WO2024082143A1 - Procédé, appareil, et dispositif de vérification de rôle de service de dispositif, et support de stockage - Google Patents

Procédé, appareil, et dispositif de vérification de rôle de service de dispositif, et support de stockage Download PDF

Info

Publication number
WO2024082143A1
WO2024082143A1 PCT/CN2022/125974 CN2022125974W WO2024082143A1 WO 2024082143 A1 WO2024082143 A1 WO 2024082143A1 CN 2022125974 W CN2022125974 W CN 2022125974W WO 2024082143 A1 WO2024082143 A1 WO 2024082143A1
Authority
WO
WIPO (PCT)
Prior art keywords
authorization token
service
key
discovery
network device
Prior art date
Application number
PCT/CN2022/125974
Other languages
English (en)
Chinese (zh)
Inventor
陆伟
商正仪
Original Assignee
北京小米移动软件有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京小米移动软件有限公司 filed Critical 北京小米移动软件有限公司
Priority to PCT/CN2022/125974 priority Critical patent/WO2024082143A1/fr
Publication of WO2024082143A1 publication Critical patent/WO2024082143A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L27/00Modulated-carrier systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/06Message adaptation to terminal or network requirements

Definitions

  • the present disclosure relates to the field of communication technology, and in particular to a method/device/equipment for verifying a device business role and a storage medium.
  • UE user equipment
  • the service roles of UE may include reference UE (such as sidelink reference UE (SL Reference UE)), target UE (Target UE), assistant UE (Assistant UE), located UE (Located UE), server UE (such as sidelink positioning server UE (SL Positioning Server UE)), client UE (such as sidelink positioning client UE (SL Positioning Client UE)), etc.
  • reference UE such as sidelink reference UE (SL Reference UE)
  • target UE target UE
  • assistant UE Assistant UE
  • located UE located Located UE
  • server UE such as sidelink positioning server UE (SL Positioning Server UE)
  • client UE such as sidelink positioning client UE (SL Positioning Client UE)
  • the device service role verification method/device/equipment and storage medium proposed in the present disclosure are used to verify the service role declared by the UE to ensure the accuracy of service execution and information security.
  • an embodiment of the present disclosure provides a method for verifying a service role of a device, the method being executed by a first user device, including:
  • the discovery response message includes an authorization token of the second UE
  • the first UE will send a discovery request message, and then the first UE will receive a discovery response message sent by the second UE, the discovery response message including the authorization token of the second UE; and, when the authorization token of the second UE is verified, the first UE will establish a connection with the second UE.
  • the present disclosure provides a specific method for verifying the business role of the UE based on the authorization token, and provides the specific information included in the authorization token and the specific details of the verification based on the authorization token.
  • the two UEs can exchange their respective authorization tokens, and use the method of the present disclosure to verify the business role declared by the UE based on the authorization token of the UE, thereby avoiding mutual deception between UEs, improving the accuracy of service execution, and improving information security.
  • an embodiment of the present disclosure provides a method for verifying a service role of a device, the method being executed by a second user device, including:
  • a discovery response message is sent to the first UE, and the discovery response message includes the authorization token of the second UE.
  • an embodiment of the present disclosure provides a communication device, which is configured in a first user equipment, including:
  • a transceiver module used for sending a discovery request message
  • the transceiver module is further configured to receive a discovery response message sent by the second UE, wherein the discovery response message includes an authorization token of the second UE;
  • the processing module is also used to establish a connection with the second UE after the authorization token of the second UE is verified.
  • an embodiment of the present disclosure provides a communication device, which is configured in a second user equipment, including:
  • a transceiver module configured to receive a discovery request message sent by a first UE, wherein the discovery request message includes an authorization token of the first UE;
  • the transceiver module is further used to send a discovery response message to the first UE after the authorization token of the first UE is verified, and the discovery response message includes the authorization token of the second UE.
  • an embodiment of the present disclosure provides a communication device, which includes a processor.
  • the processor calls a computer program in a memory, the method described in the first aspect or the second aspect is executed.
  • an embodiment of the present disclosure provides a communication device, which includes a processor and a memory, in which a computer program is stored; the processor executes the computer program stored in the memory so that the communication device executes the method described in the first aspect or the second aspect above.
  • an embodiment of the present disclosure provides a communication device, which includes a processor and an interface circuit, wherein the interface circuit is used to receive code instructions and transmit them to the processor, and the processor is used to run the code instructions to enable the device to execute the method described in the first or second aspect above.
  • an embodiment of the present disclosure provides a communication system, the system includes the communication device described in the third to fourth aspects, or the system includes the communication device described in the fifth aspect, or the system includes the communication device described in the sixth aspect, or the system includes the communication device described in the seventh aspect.
  • an embodiment of the present disclosure provides a computer-readable storage medium for storing instructions used by the above-mentioned network device, and when the instructions are executed, the terminal device executes the method described in the first or second aspect above.
  • the present disclosure further provides a computer program product comprising a computer program, which, when executed on a computer, enables the computer to execute the method described in the first aspect or the second aspect above.
  • the present disclosure provides a chip system, which includes at least one processor and an interface, for supporting a network device to implement the functions involved in the method described in the first aspect or the second aspect, for example, determining or processing at least one of the data and information involved in the above method.
  • the chip system also includes a memory, which is used to store computer programs and data necessary for the source auxiliary node.
  • the chip system can be composed of a chip, or it can include a chip and other discrete devices.
  • the present disclosure provides a computer program, which, when executed on a computer, enables the computer to execute the method described in the first or second aspect above.
  • FIG1 is a schematic diagram of the architecture of some communication systems provided by embodiments of the present disclosure.
  • FIG2 is a schematic diagram of a flow chart of a method for verifying a device service role according to another embodiment of the present disclosure
