relationship with the operator.
  • the second terminal device receives the first message sent by the first terminal device through the relay device;
  • the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, and information of the user to which the relay device belongs. , the first random number generated by the first terminal device, the second temporary public key paired with the second temporary private key generated by the first terminal device, the identification of the first key generated by the first terminal device M bits, the signature of the first terminal device, the signature of the relay device, and the first message verification code;
  • the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device;
  • the information of the user to which the relay device belongs includes the identification of the relay device and the relay device.
  • the input parameters of the signature of the first terminal device include at least one of the following: information of the user to which the first terminal device belongs, the second temporary public key, and M bits of the identification of the first key , the signature of the second terminal device;
  • the input parameters of the signature of the relay device include at least one of the following: information of the user to which the relay device belongs, the signature of the first terminal device, the signature of the second terminal device;
  • the first message is integrity protected by the first message verification code generated based on the first key
  • the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the information of the user to which the relay device belongs, the first random number, the second temporary public key, the M bits, The signature of the first terminal device and the signature of the relay device;
  • the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the third key generated by the second terminal device.
  • Two random numbers are used to derive a second key.
  • the second key is used to derive an integrity protection key and/or a confidentiality protection key.
  • the identity of the first key is composed of the M bits and the first The other N bits of the key's identifier are combined, and M and N are both positive integers.
  • the input parameters of the first message verification code include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, user information of the user to which the first terminal device belongs. information, the information of the user to which the relay device belongs, the first random number, the second temporary public key, and the M bits. That is, the first terminal device can be based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, the M bits, and the At least one of the signature of the first terminal device and the signature of the relay device generates the first message verification code.
  • the first random number and the first key generated by the first terminal device and the second random number generated by the second terminal device are used to derive the second key. That is, the first terminal device derives the second key based on at least the first random number, the first key and the second random number, and the first terminal device can derive the integrity protection key and/or the secret based on the second key.
  • the first terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key.
  • the second terminal device may derive the second key based on at least the first random number, the first key and the second random number, and the second terminal device may derive the integrity protection key and/or the secret based on the second key.
  • the second terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key.
  • the signature of the first terminal device is generated by the secret signature key of the first terminal device.
  • the relay device's signature is generated by the relay device's secret signing key.
  • the first message is an authentication response message, or the first message is a safe mode command message.
  • the security capability information of the first terminal device may be a list of cryptographic algorithms supported by the first terminal device.
  • the security policy information of the first terminal device may be whether the first terminal device supports confidentiality protection or integrity protection.
  • the security policy information of the first terminal device includes: the security policy information of the first terminal device on the control plane, and/or the security policy information of the first terminal device on the user plane.
  • the M bits may be the highest M bits of the identity of the first key, and the N bits may be the lowest N bits of the identity of the first key; or, The M bits may be the first M bits of the identifier of the first key, and the N bits may be the last N bits of the identifier of the first key; or, the M bits may be are the even-numbered bits of the identifier of the first key, and the N bits may be the odd-numbered bits of the identifier of the first key.
  • the values of M and N may be the same or different, which is not limited by this application.
  • the second terminal device checks the KPAK of the first terminal device and the KPAK of the relay device respectively. If the KPAK of the first terminal device and the KPAK of the relay device are valid, and based on The identity of the first terminal device and the PVT of the first terminal device are used to verify the signature of the first terminal device, and the signature of the relay device is verified based on the identity of the relay device and the PVT of the relay device. ;
  • the second terminal device When the signature of the first terminal device and the signature of the relay device are verified successfully, and the information carried in the first message has not been tampered with, the second terminal device generates a second random number, and the second terminal device generates a second random number.
  • the second key is generated based on at least the first random number, the first key and the second random number, and the second terminal device generates an integrity protection key and/or a confidentiality protection key based on the second key.
  • key, and the second terminal device generates N bits of the identifier of the first key, and combines the M bits and the N bits to obtain the identifier of the first key.
  • the second terminal device may use the first random number, the first key, the second random number, the source identifier, the target identifier, the length of the first random number, the second random number. At least one of the length of the number, the length of the source identifier, and the length of the target identifier is used to generate the second key.
  • the source identifier is used to identify the source end of the relay connection between the first terminal device and the second terminal device
  • the target identifier is used to identify the intermediate connection between the first terminal device and the second terminal device.
  • the destination of the connection may also include other system setting parameters, such as one or more fixed parameters specified by 3GPP.
  • the input parameters of the first message verification code include: the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, the M bits.
  • the second terminal device may generate a first message verification based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. code and compare it with the first message verification code contained in the first message. If they are consistent, the first message verification code is valid.
  • the second terminal device when the first message verification code is valid, sends a second message to the first terminal device through the relay device; wherein the second message includes at least one of the following : the second random number, the N bits, the x bits of the identifier of the second key generated by the second terminal device, the security algorithm selected by the second terminal device, the Security policy, second message verification code;
  • the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the third integrity protection key generated based on the second key.
  • the second message verification code performs integrity protection, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, and the second terminal device selected Security algorithm, the security policy selected by the second terminal device;
  • the identifier of the second key is obtained by combining the x bits and the other y bits of the identifier of the second key, and both x and y are positive integers.
  • the input parameters of the second message verification code include: the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, the security strategy.
  • the first terminal device may generate a second message verification code based on the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, and the security policy selected by the second terminal device. , and compared with the second message verification code contained in the second message. If they are consistent, the second message verification code is valid.
  • the x bits may be the highest x bits of the identity of the second key, and the y bits may be the lowest y bits of the identity of the second key; or, The x bits may be the first x bits of the identifier of the second key, and the y bits may be the last y bits of the identifier of the second key; or, the x bits may be are the even-numbered bits of the identifier of the second key, and the y bits may be the odd-numbered bits of the identifier of the second key.
  • the values of x and y may be the same or different, which is not limited by this application.
  • the second message is encrypted with the first key.
  • the second message may not be encrypted using the first key, or the second message may not be encrypted.
  • the second terminal device may select a security algorithm based on the security capability information of the first terminal device, and/or the second terminal device may select a security policy based on the security policy information of the first terminal device.
  • the first message is an authentication response message and the second message is a secure mode command (SMC) message.
  • SMC secure mode command
  • the first message is a safe mode command (SMC) message and the second message is a safe mode response message.
  • SMC safe mode command
  • the first terminal device may derive the first secret key based on the first temporary public key generated by the second terminal device, the relevant information of the relay device, and the second temporary private key generated by the first terminal device. key.
  • the second terminal device may derive the first key based on the second temporary public key generated by the first terminal device, the relevant information of the relay device, and the first temporary private key generated by the second terminal device.
  • the first temporary public key generated by the second terminal device is paired with the first temporary private key generated by the second terminal device
  • the second temporary public key generated by the first terminal device is paired with the second temporary private key generated by the first terminal device. pair.
  • the first terminal device can calculate the first key based on the first temporary public key, relevant information of the relay device, and the second temporary private key using the ECIES algorithm; the second terminal device can calculate the first key based on the second temporary public key. , the relevant information of the relay device and the first temporary private key, and use the ECIES algorithm to calculate the first key.
  • the second terminal device receives the third message sent by the first terminal device through the relay device;
  • the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the identification of the second key generated by the first terminal device y bits, the third message verification code;
  • the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;
  • the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the third message verification code generated based on the integrity protection key derived based on the second key.
  • the three-message verification code performs integrity protection, and the input parameters of the third message verification code include the y bits.
  • the second terminal device decrypts the third message using the target key; provided that the information carried in the third message has not been tampered with and the third message verification code is valid. Next, the second terminal device combines the x bits and the y bits to obtain the identity of the second key.
  • the second terminal device can generate a third message verification code based on the y bits, and compare it with the third message verification code contained in the third message. If the comparison is consistent, the third message verification code The message verification code is valid.
  • the third message is a security mode complete message (security mode complete).
  • the second terminal device sends an error message to the first terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein the cause The information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the second terminal device
  • the security algorithm negotiation with the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information.
  • the first terminal device determines that the security mode establishment fails, and/or the first terminal device re-initiates the security mode establishment process.
  • the error message may also be integrity protected.
  • the cause information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device.
  • the second terminal device does not support the security policy information of the first terminal device carried in the first message. .
  • the cause information is used to indicate that the security algorithm negotiation between the second terminal device and the first terminal device failed.
  • the second terminal device does not support the security capabilities of the first terminal device carried in the first message. information.
  • the first key may be K D
  • the identifier of the first key may be K D ID
  • the second key may be K D -SESS
  • the identifier of the second key may be K D-SESS ID.
  • the integrity protection key includes an integrity protection key for the control plane (KD -CPint ) and an integrity protection key for the user plane ( KD-UPint ); and/or the confidentiality
  • the protection keys include a confidentiality protection key for the control plane (K D-CPenc ) and a confidentiality protection key for the user plane (K D-UPenc ).
  • the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key
  • the second key is used to derive the integrity protection key and /or confidentiality protection key, which can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing other devices from even relaying Device eavesdropping.
  • the embodiment of this application is suitable for the secure communication establishment process between the first terminal device (source device) and the second terminal device (target device) under the 5G L2 UE-to-UE relay architecture.
  • public key signature technology it can ensure the identity authenticity of the terminal device and the non-repudiation of the message, and can resist replay attacks, man-in-the-middle attacks, disguise and other active attacks, while ensuring the integrity of the authentication process messages, and using the 3GPP standard
  • the ECIES algorithm is used to establish end-to-end security between the source UE and the target UE, ensuring the confidentiality and integrity of the data transmitted by both parties, and preventing eavesdropping by external adversaries and even relays; the embodiment of this application ensures The scalability of the secure communication establishment mechanism.
  • the embodiments of this application can realize the security negotiation of the user plane and control plane security policies between the source UE and the target UE, as well as the encryption and integrity protection algorithms supported by both parties, and can achieve integrity. Protect against tampering and downgrade attacks.
  • the first terminal device side embodiment and the second terminal device side embodiment of the present application are described in detail above with reference to Figures 7 to 9.
  • the relay device side embodiment of the present application is described in detail with reference to Figure 10. It should be understood that , the relay device side embodiment corresponds to the first terminal device side embodiment and the second terminal device side embodiment. Similar descriptions can be made with reference to the first terminal device side embodiment and the second terminal device side embodiment.
  • Figure 10 is a schematic flowchart of a method 400 for relaying communication according to an embodiment of the present application. As shown in Figure 10, the method 400 for relaying communication may include at least part of the following content:
  • the relay device receives the authentication request message sent by the second terminal device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, and the first temporary public key generated by the second terminal device. , the signature of the second terminal device; wherein the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; the input parameters of the signature of the second terminal device include At least one of the following: information about the user to which the second terminal device belongs and the first temporary public key;
  • the relay device sends a request to the first terminal device.
  • the terminal device sends an authentication request message after verification; wherein the authentication request message after verification includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, and the first temporary public key.
  • the signature of the second terminal device, the signature of the relay device, and the relevant information of the relay device wherein the information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device.
  • the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; wherein, the first temporary public key and the relevant information of the relay device are used
  • the first key is derived from the first terminal device;
  • the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.
  • This embodiment is based on the ECCSI signature scheme to establish a secure connection in the UE-to-UE relay scenario under the L2 architecture.
  • the embodiments of this application are applied to the UE-to-UE relay scenario under the L2 architecture, that is, the first terminal device and the second terminal device communicate through the relay device.
  • the relay connection between the first terminal device and the second terminal device may be a PC5 link.
  • the first terminal device may be a source device or a source terminal
  • the second terminal device may be a target device or a target terminal
  • the relay device may be a relay terminal
  • the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key. That is, the second terminal device may generate a signature of the second terminal device based on at least one of the information of the user to which the second terminal device belongs and the first temporary public key.
  • the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs. That is, the relay device may generate the signature of the relay device based on at least one of the signature of the second terminal device and the information of the user to which the relay device belongs.
  • the relay device may verify the validity of the KPAK of the second terminal device based on one or more KPAKs stored locally. For example, if there is a KPAK consistent with the KPAK of the second terminal device among the KPAKs stored locally on the relay device, the KPAK of the second terminal device is valid.
  • one or more KPAKs stored locally on the first terminal device may be preconfigured by the KMS.
  • the first terminal device may derive the first key based on the first temporary public key generated by the second terminal device, relevant information of the relay device, and the second temporary private key generated by the first terminal device.
  • the second terminal device may derive the first key based on the second temporary public key generated by the first terminal device, the relevant information of the relay device, and the first temporary private key generated by the second terminal device.
  • the first temporary public key generated by the second terminal device is paired with the first temporary private key generated by the second terminal device
  • the second temporary public key generated by the first terminal device is paired with the second temporary private key generated by the first terminal device. pair.
  • the first terminal device can calculate the first key based on the first temporary public key and the second temporary private key and use the ECIES algorithm; the second terminal device can calculate the first key based on the second temporary public key and the first temporary private key. And use the ECIES algorithm to calculate the first key.
  • the signature of the second terminal device is determined by the second terminal device.
  • the device's Secret Signing Key (SSK) is generated.
  • the PVT, KPAK, and secret signature key (SSK) of the second terminal device may be pre-configured by the trusted center KMS for the second terminal device through a secure channel.
  • the secure channel may be based on the AKMA mechanism or the GBA mechanism to establish a secure connection between the second terminal device and the KMS.
  • the KMS may be directly managed by the operator or be a third-party service provider that has a commercial relationship with the operator.
  • the signature of the relay device is encrypted by the secret signature of the relay device.
  • Key SSK
  • the PVT, KPAK, and secret signature key (SSK) of the relay device may be pre-configured for the relay device by the trusted center KMS through a secure channel.
  • the secure channel can be based on the AKMA mechanism or the GBA mechanism to establish a secure connection between the relay device and the KMS.
  • the KMS can be directly managed by the operator or a third-party service provider that has a commercial relationship with the operator.
  • the relay device receives the first message sent by the first terminal device
  • the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, a third message generated by the first terminal device.
  • security capability information of the first terminal device security policy information of the first terminal device
  • information of the user to which the first terminal device belongs a third message generated by the first terminal device.
  • the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device;
  • the input parameters of the signature of the first terminal device include at least one of the following: the first terminal Information about the user to whom the device belongs, the second temporary public key, M bits of the identification of the first key, and the signature of the second terminal device;
  • the first message is integrity protected by the first message verification code generated based on the first key
  • the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device;
  • the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the third key generated by the second terminal device.
  • Two random numbers are used to derive a second key.
  • the second key is used to derive an integrity protection key and/or a confidentiality protection key.
  • the identity of the first key is composed of the M bits and the first The other N bits of the key's identifier are combined, and M and N are both positive integers.
  • the relay device sends a message to the first terminal device.
  • the second terminal device sends the first message after verification; wherein the first message after verification includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, Information about the user to whom the terminal device belongs, information about the user to whom the relay device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device and paired with the second temporary private key, M bits of the identification of the first key generated by the first terminal device, the signature of the first terminal device, the signature of the relay device, and the first message verification code; wherein, the user to whom the relay device belongs
  • the information includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the relay device include at least one of the following: information of the user to which the
  • the first random number and the first key generated by the first terminal device and the second random number generated by the second terminal device are used to derive the second key. That is, the first terminal device derives the second key based on at least the first random number, the first key and the second random number, and the first terminal device can derive the integrity protection key and/or the secret based on the second key.
  • the first terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key.
  • the second terminal device may derive the second key based on at least the first random number, the first key and the second random number, and the second terminal device may derive the integrity protection key and/or the secret based on the second key.
  • the second terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key.
  • the input parameters of the first message verification code include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the first random number, the third 2.
  • Temporary public key, the M bits that is, the first terminal device can be based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. At least one of them generates the first message verification code.
  • the input parameters of the first message verification code include: the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, the M bits.
  • the second terminal device may generate a first message verification based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. code and compare it with the first message verification code contained in the first message. If they are consistent, the first message verification code is valid.
  • the first message is an authentication response message, or the first message is a safe mode command message.
  • the security capability information of the first terminal device may be a list of cryptographic algorithms supported by the first terminal device.
  • the security policy information of the first terminal device may be whether the first terminal device supports confidentiality protection or integrity protection.
  • the security policy information of the first terminal device includes: the security policy information of the first terminal device on the control plane, and/or the security policy information of the first terminal device on the user plane.
  • the M bits may be the highest M bits of the identity of the first key, and the N bits may be the lowest N bits of the identity of the first key; or, The M bits may be the first M bits of the identifier of the first key, and the N bits may be the last N bits of the identifier of the first key; or, the M bits may be are the even-numbered bits of the identifier of the first key, and the N bits may be the odd-numbered bits of the identifier of the first key.
  • the values of M and N may be the same or different, which is not limited by this application.
  • the relay device forwards the second message sent by the second terminal device to the first terminal device
  • the second message includes at least one of the following: the second random number generated by the second terminal device, N bits of the identification of the first key generated by the second terminal device, x bits of the identifier of the generated second key, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second message verification code;
  • the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the third integrity protection key generated based on the second key.
  • the second message verification code performs integrity protection, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, and the second terminal device selected Security algorithm, the security policy selected by the second terminal device;
  • the identifier of the second key is obtained by combining the x bits and the other y bits of the identifier of the second key, and both x and y are positive integers.
  • the x bits may be the highest x bits of the identity of the second key, and the y bits may be the lowest y bits of the identity of the second key; or, The x bits may be the first x bits of the identifier of the second key, and the y bits may be the last y bits of the identifier of the second key; or, the x bits may be are the even-numbered bits of the identifier of the second key, and the y bits may be the odd-numbered bits of the identifier of the second key.
  • the values of x and y may be the same or different, which is not limited by this application.
  • the input parameters of the second message verification code include: the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, the security strategy.
  • the first terminal device may generate a second message verification code based on the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, and the security policy selected by the second terminal device. , and compared with the second message verification code contained in the second message. If they are consistent, the second message verification code is valid.
  • the second message is encrypted with the first key.
  • the second message may not be encrypted using the first key, or the second message may not be encrypted.
  • the second terminal device may select a security algorithm based on the security capability information of the first terminal device, and/or the second terminal device may select a security policy based on the security policy information of the first terminal device.
  • the first terminal device may use the first random number, the first key, the second random number, the source identifier, the target identifier, the length of the first random number, the second random number. At least one of the length of the number, the length of the source identifier, and the length of the target identifier is used to generate the second key.
  • the second terminal device can use the first random number, the first key, the second random number, the source identifier, the target identifier, the length of the first random number, the length of the second random number, the The second key is generated using at least one of the length of the source identifier and the length of the target identifier.
  • the source identifier is used to identify the source end of the relay connection between the first terminal device and the second terminal device
  • the target identifier is used to identify the intermediate connection between the first terminal device and the second terminal device.
  • the destination of the connection may also include other system setting parameters, such as one or more fixed parameters specified by 3GPP.
  • the first message is an authentication response message and the second message is a secure mode command (SMC) message.
  • SMC secure mode command
  • the first message is a safe mode command (SMC) message and the second message is a safe mode response message.
  • SMC safe mode command
  • the relay device forwards the third message sent by the first terminal device to the second terminal device;
  • the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the identification of the second key generated by the first terminal device y bits, the third message verification code;
  • the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;
  • the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the third message verification code generated based on the integrity protection key derived based on the second key.
  • the three-message verification code performs integrity protection, and the input parameters of the third message verification code include the y bits.
  • the second terminal device decrypts the third message using the target key; provided that the information carried in the third message has not been tampered with, and the third message
  • the second terminal device combines the x bits and the y bits to obtain the identity of the second key.
  • the second terminal device can generate a third message verification code based on the y bits, and compare it with the third message verification code contained in the third message. If the comparison is consistent, the third message verification code The message verification code is valid.
  • the third message is a security mode complete message (security mode complete).
  • the relay device forwards the error message sent by the second terminal device to the first terminal device; wherein the error message includes at least one of the following: cause information, fourth message verification code; wherein, The reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the second terminal device
  • the security algorithm negotiation between the terminal device and the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information.
  • the first terminal device determines that the security mode establishment fails, and/or the first terminal device re-initiates the security mode establishment process.
  • the error message may also be integrity protected.
  • the cause information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device.
  • the second terminal device does not support the security policy information of the first terminal device carried in the first message. .
  • the cause information is used to indicate that the security algorithm negotiation between the second terminal device and the first terminal device failed.
  • the second terminal device does not support the security capabilities of the first terminal device carried in the first message. information.
  • the first key may be K D
  • the identifier of the first key may be K D ID
  • the second key may be K D -SESS
  • the identifier of the second key may be K D-SESS ID.
  • the integrity protection key includes an integrity protection key for the control plane (KD -CPint ) and an integrity protection key for the user plane ( KD-UPint ); and/or the confidentiality
  • the protection keys include a confidentiality protection key for the control plane (K D-CPenc ) and a confidentiality protection key for the user plane (K D-UPenc ).
  • the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key
  • the second key is used to derive the integrity protection key and /or confidentiality protection key, which can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing other devices from even relaying Device eavesdropping.
  • the embodiment of this application is suitable for the secure communication establishment process between the source device (first terminal device) and the target device (second terminal device) under the 5G L2 UE-to-UE relay architecture.
  • public key signature technology it can ensure the identity authenticity of the terminal device and the non-repudiation of the message, and can resist replay attacks, man-in-the-middle attacks, disguise and other active attacks, while ensuring the integrity of the authentication process messages, and using the 3GPP standard
  • the ECIES algorithm is used to establish end-to-end security between the source UE and the target UE, ensuring the confidentiality and integrity of the data transmitted by both parties, and preventing eavesdropping by external adversaries and even relays; the embodiment of this application ensures The scalability of the secure communication establishment mechanism.
