CN113676897B

CN113676897B - Method and communication device for generating key identifier

Info

Publication number: CN113676897B
Application number: CN202010360257.3A
Authority: CN
Inventors: 雷骜; 李�赫
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2020-04-30
Filing date: 2020-04-30
Publication date: 2025-09-12
Anticipated expiration: 2040-04-30
Also published as: CN113676897A

Abstract

The present application provides a method and communication device for generating a key identifier. The method includes: a first terminal device and a second terminal device negotiate an encryption key EK; the first terminal device receives a first message from the second terminal device; the first terminal device decrypts the first message based on the EK to obtain a first parameter included in the first message; the first terminal device sends a second message encrypted based on the EK to the second terminal device, the second message including a second parameter; the first terminal device generates a key identifier based on the first and second parameters, the key identifier being used to index a key generated by the first and second terminal devices during the process of establishing a first unicast connection. According to the present application, the privacy of the unicast connection between the two terminal devices can be protected.

Description

Method for generating key identification and communication device

Technical Field

The present application relates to the field of communications, and more particularly, to a method of generating a key identification and a communication apparatus.

Background

In the process of two terminal devices (e.g., denoted as terminal device #1 and terminal device # 2) establishing a unicast connection, the terminal device #1 and the terminal device #2 may generate a PC5 interface key in the node authentication and key establishment flow, and further generate a PC5 interface key identification. Wherein the PC5 interface key identification is generated by the most significant bits (most significant bits, MSB) and the least significant bits (LEAST SIGNIFICANT bits, LSB) of the PC5 interface key identification provided by the terminal device #1 and the terminal device #2, respectively. The PC5 interface key identification is used to uniquely index the PC5 interface keys generated by the terminal device #1 and the terminal device #2 in the unicast connection establishment process.

In the existing unicast connection establishment procedure, at least one of MSB and LSB of the PC5 interface key identification is transmitted in plaintext, and thus is easily acquired by a third party attacker. In the process of re-establishing unicast connection between the terminal device #1 and the terminal device #2, the key identifier of the PC5 interface carried in the direct communication request message is also transmitted in the clear text, and is also easily obtained by a third party attacker. In the case that the third party attacker simultaneously acquires the MSB and/or LSB of the PC5 interface key in the previous unicast connection establishment process and the PC5 interface key identifier carried in the direct communication request message in the re-unicast connection establishment process, the two unicast connections between the terminal device #1 and the terminal device #2 can be associated, thereby causing a potential privacy leakage risk.

Disclosure of Invention

The application provides a method for generating a key identifier, which can avoid the problem of privacy leakage of two terminal devices in the process of establishing unicast connection.

In a first aspect, a method of generating a key identification is provided, which may be performed by a terminal device or may also be performed by a component (e.g. a chip or a system-on-chip, etc.) arranged in the terminal device. The application is not limited in this regard. The method provided by the embodiment of the application is described in the following by taking terminal equipment as an example.

The method specifically comprises the steps that a first terminal device negotiates an Encryption Key (EK) with a second terminal device, the first terminal device receives a first message from the second terminal device, the first terminal device decrypts the first message based on the EK to obtain a first parameter included in the first message, the first terminal device sends a second message encrypted based on the EK to the second terminal device, the second message includes a second parameter, the first terminal device generates a key identifier based on the first parameter and the second parameter, and the key identifier is used for indexing keys generated by the first terminal device and the second terminal device in the process of establishing a first unicast connection.

The encryption key can be used for encrypting the plaintext message to obtain the ciphertext message, and can also be used for decrypting the ciphertext message to obtain the plaintext message.

Based on the technical scheme, after the second terminal equipment and the first terminal equipment generate the encryption key for encrypting and decrypting the signaling, the first parameter and the second parameter of the key identifier are interacted between the second terminal equipment and the first terminal equipment. In this case, the signaling interacted between the second terminal device and the first terminal device is the signaling encrypted by the encryption key, so that the attacker cannot acquire the first parameter and the second parameter carried in the signaling interacted between the second terminal device and the first terminal device. Further, even if the second terminal device carries the key identifier generated in the current unicast connection establishment process in the direct communication request message sent next time, after the attacker obtains the key identifier, the unicast connection between the second terminal device and the first terminal device at this time cannot be associated with the unicast connection between the second terminal device and the first terminal device at next time, so that the problem of privacy leakage can be avoided.