  • 3a-3c are schematic flow charts of a method for verifying a device service role according to another embodiment of the present disclosure.
  • 4a-4b are schematic structural diagrams of a communication device provided by another embodiment of the present disclosure.
  • FIG5 is a block diagram of a communication device provided by an embodiment of the present disclosure.
  • FIG6 is a schematic diagram of the structure of a chip provided by an embodiment of the present disclosure.
  • first, second, third, etc. may be used to describe various information in the disclosed embodiments, these information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as the second information, and similarly, the second information may also be referred to as the first information.
  • the words "if” and “if” as used herein may be interpreted as “at” or "when” or "in response to determination".
  • Sidelink positioning service also known as sidelink positioning service or ranging service, refers to determining the distance between two UEs and/or the direction from one UE to another UE through a direct communication connection.
  • Figure 1 is a schematic diagram of the architecture of a communication system provided by an embodiment of the present disclosure.
  • the communication system may include but is not limited to a network device and at least two UEs.
  • the number and form of devices shown in Figure 1 are only used for example and do not constitute a limitation on the embodiment of the present disclosure.
  • the application may include two or more network devices and more than two UEs.
  • the communication system shown in Figure 1 includes a network device 11, a first UE 12, and a second UE 13 as an example.
  • LTE long term evolution
  • 5G fifth generation
  • NR 5G new radio
  • the network device 11 in the embodiment of the present disclosure is an entity on the network side for transmitting or receiving signals.
  • the network device 11 may be an evolved NodeB (eNB), a transmission reception point (TRP), a Radio Remote Head (RRH), a next generation NodeB (gNB) in an NR system, a base station in other future mobile communication systems, or an access node in a wireless fidelity (WiFi) system.
  • eNB evolved NodeB
  • TRP transmission reception point
  • RRH Radio Remote Head
  • gNB next generation NodeB
  • the embodiment of the present disclosure does not limit the specific technology and specific device form adopted by the base station.
  • the base station provided in the embodiment of the present disclosure may be composed of a central unit (CU) and a distributed unit (DU), wherein the CU may also be referred to as a control unit.
  • CU central unit
  • DU distributed unit
  • the CU-DU structure may be used to split the base station, such as the protocol layer of the base station, and the functions of some protocol layers are placed in the CU for centralized control, and the functions of the remaining part or all of the protocol layers are distributed in the DU, and the DU is centrally controlled by the CU.
  • the first UE12 and the second UE13 in the embodiment of the present disclosure are both entities for receiving or transmitting signals on the user side, such as a mobile phone.
  • the terminal device may also be referred to as a terminal device (terminal), a user equipment (UE), a mobile station (MS), a mobile terminal device (MT), etc.
  • the terminal device may be a car with communication function, a smart car, a mobile phone (mobile phone), a wearable device, a tablet computer (Pad), a computer with wireless transceiver function, a virtual reality (VR) terminal device, an augmented reality (AR) terminal device, a wireless terminal device in industrial control (industrial control), a wireless terminal device in self-driving, a wireless terminal device in remote medical surgery, a wireless terminal device in smart grid (smart grid), a wireless terminal device in transportation safety (transportation safety), a wireless terminal device in a smart city (smart city), a wireless terminal device in a smart home (smart home), etc.
  • the embodiments of the present disclosure do not limit the specific technology and specific device form adopted by the terminal device.
  • the communication system described in the embodiment of the present disclosure is for the purpose of more clearly illustrating the technical solution of the embodiment of the present disclosure, and does not constitute a limitation on the technical solution provided by the embodiment of the present disclosure.
  • a person skilled in the art can know that with the evolution of the system architecture and the emergence of new business scenarios, the technical solution provided by the embodiment of the present disclosure is also applicable to similar technical problems.
  • FIG2 is a flow chart of a method for verifying a device service role provided by an embodiment of the present disclosure. The method is executed by a first UE. As shown in FIG2 , the method for verifying a device service role may include the following steps:
  • Step 201 Send a discovery request message.
  • the discovery request message may be, for example, a broadcast discovery message or a direct communication message.
  • the discovery request message may include service information (such as a service identifier and/or a service type, etc.) requested by the first UE to discover to the second UE, and/or a service role declared by the first UE.
  • service information such as a service identifier and/or a service type, etc.
  • the service role declared by the first UE can be understood as the service role that the first UE wants to play in the service it requests to discover.
  • the service role declared by the first UE may be any one or several of the service roles that the network device pre-authorizes for the first UE in the service it requests to discover, or may not be a service role that the network device pre-authorizes for the first UE.
  • the service role declared by the first UE is not a service role that the network device pre-authorizes for it
  • the second UE and the first UE perform the service an error may occur due to the mismatch of the service roles of the two UEs, thereby causing service interruption or low service execution efficiency.
  • the first UE is a malicious UE and deliberately declares a service role that is not authorized by the network device, that is, the first UE deceives the second UE, then for the second UE, the communication between the second UE and the malicious UE may bring communication security issues.
  • the discovery request message may also include an authorization token of the first UE, and the authorization token of the first UE is used for: the second UE verifies the business role of the first UE based on the authorization token of the first UE to verify whether the business role declared by the first UE is its authorized business role, and/or further verifies other information of the first UE to prevent the first UE from deceiving the second UE.
  • the service roles of UE may include, for example: reference UE (such as sidelink reference UE (SL Reference UE)), target UE (Target UE), assistant UE (Assistant UE), located UE (Located UE), UE as a server (such as UE as a sidelink positioning server (SL Positioning Server UE)), client UE (such as sidelink positioning client UE (SL Positioning Client UE)), etc.
  • reference UE such as sidelink reference UE (SL Reference UE)
  • target UE target UE
  • assistant UE Assistant UE
  • located UE located Located UE
  • UE UE as a server
  • client UE such as sidelink positioning client UE (SL Positioning Client UE)
  • client UE such as sidelink positioning client UE (SL Positioning Client UE)
  • the above-mentioned target UE may be a UE to be located or measured;