  • the embodiments of this application can realize the security negotiation of the user plane and control plane security policies between the source UE and the target UE, as well as the encryption and integrity protection algorithms supported by both parties, and can achieve integrity. Protect against tampering and downgrade attacks.
  • the first terminal device side embodiment of the present application is described in detail above with reference to FIGS. 7 to 8 .
  • another embodiment of the first terminal device side of the present application is described in detail with reference to FIG. 11 .
  • FIG 11 is a schematic flowchart of a communication relay method 500 according to an embodiment of the present application.
  • the communication relay method 500 may include at least part of the following content:
  • the first terminal device sends a first message to the second terminal device through the relay device; wherein the first message includes at least one of the following: security capability information of the first terminal device, security policy of the first terminal device Information, information about the user to which the first terminal device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, and the identification of the first key generated by the first terminal device M bits, the signature of the first terminal device, and the first message verification code; wherein the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device;
  • the input parameters of the signature of the first terminal device include at least one of the following: information of the user to which the first terminal device belongs, the second temporary public key, M bits of the identification of the first key, the second terminal Signature of the device; wherein the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the first terminal The
  • the identity of the first key is composed of the M bits and The other N bits of the identification of the first key are combined, and M and N are both positive integers; where the relevant information of the relay device includes one of the following: the identity information of the relay device, the relay device The random number generated by this relay device.
  • This embodiment is based on the ECCSI signature scheme to establish a secure connection in the UE-to-UE relay scenario under the L2 architecture.
  • the embodiments of this application are applied to the UE-to-UE relay scenario under the L2 architecture, that is, the first terminal device and the second terminal device communicate through the relay device.
  • the relay connection between the first terminal device and the second terminal device may be a PC5 link.
  • the first random number and the first key generated by the first terminal device and the second random number generated by the second terminal device are used to derive the second key. That is, the first terminal device derives the second key based on at least the first random number, the first key and the second random number, and the first terminal device can derive the integrity protection key and/or the secret based on the second key.
  • the first terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key.
  • the second terminal device may derive the second key based on at least the first random number, the first key and the second random number, and the second terminal device may derive the integrity protection key and/or the secret based on the second key.
  • the second terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key.
  • the input parameters of the first message verification code include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the first random number, the third 2.
  • Temporary public key, the M bits that is, the first terminal device can be based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. At least one of them generates the first message verification code.
  • the input parameters of the first message verification code include: the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, the M bits.
  • the second terminal device may generate a first message verification based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. code and compare it with the first message verification code contained in the first message. If they are consistent, the first message verification code is valid.
  • the first message is an authentication response message, or the first message is a safe mode command message.
  • the security capability information of the first terminal device may be a list of cryptographic algorithms supported by the first terminal device.
  • the security policy information of the first terminal device may be whether the first terminal device supports confidentiality protection or integrity protection.
  • the security policy information of the first terminal device includes: the security policy information of the first terminal device on the control plane, and/or the security policy information of the first terminal device on the user plane.
  • the M bits may be the highest M bits of the identity of the first key, and the N bits may be the lowest N bits of the identity of the first key; or, The M bits may be the first M bits of the identifier of the first key, and the N bits may be the last N bits of the identifier of the first key; or, the M bits may be are the even-numbered bits of the identifier of the first key, and the N bits may be the odd-numbered bits of the identifier of the first key.
  • the values of M and N may be the same or different, which is not limited by this application.
  • the first terminal device receives the second message sent by the second terminal device through the relay device;
  • the second message includes at least one of the following: the second random number generated by the second terminal device, N bits of the identification of the first key generated by the second terminal device, x bits of the identifier of the generated second key, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second message verification code;
  • the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the third integrity protection key generated based on the second key.
  • the second message verification code performs integrity protection, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, and the second terminal device selected Security algorithm, the security policy selected by the second terminal device;
  • the identifier of the second key is obtained by combining the x bits and the other y bits of the identifier of the second key, and x and y are both positive integers.
  • the first terminal device if the information carried in the second message has not been tampered with, the first terminal device generates the second random number based on at least the first random number, the first key and the second random number. key, the first terminal device generates an integrity protection key and/or a confidentiality protection key based on the second key, and the first terminal device combines the M bits and the N bits to obtain the The identification of the first key, the first terminal device generates y bits of the identification of the second key, and combines the x bits and the y bits to obtain the identification of the second key;
  • the first terminal device When the second message verification code is valid, the first terminal device generates an integrity protection key and/or a secret based on the security algorithm selected by the second terminal device, the second key, and the second key.
  • the security protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.
  • the second message is encrypted with the first key.
  • the second message may not be encrypted using the first key, or the second message may not be encrypted.
  • the first terminal device decrypts the second message according to the first key; if the information carried in the second message is not tampered with, the first terminal device at least decrypts the second message according to the first random key. number, the first key and the second random number to generate the second key, the first terminal device generates an integrity protection key and/or a confidentiality protection key based on the second key, and the first The terminal device combines the M bits and the N bits to obtain the identity of the first key, the first terminal device generates y bits of the identity of the second key, and combines the x bits Combine with the y bits to obtain the identity of the second key;
  • the first terminal device When the second message verification code is valid and the third message verification code is valid, the first terminal device generates a complete message based on the security algorithm selected by the second terminal device, the second key, and the second key.
  • the security protection key and/or the confidentiality protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.
  • the x bits may be the highest x bits of the identity of the second key, and the y bits may be the lowest y bits of the identity of the second key; or, The x bits may be the first x bits of the identifier of the second key, and the y bits may be the last y bits of the identifier of the second key; or, the x bits may be are the even-numbered bits of the identifier of the second key, and the y bits may be the odd-numbered bits of the identifier of the second key.
  • the values of x and y may be the same or different, which is not limited by this application.
  • the input parameters of the second message verification code include: the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, the security strategy.
  • the first terminal device may generate a second message verification code based on the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, and the security policy selected by the second terminal device. , and compared with the second message verification code contained in the second message. If they are consistent, the second message verification code is valid.
  • the second terminal device may select a security algorithm based on the security capability information of the first terminal device, and/or the second terminal device may select a security policy based on the security policy information of the first terminal device.
  • the first terminal device may use the first random number, the first key, the second random number, the source identifier, the target identifier, the length of the first random number, the second random number. At least one of the length of the number, the length of the source identifier, and the length of the target identifier is used to generate the second key.
  • the source identifier is used to identify the source end of the relay connection between the first terminal device and the second terminal device
  • the target identifier is used to identify the intermediate connection between the first terminal device and the second terminal device.
  • the destination of the connection may also include other system setting parameters, such as one or more fixed parameters specified by 3GPP.
  • the first message is an authentication response message
  • the second message is an SMC message
  • the first message is an SMC message
  • the second message is a safe mode response message
  • the first terminal device sends the third message to the second terminal device through the relay device;
  • the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the y bits of the identification of the second key, Third message verification code;
  • the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;
  • the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the third message verification code generated based on the integrity protection key derived based on the second key.
  • the three-message verification code performs integrity protection, and the input parameters of the third message verification code include the y bits.
  • the second terminal device decrypts the third message using the target key; provided that the information carried in the third message has not been tampered with, and the third message
  • the second terminal device combines the x bits and the y bits to obtain the identity of the second key.
  • the second terminal device can generate a third message verification code based on the y bits, and compare it with the third message verification code contained in the third message. If the comparison is consistent, the third message verification code The message verification code is valid.
  • the third message is a security mode complete message (security mode complete).
  • the first terminal device receives an error message sent by the second terminal device through the relay device; wherein, the error message includes at least one of the following: cause information, a fourth message verification code; wherein, the error message
  • the reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the second terminal device
  • the security algorithm negotiation between the device and the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information;
  • the first terminal device determines that the security mode establishment fails, and/or the first terminal device re-initiates the security mode establishment process.
  • the error message may also be integrity protected.
  • the cause information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device.
  • the second terminal device does not support the security policy information of the first terminal device carried in the first message. .
  • the cause information is used to indicate that the security algorithm negotiation between the second terminal device and the first terminal device failed.
  • the second terminal device does not support the security capabilities of the first terminal device carried in the first message. information.
  • the first terminal device receives the authentication request message sent by the second terminal device through the relay device;
  • the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, the first temporary public key generated by the second terminal device, Signature, the signature of the relay device, and relevant information of the relay device;
  • the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device; the information of the user to which the relay device belongs includes the identification of the relay device and the relay device. PVT and KPAK; the input parameters of the signature of the second terminal device include at least one of the following: the information of the user to which the second terminal device belongs and the first temporary public key; the input parameters of the signature of the relay device include at least one of the following: One: the signature of the second terminal device and the information of the user to which the relay device belongs; the first temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key.
  • the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key. That is, the second terminal device may generate a signature of the second terminal device based on at least one of the information of the user to which the second terminal device belongs and the first temporary public key.
  • the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs. That is, the relay device may generate the signature of the relay device based on at least one of the signature of the second terminal device and the information of the user to which the relay device belongs.
  • the signature of the second terminal device is determined by the second terminal device.
  • the device's Secret Signing Key (SSK) is generated.
  • the PVT, KPAK, and secret signature key (SSK) of the second terminal device may be pre-configured by the trusted center KMS for the second terminal device through a secure channel.
  • the secure channel may be based on the AKMA mechanism or the GBA mechanism to establish a secure connection between the second terminal device and the KMS.
  • the KMS may be directly managed by the operator or be a third-party service provider that has a commercial relationship with the operator.
  • the signature of the relay device is encrypted by the secret signature of the relay device.
  • Key SSK
  • the PVT, KPAK, and secret signature key (SSK) of the relay device may be pre-configured for the relay device by the trusted center KMS through a secure channel.
  • the secure channel can be based on the AKMA mechanism or the GBA mechanism to establish a secure connection between the relay device and the KMS.
  • the KMS can be directly managed by the operator or a third-party service provider that has a commercial relationship with the operator.
  • the KPAK of the second terminal device and the KPAK of the relay device are valid, and the signature verification of the second terminal device based on the identity of the second terminal device and the PVT of the second terminal device is successful.
  • the first terminal device generates a second temporary private key, and the first terminal device generates a second temporary private key according to the first terminal device.
  • the first key is derived from a temporary public key, relevant information of the relay device and the second temporary private key.
  • the first terminal device may verify the validity of the KPAK of the second terminal device and the KPAK of the relay device based on one or more KPAKs stored locally. For example, if there is a KPAK consistent with the KPAK of the second terminal device in the KPAK stored locally on the first terminal device, the KPAK of the second terminal device is valid; and there is a KPAK consistent with the KPAK stored locally on the first terminal device. In the case where the KPAK of the relay device is consistent with the KPAK, the KPAK of the relay device is valid.
  • one or more KPAKs stored locally on the first terminal device may be preconfigured by the KMS.
  • the first terminal device may derive the first secret key based on the first temporary public key generated by the second terminal device, the relevant information of the relay device, and the second temporary private key generated by the first terminal device. key.
  • the second terminal device may derive the first key based on the second temporary public key generated by the first terminal device, the relevant information of the relay device, and the first temporary private key generated by the second terminal device.
  • the first temporary public key generated by the second terminal device is paired with the first temporary private key generated by the second terminal device
  • the second temporary public key generated by the first terminal device is paired with the second temporary private key generated by the first terminal device. pair.
  • the first terminal device can calculate the first key based on the first temporary public key and the second temporary private key and use the ECIES algorithm; the second terminal device can calculate the first key based on the second temporary public key and the first temporary private key. And use the ECIES algorithm to calculate the first key.
  • the first key may be K D
  • the identifier of the first key may be K D ID
  • the second key may be K D -SESS
  • the identifier of the second key may be K D-SESS ID.
  • the integrity protection key includes an integrity protection key for the control plane (KD -CPint ) and an integrity protection key for the user plane ( KD-UPint ); and/or the confidentiality
  • the protection keys include a confidentiality protection key for the control plane (K D-CPenc ) and a confidentiality protection key for the user plane (K D-UPenc ).
  • the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key
  • the second key is used to derive the integrity protection key and /or confidentiality protection key, which can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing other devices from even relaying Device eavesdropping.
  • the embodiment of this application is suitable for the secure communication establishment process between the first terminal device (source device) and the second terminal device (target device) under the 5G L2 UE-to-UE relay architecture.
  • public key signature technology it can ensure the identity authenticity of the terminal device and the non-repudiation of the message, and can resist replay attacks, man-in-the-middle attacks, disguise and other active attacks, while ensuring the integrity of the authentication process messages, and using the 3GPP standard
  • the ECIES algorithm is used to establish end-to-end security between the source UE and the target UE, ensuring the confidentiality and integrity of the data transmitted by both parties, and preventing eavesdropping by external adversaries and even relays; the embodiment of this application ensures The scalability of the secure communication establishment mechanism.
  • the embodiments of this application can realize the security negotiation of the user plane and control plane security policies between the source UE and the target UE, as well as the encryption and integrity protection algorithms supported by both parties, and can achieve integrity. Protect against tampering and downgrade attacks.
  • the first terminal device side embodiment of the present application is described in detail above with reference to FIGS. 7 to 8 .
  • the second terminal device side embodiment of the present application is described in detail below with reference to FIG. 12 . It should be understood that the second terminal device side implementation The example corresponds to the first terminal device side embodiment, and similar descriptions may refer to the first terminal device side embodiment.
  • FIG 12 is a schematic flowchart of a communication relay method 600 according to an embodiment of the present application. As shown in Figure 12, the communication relay method 600 may include at least part of the following content:
  • the second terminal device receives the first message sent by the first terminal device through the relay device; wherein the first message includes at least one of the following: the security capability information of the first terminal device, the security capability information of the first terminal device.
  • Policy information information about the user to which the first terminal device belongs, information about the user to which the relay device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, the first M bits of the identification of the first key generated by the terminal device, the signature of the first terminal device, the signature of the relay device, and the first message verification code; wherein, the information of the user to which the first terminal device belongs includes the The identity of the first terminal device and the PVT and KPAK of the first terminal device; the information of the user to which the relay device belongs includes the identity of the relay device and the PVT and KPAK of the relay device; the signature of the first terminal device
  • the input parameters include at least one of the following: information about the user to which the first terminal device belongs, the second temporary public key, M bits of the identification
  • the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key.
  • the key is used to derive the integrity protection key and/or the confidentiality protection key.
  • the identity of the first key is obtained by combining the M bits with the other N bits of the identity of the first key.
  • M and N is a positive integer; wherein, the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.
  • This embodiment is based on the ECCSI signature scheme to establish a secure connection in the UE-to-UE relay scenario under the L2 architecture.
  • the embodiments of this application are applied to the UE-to-UE relay scenario under the L2 architecture, that is, the first terminal device and the second terminal device communicate through the relay device.
  • the relay connection between the first terminal device and the second terminal device may be a PC5 link.
  • the first random number and the first key generated by the first terminal device and the second random number generated by the second terminal device are used to derive the second key. That is, the first terminal device derives the second key based on at least the first random number, the first key and the second random number, and the first terminal device can derive the integrity protection key and/or the secret based on the second key.
  • the first terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key.
  • the second terminal device may derive the second key based on at least the first random number, the first key and the second random number, and the second terminal device may derive the integrity protection key and/or the secret based on the second key.
  • the second terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key.
  • the input parameters of the first message verification code include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the first random number, the third 2.
  • Temporary public key, the M bits that is, the first terminal device may be based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. At least one of them generates the first message verification code.
  • the signature of the first terminal device is generated by the secret signature key of the first terminal device; and/or the signature of the relay device is generated by the secret signature key of the relay device.
  • the first message is an authentication response message, or the first message is a safe mode command message.
  • the security capability information of the first terminal device may be a list of cryptographic algorithms supported by the first terminal device.
  • the security policy information of the first terminal device may be whether the first terminal device supports confidentiality protection or integrity protection.
  • the security policy information of the first terminal device includes: the security policy information of the first terminal device on the control plane, and/or the security policy information of the first terminal device on the user plane.
  • the M bits may be the highest M bits of the identity of the first key, and the N bits may be the lowest N bits of the identity of the first key; or, The M bits may be the first M bits of the identifier of the first key, and the N bits may be the last N bits of the identifier of the first key; or, the M bits may be are the even-numbered bits of the identifier of the first key, and the N bits may be the odd-numbered bits of the identifier of the first key.
  • the values of M and N may be the same or different, which is not limited by this application.
  • the second terminal device checks the KPAK of the first terminal device and the KPAK of the relay device respectively. If the KPAK of the first terminal device and the KPAK of the relay device are valid, and based on The identity of the first terminal device and the PVT of the first terminal device are used to verify the signature of the first terminal device, and the signature of the relay device is verified based on the identity of the relay device and the PVT of the relay device.
  • the second terminal device When the signature of the first terminal device and the signature of the relay device are successfully verified, and the information carried in the first message has not been tampered with, the second terminal device generates a second random number, and the second terminal The device generates the second key based on at least the first random number, the first key and the second random number, and the second terminal device generates an integrity protection key and/or confidentiality protection based on the second key. key, and the second terminal device generates N bits of the identifier of the first key, and combines the M bits and the N bits to obtain the identifier of the first key.
  • the second terminal device may use the first random number, the first key, the second random number, the source identifier, the target identifier, the length of the first random number, the second random number. At least one of the length of the number, the length of the source identifier, and the length of the target identifier is used to generate the second key.
  • the source identifier is used to identify the source end of the relay connection between the first terminal device and the second terminal device
  • the target identifier is used to identify the intermediate connection between the first terminal device and the second terminal device.
  • the destination of the connection may also include other system setting parameters, such as one or more fixed parameters specified by 3GPP.
  • the input parameters of the first message verification code include: the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, the M bits.
  • the second terminal device may generate a first message verification based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. code and compare it with the first message verification code contained in the first message. If they are consistent, the first message verification code is valid.
  • the second terminal device when the first message verification code is valid, sends a second message to the first terminal device through the relay device; wherein the second message includes at least one of the following : the second random number, the N bits, the x bits of the identifier of the second key generated by the second terminal device, the security algorithm selected by the second terminal device, the Security policy, second message verification code;
  • the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the third integrity protection key generated based on the second key.
  • the second message verification code performs integrity protection, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, and the second terminal device selected Security algorithm, the security policy selected by the second terminal device;
  • the identifier of the second key is obtained by combining the x bits and the other y bits of the identifier of the second key, and both x and y are positive integers.
  • the input parameters of the second message verification code include: the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, the security strategy.
  • the first terminal device may generate a second message verification code based on the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, and the security policy selected by the second terminal device. , and compared with the second message verification code contained in the second message. If they are consistent, the second message verification code is valid.
  • the x bits may be the highest x bits of the identity of the second key, and the y bits may be the lowest y bits of the identity of the second key; or, The x bits may be the first x bits of the identifier of the second key, and the y bits may be the last y bits of the identifier of the second key; or, the x bits may be are the even-numbered bits of the identifier of the second key, and the y bits may be the odd-numbered bits of the identifier of the second key.
  • the values of x and y may be the same or different, which is not limited by this application.
  • the second message is encrypted with the first key.
  • the second message may not be encrypted using the first key, or the second message may not be encrypted.
  • the second terminal device may select a security algorithm based on the security capability information of the first terminal device, and/or the second terminal device may select a security policy based on the security policy information of the first terminal device.
  • the first message is an authentication response message and the second message is a secure mode command (SMC) message.
  • SMC secure mode command
  • the first message is a safe mode command (SMC) message and the second message is a safe mode response message.
  • SMC safe mode command
  • the first terminal device may derive the first secret key based on the first temporary public key generated by the second terminal device, the relevant information of the relay device, and the second temporary private key generated by the first terminal device. key.
  • the second terminal device may derive the first key based on the second temporary public key generated by the first terminal device, the relevant information of the relay device, and the first temporary private key generated by the second terminal device.
  • the first temporary public key generated by the second terminal device is paired with the first temporary private key generated by the second terminal device
  • the second temporary public key generated by the first terminal device is paired with the second temporary private key generated by the first terminal device. pair.
  • the first terminal device can calculate the first key based on the first temporary public key and the second temporary private key and use the ECIES algorithm; the second terminal device can calculate the first key based on the second temporary public key and the first temporary private key. And use the ECIES algorithm to calculate the first key.
  • the second terminal device receives the third message sent by the first terminal device through the relay device;
  • the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the identification of the second key generated by the first terminal device y bits, the third message verification code;
  • the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;
  • the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the third message verification code generated based on the integrity protection key derived based on the second key.
  • the three-message verification code performs integrity protection, and the input parameters of the third message verification code include the y bits.
  • the second terminal device decrypts the third message using the target key
  • the second terminal device When the information carried in the third message has not been tampered with and the third message verification code is valid, the second terminal device combines the x bits and the y bits to obtain the second The identity of the key.
  • the second terminal device can generate a third message verification code based on the y bits, and compare it with the third message verification code contained in the third message. If the comparison is consistent, the third message verification code The message verification code is valid.
  • the third message is a security mode complete message (security mode complete).
  • the second terminal device sends an error message to the first terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein the cause The information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the second terminal device
  • the security algorithm negotiation with the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information.
  • the first terminal device determines that the security mode establishment fails, and/or the first terminal device re-initiates the security mode establishment process.
  • the error message may also be integrity protected.
  • the cause information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device.
  • the second terminal device does not support the security policy information of the first terminal device carried in the first message. .
  • the cause information is used to indicate that the security algorithm negotiation between the second terminal device and the first terminal device failed.
  • the second terminal device does not support the security capabilities of the first terminal device carried in the first message. information.
  • the second terminal device sends an authentication request message to the first terminal device through the relay device;
  • the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first temporary public key generated by the second terminal device, the signature of the second terminal device, and relevant information about the relay device. ;