Alternatively, the first message may be a direct-connected secure mode complete message in the secure mode activation process.

Optionally, the second message is a direct communication accept message in the unicast connection establishment procedure or a direct connection secure mode confirm message in the secure mode activation procedure.

Wherein the first parameter may be the MSB of the key identification and the second parameter may be the LSB of the key identification, or the first parameter may be the LSB of the key identification and the second parameter may be the MSB of the key identification. The first parameter may be uniquely indexed to a key stored by the second terminal device, and the first parameter may be uniquely indexed to a key stored by the first terminal device.

With reference to the first aspect, in some implementations of the first aspect, the method further includes, when the first terminal device maintains the first unicast connection, the first terminal device receiving a first request message from the second terminal device, where the first request message is used to request establishment of a unicast connection with at least one terminal device, the first request message includes the key identifier, and when the first terminal device determines that the first unicast connection is not reusable, sending a first response message to the second terminal device, where the first response message is used to initiate a security negotiation procedure of a second unicast connection between the first terminal device and the second terminal device, and where the first response message includes the key identifier, and the key identifier is used to indicate reuse of the key in the second unicast connection.

Based on the technical scheme, if the second terminal equipment hopes that the first terminal equipment intentionally establishes unicast connection with the second terminal equipment again in the process of establishing unicast connection of new service, the second terminal equipment carries the key identification in the broadcasted direct communication request message. Accordingly, the first terminal device can index the saved key of the existing unicast connection (i.e. the first unicast connection) according to the key identifier carried in the direct communication request message, so as to determine that the key of the existing unicast connection can be reused in the process of establishing the unicast connection again. Therefore, the node authentication and key establishment flow in the unicast connection establishment process can be omitted, and the connection establishment speed is increased.

With reference to the first aspect, in some implementations of the first aspect, in a case that the first terminal device maintains the first unicast connection, the method further includes the first terminal device receiving a first request message from the second terminal device, where the first request message is used to request to establish a unicast connection with at least one terminal device, and the first request message includes the key identifier, and in a case that it is determined that the first unicast connection can be reused, the first terminal device sending a second request message to the second terminal device, where the second request message is used to request to modify the first unicast connection.

With reference to the first aspect, in some implementation manners of the first aspect, before the first terminal device receives the first request message from the second terminal device, the method further includes that the first terminal device receives a connection identifier update request message from the second terminal device, the first terminal device decrypts the connection identifier update request message based on the EK to obtain a third parameter included in the connection identifier update request message, the first terminal device sends a connection identifier update response message based on the EK after encryption to the second terminal device, the connection identifier update response message includes a fourth parameter, and the first terminal device updates the key identifier based on the third parameter and the fourth parameter.

In the embodiment of the application, before the second terminal equipment initiates unicast connection to the first terminal equipment again, a connection identifier updating flow is initiated, so that the first terminal equipment and the second terminal equipment can generate a new key identifier. And the first terminal device and the second terminal device encrypt the signaling interacted in the connection identifier modification flow by using the EK, so that neither the third parameter nor the fourth parameter for generating the new key identifier is transmitted in the plaintext. Therefore, even if the plaintext in the direct communication request message sent by the second terminal device carries the key identifier in the process that the second terminal device initiates the second unicast connection to the first terminal device, the third party attacker cannot correlate the two unicast connections between the first terminal device and the second terminal device after obtaining the key identifier.

Wherein the third parameter may be the MSB of the key identification, the fourth parameter may be the LSB of the key identification, or the third parameter may be the LSB of the key identification, and the fourth parameter may be the MSB of the key identification. The third parameter may be uniquely indexed to the key held by the second terminal device and the fourth parameter may be uniquely indexed to the key held by the first terminal device.

In a second aspect, a method of generating a key identification is provided, which may be performed by a terminal device or may also be performed by a component (e.g. a chip or a system-on-chip, etc.) arranged in the terminal device. The application is not limited in this regard. The method provided by the embodiment of the application is described in the following by taking terminal equipment as an example.