  • the above-mentioned positioning UE may be a UE to obtain the positioning position of the target UE;
  • the above-mentioned reference UE may be: a UE that can determine the positioning position or ranging distance of the target UE based on the position of the reference UE or the distance between the reference UE and the target UE;
  • the above-mentioned assistant UE may be: a UE used to assist in forwarding messages in ranging service or sidelink positioning service;
  • the above-mentioned UE as a server may be: a UE with positioning calculation capability or ranging calculation capability;
  • the above-mentioned client UE may be: a UE that can act as a client in ranging service or sidelink positioning service.
  • the authorization token of the first UE may include at least one of the following:
  • the service role that the first UE is authorized to use in the service requested for discovery
  • the validity period of the authorization token of the first UE is the validity period of the authorization token of the first UE.
  • the above-mentioned "network device for generating authorization token” may include at least one of a ProSe key management function (PKMF) network element, a direct discovery name management function (DDNMF) network element, a server including proximity services, and a Unified Data Management (UDM) network element.
  • PKMF ProSe key management function
  • DDNMF direct discovery name management function
  • UDM Unified Data Management
  • the network device for generating authorization token is generally a network device for authorizing a service role for the first UE.
  • the above-mentioned conditions of the opposite end UE include any one of the following: allowing any UE to be the opposite end UE of the first UE; allowing any UE to be the opposite end UE of the first UE in the service requested to be discovered by the first UE; the business role and/or ID of the opposite end UE expected by the first UE; the business role and/or ID of the opposite end UE expected by the first UE to be the first UE in the service requested to be discovered by the first UE, etc.
  • any UE to serve as the opposite UE of the first UE in the service requested to be discovered by the first UE can be understood as: in the service requested to be discovered by the first UE, any UE playing any business role can be allowed to serve as the opposite UE of the first UE.
  • the above-mentioned "service role and/or ID of the opposite UE expected by the UE” may be determined by the UE based on its own authorized service role in the requested discovery service. For example, if the service role authorized by the UE itself is the target UE, the service role of the opposite UE expected by the UE may include at least one of a reference UE, an auxiliary UE, a positioning UE, etc., and the ID of the opposite UE expected by the UE may be: the ID of a UE whose service role is at least one of a reference UE, an auxiliary UE, a positioning UE, etc.
  • the above-mentioned “service requested to be discovered by the UE” may be, for example, a ranging service and/or a sidelink positioning service.
  • the above-mentioned "service role authorized by the UE in the service requested for discovery" may be authorized by a network device, wherein the network device that authorizes the service role may be at least one of a server including proximity service and a unified data management function (UDM) network element.
  • the network device that authorizes the service role may be at least one of a server including proximity service and a unified data management function (UDM) network element.
  • UDM unified data management function
  • condition for allowing execution of services requested by the UE to be discovered may include time conditions for allowing execution and/or geographical conditions for allowing execution.
  • the time conditions for allowing execution may include: the time period for allowing execution of services requested by the UE to be discovered, such as allowing execution of services requested by the UE to be discovered during daytime hours of 8:00-16:00;
  • the geographical conditions for allowing execution may include: the geographical area for allowing execution of services requested by the UE to be discovered, such as allowing execution of services requested by the UE to be discovered in Beijing.
  • the conditions for allowing execution may also be other conditions, for example, the distance between the opposite UE and the first UE is within a preset distance range, etc., and the embodiments of the present disclosure do not specifically limit this.
  • the above-mentioned "validity period of the authorization token” may include the validity period of the authorization token, or the invalid period of the authorization token.
  • the authorization token of the first UE may carry the start time and valid duration of the validity period of the authorization token. Among them, the generation time and valid duration of the token are used to indicate the validity period of the authorization token.
  • the authorization token of the first UE may carry the validity start time and end time of the authorization token.
  • the authorization token of the first UE may carry the expiration time of the authorization token, which is used to indicate the validity period of the authorization token or to indicate the invalid period of the authorization token.
  • the embodiments of the present disclosure do not specifically limit the method of specifically indicating the validity period or invalid period of the authorization token.
  • the authorization token of the first UE in the above-mentioned discovery request message may be: the authorization token of the first UE signed by the first key. And, after the second UE receives the authorization token of the first UE signed by the first key, it may use the second key to decode and verify the received authorization token of the first UE.
  • the first key may be used to: digitally sign and protect the authorization token to ensure that the authorization token will not be forged or tampered with during transmission by an attacker (such as a malicious UE), thereby improving the accuracy of service execution and information security.
  • malicious UEs may include, for example: UEs requesting discovery of services different from UEs receiving authorization tokens, UEs that have not requested services, UEs whose roles are not authorized by network devices, UEs that have not obtained authorization tokens from network devices, etc.
  • the above-mentioned first key may be a private key of a network device
  • the second key may be a public key of the network device.
  • the first key and the second key may be a public-private key pair generated by a network device, and the network device sends the second key to the first UE.
  • the network device may generate and send the second key to the first UE when authorizing a service role for any UE (e.g., the first UE).
  • the network device may send the second key together with the authorization token generated for the UE to the UE.
  • both the first key and the second key may be a shared key between the UE and the network device; wherein the shared key between the UE and the network device may be pre-agreed and configured by the UE and the network device. For example, it may be pre-agreed and configured when the network device authorizes a service role for the UE.
  • the authorization token when the network device sends the authorization token generated for the UE to the UE, the authorization token may also be signed using the first key, and the UE may decode the authorization token signed by the first key received from the network device based on the second key received from the network device and/or the pre-agreed configured second key.