  • the information of the user to which the second terminal device belongs includes the identification of the second terminal device and the PVT and KPAK of the second terminal device;
  • the input parameters of the signature of the second terminal device include at least one of the following: the second terminal The information of the user to which the device belongs and the first temporary public key; the first temporary public key and the relevant information of the relay device are used for the first terminal device to derive the first key.
  • the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key. That is, the second terminal device may generate a signature of the second terminal device based on at least one of the information of the user to which the second terminal device belongs and the first temporary public key.
  • the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs. That is, the relay device may generate the signature of the relay device based on at least one of the signature of the second terminal device and the information of the user to which the relay device belongs.
  • the signature of the second terminal device is determined by the second terminal device.
  • the device's Secret Signing Key (SSK) is generated.
  • the PVT, KPAK, and secret signature key (SSK) of the second terminal device may be pre-configured by the trusted center KMS for the second terminal device through a secure channel.
  • the secure channel may be based on the AKMA mechanism or the GBA mechanism to establish a secure connection between the second terminal device and the KMS.
  • the KMS may be directly managed by the operator or be a third-party service provider that has a commercial relationship with the operator.
  • the first key may be K D
  • the identifier of the first key may be K D ID
  • the second key may be K D -SESS
  • the identifier of the second key may be K D-SESS ID.
  • the integrity protection key includes an integrity protection key for the control plane (KD -CPint ) and an integrity protection key for the user plane ( KD-UPint ); and/or the confidentiality
  • the protection keys include a confidentiality protection key for the control plane (K D-CPenc ) and a confidentiality protection key for the user plane (K D-UPenc ).
  • the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key
  • the second key is used to derive the integrity protection key and /or confidentiality protection key, which can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing other devices from even relaying Device eavesdropping.
  • the embodiment of this application is suitable for the secure communication establishment process between the first terminal device (source device) and the second terminal device (target device) under the 5G L2 UE-to-UE relay architecture.
  • public key signature technology it can ensure the identity authenticity of the terminal device and the non-repudiation of the message, and can resist replay attacks, man-in-the-middle attacks, disguise and other active attacks, while ensuring the integrity of the authentication process messages, and using the 3GPP standard
  • the ECIES algorithm is used to establish end-to-end security between the source UE and the target UE, ensuring the confidentiality and integrity of the data transmitted by both parties, and preventing eavesdropping by external adversaries and even relays; the embodiment of this application ensures The scalability of the secure communication establishment mechanism.
  • the embodiments of this application can realize the security negotiation of the user plane and control plane security policies between the source UE and the target UE, as well as the encryption and integrity protection algorithms supported by both parties, and can achieve integrity. Protect against tampering and downgrade attacks.
  • the first terminal device side embodiment of the present application is described in detail above with reference to FIGS. 7 to 8 .
  • the relay device side embodiment of the present application is described in detail with reference to FIG. 13 . It should be understood that the relay device side embodiment is the same as the relay device side embodiment.
  • the first terminal device side embodiments correspond to each other, and similar descriptions may refer to the first terminal device side embodiment.
  • FIG 13 is a schematic flowchart of a communication relay method 700 according to an embodiment of the present application.
  • the communication relay method 700 may include at least part of the following content:
  • the relay device receives the first message sent by the first terminal device; wherein the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, Information about the user to which a terminal device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, and the M bits of the identification of the first key generated by the first terminal device.
  • the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device;
  • the first terminal The input parameters of the device's signature include at least one of the following: information about the user to which the first terminal device belongs, the second temporary public key, M bits of the identification of the first key, and the signature of the second terminal device;
  • the first message is integrity protected by the first message verification code generated based on the first key
  • the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device;
  • the relay device sends a message to the first terminal device.
  • the two terminal devices send the first message after verification; wherein the first message after verification includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, Information about the user to whom the device belongs, information about the user to whom the relay device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device and paired with the second temporary private key, the M bits of the identification of the first key generated by the first terminal device, the signature of the first terminal device, the signature of the relay device, the relevant information of the relay device, and the first message verification code; wherein , the information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the relay device include at least one of the
  • This embodiment is based on the ECCSI signature scheme to establish a secure connection in the UE-to-UE relay scenario under the L2 architecture.
  • the embodiments of this application are applied to the UE-to-UE relay scenario under the L2 architecture, that is, the first terminal device and the second terminal device communicate through the relay device.
  • the relay connection between the first terminal device and the second terminal device may be a PC5 link.
  • the first random number and the first key generated by the first terminal device and the second random number generated by the second terminal device are used to derive the second key. That is, the first terminal device derives the second key based on at least the first random number, the first key and the second random number, and the first terminal device can derive the integrity protection key and/or the secret based on the second key.
  • the first terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key.
  • the second terminal device may derive the second key based on at least the first random number, the first key and the second random number, and the second terminal device may derive the integrity protection key and/or the secret based on the second key.
  • the second terminal device can securely protect the sent message based on the integrity protection key and/or the confidentiality protection key.
  • the input parameters of the first message verification code include at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, the first random number, the third 2.
  • Temporary public key, the M bits that is, the first terminal device can be based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. At least one of them generates the first message verification code.
  • the input parameters of the first message verification code include: the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, the M bits.
  • the second terminal device may generate a first message verification based on the security capability information of the first terminal device, the security policy information of the first terminal device, the first random number, the second temporary public key, and the M bits. code and compare it with the first message verification code contained in the first message. If they are consistent, the first message verification code is valid.
  • the first message is an authentication response message, or the first message is a safe mode command message.
  • the security capability information of the first terminal device may be a list of cryptographic algorithms supported by the first terminal device.
  • the security policy information of the first terminal device may be whether the first terminal device supports confidentiality protection or integrity protection.
  • the security policy information of the first terminal device includes: the security policy information of the first terminal device on the control plane, and/or the security policy information of the first terminal device on the user plane.
  • the M bits may be the highest M bits of the identity of the first key, and the N bits may be the lowest N bits of the identity of the first key; or, The M bits may be the first M bits of the identifier of the first key, and the N bits may be the last N bits of the identifier of the first key; or, the M bits may be are the even-numbered bits of the identifier of the first key, and the N bits may be the odd-numbered bits of the identifier of the first key.
  • the values of M and N may be the same or different, which is not limited by this application.
  • the relay device forwards the second message sent by the second terminal device to the first terminal device
  • the second message includes at least one of the following: the second random number generated by the second terminal device, N bits of the identification of the first key generated by the second terminal device, x bits of the identifier of the generated second key, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second message verification code;
  • the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the third integrity protection key generated based on the second key.
  • the second message verification code performs integrity protection, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, and the second terminal device selected Security algorithm, the security policy selected by the second terminal device;
  • the identifier of the second key is obtained by combining the x bits and the other y bits of the identifier of the second key, and both x and y are positive integers.
  • the x bits may be the highest x bits of the identity of the second key, and the y bits may be the lowest y bits of the identity of the second key; or, The x bits may be the first x bits of the identifier of the second key, and the y bits may be the last y bits of the identifier of the second key; or, the x bits may be are the even-numbered bits of the identifier of the second key, and the y bits may be the odd-numbered bits of the identifier of the second key.
  • the values of x and y may be the same or different, which is not limited by this application.
  • the input parameters of the second message verification code include: the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, the security strategy.
  • the first terminal device may generate a second message verification code based on the second random number, the N bits, the x bits, the security algorithm selected by the second terminal device, and the security policy selected by the second terminal device. , and compared with the second message verification code contained in the second message. If they are consistent, the second message verification code is valid.
  • the second message is encrypted with the first key.
  • the second message may not be encrypted using the first key, or the second message may not be encrypted.
  • the second terminal device may select a security algorithm based on the security capability information of the first terminal device, and/or the second terminal device may select a security policy based on the security policy information of the first terminal device.
  • the first terminal device may use the first random number, the first key, the second random number, the source identifier, the target identifier, the length of the first random number, the second random number. At least one of the length of the number, the length of the source identifier, and the length of the target identifier is used to generate the second key.
  • the second terminal device can use the first random number, the first key, the second random number, the source identifier, the target identifier, the length of the first random number, the length of the second random number, the The second key is generated using at least one of the length of the source identifier and the length of the target identifier.
  • the source identifier is used to identify the source end of the relay connection between the first terminal device and the second terminal device
  • the target identifier is used to identify the intermediate connection between the first terminal device and the second terminal device.
  • the destination of the connection may also include other system setting parameters, such as one or more fixed parameters specified by 3GPP.
  • the first message is an authentication response message and the second message is a secure mode command (SMC) message.
  • SMC secure mode command
  • the first message is a safe mode command (SMC) message and the second message is a safe mode response message.
  • SMC safe mode command
  • the relay device forwards the third message sent by the first terminal device to the second terminal device;
  • the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the identification of the second key generated by the first terminal device y bits, the third message verification code;
  • the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;
  • the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the third message verification code generated based on the integrity protection key derived based on the second key.
  • the three-message verification code performs integrity protection, and the input parameters of the third message verification code include the y bits.
  • the second terminal device decrypts the third message using the target key; provided that the information carried in the third message has not been tampered with, and the third message
  • the second terminal device combines the x bits and the y bits to obtain the identity of the second key.
  • the second terminal device can generate a third message verification code based on the y bits, and compare it with the third message verification code contained in the third message. If the comparison is consistent, the third message verification code The message verification code is valid.
  • the third message is a security mode complete message (security mode complete).
  • the relay device forwards the error message sent by the second terminal device to the first terminal device; wherein the error message includes at least one of the following: cause information, fourth message verification code; wherein, The reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the second terminal device
  • the security algorithm negotiation between the terminal device and the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information.
  • the first terminal device determines that the security mode establishment fails, and/or the first terminal device re-initiates the security mode establishment process.
  • the error message may also be integrity protected.
  • the cause information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device.
  • the second terminal device does not support the security policy information of the first terminal device carried in the first message. .
  • the cause information is used to indicate that the security algorithm negotiation between the second terminal device and the first terminal device failed.
  • the second terminal device does not support the security capabilities of the first terminal device carried in the first message. information.
  • the relay device receives an authentication request message sent by the second terminal device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, and generated by the second terminal device.
  • the input parameters of the signature include at least one of the following: the information of the user to which the second terminal device belongs and the first temporary public key; the first temporary public key and the relevant information of the relay device are used to derive the first terminal device the first key;
  • the relay device sends a message to the first terminal device.
  • the device sends an authentication request message after verification; wherein the authentication request message after verification includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, the first temporary public key, The signature of the second terminal device, the signature of the relay device, and the relevant information of the relay device; wherein the information of the user to which the relay device belongs includes the identification of the relay device and the PVT and KPAK of the relay device;
  • the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs.
  • the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key. That is, the second terminal device may generate a signature of the second terminal device based on at least one of the information of the user to which the second terminal device belongs and the first temporary public key.
  • the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs. That is, the relay device may generate the signature of the relay device based on at least one of the signature of the second terminal device and the information of the user to which the relay device belongs.
  • the relay device may verify the validity of the KPAK of the second terminal device based on one or more KPAKs stored locally. For example, if there is a KPAK consistent with the KPAK of the second terminal device among the KPAKs stored locally on the relay device, the KPAK of the second terminal device is valid.
  • one or more KPAKs stored locally on the first terminal device may be pre-configured by the KMS.
  • the first terminal device may derive the first key based on the first temporary public key generated by the second terminal device, relevant information of the relay device, and the second temporary private key generated by the first terminal device.
  • the second terminal device may derive the first key based on the second temporary public key generated by the first terminal device, the relevant information of the relay device, and the first temporary private key generated by the second terminal device.
  • the first temporary public key generated by the second terminal device is paired with the first temporary private key generated by the second terminal device
  • the second temporary public key generated by the first terminal device is paired with the second temporary private key generated by the first terminal device. pair.
  • the first terminal device can calculate the first key based on the first temporary public key and the second temporary private key and use the ECIES algorithm; the second terminal device can calculate the first key based on the second temporary public key and the first temporary private key. And use the ECIES algorithm to calculate the first key.
  • the signature of the second terminal device is determined by the second terminal device.
  • the device's Secret Signing Key (SSK) is generated.
  • the PVT, KPAK, and secret signature key (SSK) of the second terminal device may be pre-configured by the trusted center KMS for the second terminal device through a secure channel.
  • the secure channel may be based on the AKMA mechanism or the GBA mechanism to establish a secure connection between the second terminal device and the KMS.
  • the KMS may be directly managed by the operator or be a third-party service provider that has a commercial relationship with the operator.
  • the signature of the relay device is encrypted by the secret signature of the relay device.
  • Key SSK
  • the PVT, KPAK, and secret signature key (SSK) of the relay device may be pre-configured for the relay device by the trusted center KMS through a secure channel.
  • the secure channel can be based on the AKMA mechanism or the GBA mechanism to establish a secure connection between the relay device and the KMS.
  • the KMS can be directly managed by the operator or a third-party service provider that has a commercial relationship with the operator.
  • the first key may be K D
  • the identifier of the first key may be K D ID
  • the second key may be K D -SESS
  • the identifier of the second key may be K D-SESS ID.
  • the integrity protection key includes an integrity protection key for the control plane (KD -CPint ) and an integrity protection key for the user plane ( KD-UPint ); and/or the confidentiality
  • the protection keys include a confidentiality protection key for the control plane (K D-CPenc ) and a confidentiality protection key for the user plane (K D-UPenc ).
  • the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key
  • the second key is used to derive the integrity protection key and /or confidentiality protection key, which can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing other devices from even relaying Device eavesdropping.
  • the embodiment of this application is suitable for the secure communication establishment process between the source device (first terminal device) and the target device (second terminal device) under the 5G L2 UE-to-UE relay architecture.
  • public key signature technology it can ensure the identity authenticity of the terminal device and the non-repudiation of the message, and can resist replay attacks, man-in-the-middle attacks, disguise and other active attacks, while ensuring the integrity of the authentication process messages, and using the 3GPP standard
  • the ECIES algorithm is used to establish end-to-end security between the source UE and the target UE, ensuring the confidentiality and integrity of the data transmitted by both parties, and preventing eavesdropping by external adversaries and even relays; the embodiment of this application ensures The scalability of the secure communication establishment mechanism.
  • the embodiments of this application can realize the security negotiation of the user plane and control plane security policies between the source UE and the target UE, as well as the encryption and integrity protection algorithms supported by both parties, and can achieve integrity. Protect against tampering and downgrade attacks.
  • Embodiment 1 as shown in Figure 14, assuming that no secure connection has been established between all devices before, UE-to-UE under the L2 architecture can be established through some or all of the steps from S1-0 to S1-8. Signature-based secure communication connection in subsequent scenarios.
  • UE1 may be the first terminal device
  • UE2 may be the second terminal device
  • UE-to-UE relay may be the relay device
  • K D may be the first key
  • K D-SESS may be the second key .
  • S1-0.UE1, UE2, and terminal-to-UE relay equipment obtained the signature public key (KPAK) issued by the key management server (KMS) and a set of credentials related to the UE identity. , namely the Secret Signing Key (SSK) and Public Verification Parameters (PVT), can use the UE-to-UE relay service.
  • UE-to-UE relay registers with the network to provide the UE-to-UE Relay function, and the UE-to-UE Relay is configured with relay policy parameters.
  • S1-1.UE2 determines the destination L2 ID for signaling reception when the PC5 unicast link is established.
  • S1-2.UE1 sends an end-to-end direct communication request message through broadcast.
  • the application layer provides PC5 unicast communication information (such as broadcast L2 ID, ProSe application layer) to the ProSe layer. ID, terminal application layer ID, target terminal application layer ID, relay applicable indication), the ProSe layer triggers the terminal's discovery mechanism by sending an end-to-end broadcast direct communication request message. Messages are sent using the source L2 ID and broadcast L2 ID as destination, and contain other application-related parameters.
  • UE-to-UE Relay receives the broadcast direct communication request message and verifies whether the UE-to-UE Relay is configured to forward this application. For example, the UE-to-UE Relay will announce the same ProSe application ID as it The provided relay policies/parameters are compared.
  • UE-to-UE Relay forwards the direct communication request message broadcast end-to-end, it uses its own L2 ID as the source (Source) L2 ID, and adds the UE ID of UE-to-UE Relay in the message.
  • the adaptation layer Specify information identifying UE1.
  • UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.
  • S1-4a.UE2 is interested in the announced application. If there is no per-hop link between UE2 and UE-to-UE Relay, UE2 will trigger the UE-to-UE Relay to establish a per-hop link. UE2 sends a link establishment process message for each hop.
  • the source address is the UE2 L2 ID and the destination address is the relay's L2 ID.
  • UE2 When performing the authentication process, UE2 first generates a pair of temporary public and private keys, namely the first temporary public key (Ephemeral public key1) and the first temporary private key (Ephemeral private key1), and then communicates with UE1 through the UE-to-UE relay. .
  • UE2 sends an authentication request message, including the following parameters:
  • Information about the user to which UE2 belongs includes the identity of UE2 and the PVT and KPAK of UE2;
  • the first temporary public key (Ephemeral public key1);
  • the signature of UE2 wherein the input parameters of the signature of UE2 include at least one of the following: "information of the user to which UE2 belongs” and "first temporary public key”.
  • the UE-to-UE relay After receiving the authentication request message, the UE-to-UE relay verifies the validity of the KPAK of UE2 in the information of the user to which UE2 belongs (specifically, the UE-to-UE relay verifies that the KPAK of UE2 is valid based on the locally stored information. For example, in the KPAK stored locally in the UE-to-UE relay, there is a KPAK consistent with the KPAK of UE2, and the KPAK of UE2 is valid). The UE-to-UE relay performs the signature of UE2 based on the identity of UE2 and the PVT of UE2. verify.
  • the UE-to-UE relay sends a verified authentication request message to UE1.
  • the verified authentication request message also includes the following parameters:
  • the information of the user to which the UE-to-UE relay belongs includes the identification of the UE-to-UE relay and the PVT and KPAK of the UE-to-UE relay;
  • the signature of the UE-to-UE relay where the input parameters in the signature of the UE-to-UE relay include at least one of the following: "UE2's signature” and "information of the user to which the UE-to-UE relay belongs";
  • the relevant information of the UE-to-UE relay includes one of the following: the identity information of the UE-to-UE relay, the random number generated by the UE-to-UE relay, Counter generated by this UE-to-UE relay.
  • UE1 After receiving the authentication request message, UE1 checks the KPAK of UE2 and the KPAK of the UE-to-UE relay respectively. If the KPAK of UE2 and the KPAK of the UE-to-UE relay are valid, and based on the KPAK of UE2 The signature of UE2 is verified based on the identity and the PVT of UE2, and the signature of the UE-to-UE relay is verified based on the identity of the UE-to-UE relay and the PVT of the UE-to-UE relay.
  • UE1 If the signature of UE2 and the signature of UE-to-UE relay are verified successfully, then UE1 generates a temporary public and private key pair, that is, the second temporary public key (Ephemeral public key2) and the second temporary private key (Ephemeral private key2). Then, UE1 According to the first temporary public key, UE-to-UE relay related information and the second temporary private key, use the ECIES algorithm to calculate the shared key K D and generate M bits of K D ID. K D ID is At the mark K D .
  • UE1 sends an authentication response message through UE-to-UE relay, including the following parameters:
  • UE1 security capability information (optional);
  • Information about the user to which UE1 belongs includes the identity of UE1 and the PVT and KPAK of UE1;
  • the first random number (Nonce_1);
  • the second temporary public key (Ephemeral public key2);
  • the signature of UE1 where the signature input parameters of UE1 include but are not limited to at least one of the following: "information of the user to which UE1 belongs", “second temporary public key”, “first random number (Nonce_1)”, “K D ID “M bits” and “UE2's signature”;
  • the authentication response message is integrity protected through the first message verification code generated based on K D
  • the input parameters of the first message verification code include at least one of the following: UE1's security capability information, UE1's security policy Information, the information of the user to which UE1 belongs, the first random number (Nonce_1), the second temporary public key, the M bits of K D ID, and the signature of UE1.
  • the security capability information of UE1 and the security policy information of UE1 may not be sent in the authentication response message.
  • the UE-to-UE relay After receiving the authentication response message, the UE-to-UE relay verifies the validity of the KPAK of UE1 in the information of the user to which UE1 belongs (specifically, the UE-to-UE relay verifies that the KPAK of UE1 is valid based on the locally stored information. For example, in the KPAK stored locally in the UE-to-UE relay, there is a KPAK consistent with the KPAK of UE1, and the KPAK of UE1 is valid). The UE-to-UE relay performs the signature of UE1 based on the identity of UE1 and the PVT of UE1. verify. Finally, if the signature verification of UE1 is successful, the UE-to-UE relay sends the verification response message to UE2.
  • the verification response message contains the following parameters:
  • UE1 security capability information (optional);
  • the first random number (Nonce_1);
  • Information about the user to which UE1 belongs includes the identity of UE1 and the PVT and KPAK of UE1;
  • Signature 2 of the UE-to-UE relay where the input parameters of the signature 2 of the UE-to-UE relay include at least one of the following: "Information of the user to which the UE-to-UE relay belongs”, “Signature of UE1", “ UE2's signature” and "authentication response message after verification”;
  • UE2 After receiving the authentication response message after verification, UE2 checks the KPAK of UE1 and the KPAK of UE-to-UE relay respectively. If the KPAK of UE1 and the KPAK of UE-to-UE relay are valid, and based on The signature of UE1 is verified based on the identity of UE1 and the PVT of UE1, and the signature of the UE-to-UE relay is verified based on the identity of the UE-to-UE relay and the PVT of the UE-to-UE relay.
  • UE2 verifies the integrity of the information contained in the authentication response message based on the first temporary private key, UE-to-UE relay related information and the second temporary Public key, use the ECIES algorithm to calculate the shared key K D .
  • the first message verification code is qualified, UE2 generates N bits of K D ID, combines the N bits of K D ID with the M bits of the received K D ID, generates and stores the complete K D ID, which is subsequently used to identify K D .
  • both UE1 and UE2 have performed authentication and root key negotiation, and then UE2 starts processing the authentication response message.
  • UE2 negotiates the security policy and security algorithm, then generates a second random number (Nonce_2), and uses the first random number and the second random number to and KD to calculate KD -SESS and other keys (i.e. KD -CPint , KD -CPenc , KD -UPint , KD -UPenc ). In addition, UE2 generates x bits of K D-SESS .
  • UE2 sends an integrity-protected security mode command message to UE1 through UE-to-UE relay.
  • the security mode command message contains the following parameters:
  • the second random number (Nonce_2);
  • the security policy selected by UE2 is the security policy selected by UE2;
  • the second message verification code wherein the security mode command message is integrity protected by the second message verification code generated based on K D-SESS , or the security mode command message is integrity protected by the integrity derived based on K D-SESS
  • the second message verification code generated by the key is integrity protected, and the input parameters of the second message verification code include at least one of the following: a second random number (Nonce_2), N bits of K D ID, K D - x bits of the SESS ID, the security algorithm selected by UE2, and the security policy selected by UE2.
  • the security policies of UE2 and UE1 conflict with each other, or the first message verification code fails to be verified, or the security algorithm negotiation between UE2 and UE1 fails, UE2 will reply with an error message, where the error message includes cause information. and the fourth message verification code; wherein the reason information is used to indicate that the security policies of UE2 and UE1 conflict, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that UE2 and UE1
  • the security algorithm negotiation of UE1 failed; the input parameters of the fourth message verification code at least include: the reason information.
  • UE1 After receiving the security mode command message, UE1 determines whether the information carried in the security mode command message has been tampered with. If it has not been tampered with, then UE1 changes the M bits of the K D ID and the N bits of the K D ID. The K D ID is obtained by merging, and UE1 calculates K D-SESS and other keys (i.e.
  • UE1 when the second message verification code is valid, UE1 generates the integrity protection key and/or confidentiality protection key based on the security algorithm selected by UE2, K D-SESS , and the K D-SESS selected by UE2. Security policy to communicate with UE2.
  • UE1 sends a security mode end message to UE2.
  • the security mode end message is encrypted by the target key, and the security mode end message includes at least one of the following: y bits of K D-SESS ID, the third message Verification code; wherein, the target key includes one of the following: K D , K D-SESS , K D-CPenc , K D-UPenc ; wherein, the security mode end message passes the third party generated based on K D-SESS
  • the message verification code performs integrity protection, or the security mode end message performs integrity protection through the third message verification code generated based on the integrity protection key derived from KD-SESS , and the input parameters of the third message verification code Includes y bits of K D-SESS ID.
  • UE2 verifies whether the third message check code is valid. If valid, UE2 combines x bits of K D-SESS ID and y bits of K D-SESS ID to obtain K D-SESS ID, and saves it. K D-SESS ID. UE2 communicates with UE1 according to the security algorithm and K D-SESS selected by UE2, generates an integrity protection key and/or a confidentiality protection key based on K D-SESS , and a security policy selected by UE2.