The method comprises the steps that a second terminal device negotiates an EK with a first terminal device, the second terminal device sends a first message encrypted based on the EK to the first terminal device, the first message comprises a first parameter, the second terminal device receives a second message from the first terminal device, the second terminal device decrypts the second message based on the EK to obtain a second parameter contained in the second message, and the second terminal device generates a key identifier based on the first parameter and the second parameter, wherein the key identifier is used for indexing a key generated by the second terminal device and the first terminal device in the process of establishing a first unicast connection.

Alternatively, the first message may be a direct connection secure mode complete message during secure mode activation, and the second message may be a direct connection accept message during unicast connection establishment, or a direct connection secure mode confirm message during full mode activation.

With reference to the second aspect, in some implementations of the second aspect, in a case that the second terminal device maintains the first unicast connection, the method further includes that the second terminal device sends a first request message, where the first request message is used to request to establish the unicast connection with at least one terminal device, the first request message includes the key identifier, the second terminal device receives a first response message from the first terminal device, where the first response message is used to initiate a secure negotiation procedure of the second unicast connection between the first terminal device and the second terminal device, and the first response message includes the key identifier, where the key identifier is used to indicate that the key is reused in the second unicast connection.

With reference to the second aspect, in some implementations of the second aspect, in a case where the second terminal device maintains the first unicast connection, the method further includes sending a first request message by the second terminal device, where the first request message is used to request to establish a unicast connection with at least one terminal device, the first request message includes the key identifier, and receiving, by the second terminal device, a second request message from the first terminal device, where the second request message is used to request to modify the first unicast connection.

With reference to the second aspect, in some implementations of the second aspect, before the second terminal device sends the first request message, the method further includes the second terminal device sending a connection identifier update request message based on the EK encryption to the first terminal device, where the connection identifier update request message includes a third parameter, the second terminal device receiving a connection identifier update response message from the first terminal device, the second terminal device decrypting the connection identifier update response message based on the EK to obtain a fourth parameter in the connection identifier update response message, and the second terminal device updating the key identifier based on the third parameter and the fourth parameter.

In a third aspect, a communication apparatus is provided comprising respective modules or units for performing the method of the first aspect and any one of the possible implementations of the first aspect.

In a fourth aspect, a communication device is provided that includes a processor. The processor is coupled to the memory and operable to execute instructions in the memory to implement the method of the first aspect and any one of the possible implementations of the first aspect. Optionally, the communication device further comprises a memory. Optionally, the communication device further comprises a communication interface, and the processor is coupled to the communication interface.

In one implementation, the communication device is a first terminal device. When the communication means is a first terminal device, the communication interface may be a transceiver, or an input/output interface.

In another implementation, the communication device is a chip configured in the first terminal device. When the communication means is a chip arranged in the first terminal device, the communication interface may be an input/output interface.

Alternatively, the transceiver may be a transceiver circuit. Alternatively, the input/output interface may be an input/output circuit.

In a fifth aspect, there is provided a communication device comprising means or units for performing the method of the second aspect and any one of the possible implementations of the second aspect.

In a sixth aspect, a communication device is provided that includes a processor. The processor is coupled to the memory and operable to execute instructions in the memory to implement the method of the second aspect and any one of the possible implementations of the second aspect. Optionally, the communication device further comprises a memory. Optionally, the communication device further comprises a communication interface, and the processor is coupled to the communication interface.

In one implementation, the communication device is a second terminal device. When the communication means is a second terminal device, the communication interface may be a transceiver, or an input/output interface.

In another implementation, the communication device is a chip configured in the second terminal device. When the communication means is a chip arranged in the second terminal device, the communication interface may be an input/output interface.

In a seventh aspect, a processor is provided that includes an input circuit, an output circuit, and a processing circuit. The processing circuit is configured to receive a signal via the input circuit and transmit a signal via the output circuit, such that the processor performs the method of the first aspect to the second aspect and any one of the possible implementations of the first aspect to the second aspect.