  • the embodiment of the present disclosure does not specifically limit the encryption method of the authorization token, nor does it specifically limit the method for generating the first key and the second key.
  • the service role of the first UE can be verified based on the authorization token of the first UE. Specifically, at least one of the following can be verified:
  • the specific conditions include at least one of the following:
  • the business role of the opposite UE expected by the first UE in the authorization token of the first UE is consistent with the business role authorized for the second UE.
  • the business role of the opposite UE expected by the first UE in the authorization token of the first UE is reference UE and positioning UE, and the business role authorized for the second UE is reference UE, then the second UE successfully verifies the authorization token of the first UE.
  • the business role of the opposite UE expected by the first UE in the authorization token of the first UE is reference UE and positioning UE, and the business role authorized for the second UE is target UE, then the second UE fails to verify the authorization token of the first UE.
  • the ID of the opposite UE expected by the first UE in the authorization token of the first UE is consistent with the ID of the second UE.
  • the ID of the opposite UE expected by the first UE in the authorization token of the first UE includes UE#1 and UE#2, and the ID of the second UE is UE#1, then the second UE successfully verifies the authorization token of the first UE.
  • the ID of the opposite UE expected by the first UE in the authorization token of the first UE includes UE#1 and UE#2, and the ID of the second UE is UE#3, then the second UE fails to verify the authorization token of the first UE.
  • the service requested by the first UE to be discovered in the authorization token of the first UE is consistent with the service that the first UE needs to discover from the second UE.
  • the service requested by the first UE to be discovered in the authorization token of the first UE is: ranging service
  • the service that the first UE needs to discover from the second UE is also: ranging service
  • the second UE successfully verifies the authorization token of the first UE.
  • the service requested by the first UE to be discovered in the authorization token of the first UE is: ranging service
  • the service that the first UE needs to discover from the second UE is: side link, then the second UE fails to verify the authorization token of the first UE.
  • the business role authorized by the first UE in the authorization token of the first UE in the service requested to be discovered is consistent with the business role declared by the first UE.
  • the business role authorized by the first UE in the authorization token of the first UE in the service requested to be discovered is the target UE, and the business role declared by the first UE is also the target UE, then the second UE successfully verifies the authorization token of the first UE.
  • the business role authorized by the first UE in the authorization token of the first UE in the service requested to be discovered is the target UE, and the business role declared by the first UE is the reference UE, then the second UE fails to verify the authorization token of the first UE.
  • Specific condition 5 the execution condition of the service requested to be discovered in the authorization token of the first UE is met (for example, the execution condition of the service requested to be discovered in the authorization token of the first UE is: the service requested to be discovered by the first UE is allowed to be executed during 8:00-16:00 in Beijing during the day, and the second UE determines that the first UE and the second UE are both located in Beijing, and the time point when the first UE requests to discover the service is 9:00);
  • the authorization token of the first UE has not expired (for example, the authorization token of the first UE is valid from October 1, 2022 to October 9, 2022, and the time when the first UE requests discovery service is October 8, 2022).
  • the second UE may send a discovery response message to the first UE.
  • Step 202 Receive a discovery response message sent by the second UE, where the discovery response message includes an authorization token of the second UE.
  • the authorization token of the second UE may include at least one of the following:
  • the ID of the network device that generates the authorization token of the second UE is the ID of the network device that generates the authorization token of the second UE
  • Conditions of the opposite UE include: allowing any UE to serve as the opposite UE of the second UE in the service requested to be discovered by the second UE, or the conditions of the opposite UE include the service role and/or ID of the opposite UE expected by the second UE;
  • the validity period of the authorization token of the second UE is the validity period of the authorization token of the second UE.
  • the authorization token of the second UE may be an authorization token of the second UE signed by the first key.
  • the first UE may use the second key to decode and verify the received authorization token of the second UE.
  • the discovery response message may include service information (such as the identifier of the service, and/or the type of service, etc.) requested by the second UE to discover to the first UE, and/or the service role declared by the second UE.
  • service information such as the identifier of the service, and/or the type of service, etc.
  • the meaning of the service role declared by the second UE can be described with reference to the above embodiment. It can be understood that, when the service role declared by the second UE is not a service role pre-authorized by the network device, when the first UE and the second UE perform the service, an error may occur due to the mismatch between the service roles of the two UEs, resulting in service interruption or low service execution efficiency.
  • the second UE is a malicious UE and deliberately declares a service role that is not authorized by the network device, that is, the second UE deceives the first UE, then for the first UE, communicating with the malicious UE may bring communication security issues.
  • Step 203 After the authorization token of the second UE is verified, a connection is established with the second UE.
  • the first UE when the first UE receives a discovery response message sent by the second UE, it can first verify the service role of the second UE based on the authorization token of the second UE, and when the authorization token of the second UE is verified, establish a connection with the second UE.
  • the method for verifying the service role of the second UE based on the authorization token of the second UE may include at least one of the following:
  • the specific conditions include at least one of the following:
  • the service role of the opposite UE expected by the second UE in the authorization token of the second UE is consistent with the service role authorized by the first UE;
  • the ID of the opposite UE expected by the second UE in the authorization token of the second UE is consistent with the ID of the first UE;
  • the service requested to be discovered by the second UE in the authorization token of the second UE is consistent with the service that the second UE needs to discover from the first UE;
  • the service role authorized by the second UE in the service requested for discovery in the authorization token of the second UE is consistent with the service role declared by the second UE;
  • the authorization token of the second UE has not expired.