  • Embodiment 2 as shown in Figure 15, assuming that no secure connection has been established between all devices before, a UE-to-UE relay under the L2 architecture can be established through some or all of the steps from S2-0 to S2-8.
  • Signature-based secure communication connection in scenarios.
  • UE1 may be the first terminal device
  • UE2 may be the second terminal device
  • UE-to-UE relay may be the relay device
  • K D may be the first key
  • K D-SESS may be the second key .
  • S2-0.UE1, UE2, and terminal-to-UE relay equipment obtained the signature public key (KPAK) issued by the key management server (KMS) and a set of credentials related to the UE identity. , namely the Secret Signing Key (SSK) and Public Verification Parameters (PVT), can use the UE-to-UE relay service.
  • UE-to-UE relay registers with the network to provide the UE-to-UE Relay function, and the UE-to-UE Relay is configured with relay policy parameters.
  • S2-1.UE2 determines the destination L2 ID for signaling reception when the PC5 unicast link is established.
  • S2-2.UE1 sends an end-to-end direct communication request message through broadcast.
  • the application layer provides PC5 unicast communication information (such as broadcast L2 ID, ProSe application layer) to the ProSe layer. ID, terminal application layer ID, target terminal application layer ID, relay applicable indication), the ProSe layer triggers the terminal's discovery mechanism by sending an end-to-end broadcast direct communication request message. Messages are sent using the source L2 ID and broadcast L2 ID as destination, and contain other application-related parameters.
  • UE-to-UE Relay receives the broadcasted direct communication request message and verifies whether the UE-to-UE Relay is configured to forward this application. For example, the UE-to-UE Relay will announce the same ProSe application ID as it The provided relay policies/parameters are compared.
  • UE-to-UE Relay forwards the direct communication request message broadcast end-to-end, it uses its own L2 ID as the source (Source) L2 ID, and adds the UE ID of UE-to-UE Relay in the message.
  • the adaptation layer Specify information identifying UE1.
  • UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.
  • S2-4a.UE2 is interested in the announced application. If there is no per-hop link between UE2 and UE-to-UE Relay, UE2 will trigger UE-to-UE Relay to establish a per-hop link. UE2 sends a link establishment process message for each hop.
  • the source address is the UE2 L2 ID and the destination address is the relay's L2 ID.
  • UE2 When performing the authentication process, UE2 first generates a pair of temporary public and private keys, namely the first temporary public key (Ephemeral public key1) and the first temporary private key (Ephemeral private key1), and then communicates with UE1 through the UE-to-UE relay. .
  • UE2 sends an authentication request message, including the following parameters:
  • Information about the user to which UE2 belongs includes the identity of UE2 and the PVT and KPAK of UE2;
  • the first temporary public key (Ephemeral public key1);
  • the signature of UE2 wherein the input parameters of the signature of UE2 include at least one of the following: "information of the user to which UE2 belongs” and "first temporary public key”.
  • UE-to-UE relay After receiving the authentication request message, UE-to-UE relay verifies the validity of UE2's KPAK in the information of the user to which UE2 belongs (specifically, UE-to-UE relay verifies that UE2's KPAK is valid based on locally stored information For example, in the KPAK stored locally in the UE-to-UE relay, there is a KPAK consistent with the KPAK of UE2, and the KPAK of UE2 is valid). The UE-to-UE relay performs the signature of UE2 based on the identity of UE2 and the PVT of UE2. verify.
  • the UE-to-UE relay forwards the authentication request message, which in addition to all the contents in the above authentication request message, also includes the following parameters:
  • the information of the user to which the UE-to-UE relay belongs includes the identification of the UE-to-UE relay and the PVT and KPAK of the UE-to-UE relay;
  • the signature of the UE-to-UE relay where the input parameters in the signature of the UE-to-UE relay include at least one of the following: "UE2's signature” and "information of the user to which the UE-to-UE relay belongs";
  • the relevant information of the UE-to-UE relay includes one of the following: the identity information of the UE-to-UE relay, the random number generated by the UE-to-UE relay, Counter generated by this UE-to-UE relay.
  • UE1 After receiving the authentication request message, UE1 checks the KPAK of UE2 and the KPAK of the UE-to-UE relay respectively. If the KPAK of UE2 and the KPAK of the UE-to-UE relay are valid, and based on the KPAK of UE2 The signature of UE2 is verified based on the identity and the PVT of UE2, and the signature of the UE-to-UE relay is verified based on the identity of the UE-to-UE relay and the PVT of the UE-to-UE relay.
  • UE1 If the signature of UE2 and the signature of UE-to-UE relay are verified successfully, then UE1 generates a temporary public and private key pair, that is, the second temporary public key (Ephemeral public key2) and the second temporary private key (Ephemeral private key2). Then, UE1 According to the first temporary public key, UE-to-UE relay related information and the second temporary private key, use the ECIES algorithm to calculate the shared key K D and generate M bits of K D ID. K D ID is At the mark K D .
  • UE1 sends the safe mode command through the UE-to-UE relay, including the following parameters:
  • UE1 security capability information (optional);
  • Information about the user to which UE1 belongs includes the identity of UE1 and the PVT and KPAK of UE1;
  • the first random number (Nonce_1);
  • the second temporary public key (Ephemeral public key2);
  • the signature of UE1 where the signature input parameters of UE1 include but are not limited to at least one of the following: "information of the user to which UE1 belongs", “second temporary public key”, “first random number (Nonce_1)”, “K D ID “M bits” and “UE2's signature”;
  • the security mode command performs integrity protection through the first message verification code generated based on KD
  • the input parameters of the first message verification code include at least one of the following: UE1's security capability information, UE1's security policy Information, the information of the user to which UE1 belongs, the first random number (Nonce_1), the second temporary public key, the M bits of K D ID, and the signature of UE1.
  • the security capability information of UE1 and the security policy information of UE1 do not need to be sent in the security mode command.
  • UE-to-UE relay After receiving the security mode command, UE-to-UE relay verifies the validity of UE1's KPAK in the information of the user to which UE1 belongs (specifically, UE-to-UE relay verifies that UE1's KPAK is valid based on local storage information For example, in the KPAK stored locally in the UE-to-UE relay, there is a KPAK consistent with the KPAK of UE1, and the KPAK of UE1 is valid). The UE-to-UE relay performs the signature of UE1 based on the identity of UE1 and the PVT of UE1. verify. Finally, if the signature verification of UE1 is successful, the UE-to-UE relay sends the security mode command after verification to UE2.
  • the security mode command after verification contains the following parameters:
  • UE1 security capability information (optional);
  • the first random number (Nonce_1);
  • Information about the user to which UE1 belongs includes the identity of UE1 and the PVT and KPAK of UE1;
  • Signature 2 of the UE-to-UE relay where the input parameters of the signature 2 of the UE-to-UE relay include at least one of the following: "Information of the user to which the UE-to-UE relay belongs”, “Signature of UE1", “ Signature of UE2” and "Safe mode command after verification”.
  • UE2 After receiving the security mode command after verification, UE2 checks the KPAK of UE1 and the KPAK of UE-to-UE relay respectively. If the KPAK of UE1 and the KPAK of UE-to-UE relay are valid, and based on The signature of UE1 is verified based on the identity of UE1 and the PVT of UE1, and the signature of the UE-to-UE relay is verified based on the identity of the UE-to-UE relay and the PVT of the UE-to-UE relay.
  • UE2 verifies the integrity of the information contained in the authentication response message based on the first temporary private key, UE-to-UE relay related information and the second temporary Public key, use the ECIES algorithm to calculate the shared key K D .
  • the first message verification code is qualified, UE2 generates N bits of K D ID, combines the N bits of K D ID with the M bits of the received K D ID, generates and stores the complete K D ID, which is subsequently used to identify K D .
  • both UE1 and UE2 have performed authentication and root key negotiation, and then UE2 starts processing the security mode command.
  • the security mode command contains the security capability information of UE1 and the security policy information of UE1, UE2 negotiates the security policy and security algorithm, and then generates a second random number (Nonce_2), and uses the first random number and the second random number according to the and KD to calculate KD -SESS and other keys (i.e. KD -CPint , KD -CPenc , KD -UPint , KD -UPenc ). In addition, UE2 generates x bits of K D-SESS .
  • UE2 sends an integrity-protected security mode response to UE1 through the UE-to-UE relay.
  • the security mode response is encrypted by KD , and the security mode response contains the following parameters:
  • the second random number (Nonce_2);
  • the security policy selected by UE2 is the security policy selected by UE2;
  • the second message verification code wherein the security mode response is integrity protected through the second message verification code generated based on K D-SESS , or the security mode response is integrity protected through the integrity key derived based on K D-SESS
  • the generated second message verification code is integrity protected, and the input parameters of the second message verification code include at least one of the following: second random number (Nonce_2), N bits of K D ID, K D-SESS x bits of the ID, the security algorithm selected by UE2, and the security policy selected by UE2.
  • the security policies of UE2 and UE1 conflict with each other, or the first message verification code fails to be verified, or the security algorithm negotiation between UE2 and UE1 fails, UE2 will reply with an error message, where the error message includes cause information. and the fourth message verification code; wherein the reason information is used to indicate that the security policies of UE2 and UE1 conflict, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that UE2 and UE1
  • the security algorithm negotiation of UE1 failed; the input parameters of the fourth message verification code at least include: the reason information.
  • UE1 After receiving the security mode response, UE1 decrypts the security mode response based on K D. After decryption, UE1 determines whether the information carried in the security mode response has been tampered with. If it has not been tampered with, then UE1 will K D ID M bits and N bits of K D ID are combined to obtain K D ID, and UE1 calculates K D-SESS and other keys (i.e., K D-CPint , K D-CPenc , K D -UPint , K D-UPenc ), UE1 generates y bits of K D-SESS ID, and UE1 combines x bits of K D-SESS ID and y bits of K D-SESS ID to obtain K D -SESS ID, and save K D-SESS ID. Then, UE1 verifies whether the second message check code is valid. If valid, UE1 prepares to use the new security environment to protect subsequent communications.
  • K D-SESS and other keys i.e.
  • UE1 when the second message verification code is valid, UE1 generates the integrity protection key and/or confidentiality protection key based on the security algorithm selected by UE2, K D-SESS , and the K D-SESS selected by UE2. Security policy to communicate with UE2.
  • UE1 sends a security mode end message to UE2.
  • the security mode end message is encrypted by the target key, and the security mode end message includes at least one of the following: y bits of K D-SESS ID, the third message Verification code; wherein, the target key includes one of the following: K D , K D-SESS , K D-CPenc , K D-UPenc ; wherein, the security mode end message passes the third party generated based on K D-SESS
  • the message verification code performs integrity protection, or the security mode end message performs integrity protection through the third message verification code generated based on the integrity protection key derived from KD-SESS , and the input parameters of the third message verification code Includes y bits of K D-SESS ID.
  • UE2 verifies whether the third message check code is valid. If valid, UE2 combines x bits of K D-SESS ID and y bits of K D-SESS ID to obtain K D-SESS ID, and saves it. K D-SESS ID. UE2 communicates with UE1 according to the security algorithm and K D-SESS selected by UE2, generates an integrity protection key and/or a confidentiality protection key based on K D-SESS , and a security policy selected by UE2.
  • FIG 16 is a schematic flow chart of a communication relay method 800 according to an embodiment of the present application.
  • the communication relay method 800 may include at least part of the following content:
  • the first terminal device sends a direct communication request to the second terminal device through the relay device; wherein the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy of the first terminal device information, the first temporary public key generated by the first terminal device, and the first random number generated by the first terminal device; wherein the direct communication request is encrypted by the first encryption key, and the direct communication request is encrypted by the first encryption key.
  • the integrity protection key performs integrity protection
  • the first encryption key is an encryption key derived based on the symmetric key of the terminal that has been registered and authorized to use terminal-to-UE relay (UE-to-UE relay) communication
  • the first integrity protection key is an integrity protection key derived based on the symmetric key of a terminal that has been registered and authorized to use UE-to-UE relay communication; wherein, the first temporary public key and the relay device
  • the relevant information is used by the second terminal device to derive the first key; the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key, and the first random number is used to derive the second key.
  • the second key is used to derive the second encryption key and/or the second integrity protection key, or the first random number, the first key and the second random number generated by the second terminal device are used to derive The second encryption key and/or the second integrity protection key; wherein the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the relay device Counter generated by the device.
  • This embodiment establishes a secure communication solution based on the symmetric key distributed by 5G PKMT, and establishes a secure connection in the UE-to-UE relay scenario under the L2 architecture.
  • the embodiments of this application are applied to the UE-to-UE relay scenario under the L2 architecture, that is, the first terminal device and the second terminal device communicate through the relay device.
  • the relay connection between the first terminal device and the second terminal device may be a PC5 link.
  • the first terminal device may be a source device or a source terminal
  • the second terminal device may be a target device or a target terminal
  • the relay device may be a relay terminal
  • the first encryption key may be a Proximity Service Encryption Key (PEK), and the first integrity protection key may be a Proximity Service Integrity Protection Key (PIK).
  • PEK Proximity Service Encryption Key
  • PIK Proximity Service Integrity Protection Key
  • the first encryption key can also be other encryption keys
  • the first integrity protection key can also be other integrity protection keys, which is not limited by this application.
  • the symmetric key of a terminal that is registered and authorized to use UE-to-UE relay communication may be assigned by ProSe Key Management Function (PKMF) or 5G PKMF.
  • PKMF ProSe Key Management Function
  • 5G PKMF the name and number of symmetric keys allocated and managed by 5G PKMF to the UE may not be specifically defined.
  • PKMF uses the MIKEY mechanism to issue a shared key to the UE, that is, the ProSe Group Key (PGK).
  • PGK ProSe Group Key
  • the group key (PGK) is securely issued between the 5G PKMF and the UE based on the MIKEY mechanism
  • the ProSe transmission key (Prose Traffic Key, PTK) is derived between the first terminal device and the second terminal device based on the PGK.
  • the further derived ProSe integrity key (Prose Integrity Key, PIK) and ProSe encryption key (Prose Encrypt Key, PEK) to protect the information transmitted by the first terminal device and/or the second terminal device so that the first terminal device can
  • An end-to-end security context is generated between the terminal device and the second terminal device.
  • the key types involved in this embodiment may be as shown in Table 1.
  • PGK group key The UE makes a request to PKMF, which sends it securely using the MIKEY mechanism.
  • the PTK derived input parameters may be as shown in Table 2.
  • the PEK/PIK derived input parameters may be as shown in Table 3.
  • the second encryption key is used to encrypt end-to-end messages exchanged between the first terminal device and the second terminal device
  • the second integrity protection key is used to encrypt the first terminal device. End-to-end messages exchanged between the terminal device and the second terminal device are integrity protected.
  • the second encryption key may be a confidentiality protection key (K D-enc )
  • the second integrity protection key may be an integrity protection key (K D-int ).
  • the second integrity protection key includes an integrity protection key for the control plane (K D-CPint ) and an integrity protection key for the user plane (K D-UPint ); and/or, the The second encryption key includes a confidentiality protection key for the control plane (K D-CPenc ) and a confidentiality protection key for the user plane (K D-UPenc ).
  • the input parameters of the second integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection Algorithm identifier, the length of the integrity protection algorithm identifier. That is, the second key may be generated based on at least one of the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, and the length of the integrity protection algorithm identifier. Second integrity protection key.
  • the input parameters of the second integrity protection key include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, the selected algorithm type The length of the identifier, the integrity protection algorithm identifier, and the length of the integrity protection algorithm identifier.
  • the input parameters of the second integrity protection key may also include some system setting parameters.
  • the second integrity protection key is automatically updated.
  • the input parameters of the second encryption key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, and the confidentiality protection algorithm identifier. , the length of the confidentiality protection algorithm identifier. That is, the second key may be generated based on at least one of the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, and the length of the confidentiality protection algorithm identifier. Second encryption key.
  • the input parameters of the second encryption key include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, the selected algorithm type identifier The length of Confidentiality Protection Algorithm Identifier, the length of Confidentiality Protection Algorithm Identifier.
  • the input parameters of the second encryption key may also include some system setting parameters.
  • the second encryption key is automatically refreshed.
  • the selected algorithm type identifier may be represented by "Control Plane Integrity Protection Algorithm" or by setting a specific value.
  • the selected algorithm type identifier may be represented by "Control Plane Confidentiality Protection Algorithm" or by setting a specific value.
  • the selected algorithm type identifier may be represented by "User Plane Integrity Protection Algorithm" or by setting a specific value.
  • the selected algorithm type identifier may be represented by "user plane confidentiality protected algorithm” or by setting a specific value.
  • the first terminal device receives the safe mode command sent by the second terminal device through the relay device;
  • the security mode command includes at least one of the following: a security algorithm selected by the second terminal device, a security policy selected by the second terminal device, a second temporary public key generated by the second terminal device, The generated second random number, the M bits of the identification of the first key generated by the second terminal device, the relevant information of the relay device, and the first message verification code;
  • the security mode command is encrypted by the first encryption key
  • the security mode command is integrity protected by the first integrity protection key
  • the first message verification code is generated based on the second integrity protection key.
  • the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key, and the second random number, The M bits, the relevant information of the relay device;
  • the second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key, and the identification of the first key consists of the M bits and the first key.
  • the other N bits of the identifier are combined, and M and N are both positive integers.
  • the second terminal device may select a security algorithm based on the security capability information of the first terminal device, and/or the second terminal device may select a security policy based on the security policy information of the first terminal device.
  • the security capability information of the first terminal device may be a list of cryptographic algorithms supported by the first terminal device.
  • the security policy information of the first terminal device may be whether the first terminal device supports confidentiality protection or integrity protection.
  • the security policy information of the first terminal device includes: the security policy information of the first terminal device on the control plane, and/or the security policy information of the first terminal device on the user plane.
  • the M bits may be the highest M bits of the identity of the first key, and the N bits may be the lowest N bits of the identity of the first key; or, The M bits may be the first M bits of the identifier of the first key, and the N bits may be the last N bits of the identifier of the first key; or, the M bits may be are the even-numbered bits of the identifier of the first key, and the N bits may be the odd-numbered bits of the identifier of the first key.
  • the values of M and N may be the same or different, which is not limited by this application.
  • the security mode command further includes the generated by the second terminal device.
  • x bits of the identifier of the second key, and the input parameter of the first message verification code includes the x bits; wherein, the identifier of the second key consists of the x bits and the second key The other y bits of the identifier are combined, and x and y are both positive integers.
  • the x bits may be the highest x bits of the identity of the second key, and the y bits may be the lowest y bits of the identity of the second key; or, The x bits may be the first x bits of the identifier of the second key, and the y bits may be the last y bits of the identifier of the second key; or, the x bits may be are the even-numbered bits of the identifier of the second key, and the y bits may be the odd-numbered bits of the identifier of the second key.
  • the values of x and y may be the same or different, which is not limited by this application.
  • the first terminal device uses the first encryption key to decrypt the a security mode command, and using the first integrity protection key to determine the integrity of the security mode command;
  • the first terminal device uses the first temporary private key paired with the first temporary public key, the second temporary public key, and the relay device to The information derives the first key, and the first terminal device generates the N bits of the identification of the first key, and combines the M bits and the N bits to obtain the first key logo;
  • the first terminal device generates the second key based on at least the first random number, the first key and the second random number, and the first terminal device generates the second integrity protection key based on the second key.
  • key and/or the second encryption key, and the y bits of the identification of the second key generated by the first terminal device, and the x bits and the y bits are combined to obtain the second The identification of the key;
  • the first terminal device uses the security algorithm selected by the second terminal device, the second integrity protection key and/or the second encryption key, the second terminal device The security policy selected by the device communicates with the second terminal device.
  • the first terminal device transmits data to the second key through the relay device.
  • the terminal device sends a security mode establishment completion message; wherein the security mode establishment completion message is encrypted by the second key or the second encryption key, and the security mode establishment completion message is encrypted by the second key or the second complete encryption key.
  • the security mode establishment completion message includes at least the y bits of the identification of the second key.
  • the input parameters of the second integrity protection key include at least the following: One: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, the length of the integrity protection algorithm identifier; and/or the second encryption key
  • the input parameters of the key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, and the length of the confidentiality protection algorithm identifier.
  • the second random number A terminal device uses the first encryption key to decrypt the security mode command, and uses the first integrity protection key to determine the integrity of the security mode command;
  • the first terminal device uses the first temporary private key paired with the first temporary public key, the second temporary public key, and the relay device to The information derives the first key, and the first terminal device generates the N bits of the first key, and combines the M bits and the N bits to obtain the identity of the first key;
  • the first terminal device generates the second integrity protection key and/or the second encryption key based on at least the first random number, the first key and the second random number;
  • the first terminal device uses the security algorithm selected by the second terminal device, the second integrity protection key and/or the second encryption key, the second terminal device The security policy selected by the device communicates with the second terminal device.
  • the second random number A terminal device sends a security mode establishment completion message to the second terminal device through the relay device; wherein the security mode establishment completion message is encrypted by the second encryption key, and the security mode establishment completion message is encrypted by the second complete encryption key. Integrity protection using a sex-protected key.
  • the second random number include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, and the length of the selected algorithm type identifier.
  • the integrity protection algorithm identifier the length of the integrity protection algorithm identifier; and/or, the input parameters of the second encryption key include at least one of the following: the first random number, the first key, the second random number Number, selected algorithm type identifier, length of selected algorithm type identifier, confidentiality protected algorithm identifier, length of confidentiality protected algorithm identifier.
  • the input parameters when generating the first key include: a second temporary private key (Ephemeral private key2) generated by the first terminal device, a first temporary private key generated by the second terminal device.
  • Temporary public key (Ephemeral public key1), and related information of the relay device such as the identity information of the relay device, or the random number generated by the relay device, or the counter (COUNT) generated by the relay device).
  • the input parameters when generating the first key include: the second temporary public key (Ephemeral public key2) generated by the first terminal device, the first temporary private key (Ephemeral private key2) generated by the second terminal device.
  • the first temporary public key is paired with the first temporary private key
  • the second temporary public key is paired with the second temporary private key
  • the first key may be K D
  • the identifier of the first key may be K D ID
  • the second key may be K D -SESS
  • the identifier of the second key may be K D-SESS ID.
  • K D The key length is at least 256 bits (bits) and is generated by both the source device and the target device through temporary public and private key negotiation. Based on the root key, K D is updated by rerunning the authentication process. K D is used to generate the next layer key K D-sess . The key can be saved even if there is no active communication session between the source and target devices. K D ID can be used to identify K D .
  • the input parameters during generation include: UE-1’s temporary private key Ephemeral private key2, UE-2’s temporary public key Ephemeral public key1, and the identity information of UE-relay, or UE-relay
  • the input parameters during generation include: UE-1's temporary public key Ephemeral public key2, UE-2's temporary private key Ephemeral private key1, And the identity of UE-relay, or the random number generated by UE-relay, or the counter COUNT generated by UE-relay.
  • K D-sess The key length is at least 256 bits. K D-sess is used to derive the next level of integrity protection or confidentiality protection key. K D -sess can be refreshed based on K D by rerunning the secure connection establishment process or the related key update process. K D-sess ID is used to identify K D-sess . KD-sess is derived from KD using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. The input parameters of K D-sess must at least include the key K D , the random number Nonce_1 (that is, the first random number generated by the first terminal device), and the random number Nonce_2 (that is, the second random number generated by the second terminal device).
  • the input parameters of K D-sess may also include but are not limited to at least one of the following: source ID (Source ID), destination ID (Destination ID), the length of the random number Nonce_1, the length of the random number Nonce_2, the source ID (Source ID) length, destination ID (Destination ID) length.
  • the input parameters of K D-sess can also include other system setting parameters, such as one or more fixed parameters specified by 3GPP.
  • K D-CPint The key length is at least 128 bits. This key can be used for control plane data integrity protection.
  • the key is derived by K D-sess using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. Come.
  • the input parameters of K D-CPint must contain at least the key K D-sess , the selected algorithm type identifier (such as "control plane integrity protection algorithm” or setting a specific value to represent it) and the selected algorithm type identifier.
  • the length of the symbol, the integrity protection algorithm identifier and the length of the integrity protection algorithm identifier, and other system setting parameters can be used as optional input parameters.
  • K D -CPint is automatically updated when K D- sess is automatically refreshed.
  • K D-CPenc The key length is at least 128 bits. This key can be used for control plane data confidentiality protection.
  • the key is derived by K D-sess using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. Come.
  • the input parameters of K D-CPenc must contain at least the key K D-sess , the selected algorithm type identifier (such as "Control Plane Confidentiality Protection Algorithm" or set a specific value to represent it) and the selected algorithm type identifier
  • the length, the confidentiality protection algorithm identifier and the length of the confidentiality protection algorithm identifier, and other system setting parameters can be used as optional input parameters.
  • K D -CPenc is automatically updated when K D- sess is automatically refreshed.
  • K D-UPint The key length is at least 128 bits. This key can be used for user plane data integrity protection.
  • the key is derived by K D-sess using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. Come.
  • the input parameters of K D-UPint must contain at least the key K D-sess , the selected algorithm type identifier (such as "user plane integrity protection algorithm” or setting a specific value to represent it) and the selected algorithm type identifier.
  • the length of the symbol, the integrity protection algorithm identifier and the length of the integrity protection algorithm identifier, and other system setting parameters can be used as optional input parameters.
  • K D -UPint is automatically updated when K D-sess is automatically refreshed.
  • K D-UPenc The key length is at least 128 bits. This key can be used for user plane data confidentiality protection.
  • the key is derived by K D-sess using key derivation algorithms such as HMAC-SHA-256 or HMAC-SM3. Come.
  • the input parameters of K D-UPenc must contain at least the key K D-sess , the selected algorithm type identifier (such as "user plane confidentiality protection algorithm” or setting a specific value to represent it) and the selected algorithm type identifier.
  • the length of the character, the confidentiality protection algorithm identifier and the length of the confidentiality protection algorithm identifier, and other system setting parameters can be used as optional input parameters.
  • K D -UPenc is automatically updated when K D -sess is automatically refreshed.
  • ECCSI in this application is only an example and is not limited to this algorithm. It can also be replaced by other identity-based public key signature and public key encryption algorithms. While replacing the public key algorithm, all requests Parameters related to the public key algorithm in the message need to be replaced accordingly.
  • the key derivation function used by the first terminal device and the second terminal device in this application is not limited to HMAC-SHA-256 or HMAC-SM3, and includes any key derivation function that meets computational security.
  • the input parameters of the key derivation function in this application are not limited to the necessary parameters mentioned above, and may include other optional parameters, such as fixed parameters set by the application system.