In a specific implementation process, the processor may be a chip, the input circuit may be an input pin, the output circuit may be an output pin, and the processing circuit may be a transistor, a gate circuit, a trigger, various logic circuits, and the like. The input signal received by the input circuit may be received and input by, for example and without limitation, a receiver, the output signal may be output by, for example and without limitation, a transmitter and transmitted by a transmitter, and the input circuit and the output circuit may be the same circuit, which functions as the input circuit and the output circuit, respectively, at different times. The embodiment of the application does not limit the specific implementation modes of the processor and various circuits.

In an eighth aspect, a processing device is provided that includes a processor and a memory. The processor is configured to read instructions stored in the memory and is configured to receive a signal via the receiver and to transmit a signal via the transmitter to perform the method of the first aspect to the second aspect and any one of the possible implementations of the first aspect to the second aspect.

Optionally, the processor is one or more, and the memory is one or more.

Alternatively, the memory may be integrated with the processor or the memory may be separate from the processor.

In a specific implementation process, the memory may be a non-transient (non-transitory) memory, for example, a Read Only Memory (ROM), which may be integrated on the same chip as the processor, or may be separately disposed on different chips.

It should be appreciated that the related data interaction process, for example, transmitting the indication information, may be a process of outputting the indication information from the processor, and the receiving the capability information may be a process of receiving the input capability information by the processor. Specifically, the data output by the processing may be output to the transmitter, and the input data received by the processor may be from the receiver. Wherein the transmitter and receiver may be collectively referred to as a transceiver.

The processing means in the eighth aspect may be a chip, the processor may be implemented by hardware or may be implemented by software, the processor may be a logic circuit, an integrated circuit, or the like when implemented by hardware, the processor may be a general-purpose processor when implemented by software, and the memory may be integrated in the processor by reading software codes stored in the memory, or may be located outside the processor, and exist independently.

In a ninth aspect, there is provided a computer program product comprising a computer program (which may also be referred to as code, or instructions) which when run causes a computer to perform the method of the first to second aspects and any one of the possible implementations of the first to second aspects.

In a tenth aspect, a computer readable storage medium is provided, which stores a computer program (which may also be referred to as code, or instructions) which, when run on a computer, causes the computer to perform the method of the first to second aspects and any one of the possible implementations of the first to second aspects.

An eleventh aspect provides a communication system comprising the first terminal device and the second terminal device as described above.

Drawings

Fig. 1 is a schematic diagram of a communication system suitable for use in the method provided by an embodiment of the present application.

Fig. 2 is a schematic flow chart of a method of setting up a unicast connection for two terminal devices.

Fig. 3 is a schematic flow chart of a method for generating a key identification provided by an embodiment of the present application.

Fig. 4 is a schematic flow chart of a method for re-establishing a unicast connection between two terminal devices according to an embodiment of the present application.

Fig. 5 is a schematic flow chart of a method for generating a key identification provided by an embodiment of the present application.

Fig. 6 is a schematic flow chart diagram of a method of generating a key identification provided by another embodiment of the present application.

Fig. 7 is a schematic flow chart diagram of a method of generating a key identification provided by a further embodiment of the present application.

Fig. 8 is a schematic block diagram of a communication device according to an embodiment of the present application.

Fig. 9 is a schematic structural diagram of a terminal device according to an embodiment of the present application.

Detailed Description

The technical scheme of the application will be described below with reference to the accompanying drawings.

The technical scheme of the embodiment of the application can be applied to various communication systems, such as a long term evolution (Long Term Evolution, LTE) system, an LTE frequency division duplex (frequency division duplex, FDD) system, an LTE time division duplex (time division duplex, TDD), a universal mobile telecommunication system (universal mobile telecommunication system, UMTS), a worldwide interoperability for microwave access (worldwide interoperability for microwave access, wiMAX) communication system, a fifth generation (5th generation,5G) mobile communication system or a new wireless access technology (new radio access technology, NR) or next generation communication, such as 6G. The 5G mobile communication system may be a non-independent networking (non-standalone, NSA) or independent networking (standalone, SA).