  • the principle of the above verification process is similar to the principle of the aforementioned verification process of the service role of the first UE by the second UE, and will not be repeated in the embodiment of the present disclosure.
  • the present disclosure provides the specific information included in the authorization token and provides a specific detailed process of how a first UE verifies the business role of the second UE based on the authorization token of the second UE.
  • the verification method of the present disclosure can realize the verification of the business role of the UE, thereby avoiding mutual deception between UEs, improving the accuracy of service execution, and improving information security.
  • the first UE will respond to the message of the second UE, or communicate with the second UE, or send the authorization token of the first UE to the second UE, or establish a communication connection with the second UE, only after the first UE successfully verifies the business role of the second UE; at the same time, for the second UE, the second UE will respond to the message of the first UE, or communicate with the first UE, or send the authorization token of the second UE to the first UE, or establish a communication connection with the first UE, only after the second UE successfully verifies the business role of the first UE.
  • the first UE will send a discovery request message, and then the first UE will receive a discovery response message sent by the second UE, and the discovery response message includes the authorization token of the second UE; and, when the authorization token of the second UE is verified, the first UE will establish a connection with the second UE.
  • the present disclosure provides a specific method for verifying the business role of the UE based on the authorization token, and provides the specific information included in the authorization token and the specific details of the verification based on the authorization token.
  • the two UEs can exchange their respective authorization tokens, and use the method of the present disclosure to verify the business role declared by the UE based on the authorization token of the UE, thereby avoiding mutual deception between UEs, improving the accuracy of service execution, and improving information security.
  • FIG3a is a flow chart of a method for verifying a device service role provided by an embodiment of the present disclosure. The method is executed by a first UE. As shown in FIG3a , the method for verifying a device service role may include the following steps:
  • Step 301a Receive an authorization token of the first UE sent by the network device.
  • the authorization token of the UE is generated by a network device and then sent to the UE. Also, the network device that generates the authorization token may be described in the above embodiment.
  • the authorization token sent by the network device to the UE may be an authorization token signed by the first key, and when the first UE receives the authorization token of the first UE signed by the first key, the second key may be used to decode and verify the received authorization token of the first UE.
  • the first key and the second key reference may be made to the description of the above embodiment.
  • the first UE can store the authorization token of the first UE in association with the service requested to be discovered corresponding to the authorization token of the first UE.
  • the authorization token of the first UE associated with the service currently requested to be discovered by the first UE is sent to the second UE. That is, in one embodiment of the present disclosure, the authorization token is used to verify the business role of the UE in the service requested to be discovered corresponding to the authorization token.
  • the first UE will send a discovery request message, and then the first UE will receive a discovery response message sent by the second UE, and the discovery response message includes the authorization token of the second UE; and, when the authorization token of the second UE is verified, the first UE will establish a connection with the second UE.
  • the present disclosure provides a specific method for verifying the business role of the UE based on the authorization token, and provides the specific information included in the authorization token and the specific details of the verification based on the authorization token.
  • the two UEs can exchange their respective authorization tokens, and use the method of the present disclosure to verify the business role declared by the UE based on the authorization token of the UE, thereby avoiding mutual deception between UEs, improving the accuracy of service execution, and improving information security.
  • FIG3b is a flow chart of a method for verifying a device service role provided by an embodiment of the present disclosure. The method is executed by a second UE. As shown in FIG3b , the method for verifying a device service role may include the following steps:
  • Step 301b Receive a discovery request message sent by the first UE, where the discovery request message includes an authorization token of the first UE.
  • Step 302b After the authorization token of the first UE is verified, a discovery response message is sent to the first UE, where the discovery response message includes the authorization token of the second UE.
  • steps 301b - 302b please refer to the above embodiment description.
  • the second UE will receive a discovery request message sent by the first UE, and the discovery request message includes the authorization token of the first UE. Afterwards, when the authorization token of the first UE is verified, the second UE will send a discovery response message to the first UE, and the discovery response message includes the authorization token of the second UE. It can be seen that the present disclosure provides a specific method for verifying the business role of the UE based on the authorization token, and provides the specific information included in the authorization token and the specific details of the verification based on the authorization token.
  • the two UEs can exchange their respective authorization tokens, and use the method of the present disclosure to verify the business role declared by the UE based on the authorization token of the UE, thereby avoiding mutual deception between UEs, improving the accuracy of service execution, and improving information security.
  • FIG3c is a flow chart of a method for verifying a device service role provided in an embodiment of the present disclosure. The method is executed by a second UE. As shown in FIG3c , the method for verifying a device service role may include the following steps:
  • Step 301c Receive the authorization token of the second UE sent by the network device.
  • step 301c For a detailed description of step 301c, please refer to the above embodiment description.
  • the second UE will receive a discovery request message sent by the first UE, and the discovery request message includes the authorization token of the first UE. Afterwards, when the authorization token of the first UE is verified, the second UE will send a discovery response message to the first UE, and the discovery response message includes the authorization token of the second UE. It can be seen that the present disclosure provides a specific method for verifying the business role of the UE based on the authorization token, and provides the specific information included in the authorization token and the specific details of the verification based on the authorization token.
  • the two UEs can exchange their respective authorization tokens, and use the method of the present disclosure to verify the business role declared by the UE based on the authorization token of the UE, thereby avoiding mutual deception between UEs, improving the accuracy of service execution, and improving information security.