  • the key management center in this application is not limited to KMS, PKMF, and 5GPKMF.
  • Legal key management centers managed by operators or managed by third-party service providers are all applicable to the technical solution of this application.
  • the symmetric key issued by PKMF to the terminal device that has been registered and authorized to use the UE-to-UE relay function is not limited to the above solution.
  • the specific configuration can be changed according to the operator or service provider's design of PKMF. .
  • the information elements in all interactive messages in the secure communication establishment process in this application are not limited to the content mentioned in the above solution, and optional information elements due to application system requirements can also be added.
  • the first terminal device can generate the first key based on the direct communication request sent by the second terminal device through the relay device, and the direct communication request is encrypted by the first encryption key, and directly The communication request is integrity protected via the first integrity protection key.
  • the second integrity protection key, or the first random number generated by the first terminal device, the first key and the second terminal device are used to derive the second random number to generate the second encryption key and/or the second integrity Protecting the key can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing eavesdropping by other devices and even relay devices.
  • the embodiment of this application is suitable for the secure communication establishment process between the first terminal device (source device) and the second terminal device (target device) under the 5G L2 UE-to-UE relay architecture.
  • PKMF delivers symmetric keys, protection algorithms and key negotiation to terminal devices that have registered and are authorized to use the UE-to-UE relay function, thereby efficiently establishing source End-to-end secure channel between UE and target UE.
  • the embodiments of this application have very high efficiency in calculation and communication, and can also achieve authentication, encryption protection, integrity protection, and resistance to tampering and downgrade attacks.
  • the first terminal device side embodiment of the present application is described in detail above with reference to FIG. 16
  • the second terminal device side embodiment of the present application is described in detail below with reference to FIG. 17 . It should be understood that the second terminal device side embodiment is different from the second terminal device side embodiment.
  • the terminal device side embodiments correspond to each other, and similar descriptions may refer to the first terminal device side embodiment.
  • FIG 17 is a schematic flow chart of a communication relay method 900 according to an embodiment of the present application.
  • the communication relay method 900 may include at least part of the following content:
  • the second terminal device receives the direct communication request sent by the first terminal device through the relay device; wherein the direct communication request includes at least one of the following: the security capability information of the first terminal device, the security capability information of the first terminal device. Policy information, the first temporary public key generated by the first terminal device, the first random number generated by the first terminal device, the identification of the relay device, and the relevant information of the relay device; wherein the direct communication request passes
  • the first encryption key is encrypted, and the direct communication request is integrity protected by a first integrity protection key based on the first encryption key that is registered and authorized to use the UE-to-UE relay.
  • the first integrity protection key is an encryption key derived from the symmetric key of the terminal for UE-to-UE relay communication.
  • the first integrity protection key is an integrity protection key derived from the symmetric key of the terminal that has been registered and authorized to use UE-to-UE relay communication. Key; wherein, the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter generated by the relay device; the first temporary public key and the The relevant information of the relay device is used by the second terminal device to derive the first key; the first random number, the first key and the second random number generated by the second terminal device are used to derive the second key, And the second key is used to derive a second encryption key and/or a second integrity protection key, or the first random number, the first key and the second random number generated by the second terminal device For deriving a second encryption key and/or a second integrity protection key.
  • This embodiment establishes a secure communication solution based on the symmetric key distributed by 5G PKMT, and establishes a secure connection in the UE-to-UE relay scenario under the L2 architecture.
  • the embodiments of this application are applied to the UE-to-UE relay scenario under the L2 architecture, that is, the first terminal device and the second terminal device communicate through the relay device.
  • the relay connection between the first terminal device and the second terminal device may be a PC5 link.
  • the first terminal device may be a source device or a source terminal
  • the second terminal device may be a target device or a target terminal
  • the relay device may be a relay terminal
  • the first encryption key may be a Proximity Service Encryption Key (PEK), and the first integrity protection key may be a Proximity Service Integrity Protection Key (PIK).
  • PEK Proximity Service Encryption Key
  • PIK Proximity Service Integrity Protection Key
  • the first encryption key can also be other encryption keys
  • the first integrity protection key can also be other integrity protection keys, which is not limited by this application.
  • the second terminal device uses the first encryption key to decrypt the Direct communication request, and using the first integrity protection key to determine the integrity of the direct communication request;
  • the second terminal device In the case that the information carried in the direct communication request has not been tampered with, the second terminal device generates a second temporary private key, and the second terminal device generates a second temporary private key based on the first temporary public key, the second temporary private key and the The first key is derived from the relevant information of the relay device, and the second terminal device generates M bits of the identification of the first key;
  • the second terminal device generates the second random number, and the second terminal device generates the second key according to at least the first random number, the first key and the second random number.
  • the second terminal device generates the second key according to at least the first random number, the first key and the second random number.
  • the second key generates the second integrity protection key and/or the second encryption key, and the second terminal device generates x bits of the identification of the second key;
  • the identification of the first key is obtained by combining the M bits and the other N bits of the identification of the first key, M and N are both positive integers, and the identification of the second key is obtained by the x bits are combined with other y bits of the identifier of the second key, and x and y are both positive integers.
  • the second terminal device may select a security algorithm based on the security capability information of the first terminal device, and/or the second terminal device may select a security policy based on the security policy information of the first terminal device.
  • the security capability information of the first terminal device may be a list of cryptographic algorithms supported by the first terminal device.
  • the security policy information of the first terminal device may be whether the first terminal device supports confidentiality protection or integrity protection.
  • the security policy information of the first terminal device includes: the security policy information of the first terminal device on the control plane, and/or the security policy information of the first terminal device on the user plane.
  • the M bits may be the highest M bits of the identity of the first key, and the N bits may be the lowest N bits of the identity of the first key; or, The M bits may be the first M bits of the identifier of the first key, and the N bits may be the last N bits of the identifier of the first key; or, the M bits may be are the even-numbered bits of the identifier of the first key, and the N bits may be the odd-numbered bits of the identifier of the first key.
  • the values of M and N may be the same or different, which is not limited by this application.
  • the x bits may be the highest x bits of the identity of the second key, and the y bits may be the lowest y bits of the identity of the second key; or, The x bits may be the first x bits of the identifier of the second key, and the y bits may be the last y bits of the identifier of the second key; or, the x bits may be are the even-numbered bits of the identifier of the second key, and the y bits may be the odd-numbered bits of the identifier of the second key.
  • the values of x and y may be the same or different, which is not limited by this application.
  • the second terminal device transmits data to the first through the relay device.
  • the terminal device sends a safe mode command
  • the security mode command includes at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second temporary private key generated by the second terminal device and paired with the second temporary private key.
  • the security mode command is encrypted by the first encryption key
  • the security mode command is integrity protected by the first integrity protection key
  • the first message verification code is generated based on the second integrity protection key.
  • the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key, and the second random number,
  • the M bits, the x bits, the relevant information of the relay device; the second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key.
  • the second terminal device receives the first terminal device through the Following the safe mode establishment completion message sent by the device;
  • the security mode establishment completion message is encrypted by the second key or the second encryption key, and the security mode establishment completion message is integrity protected by the second key or the second integrity protection key;
  • the security mode establishment completion message includes at least the y bits of the identification of the second key.
  • the input parameters of the second integrity protection key include at least the following: One: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the integrity protection algorithm identifier, the length of the integrity protection algorithm identifier; and/or,
  • the input parameters of the second encryption key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, the confidentiality protection algorithm identifier, the confidentiality protection algorithm identifier length.
  • the second random number uses the first encryption key to decrypt the direct communication request, and uses the first integrity protection key to determine the integrity of the direct communication request;
  • the second terminal device In the case that the information carried in the direct communication request has not been tampered with, the second terminal device generates a second temporary private key, and the second terminal device generates a second temporary private key based on the first temporary public key, the second temporary private key and the The first key is derived from the relevant information of the relay device, and the second terminal device generates M bits of the identification of the first key;
  • the second terminal device generates the second random number, and the second terminal device generates the second integrity protection key and/or the second random number based on at least the first random number, the first key and the second random number.
  • second encryption key
  • the identifier of the first key is obtained by combining the M bits and the other N bits of the identifier of the first key, and M and N are both positive integers.
  • the second random number The second terminal device sends a safe mode command to the first terminal device through the relay device;
  • the security mode command includes at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second temporary private key generated by the second terminal device and paired with the second temporary private key.
  • the security mode command is encrypted by the first encryption key
  • the security mode command is integrity protected by the first integrity protection key
  • the first message verification code is generated based on the second integrity protection key.
  • the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key, and the second random number, The M bits; the second temporary public key and the related information of the relay device are used by the first terminal device to derive the first key.
  • the second terminal device receives the security mode establishment completion message sent by the first terminal device through the relay device;
  • the security mode establishment completion message is encrypted by the second encryption key, and the security mode establishment completion message is integrity protected by the second integrity protection key.
  • the second random number include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, and the length of the selected algorithm type identifier. , the integrity protection algorithm identifier, the length of the integrity protection algorithm identifier; and/or,
  • the input parameters of the second encryption key include at least one of the following: the first random number, the first key, the second random number, the selected algorithm type identifier, and the length of the selected algorithm type identifier. , confidentiality protection algorithm identifier, the length of the confidentiality protection algorithm identifier.
  • the safe mode command also includes information related to the relay device
  • the input parameter of the first message verification code also includes information related to the relay device
  • the second terminal device selects the security algorithm according to the second terminal device, the second integrity protection key and/or the second encryption key, and the security policy selected by the second terminal device. Communicate with the first terminal device.
  • the first terminal device can generate the first key based on the direct communication request sent by the second terminal device through the relay device, and the direct communication request is encrypted by the first encryption key, and directly The communication request is integrity protected via the first integrity protection key.
  • the second integrity protection key, or the first random number generated by the first terminal device, the first key and the second terminal device are used to derive the second random number to generate the second encryption key and/or the second integrity Protecting the key can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing eavesdropping by other devices and even relay devices.
  • the embodiment of this application is suitable for the secure communication establishment process between the first terminal device (source device) and the second terminal device (target device) under the 5G L2 UE-to-UE relay architecture.
  • PKMF delivers symmetric keys, protection algorithms and key negotiation to terminal devices that have registered and are authorized to use the UE-to-UE relay function, thereby efficiently establishing source End-to-end secure channel between UE and target UE.
  • the embodiments of this application have very high efficiency in calculation and communication, and can also achieve authentication, encryption protection, integrity protection, and resistance to tampering and downgrade attacks.
  • the first terminal device side embodiment of the present application is described in detail above with reference to Figure 16.
  • the relay device side embodiment of the present application is described in detail below with reference to Figure 18. It should be understood that the relay device side embodiment is different from the first terminal device side embodiment.
  • the device side embodiments correspond to each other, and similar descriptions may refer to the first terminal device side embodiment.
  • FIG 18 is a schematic flowchart of a communication relay method 1000 according to an embodiment of the present application.
  • the communication relay method 1000 may include at least part of the following content:
  • the relay device receives a direct communication request sent by the first terminal device; wherein the direct communication request includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, A first temporary public key generated by a terminal device, a first random number generated by the first terminal device; wherein the direct communication request is encrypted by a first encryption key, and the direct communication request is encrypted by a first integrity protection key
  • the first encryption key is an encryption key derived based on the symmetric key of a terminal that has been registered and authorized to use UE-to-UE relay communication.
  • the first complete encryption key is
  • the integrity protection key is an integrity protection key derived based on the symmetric key of the terminal that is registered and authorized to use UE-to-UE relay communication;
  • the relay device verifies whether it is configured to forward the direct communication request. After the verification is passed, the relay device uses the first encryption key to decrypt the direct communication request to obtain QoS and charging information, and the relay device uses The first integrity protection key verifies the integrity of the direct communication request.
  • the relay device adds the relevant information of the relay device and the identification of the relay device in the direct communication request, and the The relay device uses the first encryption key to encrypt the direct communication request, uses the first integrity protection key to protect the integrity of the direct communication request, and forwards the direct communication request to the second terminal device; wherein, the The relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, the counter generated by the relay device; the first temporary public key and the relevant information of the relay device.
  • the second terminal device is used to derive a first key; the first random number, the first key and the second random number generated by the second terminal device are used to derive a second key, and the second key used to derive the second encryption key and/or the second integrity protection key, or the first random number, the first key and the second random number generated by the second terminal device are used to derive the second encryption key key and/or a second integrity protection key.
  • This embodiment establishes a secure communication solution based on the symmetric key distributed by 5G PKMT, and establishes a secure connection in the UE-to-UE relay scenario under the L2 architecture.
  • the embodiments of this application are applied to the UE-to-UE relay scenario under the L2 architecture, that is, the first terminal device and the second terminal device communicate through the relay device.
  • the relay connection between the first terminal device and the second terminal device may be a PC5 link.
  • the first terminal device may be a source device or a source terminal
  • the second terminal device may be a target device or a target terminal
  • the relay device may be a relay terminal
  • the first encryption key may be a Proximity Service Encryption Key (PEK), and the first integrity protection key may be a Proximity Service Integrity Protection Key (PIK).
  • PEK Proximity Service Encryption Key
  • PIK Proximity Service Integrity Protection Key
  • the first encryption key can also be other encryption keys
  • the first integrity protection key can also be other integrity protection keys, which is not limited by this application.
  • the second encryption key is used to encrypt end-to-end messages exchanged between the first terminal device and the second terminal device
  • the second integrity protection key is used to encrypt the first terminal device. End-to-end messages exchanged between the terminal device and the second terminal device are integrity protected.
  • the second encryption key may be a confidentiality protection key.
  • the relay device receives the security mode sent by the second terminal device command; wherein, the security mode command includes at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key generated by the second terminal device, the second The second random number generated by the terminal device, M bits of the identifier of the first key generated by the second terminal device, x bits of the identifier of the second key generated by the second terminal device, A first message verification code; wherein, the security mode command is encrypted by the first encryption key, the security mode command is integrity protected by the first integrity protection key, and the first message verification code is based on the second The integrity protection key is generated, and the input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key, The second random number, the M bits, the x bits,
  • the relay device uses the first encryption key to decrypt the security mode command to obtain Quality of Service (QoS) and billing information, and forwards the security mode command to the first terminal device; wherein, the The second temporary public key and the relevant information of the relay device are used by the first terminal device to derive the first key.
  • the identification of the first key is composed of the M bits and the identification of the first key. N bits are combined, and M and N are both positive integers.
  • the identity of the second key is obtained by combining the x bits and the other y bits of the identity of the second key. Both x and y are Positive integer.
  • the second terminal device may select a security algorithm based on the security capability information of the first terminal device, and/or the second terminal device may select a security policy based on the security policy information of the first terminal device.
  • the security capability information of the first terminal device may be a list of cryptographic algorithms supported by the first terminal device.
  • the security policy information of the first terminal device may be whether the first terminal device supports confidentiality protection or integrity protection.
  • the security policy information of the first terminal device includes: the security policy information of the first terminal device on the control plane, and/or the security policy information of the first terminal device on the user plane.
  • the M bits may be the highest M bits of the identity of the first key, and the N bits may be the lowest N bits of the identity of the first key; or, The M bits may be the first M bits of the identifier of the first key, and the N bits may be the last N bits of the identifier of the first key; or, the M bits may be are the even-numbered bits of the identifier of the first key, and the N bits may be the odd-numbered bits of the identifier of the first key.
  • the values of M and N may be the same or different, which is not limited by this application.
  • the x bits may be the highest x bits of the identity of the second key, and the y bits may be the lowest y bits of the identity of the second key; or, The x bits may be the first x bits of the identifier of the second key, and the y bits may be the last y bits of the identifier of the second key; or, the x bits may be are the even-numbered bits of the identifier of the second key, and the y bits may be the odd-numbered bits of the identifier of the second key.
  • the values of x and y may be the same or different, which is not limited by this application.
  • the relay device forwards the first random number to the second terminal device.
  • the security mode establishment completion message sent by the terminal device;
  • the security mode establishment completion message is encrypted by the second key or the second encryption key, and the security mode establishment completion message is integrity protected by the second key or the second integrity protection key;
  • the security mode establishment completion message includes at least the y bits of the identification of the second key.
  • the The relay device receives the security mode command sent by the second terminal device; wherein the security mode command includes at least one of the following: a security algorithm selected by the second terminal device, a security policy selected by the second terminal device, The second temporary public key generated by the device, the second random number generated by the second terminal device, the M bits of the identification of the first key generated by the second terminal device, and the first message verification code; wherein, The security mode command is encrypted by the first encryption key, the security mode command is integrity protected by the first integrity protection key, the first message verification code is generated based on the second integrity protection key, and The input parameters of the first message verification code include at least one of the following: the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the second temporary public key, the second random number, the M bits, the relevant information of the relay device; the second temporary public key and the relevant information of the relay device are
  • the relay device uses the first encryption key to decrypt the security mode command to obtain QoS and accounting information, and forwards the security mode command to the first terminal device; wherein the second temporary public key and the intermediate
  • the relevant information of the relay device is used by the first terminal device to derive the first key.
  • the identification of the first key is obtained by combining the M bits and the other N bits of the identification of the first key. M and N are both positive integers.
  • the The relay device forwards the security mode establishment completion message sent by the first terminal device to the second terminal device; wherein the security mode establishment completion message is encrypted by the second encryption key, and the security mode establishment completion message is encrypted by the second encryption key.
  • Integrity protection keys perform integrity protection.
  • the safe mode command includes information related to the relay device, and the input parameters of the first message verification code also include information related to the relay device; or, the relay device sends a message to the first message verification code.
  • the relevant information of the relay device is added to the safe mode command forwarded by the terminal device.
  • the first terminal device can generate the first key based on the direct communication request sent by the second terminal device through the relay device, and the direct communication request is encrypted by the first encryption key, and directly The communication request is integrity protected via the first integrity protection key.
  • the second integrity protection key, or the first random number generated by the first terminal device, the first key and the second terminal device are used to derive the second random number to generate the second encryption key and/or the second integrity Protecting the key can ensure the identity security of the first terminal device and the second terminal device and the confidentiality and integrity of the communication data, thereby ensuring the confidentiality and integrity of the data transmitted by both parties and preventing eavesdropping by other devices and even relay devices.
  • the embodiment of this application is suitable for the secure communication establishment process between the first terminal device (source device) and the second terminal device (target device) under the 5G L2 UE-to-UE relay architecture.
  • PKMF delivers symmetric keys, protection algorithms and key negotiation to terminal devices that have registered and are authorized to use the UE-to-UE relay function, thereby efficiently establishing source End-to-end secure channel between UE and target UE.
  • the embodiments of this application have very high efficiency in calculation and communication, and can also achieve authentication, encryption protection, integrity protection, and resistance to tampering and downgrade attacks.
  • Embodiment 3 as shown in Figure 19, assuming that no secure connection has been established between all devices before, UE-to-UE under the L2 architecture can be established through some or all of the steps in S3-0 to S3-6. Signature-based secure communication connection in subsequent scenarios.
  • UE1 may be the first terminal device
  • UE2 may be the second terminal device
  • UE-to-UE relay may be the relay device
  • K D may be the first key
  • K D-SESS may be the second key
  • the first encryption key is PEK
  • the first integrity protection key is PIK.
  • S3-0.UE registers with the network and is authorized for UE-to-UE relay service.
  • UE-to-UE relay registers with the network to provide the UE-to-UE Relay function, and the UE-to-UE relay is configured with relay policy parameters.
  • PKMF uses the MIKEY mechanism to send the relevant PGK, PGK ID and expiration time to the above-mentioned registered and authorized UE.
  • S3-1.UE2 determines the destination L2 ID for signaling reception when the PC5 unicast link is established.
  • S3-2.UE1 sends an end-to-end direct communication request message through broadcast. Specifically, before broadcasting the direct communication request to surrounding terminal devices, UE1 first needs to derive the transmission key PTK based on PGK, and further generate the PTK Lower level keys, namely PEK and PIK. UE1 uses PEK to encrypt the broadcast message, and uses PIK to calculate the MAC of the direct communication request message to protect the integrity of the direct communication request message. That is, the direct communication request is encrypted by PEK, and the direct communication request is integrity protected by PIK. Among them, the direct communication request contains at least one of the following:
  • UE1 security capabilities information (UE1 security capabilities);
  • UE1 security policy information (UE1 security policy);
  • the first temporary public key (Ephemeral public key1) generated by UE1;
  • UE-to-UE Relay receives the broadcast direct communication request message and verifies whether the UE-to-UE Relay is configured to forward the direct communication request message. For example, the UE-to-UE Relay will announce the ProSe application ID and Compare the relay policies/parameters it provides.
  • UE-to-UE Relay forwards the direct communication request message broadcast end-to-end, it uses its own L2 ID as the source (Source) L2 ID, and adds the UE ID of UE-to-UE Relay in the message.
  • the adaptation layer Specify information identifying UE1.
  • UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.
  • the UE-to-UE Relay uses PEK to decrypt the direct communication request to obtain QoS and charging information, and the UE-to-UE Relay uses PIK to verify the integrity of the direct communication request.
  • the UE- to-UE Relay adds the relevant information of UE-to-UE Relay and the identification of UE-to-UE Relay in the direct communication request, and the UE-to-UE Relay uses PEK to encrypt the direct communication request and uses PIK to protect the direct communication request.
  • the relevant information of UE-to-UE Relay includes one of the following: the identity information of UE-to-UE Relay, the random number generated by UE-to-UE Relay, and the counter generated by UE-to-UE Relay.
  • S3-4a.UE2 is interested in the announced application. If there is no per-hop link between UE2 and UE-to-UE Relay, UE2 will trigger the UE-to-UE Relay to establish a per-hop link. UE2 sends a link establishment process message for each hop.
  • the source address is the UE2 L2 ID and the destination address is the relay's L2 ID.
  • UE-2 and UE-to-UE relay successfully establish a per hop link, the establishment of end-to-end security between UE2 and UE1 will be further triggered.
  • UE2 first uses PGK to generate the transmission key PTK, and further generates PEK and PIK, decrypts the received direct communication request, and verifies the integrity of the direct communication request.
  • UE2 After successful verification, UE2 generates a pair of temporary public and private keys, namely the second temporary public key (Ephemeral public key2) and the second temporary private key (Ephemeral private key2), and uses the second temporary private key, the first temporary public key and the UE -To-UE relay related information, calculate the shared key K D and MSB of K D ID with UE-1.
  • UE2 negotiates the security policy and security algorithm, then generates the second random number (Nonce_2), and calculates the lower level derived from K D -sess and K D -sess based on K D keys (ie, the second encryption key (K D-enc ) and the second integrity protection key (K D -int )), and in addition UE2 generates the MSB of K D -sess ID.
  • UE2 sends a security mode command to UE1 through UE-to-UE relay.
  • the security mode command is encrypted through PEK, and the security mode command is integrity protected through PIK.
  • the security mode command contains the following parameters:
  • the security algorithm selected by UE2 (chosen_algs);
  • the security policy chosen by UE2 (chosen_security policy);
  • the second temporary public key (Ephemeral private key2) generated by UE2;
  • a first message verification code wherein the first message verification code is generated based on a lower integrity protection key derived from K D -sess (ie, the second integrity protection key (K D-int )), and the first message verification code
  • the input parameters of the verification code include at least one of the following: the security algorithm selected by UE2, the security policy selected by UE2, the second temporary public key, the second random number, MSB of K D ID, and MSB of K D -sess ID.
  • the UE-to-UE relay can use PEK to decrypt the security mode command to obtain information related to QoS and charging. Further, the UE-to-UE relay sends the security mode command to UE1. Optionally, if the security mode command does not include UE-to-UE relay related information, UE-to-UE relay can add UE-to-UE relay related information to the security mode command forwarded to UE1.
  • S3-6.UE1 first uses PEK to decrypt the security mode command, and uses PIK to determine the integrity of the security mode command. After successful verification, it further determines whether UE1's security capability information and UE1's security policy information have been tampered with. If not, then use Calculate K D -sess and the subordinate keys derived from K D -sess (i.e., the second encryption key (K D -enc ) and the second integrity protection key (K D - int )) in the same manner as UE2, and then UE1 verifies whether the first message verification code is valid. If valid, UE1 prepares to use the new security environment to protect subsequent communications.