The technical scheme provided by the application can be also applied to machine type communication (MACHINE TYPE communication, MTC), inter-machine communication long term evolution (Long Term Evolution-machine, LTE-M), device-to-device (D2D) network, machine-to-machine (machine to machine, M2M) network, internet of things (internet of things, ioT) network or other networks. The IoT network may include, for example, an internet of vehicles. The communication modes in the internet of vehicles system are collectively called vehicle-to-other devices (V2X, X may represent anything), and for example, the V2X may include vehicle-to-vehicle (vehicle to vehicle, V2V) communication, vehicle-to-infrastructure (vehicle to infrastructure, V2I) communication, vehicle-to-pedestrian communication (vehicle to pedestrian, V2P) or vehicle-to-network (vehicle to network, V2N) communication, etc.

The technical scheme provided by the application can also be applied to future communication systems, such as a sixth generation mobile communication system and the like. The application is not limited in this regard.

In the embodiment of the present application, the terminal device may be referred to as a User Equipment (UE), a terminal, a Mobile Station (MS), a mobile terminal (mobile terminal), etc., and may further communicate with one or more core networks via a radio access network (radio access network, RAN). The terminal device can also be called an access terminal, subscriber unit, subscriber station, mobile station, remote terminal, mobile device, user terminal, wireless communication device, user agent, or user equipment. The terminal device may also be a cellular telephone, a cordless telephone, a session initiation protocol (session initiation protocol, SIP) phone, a wireless local loop (wireless local loop, WLL) station, a Personal Digital Assistant (PDA), a handheld device with wireless communication capabilities, a computing device or other processing device connected to a wireless modem, an in-vehicle device, a vehicle with communication capabilities, a wearable device, a terminal device in a 5G network, etc. The embodiment of the present application is not limited thereto.

As shown in fig. 1, the communication system 100 may include at least two terminal devices, such as the terminal device 110 and the terminal device 120 shown in fig. 1. Communication between terminal device 110 and terminal device 120 may be achieved through a PC5 interface. The wireless direct communication link formed between terminal device 110 and terminal device 120 may be defined as a Sidelink (SL).

It should be understood that the figures are only schematic and that two terminal devices are shown, but this should not constitute any limitation of the application. In the communication system, a greater number of terminal devices may be included, and communication between at least two terminal devices in the communication system may be achieved through the PC5 interface. The communication system may further comprise one or more network devices, and communication between the terminal device and the network device in the communication system may be further realized through a Uu interface.

The terminal device may perform unicast communication and broadcast communication on the SL. In the case where unicast communication is performed between two terminal apparatuses, for example, in fig. 1, the terminal apparatus 110 transmits data to the terminal apparatus 120 in a unicast manner, only the terminal apparatus 120 can receive the data transmitted from the terminal apparatus 110. The data transmitted by a certain terminal device, which is called broadcast communication, can be received by all terminal devices within a certain range. For example, in fig. 1, the terminal device 110 transmits data in a broadcast manner, and when the distance between the terminal device 120 and the terminal device 110 is within a certain range, the terminal device 120 may receive the data transmitted by the terminal device 110. It should be understood that although only two terminal devices 110 and 120 are shown in fig. 1, more terminal devices may be included in one terminal device group in a broadcast scenario. That is, the data transmitted by the terminal device 121 can be received by more terminal devices. Although not shown, this should not be construed as limiting the application in any way.

A unicast connection will be made between two terminal devices before a unicast communication is made. In the process of establishing a unicast connection, the UEs at both ends are classified into an initial UE (initiation UE) and a peer UE (peer UE) according to who initiates connection establishment. As shown in fig. 2, ue#1 may be referred to as an initial UE, and ue#2 may be referred to as a peer UE. The initial UE may designate unicast connection with a particular UE when sending a direct communication request (direct communication request, DCR) message, e.g., UE #1 designates unicast connection with UE #2 as shown in fig. 2. The initial UE may also not be aware of the identity of the peer UE, i.e. may request unicast connection with one or more UEs.

The procedure for making a unicast connection between two UEs is described below with reference to fig. 2, taking the designation of ue#1 to establish a unicast connection with ue#2.

S210, ue#1 transmits a DCR message to ue#2.