  • FIG4a is a schematic diagram of the structure of a communication device provided by an embodiment of the present disclosure. As shown in FIG4a , the device may include:
  • a transceiver module used for sending a discovery request message
  • the transceiver module is further configured to receive a discovery response message sent by the second UE, wherein the discovery response message includes an authorization token of the second UE;
  • the processing module is also used to establish a connection with the second UE after the authorization token of the second UE is verified.
  • the first UE will send a discovery request message, and then the first UE will receive a discovery response message sent by the second UE, the discovery response message including the authorization token of the second UE; and, when the authorization token of the second UE is verified, the first UE will establish a connection with the second UE.
  • the present disclosure provides a specific method for verifying the business role of the UE based on the authorization token, and provides the specific information included in the authorization token and the specific details of the verification based on the authorization token.
  • the two UEs can exchange their respective authorization tokens, and use the method of the present disclosure to verify the business role declared by the UE based on the authorization token of the UE, thereby avoiding mutual deception between UEs, improving the accuracy of service execution, and improving information security.
  • the discovery request message includes an authorization token of the first UE
  • the authorization token of the first UE is used for: the second UE to verify the service role of the first UE based on the authorization token of the first UE.
  • the authorization token of the first UE includes at least one of the following:
  • the condition of the opposite end UE includes: allowing any UE to be the opposite end UE of the first UE, or, the condition of the opposite end UE includes the service role and/or ID of the opposite end UE expected by the first UE.
  • the device is further used for:
  • the transceiver module is further used to:
  • An authorization token of the first UE signed by the first key and sent by the network device is received.
  • the authorization token of the first UE in the discovery request message is: the authorization token of the first UE signed by the first key.
  • the authorization token of the second UE in the discovery response message is: the authorization token of the second UE signed by the first key;
  • the device is also used for:
  • the received authorization token of the second UE is decoded and verified using the second key.
  • the first key is a private key of the network device
  • the second key is a public key of the network device
  • the first key and the second key are both shared keys between the UE and the network device.
  • the device is further used for at least one of the following:
  • FIG4b is a schematic diagram of the structure of a communication device provided by an embodiment of the present disclosure. As shown in FIG4b , the device may include:
  • a transceiver module configured to receive a discovery request message sent by a first UE, wherein the discovery request message includes an authorization token of the first UE;
  • the transceiver module is further used to send a discovery response message to the first UE after the authorization token of the first UE is verified, and the discovery response message includes the authorization token of the second UE.
  • the second UE will receive a discovery request message sent by the first UE, and the discovery request message includes the authorization token of the first UE. Afterwards, when the authorization token of the first UE is verified, the second UE will send a discovery response message to the first UE, and the discovery response message includes the authorization token of the second UE. It can be seen that the present disclosure provides a specific method for verifying the business role of the UE based on the authorization token, and provides the specific information included in the authorization token and the specific details of the verification based on the authorization token.
  • the two UEs can exchange their respective authorization tokens, and use the method of the present disclosure to verify the business role declared by the UE based on the authorization token of the UE, thereby avoiding mutual deception between UEs, improving the accuracy of service execution, and improving information security.
  • the authorization token of the second UE includes at least one of the following:
  • the condition of the opposite UE includes: allowing any UE to serve as the opposite UE of the second UE, or, the condition of the opposite UE includes the service role and/or ID of the opposite UE expected by the second UE.
  • the device is further used for:
  • the transceiver module is further used for:
  • An authorization token of the second UE signed by the first key and sent by the network device is received.
  • the authorization token of the first UE in the discovery request message is: the authorization token of the second UE signed by the first key;
  • the device is also used for:
  • the received authorization token of the first UE is decoded and verified using the second key.
  • the authorization token of the second UE in the discovery response message is: the authorization token of the second UE signed by the first key.
  • the first key is a private key of the network device
  • the second key is a public key of the network device
  • the first key and the second key are both shared keys between the UE and the network device.
  • the device is further used for at least one of the following:
  • FIG. 5 is a schematic diagram of the structure of a communication device 500 provided in an embodiment of the present application.
  • the communication device 500 can be a base station, or a terminal device, or a chip, a chip system, or a processor that supports the base station to implement the above method, or a chip, a chip system, or a processor that supports the terminal device to implement the above method.
  • the device can be used to implement the method described in the above method embodiment, and the details can be referred to the description in the above method embodiment.
  • the communication device 500 may include one or more processors 501.
  • the processor 501 may be a general-purpose processor or a dedicated processor, etc. For example, it may be a baseband processor or a central processing unit.
  • the baseband processor may be used to process the communication protocol and communication data
  • the central processing unit may be used to control the communication device (such as a base station, a baseband chip, a terminal device, a terminal device chip, a DU or a CU, etc.), execute a computer program, and process the data of the computer program.
  • the communication device 500 may further include one or more memories 502, on which a computer program 504 may be stored, and the processor 501 executes the computer program 504 so that the communication device 500 performs the method described in the above method embodiment.
  • data may also be stored in the memory 502.
  • the communication device 500 and the memory 502 may be provided separately or integrated together.
  • the communication device 500 may further include a transceiver 505 and an antenna 506.
  • the transceiver 505 may be referred to as a transceiver unit, a transceiver, or a transceiver circuit, etc., for implementing a transceiver function.