  • K D -sess i.e., the second encryption key (K D -enc ) and the second integrity protection key (K D - int )
  • UE1 generates LSB of K D ID, LSB of K D -sess ID, combines the LSB of K D ID with the received MSB of K D ID to obtain the K D ID, and combines the LSB of K D -sess ID with the received MSB of K D ID.
  • the MSB of K D -sess ID is merged to obtain the K D -sess ID, and the K D ID and K D -sess ID are saved, which are subsequently used to identify K D and K D -sess.
  • UE1 sends a security-protected security mode completion message to UE2 through the UE-to-UE relay according to the negotiation policy and negotiation algorithm.
  • the security mode completion message can be protected by K D -sess for integrity and encryption, or the security mode completion message can be protected by KD-sess.
  • the security mode completion message can be integrity protected using the lower-level integrity protection key (i.e., the second integrity protection key (K D-int )) generated by K D -sess, and the lower-level encryption key (K D -int ) generated by K D -sess. That is, the second encryption key (K D-enc )) is used for encryption protection.
  • the security mode completion message may include LSB of K D -sess ID.
  • UE2 can combine the received LSB of K D -sess ID with the MSB of K D -sess ID generated by UE2 to obtain the K D -sess ID, and save the K D -sess ID, which is subsequently used to identify the K D -sess.
  • UE1 communicates with UE2 according to the security algorithm and K D-SESS selected by UE2, generates an integrity protection key and/or confidentiality protection key based on K D-SESS , and a security policy selected by UE2.
  • UE2 communicates with UE1 according to the security algorithm and K D-SESS selected by UE2, generates an integrity protection key and/or a confidentiality protection key based on K D-SESS , and a security policy selected by UE2.
  • Embodiment 4 as shown in Figure 20, assuming that no secure connection has been established between all devices before, UE-to-UE under the L2 architecture can be established through some or all of the steps in S4-0 to S4-6. Signature-based secure communication connection in subsequent scenarios.
  • UE1 may be the first terminal device
  • UE2 may be the second terminal device
  • UE-to-UE relay may be the relay device
  • K D may be the first key
  • K D-SESS may be the second key
  • the first encryption key is PEK
  • the first integrity protection key is PIK.
  • the UE registers with the network and is authorized for the UE-to-UE relay service.
  • UE-to-UE relay registers with the network to provide the UE-to-UE Relay function, and the UE-to-UE relay is configured with relay policy parameters.
  • PKMF uses the MIKEY mechanism to send the relevant PGK, PGK ID and expiration time to the above-mentioned registered and authorized UE.
  • S4-1.UE2 determines the destination L2 ID for signaling reception when the PC5 unicast link is established.
  • UE1 sends an end-to-end direct communication request message through broadcast. Specifically, before broadcasting the direct communication request to surrounding terminal devices, UE1 first needs to derive the transmission key PTK based on PGK, and further generate the PTK Lower level keys, namely PEK and PIK. UE1 uses PEK to encrypt the broadcast message, and uses PIK to calculate the MAC of the direct communication request message to protect the integrity of the direct communication request message. That is, the direct communication request is encrypted by PEK, and the direct communication request is integrity protected by PIK. Among them, the direct communication request contains at least one of the following:
  • UE1 security capabilities information (UE1 security capabilities);
  • UE1 security policy information (UE1 security policy);
  • the first temporary public key (Ephemeral public key1) generated by UE1;
  • UE-to-UE Relay receives the broadcast direct communication request message and verifies whether the UE-to-UE Relay is configured to forward the direct communication request message. For example, the UE-to-UE Relay will announce the ProSe application ID and Compare the relay policies/parameters it provides.
  • UE-to-UE Relay forwards the direct communication request message broadcast end-to-end, it uses its own L2 ID as the source (Source) L2 ID, and adds the UE ID of UE-to-UE Relay in the message.
  • the adaptation layer Specify information identifying UE1.
  • UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.
  • the UE-to-UE Relay uses PEK to decrypt the direct communication request to obtain QoS and charging information, and the UE-to-UE Relay uses PIK to verify the integrity of the direct communication request.
  • the UE- to-UE Relay adds the relevant information of UE-to-UE Relay and the identification of UE-to-UE Relay in the direct communication request, and the UE-to-UE Relay uses PEK to encrypt the direct communication request and uses PIK to protect the direct communication request.
  • the relevant information of UE-to-UE Relay includes one of the following: the identity information of UE-to-UE Relay, the random number generated by UE-to-UE Relay, and the counter generated by UE-to-UE Relay.
  • S4-4a.UE2 is interested in the announced application. If there is no per-hop link between UE2 and UE-to-UE Relay, UE2 will trigger UE-to-UE Relay to establish a per-hop link. UE2 sends a link establishment process message for each hop.
  • the source address is the UE2 L2 ID and the destination address is the relay's L2 ID.
  • UE-2 and UE-to-UE relay successfully establish a per hop link, the establishment of end-to-end security between UE2 and UE1 will be further triggered.
  • UE2 first uses PGK to generate the transmission key PTK, and further generates PEK and PIK, decrypts the received direct communication request, and verifies the integrity of the direct communication request.
  • UE2 After successful verification, UE2 generates a pair of temporary public and private keys, namely the second temporary public key (Ephemeral public key2) and the second temporary private key (Ephemeral private key2), and uses the second temporary private key, the first temporary public key and the UE -To-UE relay related information, calculate the shared key K D and MSB of K D ID with UE1.
  • UE2 negotiates the security policy and security algorithm, and then generates the second random number (Nonce_2), and uses the subordinate key derived from K D (i.e. the second encryption key ( K D-enc ) and the second integrity protection key (K D-int )).
  • UE2 sends a security mode command to UE1 through UE-to-UE relay.
  • the security mode command is encrypted through PEK, and the security mode command is integrity protected through PIK.
  • the security mode command contains the following parameters:
  • the security algorithm selected by UE2 (chosen_algs);
  • the security policy chosen by UE2 (chosen_security policy);
  • the second temporary public key (Ephemeral private key2) generated by UE2;
  • a first message verification code wherein the first message verification code is generated based on the second integrity protection key (K D-int ), and the input parameters of the first message verification code include at least one of the following: the security selected by UE2 Algorithm, security policy selected by UE2, second temporary public key, second random number, MSB of K D ID.
  • the UE-to-UE relay can use PEK to decrypt the security mode command to obtain information related to QoS and charging. Further, the UE-to-UE relay sends the security mode command to UE1. Optionally, if the security mode command does not include UE-to-UE relay related information, UE-to-UE relay can add UE-to-UE relay related information to the security mode command forwarded to UE1.
  • S4-6.UE1 first uses PEK to decrypt the security mode command, and uses PIK to determine the integrity of the security mode command. After successful verification, it further determines whether UE1's security capability information and UE1's security policy information have been tampered with. If not, then use The second encryption key (K D-enc ) and the second integrity protection key (K D-int ) are calculated in the same way as UE2, and then UE1 verifies whether the first message verification code is valid. If valid, UE1 is ready to use the new A secure environment to protect subsequent communications.
  • K D-enc The second encryption key
  • K D-int the second integrity protection key
  • UE1 generates the LSB of K D ID, combines the LSB of K D ID with the received MSB of K D ID to obtain the K D ID, and saves the K D ID, which is subsequently used to identify K D .
  • UE1 sends a security-protected security mode completion message to UE2 through the UE-to-UE relay.
  • the security mode completion message can use the derived lower-level integrity protection key (i.e., the second integrity The protection key (K D-int )) performs integrity protection, and the derived lower-level encryption key (i.e., the second encryption key (K D-enc )) performs encryption protection.
  • UE1 communicates with UE2 according to the security algorithm selected by UE2, the second integrity protection key (K D-int ) and/or the second encryption key (K D-enc ), and the security policy selected by UE2.
  • UE2 communicates with UE1 according to the security algorithm selected by UE2, the second integrity protection key (K D-int ) and/or the second encryption key (K D-enc ), and the security policy selected by UE2.
  • Embodiment 5 as shown in Figure 21, assuming that no secure connection has been established between all devices before, UE-to-UE under the L2 architecture can be established through some or all of the steps in S5-0 to S5-6. Signature-based secure communication connection in subsequent scenarios.
  • UE1 may be the first terminal device
  • UE2 may be the second terminal device
  • UE-to-UE relay may be the relay device
  • K D may be the first key
  • K D-SESS may be the second key .
  • S5-0.UE registers with the network and is authorized for UE-to-UE relay service.
  • UE-to-UE relay registers with the network to provide the UE-to-UE Relay function, and the UE-to-UE relay is configured with relay policy parameters.
  • PKMF uses the MIKEY mechanism to send relevant symmetric keys to the above-mentioned registered and authorized UEs.
  • the first encryption key and the third encryption key can be derived based on the symmetric keys of the terminals that have been registered and authorized to use UE-to-UE relay communication.
  • An integrity protection key is used to send relevant symmetric keys to the above-mentioned registered and authorized UEs.
  • UE2 determines the destination L2 ID for signaling reception when the PC5 unicast link is established.
  • S5-2.UE1 sends an end-to-end direct communication request message through broadcast. Specifically, UE1 broadcasts the direct communication request to surrounding terminal devices based on terminals that have registered and are authorized to use UE-to-UE relay communication.
  • the first encryption key and the first integrity protection key are derived from the symmetric keys of UE1 and UE2.
  • UE1 uses the first encryption key to encrypt the broadcast message, and uses the first integrity protection key to calculate the MAC of the direct communication request message to protect the integrity of the direct communication request message. That is, the direct communication request is processed through the first encryption key. Encryption, and the direct communication request is integrity protected by a first integrity protection key.
  • the direct communication request contains at least one of the following:
  • UE1 security capabilities information (UE1 security capabilities);
  • UE1 security policy information (UE1 security policy);
  • the first temporary public key (Ephemeral public key1) generated by UE1;
  • UE-to-UE Relay receives the broadcast direct communication request message and verifies whether the UE-to-UE Relay is configured to forward the direct communication request message. For example, the UE-to-UE Relay will announce the ProSe application ID and Compare the relay policies/parameters it provides.
  • UE-to-UE Relay forwards the direct communication request message broadcast end-to-end, it uses its own L2 ID as the source (Source) L2 ID, and adds the UE ID of UE-to-UE Relay in the message.
  • the adaptation layer Specify information identifying UE1.
  • UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.
  • the UE-to-UE Relay uses the first encryption key to decrypt the direct communication request to obtain QoS and charging information, and the UE-to-UE Relay uses the first integrity protection key to verify the direct communication request. Integrity, after passing the verification, the UE-to-UE Relay adds the relevant information of the UE-to-UE Relay and the identification of the UE-to-UE Relay in the direct communication request, and the UE-to-UE Relay uses the first encryption The key encrypts the direct communication request and uses the first integrity protection key to protect the integrity of the direct communication request; among which, the relevant information of the UE-to-UE Relay includes one of the following: the identity information of the UE-to-UE Relay, the UE Random number generated by -to-UE Relay, counter generated by UE-to-UE Relay.
  • S5-4a.UE2 is interested in the announced application. If there is no per-hop link between UE2 and UE-to-UE Relay, UE2 will trigger the UE-to-UE Relay to establish a per-hop link. UE2 sends a link establishment process message for each hop.
  • the source address is the UE2 L2 ID and the destination address is the relay's L2 ID.
  • UE-2 and UE-to-UE relay successfully establish a per hop link, the establishment of end-to-end security between UE2 and UE1 will be further triggered.
  • UE2 may derive the first encryption key and the first integrity protection key based on the symmetric key of the terminal that is registered and authorized to use UE-to-UE relay communication, decrypt the received direct communication request, and verify the direct communication request of integrity.
  • UE2 After successful verification, UE2 generates a pair of temporary public and private keys, namely the second temporary public key (Ephemeral public key2) and the second temporary private key (Ephemeral private key2), and uses the second temporary private key, the first temporary public key and the UE -To-UE relay related information, calculate the shared key K D and MSB of K D ID with UE-1.
  • UE2 negotiates the security policy and security algorithm, then generates the second random number (Nonce_2), and calculates the lower level derived from K D -sess and K D -sess based on K D keys (ie, the second encryption key (K D-enc ) and the second integrity protection key (K D -int )), and in addition UE2 generates the MSB of K D -sess ID.
  • UE2 sends a security mode command to UE1 through UE-to-UE relay.
  • the security mode command is encrypted by the first encryption key.
  • the security mode command is integrity protected by the first integrity protection key.
  • the security mode command is encrypted by the first encryption key. The following parameters are included in the mode command:
  • the security algorithm selected by UE2 (chosen_algs);
  • the security policy chosen by UE2 (chosen_security policy);
  • the second temporary public key (Ephemeral private key2) generated by UE2;
  • a first message verification code wherein the first message verification code is generated based on a lower integrity protection key derived from K D -sess (ie, the second integrity protection key (K D-int )), and the first message verification code
  • the input parameters of the verification code include at least one of the following: the security algorithm selected by UE2, the security policy selected by UE2, the second temporary public key, the second random number, MSB of K D ID, and MSB of K D -sess ID.
  • the UE-to-UE relay can use the first encryption key to decrypt the security mode command to obtain information related to QoS and charging. Further, the UE-to-UE relay sends the security mode command to UE1. Optionally, if the security mode command does not include UE-to-UE relay related information, UE-to-UE relay can add UE-to-UE relay related information to the security mode command forwarded to UE1.
  • UE1 first uses the first encryption key to decrypt the security mode command, uses the first integrity protection key to determine the integrity of the security mode command, and after successful verification, further determines the security capability information of UE1 and the security policy information of UE1. Whether it has been tampered with. If it has not been tampered with, use the same method as UE2 to calculate K D -sess and the subordinate key derived from K D -sess (i.e., the second encryption key (K D-enc ) and the second integrity protection key). key (K D-int )), and then UE1 verifies whether the first message verification code is valid. If valid, UE1 is prepared to use the new security environment to protect subsequent communications.
  • UE1 generates LSB of K D ID, LSB of K D -sess ID, combines the LSB of K D ID with the received MSB of K D ID to obtain the K D ID, and combines the LSB of K D -sess ID with the received MSB of K D ID.
  • the MSB of K D -sess ID is merged to obtain the K D -sess ID, and the K D ID and K D -sess ID are saved, which are subsequently used to identify K D and K D -sess.
  • UE1 sends a security-protected security mode completion message to UE2 through the UE-to-UE relay according to the negotiation policy and negotiation algorithm.
  • the security mode completion message can be protected by K D -sess for integrity and encryption, or the security mode completion message can be protected by KD-sess.
  • the security mode completion message can be integrity protected using the lower-level integrity protection key (i.e., the second integrity protection key (K D-int )) generated by K D -sess, and the lower-level encryption key (K D -int ) generated by K D -sess. That is, the second encryption key (K D-enc )) is used for encryption protection.
  • the security mode completion message may include LSB of K D -sess ID.
  • UE2 can combine the received LSB of K D -sess ID with the MSB of K D -sess ID generated by UE2 to obtain the K D -sess ID, and save the K D -sess ID, which is subsequently used to identify the K D -sess.
  • UE1 communicates with UE2 according to the security algorithm and K D-SESS selected by UE2, generates an integrity protection key and/or confidentiality protection key based on K D-SESS , and a security policy selected by UE2.
  • UE2 communicates with UE1 according to the security algorithm and K D-SESS selected by UE2, generates an integrity protection key and/or a confidentiality protection key based on K D-SESS , and a security policy selected by UE2.
  • Embodiment 6 as shown in Figure 22, assuming that no secure connection has been established between all devices before, UE-to-UE under the L2 architecture can be established through some or all of the steps in S6-0 to S6-6. Signature-based secure communication connection in subsequent scenarios.
  • UE1 may be the first terminal device
  • UE2 may be the second terminal device
  • UE-to-UE relay may be the relay device
  • K D may be the first key
  • K D-SESS may be the second key .
  • the UE registers with the network and is authorized for the UE-to-UE relay service.
  • UE-to-UE relay registers with the network to provide the UE-to-UE Relay function, and the UE-to-UE relay is configured with relay policy parameters.
  • PKMF uses the MIKEY mechanism to send relevant symmetric keys to the above-mentioned registered and authorized UEs.
  • the first encryption key and the third encryption key can be derived based on the symmetric keys of the terminals that have been registered and authorized to use UE-to-UE relay communication.
  • An integrity protection key is used to send relevant symmetric keys to the above-mentioned registered and authorized UEs.
  • UE2 determines the destination L2 ID for signaling reception when the PC5 unicast link is established.
  • S6-2.UE1 sends an end-to-end direct communication request message through broadcast. Specifically, UE1 broadcasts the direct communication request to surrounding terminal devices based on terminals that have registered and are authorized to use UE-to-UE relay communication.
  • the first encryption key and the first integrity protection key are derived from the symmetric keys of UE1 and UE2.
  • UE1 uses the first encryption key to encrypt the broadcast message, and uses the first integrity protection key to calculate the MAC of the direct communication request message to protect the integrity of the direct communication request message. That is, the direct communication request is processed through the first encryption key. Encryption, and the direct communication request is integrity protected by a first integrity protection key.
  • the direct communication request contains at least one of the following:
  • UE1 security capabilities information (UE1 security capabilities);
  • UE1 security policy information (UE1 security policy);
  • the first temporary public key (Ephemeral public key1) generated by UE1;
  • UE-to-UE Relay receives the broadcast direct communication request message and verifies whether the UE-to-UE Relay is configured to forward the direct communication request message. For example, the UE-to-UE Relay will announce the ProSe application ID and Compare the relay policies/parameters it provides.
  • UE-to-UE Relay forwards the direct communication request message broadcast end-to-end, it uses its own L2 ID as the source (Source) L2 ID, and adds the UE ID of UE-to-UE Relay in the message.
  • the adaptation layer Specify information identifying UE1.
  • UE-to-UE Relay processes this end-to-end broadcast message at the ProSe layer and forwards any subsequent end-to-end PC5-S messages based on the adaptation layer information.
  • the UE-to-UE Relay uses the first encryption key to decrypt the direct communication request to obtain QoS and charging information, and the UE-to-UE Relay uses the first integrity protection key to verify the direct communication request. Integrity, after passing the verification, the UE-to-UE Relay adds the relevant information of the UE-to-UE Relay and the identification of the UE-to-UE Relay in the direct communication request, and the UE-to-UE Relay uses the first encryption The key encrypts the direct communication request and uses the first integrity protection key to protect the integrity of the direct communication request; among which, the relevant information of the UE-to-UE Relay includes one of the following: the identity information of the UE-to-UE Relay, the UE Random number generated by -to-UE Relay, counter generated by UE-to-UE Relay.
  • S6-4a.UE2 is interested in the announced application. If there is no per-hop link between UE2 and UE-to-UE Relay, UE2 will trigger the UE-to-UE Relay to establish a per-hop link. UE2 sends a link establishment process message for each hop.
  • the source address is the UE2 L2 ID and the destination address is the relay's L2 ID.
  • UE-2 and UE-to-UE relay successfully establish a per hop link, the establishment of end-to-end security between UE2 and UE1 will be further triggered.
  • UE2 may derive the first encryption key and the first integrity protection key based on the symmetric key of the terminal that is registered and authorized to use UE-to-UE relay communication, decrypt the received direct communication request, and verify the direct communication request of integrity.
  • UE2 After successful verification, UE2 generates a pair of temporary public and private keys, namely the second temporary public key (Ephemeral public key2) and the second temporary private key (Ephemeral private key2), and uses the second temporary private key, the first temporary public key and the UE -To-UE relay related information, calculate the shared key K D and MSB of K D ID with UE1. If the direct communication request contains the security policy and security algorithm, then UE2 negotiates the security policy and security algorithm, and then generates the second random number (Nonce_2), and uses the subordinate key derived from K D (i.e. the second encryption key ( K D-enc ) and the second integrity protection key (K D-int )).
  • K D the second encryption key
  • K D-int the second integrity protection key
  • UE2 sends a security mode command to UE1 through UE-to-UE relay.
  • the security mode command is encrypted by the first encryption key.
  • the security mode command is integrity protected by the first integrity protection key.
  • the security mode command is encrypted by the first encryption key. The following parameters are included in the mode command:
  • the security algorithm selected by UE2 (chosen_algs);
  • the security policy chosen by UE2 (chosen_security policy);
  • the second temporary public key (Ephemeral private key2) generated by UE2;
  • a first message verification code wherein the first message verification code is generated based on the second integrity protection key (K D-int ), and the input parameters of the first message verification code include at least one of the following: the security selected by UE2 Algorithm, security policy selected by UE2, second temporary public key, second random number, MSB of K D ID.
  • the UE-to-UE relay can use the first encryption key to decrypt the security mode command to obtain information related to QoS and charging. Further, the UE-to-UE relay sends the security mode command to UE1. Optionally, if the security mode command does not include UE-to-UE relay related information, UE-to-UE relay can add UE-to-UE relay related information to the security mode command forwarded to UE1.
  • UE1 first uses the first encryption key to decrypt the security mode command, uses the first integrity protection key to determine the integrity of the security mode command, and after successful verification, further determines the security capability information of UE1 and the security policy information of UE1. Whether it has been tampered with. If not, then the second encryption key (K D-enc ) and the second integrity protection key (K D-int ) are calculated in the same way as UE2, and then UE1 verifies the first message verification code. Is it valid? If valid, UE1 is prepared to use the new security environment to protect subsequent communications.
  • UE1 generates the LSB of K D ID, combines the LSB of K D ID with the received MSB of K D ID to obtain the K D ID, and saves the K D ID, which is subsequently used to identify K D .
  • UE1 sends a security-protected security mode completion message to UE2 through the UE-to-UE relay.
  • the security mode completion message can use the derived lower-level integrity protection key (i.e., the second integrity The protection key (K D-int )) performs integrity protection, and the derived lower-level encryption key (i.e., the second encryption key (K D-enc )) performs encryption protection.
  • UE1 communicates with UE2 according to the security algorithm selected by UE2, the second integrity protection key (K D-int ) and/or the second encryption key (K D-enc ), and the security policy selected by UE2.
  • UE2 communicates with UE1 according to the security algorithm selected by UE2, the second integrity protection key (K D-int ) and/or the second encryption key (K D-enc ), and the security policy selected by UE2.
  • Figure 23 shows a schematic block diagram of a terminal device 1100 according to an embodiment of the present application.
  • the terminal device 1100 is a first terminal device.
  • the terminal device 1100 includes:
  • Communication unit 1110 configured to receive an authentication request message sent by the second terminal device through the relay device;
  • the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, the first temporary public key generated by the second terminal device, Signature, the signature of the relay device, and relevant information of the relay device;
  • the information of the user to which the second terminal device belongs includes the identification of the second terminal device, the public verification token PVT of the second terminal device and the public authentication key KPAK of the key management server;
  • the information includes the identification of the relay device and the PVT and KPAK of the relay device;
  • the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key.
  • the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; the first temporary public key and the relevant information of the relay device are used for the The first terminal device derives the first key; the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.
  • the signature of the second terminal device is generated by the secret signature key of the second terminal device, and/or the signature of the relay device is generated by the secret signature key of the relay device.
  • the terminal device 1100 further includes: a processing unit 1120;
  • the KPAK of the second terminal device and the KPAK of the relay device are valid, and the signature verification of the second terminal device based on the identity of the second terminal device and the PVT of the second terminal device is successful, and based on the relay If the identification of the device and the PVT of the relay device successfully verify the signature of the relay device, the processing unit 1120 is configured to generate a second temporary private key, and the processing unit 1120 is configured to generate a second temporary public key based on the first temporary public key. , the relevant information of the relay device and the second temporary private key to derive the first key.
  • the communication unit 1110 is also used to send the first message to the second terminal device through the relay device;
  • the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, a third message generated by the first terminal device.
  • security capability information of the first terminal device security policy information of the first terminal device
  • information of the user to which the first terminal device belongs a third message generated by the first terminal device.
  • a random number a second temporary public key generated by the first terminal device paired with the second temporary private key, M bits of the identification of the first key generated by the first terminal device, the first terminal Device signature, first message verification code;
  • the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device;
  • the input parameters of the signature of the first terminal device include at least one of the following: the first terminal Information about the user to whom the device belongs, the second temporary public key, the M bits, and the signature of the second terminal device;
  • the first message is integrity protected by the first message verification code generated based on the first key
  • the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device;
  • the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the third key generated by the second terminal device.
  • Two random numbers are used to derive a second key.
  • the second key is used to derive an integrity protection key and/or a confidentiality protection key.
  • the identity of the first key is composed of the M bits and the first The other N bits of the key's identifier are combined, and M and N are both positive integers.
  • the communication unit 1110 is also used to receive the second message sent by the second terminal device through the relay device;
  • the second message includes at least one of the following: the second random number generated by the second terminal device, N bits of the identification of the first key generated by the second terminal device, x bits of the identifier of the generated second key, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second message verification code;
  • the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the third integrity protection key generated based on the second key.
  • the second message verification code performs integrity protection, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, and the second terminal device selected Security algorithm, the security policy selected by the second terminal device; wherein, the identity of the second key is obtained by combining the x bits and the other y bits of the identity of the second key, x and y are both Positive integer.
  • the second message is encrypted with the first key.
  • the processing unit 1120 is further configured to generate the first random number based on at least the first random number, the first key and the second random number. a second key, the processing unit 1120 is further configured to generate an integrity protection key and/or a confidentiality protection key according to the second key, and the processing unit 1120 is further configured to combine the M bits and the N
  • the processing unit 1120 is also used to generate y bits of the identifier of the second key, and combine the x bits and the y bits to obtain the identifier of the first key.
  • the identification of the second key is also used to generate y bits of the identifier of the second key, and combine the x bits and the y bits to obtain the identifier of the first key.
  • the processing unit 1120 is also configured to generate an integrity protection key based on the second key and/or the security algorithm selected by the second terminal device and the second key. Or the confidentiality protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.
  • the processing unit 1120 is also configured to decrypt the second message according to the first key
  • the processing unit 1120 is also configured to generate the second key based on at least the first random number, the first key and the second random number.
  • the processing unit 1120 is further configured to generate an integrity protection key and/or a confidentiality protection key according to the second key, and the processing unit 1120 is further configured to combine the M bits and the N bits to obtain the
  • the processing unit 1120 is also used to generate y bits of the identifier of the second key, and combine the x bits and the y bits to obtain the identifier of the second key. ;
  • the processing unit 1120 is also configured to generate an integrity protection key based on the second key and/or the security algorithm selected by the second terminal device and the second key. Or the confidentiality protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.
  • the input parameters of the integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, and the integrity protection algorithm identifier.
  • the length of the integrity protection algorithm identifier; and/or, the input parameters of the confidentiality protection key include at least one of the following: the second key, the selected algorithm type identifier, the selected algorithm type identifier Length, confidentiality protection algorithm identifier, length of the confidentiality protection algorithm identifier.
  • the first message is an authentication response message
  • the second message is a safe mode command message
  • the first message is a safe mode command message
  • the second message is a safe mode response message
  • the communication unit 1110 is also used to send a third message to the second terminal device through the relay device;