The DCR message may include a random number (nonce) #1 generated by the UE #1, an application layer identifier (application LAYER IDENTIFIER) of the UE #1, an application layer identifier of the UE #2, and an MSB of an Identifier (ID) of a session key (session key) of a new air interface PC5 (NRP) interface. Hereinafter, for ease of understanding, the session key of the new air interface PC5 interface is denoted as K _NRP-sess, and the identification of the session key of the new air interface PC5 interface is denoted as K _NRP-sess ID.

Wherein the MSB of K _NRP-sess ID is used to generate K _NRP-sess ID.

It is to be appreciated that the application layer identification can uniquely identify one UE.

It can be understood that if ue#1 sends the DCR message in a broadcast manner, the DCR message does not carry the application layer identifier of the peer UE.

If the unicast connection has been established between the ue#1 and the ue#2 before the unicast connection is established, the DCR message may also carry an identifier of a new air interface PC5 interface key (key) generated in the previous unicast connection process. Hereinafter, for ease of understanding, the new air interface PC5 interface key is denoted as K _NRP, and the identification of the new air interface PC5 interface key is denoted as K _NRP ID.

The K _NRP ID is used to indicate to reuse K _NRP in the previous unicast connection process, so that the authentication and key establishment procedure in the current unicast connection process can be omitted.

S220, direct connection authentication and key establishment are carried out between the UE#1 and the UE#2.

If the unicast establishment procedure is performed for the first time between the ue#1 and the ue#2 or the security context in the previous unicast connection establishment procedure is not reused, the ue#2 triggers the direct connection authentication and key establishment procedure with the ue#1 after receiving the DCR message from the ue#1.

After the authentication and key establishment procedures are performed by ue#1 and ue#2, ue#1 and ue#2 generate K _NRP used in the subsequent unicast communication.

Further, ue#2 randomly generates MSB of K _NRP ID, LSB of K _NRP-sess ID, and nonce#2, and calculates a session key K _NRP-sess using K _NRP, nonce#1, and nonce#2. Still further, ue#2 calculates NRP encryption key (NRP encryption key, NRPEK) and NRP integrity protection key (NRP INTEGRITY KEY, NRPIK) using session key K _NRP-sess. The MSB of K _NRP ID and the LSB of K _NRP-sess ID generated by ue#2 may be uniquely indexed to K _NRP and K _NRP-sess stored by ue#2, respectively.

S230, ue#2 transmits a direct connection security mode command (direct security mode command) message to ue#1.

The direct connection security mode command message may carry the MSB of K _NRP ID, the LSB of K _NRP-sess ID, and nonce #2. And, ue#2 may integrity protect the direct connection security mode request message using NRPIK.

Since ue#2 only performs integrity protection but does not perform encryption protection on the direct mode security request message, the MSB of K _NRP ID is easily acquired by a third party node or by an attacker (attacker).

S240, ue#1 transmits a direct connection security mode complete (direct security mode complete) message to ue#2.

After UE #1 receives the direct security mode command message, K _NRP-sess is calculated using nonce #1, nonce #2, and K _NRP, and then NRPEK and NRPIK are further calculated using K _NRP-sess.

Further, ue#1 randomly generates LSB of K _NRP ID and transmits LSB of K _NRP ID to ue#2 through a direct connection security mode completion message. Wherein, the LSB of K _NRP ID can be uniquely indexed to K _NRP stored in ue#1.

As described above, if the attacker listens to the unicast establishment procedure between ue#1 and ue#2, the attacker can obtain the MSB of K _NRP ID from the direct-connected security mode request message.

Then, the attacker continues to monitor the communication process between the ue#1 and the ue#2 until the direct communication request message sent again by the ue#1 or the ue#2 carries the K _NRP ID generated in the unicast connection process, and then the attacker can compare the obtained K _NRP ID with the obtained K _NRP ID. If the MSB positions are the same, the attacker can consider that the ue#1 and the ue#2 establish unicast connection again, so that the two unicast connections between the ue#1 and the ue#2 have correlation, and further, the communication data between the ue#1 and the ue#2 can be acquired by the attacker, namely, the privacy leakage problem is caused.