  • the transceiver 505 may include a receiver and a transmitter, the receiver may be referred to as a receiver or a receiving circuit, etc., for implementing a receiving function; the transmitter may be referred to as a transmitter or a transmitting circuit, etc., for implementing a transmitting function.
  • the communication device 500 may further include one or more interface circuits 507.
  • the interface circuit 507 is used to receive code instructions and transmit them to the processor 501.
  • the processor 501 runs the code instructions to enable the communication device 500 to perform the method described in the above method embodiment.
  • the processor 501 may include a transceiver for implementing the receiving and sending functions.
  • the transceiver may be a transceiver circuit, an interface, or an interface circuit.
  • the transceiver circuit, interface, or interface circuit for implementing the receiving and sending functions may be separate or integrated.
  • the above-mentioned transceiver circuit, interface, or interface circuit may be used for reading and writing code/data, or the above-mentioned transceiver circuit, interface, or interface circuit may be used for transmitting or delivering signals.
  • the processor 501 may store a computer program 503, which runs on the processor 501 and enables the communication device 500 to perform the method described in the above method embodiment.
  • the computer program 503 may be fixed in the processor 501, in which case the processor 501 may be implemented by hardware.
  • the communication device 500 may include a circuit that can implement the functions of sending or receiving or communicating in the aforementioned method embodiments.
  • the processor and transceiver described in the present application can be implemented in an integrated circuit (IC), an analog IC, a radio frequency integrated circuit RFIC, a mixed signal IC, an application specific integrated circuit (ASIC), a printed circuit board (PCB), an electronic device, etc.
  • the processor and transceiver can also be manufactured using various IC process technologies, such as complementary metal oxide semiconductor (CMOS), N-type metal oxide semiconductor (NMOS), P-type metal oxide semiconductor (positive channel metal oxide semiconductor, PMOS), bipolar junction transistor (BJT), bipolar CMOS (BiCMOS), silicon germanium (SiGe), gallium arsenide (GaAs), etc.
  • CMOS complementary metal oxide semiconductor
  • NMOS N-type metal oxide semiconductor
  • PMOS P-type metal oxide semiconductor
  • BJT bipolar junction transistor
  • BiCMOS bipolar CMOS
  • SiGe silicon germanium
  • GaAs gallium arsenide
  • the communication device described in the above embodiments may be a base station or a terminal device, but the scope of the communication device described in the present application is not limited thereto, and the structure of the communication device may not be limited by FIG. 5.
  • the communication device may be an independent device or may be part of a larger device.
  • the communication device may be:
  • the IC set may also include a storage component for storing data and computer programs;
  • ASIC such as modem
  • the communication device can be a chip or a chip system
  • the chip shown in Figure 6 includes a processor 601 and an interface 602.
  • the number of the processor 601 can be one or more, and the number of the interface 602 can be multiple.
  • the chip further includes a memory 603, and the memory 603 is used to store necessary computer programs and data.
  • the present application also provides a readable storage medium having instructions stored thereon, which implement the functions of any of the above method embodiments when executed by a computer.
  • the present application also provides a computer program product, which implements the functions of any of the above method embodiments when executed by a computer.
  • the computer program product includes one or more computer programs.
  • the computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device.
  • the computer program can be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium.
  • the computer program can be transmitted from a website site, computer, server or data center by wired (e.g., coaxial cable, optical fiber, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) mode to another website site, computer, server or data center.
  • the computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server or data center that includes one or more available media integrated.
  • the available medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a high-density digital video disc (DVD)), or a semiconductor medium (e.g., a solid state disk (SSD)), etc.
  • a magnetic medium e.g., a floppy disk, a hard disk, a magnetic tape
  • an optical medium e.g., a high-density digital video disc (DVD)
  • DVD high-density digital video disc
  • SSD solid state disk
  • At least one in the present application can also be described as one or more, and a plurality can be two, three, four or more, which is not limited in the present application.
  • the technical features in the technical feature are distinguished by “first”, “second”, “third”, “A”, “B”, “C” and “D”, etc., and there is no order of precedence or size between the technical features described by the "first”, “second”, “third”, “A”, “B”, “C” and “D”.
  • the corresponding relationships shown in each table in the present application can be configured or predefined.
  • the values of the information in each table are only examples and can be configured as other values, which are not limited by the present application.
  • the corresponding relationships shown in some rows may not be configured.
  • appropriate deformation adjustments can be made based on the above table, such as splitting, merging, etc.
  • the names of the parameters shown in the titles in the above tables can also use other names that can be understood by the communication device, and the values or representations of the parameters can also be other values or representations that can be understood by the communication device.
  • other data structures can also be used, such as arrays, queues, containers, stacks, linear lists, pointers, linked lists, trees, graphs, structures, classes, heaps, hash tables or hash tables.
  • the predefined in the present application may be understood as defined, predefined, stored, pre-stored, pre-negotiated, pre-configured, solidified, or pre-burned.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente divulgation concerne un procédé, un appareil et un dispositif de vérification de rôle de service de dispositif, et un support de stockage. Le procédé consiste à : envoyer un message de demande de découverte ; recevoir un message de réponse de découverte envoyé par un second UE, le message de réponse de découverte comprenant un jeton d'autorisation du second UE ; et, lorsque le jeton d'autorisation du second UE réussit la vérification, établir une connexion avec le second UE. Le procédé proposé par la présente divulgation empêche une mystification entre des UE, améliore la précision d'exécution de service, et renforce la sécurité des informations.
PCT/CN2022/125974 2022-10-18 2022-10-18 Procédé, appareil, et dispositif de vérification de rôle de service de dispositif, et support de stockage WO2024082143A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2022/125974 WO2024082143A1 (fr) 2022-10-18 2022-10-18 Procédé, appareil, et dispositif de vérification de rôle de service de dispositif, et support de stockage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2022/125974 WO2024082143A1 (fr) 2022-10-18 2022-10-18 Procédé, appareil, et dispositif de vérification de rôle de service de dispositif, et support de stockage