  • the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the y bits of the identification of the second key, Third message verification code;
  • the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;
  • the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the third message verification code generated based on the integrity protection key derived based on the second key.
  • the three-message verification code performs integrity protection, and the input parameters of the third message verification code include the y bits.
  • the communication unit 1110 is also configured to receive an error message sent by the second terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein , the reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the third The security algorithm negotiation between the second terminal device and the first terminal device fails; the input parameters of the fourth message verification code include at least one of the following: the reason information;
  • the processing unit 1120 is also configured to determine that the security mode establishment fails, and/or, the processing unit 1120 is also configured to reinitiate the security mode establishment process.
  • the integrity protection key includes an integrity protection key for the control plane and an integrity protection key for the user plane; and/or the confidentiality protection key includes a confidentiality protection key for the control plane. and user plane confidentiality protecting keys.
  • the above-mentioned communication unit may be a communication interface or transceiver, or an input/output interface of a communication chip or a system on a chip.
  • the above-mentioned processing unit may be one or more processors.
  • terminal device 1100 may correspond to the first terminal device in the method embodiment of the present application, and the above and other operations and/or functions of each unit in the terminal device 1100 are respectively to implement the functions shown in Figure 7
  • the corresponding process of the first terminal device in the method 200 is shown, and for the sake of simplicity, it will not be described again here.
  • Figure 24 shows a schematic block diagram of a terminal device 1200 according to an embodiment of the present application.
  • the terminal device 1200 is a second terminal device.
  • the terminal device 1200 includes:
  • Communication unit 1210 configured to send an authentication request message to the first terminal device through the relay device;
  • the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first temporary public key generated by the second terminal device, the signature of the second terminal device, and relevant information about the relay device. ;
  • the information of the user to which the second terminal device belongs includes the identification of the second terminal device, the public verification token PVT of the second terminal device and the public authentication key KPAK of the key management server; the signature of the second terminal device
  • the input parameters include at least one of the following: the information of the user to which the second terminal device belongs and the first temporary public key; the first temporary public key and the relevant information of the relay device are used for the first terminal device to derive the first Key; the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.
  • the signature of the second terminal device is generated by the secret signature key of the second terminal device.
  • the communication unit 1210 is also configured to receive the first message sent by the first terminal device through the relay device;
  • the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, and information of the user to which the relay device belongs. , the first random number generated by the first terminal device, the second temporary public key paired with the second temporary private key generated by the first terminal device, the identification of the first key generated by the first terminal device M bits, the signature of the first terminal device, the signature of the relay device, and the first message verification code;
  • the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the PVT and KPAK of the first terminal device;
  • the information of the user to which the relay device belongs includes the identification of the relay device and the relay device.
  • the input parameters of the first terminal device's signature include at least one of the following: the information of the user to which the first terminal device belongs, the second temporary public key, the M bits, the second terminal device's Signature;
  • the input parameters of the relay device's signature include at least one of the following: information about the user to which the relay device belongs, the signature of the first terminal device, the signature of the second terminal device, and the first message;
  • the first message is integrity protected by the first message verification code generated based on the first key
  • the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device;
  • the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the third key generated by the second terminal device.
  • Two random numbers are used to derive a second key.
  • the second key is used to derive an integrity protection key and/or a confidentiality protection key.
  • the identity of the first key is composed of the M bits and the first The other N bits of the key's identifier are combined, and M and N are both positive integers.
  • the signature of the first terminal device is generated by the secret signature key of the first terminal device, and/or the signature of the relay device is generated by the secret signature key of the relay device.
  • the terminal device 1200 further includes: a processing unit 1220;
  • the processing unit 1220 is configured to check the KPAK of the first terminal device and the KPAK of the relay device respectively. If the KPAK of the first terminal device and the KPAK of the relay device are valid, and the processing unit 1220 is configured to Verify the signature of the first terminal device based on the identity of the first terminal device and the PVT of the first terminal device, and the processing unit 1220 is configured to verify the signature of the first terminal device based on the identity of the relay device and the PVT of the relay device. The signature of the relay device is verified;
  • the processing unit 1220 is configured to generate a second random number.
  • the processing unit 1220 is configured to generate an integrity protection key and/or a secret based on at least the first random number, the first key and the second random number.
  • sexually protected key and the processing unit 1220 is used to generate N bits of the identification of the first key, and combine the M bits and the N bits to obtain the identification of the first key;
  • the communication unit 1210 is also configured to send a second message to the first terminal device through the relay device; wherein the second message includes at least one of the following: the second The random number, the N bits, the x bits of the identifier of the second key generated by the second terminal device, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the Two message verification code;
  • the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the third integrity protection key generated based on the second key.
  • the second message verification code performs integrity protection, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, and the second terminal device selected Security algorithm, the security policy selected by the second terminal device; wherein, the identity of the second key is obtained by combining the x bits and the other y bits of the identity of the second key, x and y are both Positive integer.
  • the second message is encrypted with the first key.
  • the first message is an authentication response message
  • the second message is a safe mode command message
  • the first message is a safe mode command message
  • the second message is a safe mode response message
  • the input parameters of the integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, and the integrity protection algorithm identifier.
  • the length of the integrity protection algorithm identifier; and/or, the input parameters of the confidentiality protection key include at least one of the following: the second key, the selected algorithm type identifier, the selected algorithm type identifier Length, confidentiality protection algorithm identifier, length of the confidentiality protection algorithm identifier.
  • the communication unit 1210 is also configured to receive a third message sent by the first terminal device through the relay device;
  • the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the identification of the second key generated by the first terminal device y bits, the third message verification code;
  • the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;
  • the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the third message verification code generated based on the integrity protection key derived based on the second key.
  • the three-message verification code performs integrity protection, and the input parameters of the third message verification code include the y bits.
  • the processing unit 1220 is configured to decrypt the third message through the target key
  • the second terminal device When the information carried in the third message has not been tampered with and the third message verification code is valid, the second terminal device combines the x bits and the y bits to obtain the second The identity of the key.
  • the communication unit 1210 is also configured to send an error message to the first terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein, The reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the second terminal device
  • the integrity protection key includes an integrity protection key for the control plane and an integrity protection key for the user plane; and/or the confidentiality protection key includes a confidentiality protection key for the control plane. and user plane confidentiality protecting keys.
  • the above-mentioned communication unit may be a communication interface or transceiver, or an input/output interface of a communication chip or a system on a chip.
  • the above-mentioned processing unit may be one or more processors.
  • terminal device 1200 may correspond to the second terminal device in the method embodiment of the present application, and the above and other operations and/or functions of each unit in the terminal device 1200 are respectively to implement the functions shown in Figure 9
  • the corresponding process of the second terminal device in method 300 is shown, and for the sake of simplicity, it will not be described again here.
  • Figure 25 shows a schematic block diagram of a terminal device 1300 according to an embodiment of the present application.
  • the terminal device 1300 is a relay device. As shown in Figure 25, the terminal device 1300 includes:
  • the communication unit 1310 is configured to receive an authentication request message sent by the second terminal device; wherein the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, the first temporary public address generated by the second terminal device. key, the signature of the second terminal device; wherein the information of the user to which the second terminal device belongs includes the identification of the second terminal device, the public verification token PVT of the second terminal device and the public authentication password of the key management server. Key KPAK; the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key;
  • the communication unit 1310 is also used to send a message to the second terminal device.
  • the first terminal device sends an authentication request message after verification; wherein the authentication request message after verification includes at least one of the following: information about the user to whom the second terminal device belongs, information about the user to whom the relay device belongs, the first temporary The public key, the signature of the second terminal device, the signature of the relay device, and the relevant information of the relay device; wherein the information of the user to which the relay device belongs includes the identification of the relay device and the PVT of the relay device.
  • the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; wherein the first temporary public key and the information related to the relay device The information is used by the first terminal device to derive the first key; the relevant information of the relay device includes one of the following: the identity information of the relay device, the random number generated by the relay device, and the counter generated by the relay device.
  • the signature of the second terminal device is generated by the secret signature key of the second terminal device, and/or the signature of the relay device is generated by the secret signature key of the relay device.
  • the communication unit 1310 is also configured to receive a first message sent by the first terminal device; wherein the first message includes at least one of the following: security capability information of the first terminal device, the first The security policy information of the terminal device, the information of the user to which the first terminal device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, the M bits of the identification of the first key, the signature of the first terminal device, and the first message verification code; wherein the information of the user to which the first terminal device belongs includes the identification of the first terminal device and the first terminal The PVT and KPAK of the device; the input parameters of the signature of the first terminal device include at least one of the following: the information of the user to which the first terminal device belongs, the second temporary public key, the M bits, the second terminal device signature; wherein the first message is integrity protected by the first message verification code generated based on the first key, and the input parameters of the first message verification code include at least one of the following: the first terminal device The security capability information,
  • the communication unit 1310 is also used to send a message to the first terminal device.
  • the second terminal device sends the first message after verification; wherein the first message after verification includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, Information about the user to whom the terminal device belongs, information about the user to whom the relay device belongs, the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device and paired with the second temporary private key, M bits of the identification of the first key generated by the first terminal device, the signature of the first terminal device, the signature of the relay device, and the first message verification code; wherein, the user to whom the relay device belongs
  • the information includes the identification of the relay device and the PVT and KPAK of the relay device; the input parameters of the signature of the relay device include at least one of the following: the information of the user
  • the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the third key generated by the second terminal device.
  • Two random numbers are used to derive a second key.
  • the second key is used to derive an integrity protection key and/or a confidentiality protection key.
  • the identity of the first key is composed of the M bits and the first The other N bits of the key's identifier are combined, and M and N are both positive integers.
  • the communication unit 1310 is also used to forward the second message sent by the second terminal device to the first terminal device;
  • the second message includes at least one of the following: the second random number generated by the second terminal device, N bits of the identification of the first key generated by the second terminal device, x bits of the identifier of the generated second key, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second message verification code;
  • the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the third integrity protection key generated based on the second key.
  • the second message verification code performs integrity protection, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, and the second terminal device selected Security algorithm, the security policy selected by the second terminal device; wherein, the identity of the second key is obtained by combining the x bits and the other y bits of the identity of the second key, x and y are both Positive integer.
  • the second message is encrypted with the first key, or the second message is not encrypted with the first key.
  • the first message is an authentication response message
  • the second message is a safe mode command message
  • the first message is a safe mode command message
  • the second message is a safe mode response message
  • the communication unit 1310 is also used to forward the third message sent by the first terminal device to the second terminal device;
  • the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the identification of the second key generated by the first terminal device y bits, the third message verification code;
  • the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;
  • the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the third message verification code generated based on the integrity protection key derived based on the second key.
  • the three-message verification code performs integrity protection, and the input parameters of the third message verification code include the y bits.
  • the communication unit 1310 is also used to forward the error message sent by the second terminal device to the first terminal device; wherein the error message includes at least one of the following: cause information, fourth message verification code ; Wherein, the reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate The security algorithm negotiation between the second terminal device and the first terminal device fails; the input parameters of the fourth message verification code include at least one of the following: the reason information.
  • the integrity protection key includes an integrity protection key for the control plane and an integrity protection key for the user plane; and/or the confidentiality protection key includes a confidentiality protection key for the control plane. and user plane confidentiality protecting keys.
  • the above-mentioned communication unit may be a communication interface or transceiver, or an input/output interface of a communication chip or a system on a chip.
  • terminal device 1300 may correspond to the relay device in the method embodiment of the present application, and the above and other operations and/or functions of each unit in the terminal device 1300 are respectively intended to implement what is shown in Figure 10
  • the corresponding process of the relay device in method 400 will not be described again for the sake of simplicity.
  • Figure 26 shows a schematic block diagram of a terminal device 1400 according to an embodiment of the present application.
  • the terminal device 1400 is a first terminal device.
  • the terminal device 1400 includes:
  • Communication unit 1410 configured to send the first message to the second terminal device through the relay device
  • the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, a third message generated by the first terminal device.
  • security capability information of the first terminal device security policy information of the first terminal device
  • information of the user to which the first terminal device belongs a third message generated by the first terminal device.
  • the information of the user to which the first terminal device belongs includes the identification of the first terminal device, the public verification token PVT of the first terminal device and the public authentication key KPAK of the key management server; the signature of the first terminal device
  • the input parameters include at least one of the following: information about the user to which the first terminal device belongs, the second temporary public key, the M bits, and the signature of the second terminal device;
  • the first message is integrity protected by the first message verification code generated based on the first key
  • the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device;
  • the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the third key generated by the second terminal device.
  • Two random numbers are used to derive a second key.
  • the second key is used to derive an integrity protection key and/or a confidentiality protection key.
  • the identity of the first key is composed of the M bits and the first The other N bits of the key's identification are combined, and M and N are both positive integers;
  • the relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.
  • the communication unit 1410 is also used to receive the second message sent by the second terminal device through the relay device;
  • the second message includes at least one of the following: the second random number generated by the second terminal device, N bits of the identification of the first key generated by the second terminal device, x bits of the identifier of the generated second key, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, and the second message verification code;
  • the second message is integrity protected through the second message verification code generated based on the second key, or the second message is integrity protected through the third integrity protection key generated based on the second key.
  • the second message verification code performs integrity protection, and the input parameters of the second message verification code include at least one of the following: the second random number, the N bits, the x bits, and the second terminal device selected Security algorithm, the security policy selected by the second terminal device; wherein, the identity of the second key is obtained by combining the x bits and the other y bits of the identity of the second key, x and y are both Positive integer.
  • the second message is encrypted with the first key, or the second message is not encrypted with the first key.
  • the terminal device 1400 further includes: a processing unit 1420;
  • the processing unit 1420 is configured to generate the second key based on at least the first random number, the first key and the second random number.
  • the unit 1420 is further configured to generate an integrity protection key and/or a confidentiality protection key according to the second key, and the processing unit 1420 is further configured to combine the M bits and the N bits to obtain the first An identifier of a key, the processing unit 1420 is also used to generate y bits of the identifier of the second key, and combine the x bits and the y bits to obtain the identifier of the second key;
  • the processing unit 1420 is also configured to generate an integrity protection key based on the second key and/or the security algorithm selected by the second terminal device and the second key. Or the confidentiality protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.
  • the processing unit 1420 is also configured to decrypt the second message according to the first key
  • the processing unit 1420 is also configured to generate the second key based on at least the first random number, the first key and the second random number.
  • the processing unit 1420 is further configured to generate an integrity protection key and/or a confidentiality protection key according to the second key, and the processing unit 1420 is further configured to combine the M bits and the N bits to obtain the
  • the processing unit 1420 is also used to generate y bits of the identity of the second key, and combine the x bits and the y bits to obtain the identity of the second key. ;
  • the processing unit 1420 is also configured to generate an integrity protection key based on the second key and/or the security algorithm selected by the second terminal device and the second key. Or the confidentiality protection key and the security policy selected by the second terminal device are used to communicate with the second terminal device.
  • the input parameters of the integrity protection key include at least one of the following: the second key, the selected algorithm type identifier, the length of the selected algorithm type identifier, and the integrity protection algorithm identifier.
  • the length of the integrity protection algorithm identifier; and/or, the input parameters of the confidentiality protection key include at least one of the following: the second key, the selected algorithm type identifier, the selected algorithm type identifier Length, confidentiality protection algorithm identifier, length of the confidentiality protection algorithm identifier.
  • the first message is an authentication response message
  • the second message is a safe mode command message
  • the first message is a safe mode command message
  • the second message is a safe mode response message
  • the communication unit 1410 is also used to send a third message to the second terminal device through the relay device;
  • the third message is used to indicate that the security mode establishment is completed, the third message is encrypted by the target key, and the third message includes at least one of the following: the y bits of the identification of the second key, Third message verification code;
  • the target key includes one of the following: the first key, the second key, and a confidentiality protected key derived from the second key;
  • the third message is integrity protected through the third message verification code generated based on the second key, or the third message is integrity protected through the third message verification code generated based on the integrity protection key derived based on the second key.
  • the three-message verification code performs integrity protection, and the input parameters of the third message verification code include the y bits.
  • the communication unit 1410 is also used to receive an error message sent by the second terminal device through the relay device; wherein the error message includes at least one of the following: cause information, a fourth message verification code; wherein , the reason information is used to indicate that the security policy of the second terminal device conflicts with the first terminal device, or the reason information is used to indicate that the first message verification code verification fails, or the reason information is used to indicate that the third
  • the security algorithm negotiation between the second terminal device and the first terminal device fails, and the input parameters of the fourth message verification code include at least one of the following: the reason information;
  • the processing unit 1420 is also configured to determine that the security mode establishment fails, and/or, the processing unit 1420 is also configured to reinitiate the security mode establishment process.
  • the integrity protection key includes an integrity protection key for the control plane and an integrity protection key for the user plane; and/or the confidentiality protection key includes a confidentiality protection key for the control plane. and user plane confidentiality protecting keys.
  • the communication unit 1410 is also configured to receive an authentication request message sent by the second terminal device through the relay device;
  • the authentication request message includes at least one of the following: information about the user to which the second terminal device belongs, information about the user to which the relay device belongs, the first temporary public key generated by the second terminal device, Signature, the signature of the relay device, and relevant information of the relay device;
  • the information of the user to which the second terminal device belongs includes the identification of the second terminal device, the public verification token PVT of the second terminal device and the public authentication key KPAK of the key management server;
  • the information includes the identification of the relay device and the PVT and KPAK of the relay device;
  • the input parameters of the signature of the second terminal device include at least one of the following: information of the user to which the second terminal device belongs and the first temporary public key.
  • the input parameters of the relay device's signature include at least one of the following: the signature of the second terminal device and the information of the user to which the relay device belongs; the first temporary public key and the relevant information of the relay device are used for the The first terminal device derives the first key.
  • the signature of the second terminal device is generated by the secret signature key of the second terminal device, and/or the signature of the relay device is generated by the secret signature key of the relay device.
  • the KPAK of the second terminal device and the KPAK of the relay device are valid, and the signature verification of the second terminal device based on the identity of the second terminal device and the PVT of the second terminal device is successful.
  • the processing unit 1420 is also configured to generate a second temporary private key paired with the second temporary public key. key, and the processing unit 1420 is also configured to derive the first key according to the first temporary public key, the relevant information of the relay device, and the second temporary private key.
  • the above-mentioned communication unit may be a communication interface or transceiver, or an input/output interface of a communication chip or a system on a chip.
  • the above-mentioned processing unit may be one or more processors.
  • terminal device 1400 may correspond to the first terminal device in the method embodiment of the present application, and the above and other operations and/or functions of each unit in the terminal device 1400 are respectively to implement the functions shown in Figure 11
  • the corresponding process of the first terminal device in method 500 is shown, and for the sake of simplicity, it will not be described again here.
  • Figure 27 shows a schematic block diagram of a terminal device 1500 according to an embodiment of the present application.
  • the terminal device 1500 is a second terminal device.
  • the terminal device 1500 includes:
  • Communication unit 1510 configured to receive the first message sent by the first terminal device through the relay device
  • the first message includes at least one of the following: security capability information of the first terminal device, security policy information of the first terminal device, information of the user to which the first terminal device belongs, and information of the user to which the relay device belongs. , the first random number generated by the first terminal device, the second temporary public key generated by the first terminal device, the M bits of the identification of the first key generated by the first terminal device, the first terminal device signature, the signature of the relay device, and the first message verification code;
  • the information of the user to which the first terminal device belongs includes the identification of the first terminal device, the public verification token PVT of the first terminal device and the public authentication key KPAK of the key management server;
  • the information includes the identification of the relay device and the PVT and KPAK of the relay device;
  • the input parameters of the signature of the first terminal device include at least one of the following: information of the user to which the first terminal device belongs, the second temporary public key , the M bits, the signature of the second terminal device;
  • the input parameters of the relay device's signature include at least one of the following: information about the user to which the relay device belongs, the signature of the first terminal device, the second The signature of the terminal device, the first message;
  • the first message is integrity protected by the first message verification code generated based on the first key
  • the input parameters of the first message verification code include at least one of the following: the security capability of the first terminal device Information, the security policy information of the first terminal device, the information of the user to which the first terminal device belongs, the first random number, the second temporary public key, the M bits, and the signature of the first terminal device;
  • the second temporary public key and the relevant information of the relay device are used by the second terminal device to derive the first key, the first random number, the first key and the third key generated by the second terminal device.
  • Two random numbers are used to derive a second key.
  • the second key is used to derive an integrity protection key and/or a confidentiality protection key.
  • the identity of the first key is composed of the M bits and the first The other N bits of the key's identification are combined, and M and N are both positive integers;
  • the relevant information of the relay device includes one of the following: identity information of the relay device, a random number generated by the relay device, and a counter generated by the relay device.
  • the signature of the first terminal device is generated by the secret signature key of the first terminal device, and/or the signature of the relay device is generated by the secret signature key of the relay device.
  • the terminal device 1500 further includes: a processing unit 1520;
  • the processing unit 1520 is configured to check the KPAK of the first terminal device and the KPAK of the relay device respectively. When the KPAK of the first terminal device and the KPAK of the relay device are valid, the processing unit 1520 also uses Verifying the signature of the first terminal device based on the identity of the first terminal device and the PVT of the first terminal device, and the processing unit 1520 is also configured to verify the signature of the first terminal device based on the identity of the relay device and the PVT of the relay device. Verify the signature of the relay device;
  • the processing unit 1520 is also configured to generate a second random number. 1520 is also configured to generate the second key based on at least the first random number, the first key and the second random number. The processing unit 1520 is also configured to generate an integrity protection key based on the second key. /or confidentiality protection key, and the processing unit 1520 is also used to generate N bits of the identification of the first key, and combine the M bits and the N bits to obtain the first key logo;
  • the communication unit 1510 is also configured to send a second message to the first terminal device through the relay device; wherein the second message includes at least one of the following: the second The random number, the N bits, the x bits of the identifier of the second key generated by the second terminal device, the security algorithm selected by the second terminal device, the security policy selected by the second terminal device, the Two message verification code;