Publications (1)

Publication Number Publication Date
WO2024082143A1 true WO2024082143A1 (fr) 2024-04-25

Family

ID=90736634

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/125974 WO2024082143A1 (fr) 2022-10-18 2022-10-18 Procédé, appareil, et dispositif de vérification de rôle de service de dispositif, et support de stockage

Country Status (1)

Country Link
WO (1) WO2024082143A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101442411A (zh) * 2008-12-23 2009-05-27 中国科学院计算技术研究所 一种p2p网络中对等用户结点间的身份认证方法
CN106464690A (zh) * 2015-08-24 2017-02-22 华为技术有限公司 一种安全认证方法、配置方法以及相关设备
US10666657B1 (en) * 2016-12-07 2020-05-26 Amazon Technologies, Inc. Token-based access control and grouping
CN112187724A (zh) * 2020-09-03 2021-01-05 北京金山云网络技术有限公司 访问控制方法、装置、网关、客户端和安全令牌服务

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101442411A (zh) * 2008-12-23 2009-05-27 中国科学院计算技术研究所 一种p2p网络中对等用户结点间的身份认证方法
CN106464690A (zh) * 2015-08-24 2017-02-22 华为技术有限公司 一种安全认证方法、配置方法以及相关设备
US10666657B1 (en) * 2016-12-07 2020-05-26 Amazon Technologies, Inc. Token-based access control and grouping
CN112187724A (zh) * 2020-09-03 2021-01-05 北京金山云网络技术有限公司 访问控制方法、装置、网关、客户端和安全令牌服务

Similar Documents

Publication Publication Date Title
WO2023130322A1 (fr) Procédé de détermination de temps d'occupation de canal partagé et appareils associés
WO2024077455A1 (fr) Procédé d'accès pour réseau non terrestre, et appareil
WO2024092523A1 (fr) Procédé d'émission de message de positionnement de liaison latérale, procédé de réception de message de positionnement de liaison latérale, et appareil
WO2024026890A1 (fr) Procédé de positionnement, appareil, dispositif, et support de stockage
WO2024082143A1 (fr) Procédé, appareil, et dispositif de vérification de rôle de service de dispositif, et support de stockage
WO2022033390A1 (fr) Procédé d'acquisition de position et appareil associé
WO2024065336A1 (fr) Procédé et appareil de positionnement de liaison latérale
WO2024065335A1 (fr) Procédé et appareil de positionnement de liaison latérale
WO2024065334A1 (fr) Procédé, appareil et dispositif de génération de jeton d'autorisation d'un équipement d'utilisateur (ue), et support de stockage
WO2024065339A1 (fr) Procédé d'autorisation de données de couverture par satellite de réseau, dispositif, et support de stockage
WO2023245520A1 (fr) Procédé et appareil de communication directe dans un service de localisation
WO2024138581A1 (fr) Procédé et appareil d'autorisation pour tranches de réseau, dispositifs et support de stockage
CN118355636A (zh) 一种设备业务角色的验证方法/装置/设备及存储介质
WO2024065140A1 (fr) Procédé/appareil/dispositif d'autorisation de rôle pour équipement utilisateur (ue), et support de stockage
WO2024065564A1 (fr) Procédé d'appel d'api, appareil, dispositif et support d'enregistrement
WO2024065706A1 (fr) Procédé et appareil de construction de connexion
WO2024092827A1 (fr) Procédé et appareil de télémétrie
WO2024065121A1 (fr) Procédés/appareil/dispositif de transmission à trajets multiples, et support de stockage
WO2024065131A1 (fr) Procédé, appareil et dispositif de transmission à chemins multiples, et support de stockage
WO2024065469A1 (fr) Procédé d'établissement de liaison directe, dispositif et support de stockage
WO2024098219A1 (fr) Procédés de distribution de clé, et appareils, dispositif et support d'enregistrement
WO2024092826A1 (fr) Appareil et procédé de vérification de l'identité
WO2024145902A1 (fr) Procédé et appareil d'obtention de clé, dispositif et système de puce
WO2023115487A1 (fr) Procédé de création d'une session d'intelligence artificielle et appareil associé
WO2023087191A1 (fr) Procédé et appareil de transmission de message de rejet de commande de ressource radio (rrc)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22962335

Country of ref document: EP

Kind code of ref document: A1