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Les modes de réalisation de la présente demande concernent un procédé de communication par relais, et un dispositif. La sécurité d'identité d'un équipement utilisateur et la confidentialité et l'intégrité de données de communication peuvent être garanties, de sorte que la confidentialité et l'intégrité de transmission de données entre deux parties soient assurées, et l'écoute clandestine d'autres dispositifs et même d'un dispositif de relais est empêchée.
PCT/CN2022/091125 2022-05-06 2022-05-06 Procédé de communication par relais, et dispositif WO2023212903A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202280084321.7A CN118402207A (zh) 2022-05-06 2022-05-06 中继通信的方法及设备
PCT/CN2022/091125 WO2023212903A1 (fr) 2022-05-06 2022-05-06 Procédé de communication par relais, et dispositif

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2022/091125 WO2023212903A1 (fr) 2022-05-06 2022-05-06 Procédé de communication par relais, et dispositif

Publications (1)

Publication Number Publication Date
WO2023212903A1 true WO2023212903A1 (fr) 2023-11-09

Family

ID=88646117

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/091125 WO2023212903A1 (fr) 2022-05-06 2022-05-06 Procédé de communication par relais, et dispositif

Country Status (2)

Country Link
CN (1) CN118402207A (fr)
WO (1) WO2023212903A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160269185A1 (en) * 2015-03-13 2016-09-15 Intel IP Corporation Systems, methods, and devices for secure device-to-device discovery and communication
CN110192381A (zh) * 2017-09-15 2019-08-30 华为技术有限公司 密钥的传输方法及设备
US20220109996A1 (en) * 2020-10-01 2022-04-07 Qualcomm Incorporated Secure communication link establishment for a ue-to-ue relay
WO2022079572A1 (fr) * 2020-10-12 2022-04-21 Telefonaktiebolaget Lm Ericsson (Publ) Ue relais et autorisation d'ue distant

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160269185A1 (en) * 2015-03-13 2016-09-15 Intel IP Corporation Systems, methods, and devices for secure device-to-device discovery and communication
CN110192381A (zh) * 2017-09-15 2019-08-30 华为技术有限公司 密钥的传输方法及设备
US20220109996A1 (en) * 2020-10-01 2022-04-07 Qualcomm Incorporated Secure communication link establishment for a ue-to-ue relay
WO2022079572A1 (fr) * 2020-10-12 2022-04-21 Telefonaktiebolaget Lm Ericsson (Publ) Ue relais et autorisation d'ue distant

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on Security issues to support Proximity Services (ProSe) (Release 13)", 3GPP DRAFT; S3-152079_TR33.833V1_5_0_CL, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, 28 August 2015 (2015-08-28), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051036037 *

Also Published As

Publication number Publication date
CN118402207A (zh) 2024-07-26

Similar Documents

Publication Publication Date Title
US10631162B2 (en) Method and apparatus to perform device to device communication in wireless communication network
US8612752B2 (en) Communicating a packet from a mesh-enabled access point to a mesh portal in a multi-hop mesh network
AU2011201655B2 (en) Security Authentication and Key Management Within an Infrastructure-Based Wireless Multi-Hop Network
US9775028B2 (en) Method and related device for generating group key
US7817986B2 (en) Method and system for providing cellular assisted secure communications of a plurality of ad hoc devices
US8812833B2 (en) Wireless multiband security
EP2903322B1 (fr) Procédé et appareil de gestion de sécurité pour communication de groupe dans un système de communication mobile
US11109206B2 (en) Security method and system for supporting discovery and communication between proximity based service terminals in mobile communication system environment
US20150127949A1 (en) System and method for integrated mesh authentication and association
KR20230054421A (ko) 셀룰러 슬라이싱된 네트워크들에서의 중계기 선택의 프라이버시
JP2016518075A (ja) ピアツーピア通信およびグループ通信のセキュリティ保護
WO2023283789A1 (fr) Procédé et appareil de communication sécurisée, dispositif terminal et périphérique de réseau
JP2008547257A (ja) アドホックネットワーク内でデータを安全に伝送するための方法および装置
US20240129746A1 (en) A method for operating a cellular network
WO2022027476A1 (fr) Procédé de gestion de clés et appareil de communication
WO2023212903A1 (fr) Procédé de communication par relais, et dispositif
WO2023212904A1 (fr) Procédé et dispositif de communication par relais
WO2017009714A1 (fr) Établissement d'un abonnement temporaire avec un réseau e-utran isolé
WO2024060149A1 (fr) Procédés de vérification de clé, procédé d'acquisition de clé et dispositifs
WO2023141914A1 (fr) Procédé et dispositif de protection d'informations
WO2024099230A1 (fr) Procédé de communication de sécurité en diffusion, et appareil
WO2023143022A1 (fr) Procédé et appareil de traitement de données dans un processus d'accès aléatoire
US20240146702A1 (en) Traffic management with asymmetric traffic encryption in 5g networks
CN116918300A (zh) 用于操作蜂窝网络的方法
CN116582825A (zh) Sidelink通信广播方法、装置及电子设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22940597

Country of ref document: EP

Kind code of ref document: A1