In view of this, the embodiment of the application provides a method for generating a key identifier, which can avoid the problem of privacy leakage in the unicast communication process.

The method provided by the embodiment of the application will be described below with reference to the accompanying drawings.

In the method embodiments described below in connection with fig. 3 to 7, the flow of the method embodiments is described taking the interaction of the first terminal device and the second terminal device as an example. The first terminal device may correspond, for example, to terminal device 110 in the communication system shown in fig. 1, and the second terminal device may correspond, for example, to terminal device 120 in the communication system shown in fig. 2.

It should be noted that the embodiments shown below are not particularly limited to the specific structure of the execution body of the method provided in the embodiments of the present application, as long as the communication can be performed by the method provided in the embodiments of the present application by running the program recorded with the code of the method provided in the embodiments of the present application, and for example, the execution body of the method provided in the embodiments of the present application may be a terminal device, or a functional module in the terminal device that can call the program and execute the program.

Fig. 3 shows a schematic flow chart of a method for establishing a unicast connection according to an embodiment of the present application. As shown in fig. 3, the method 300 may include S310 to S340, each of which is described in detail below.

S310, the second terminal device and the first terminal device respectively generate encryption keys (ENCRYPTED KEY, EK).

The EK is used for encrypting signaling exchanged between the second terminal device and the first terminal device, i.e. the second terminal device may encrypt signaling sent to the first terminal device using the EK and the first terminal device may encrypt signaling sent to the second terminal device using the EK.

The second terminal device and the first terminal device may generate the EK from the session key.

The session key may be, for example, K _NRP-sess.K_NRP-sess calculated by the first terminal device and the second terminal device using the new air interface PC5 interface key K _NRP, a first random number generated by the first terminal (hereinafter, a nonce #1 is illustrated as an example), and a second random number generated by the second terminal device (hereinafter, a nonce #2 is illustrated as an example). The new air interface PC5 interface key K _NRP is generated by the second terminal device and the first terminal device in the direct-connection authentication and key establishment procedure. As can be seen from the above, after the first terminal device receives the DCR message from the second terminal device, if the unicast service initiated by the second terminal device is interested, the first terminal device may initiate a direct connection authentication and key establishment procedure with the second terminal device.

Wherein the second terminal device may send the nonce #2 carried in the DCR message to the first terminal device.

The first terminal device may send the nonce #1 carried in the direct-connected secure mode command message to the second terminal device.

From the above, the first terminal device may generate the EK after receiving the DCR message from the second terminal device and performing the direct authentication and key establishment procedure. The second terminal device may generate the EK after receiving the direct connection secure mode command message from the first terminal device. In case both the second terminal device and the first terminal device generate EK, that is to say after the first terminal device sends a direct connection security mode security command message to the second terminal device, the signaling interacted between the second terminal device and the first terminal device may use EK encryption.

The second terminal device and the first terminal device may also generate an integrity protection key (INTEGRITY KEY, IK), respectively.

The IK is used for carrying out integrity protection on the signaling interacted between the second terminal equipment and the first terminal equipment, namely the second terminal equipment uses the IK to carry out integrity protection on the signaling sent to the first terminal equipment, and the first terminal equipment uses the IK to carry out integrity protection on the signaling sent to the second terminal equipment.

The second terminal device and the first terminal device may generate IK from the session key. The session key may be K _NRP-sess,K_NRP-sess, for example, and may be calculated from K _NRP, nonce #1, and nonce # 2.

S320, the second terminal device sends a first message based on EK encryption to the first terminal device.

It will be appreciated that after the second terminal device generates the EK, the first message sent by the second terminal device to the first terminal device is a message encrypted using the EK.

The first message includes a first parameter, and the first parameter is used for generating a key identifier. The key may be, for example, K _NRP, the key identification may be, for example, K _NRP ID.K_NRP ID for uniquely indexing K _NRP generated by the first terminal device and the second terminal device during the process of establishing the first unicast connection, or may be said to be K _NRP ID for indicating a security context between the second terminal device and the first terminal device, and K _NRP is generated by the second terminal device and the first terminal device during the direct connection authentication and key establishment procedure.

The first message may be a direct-connected secure mode complete message in the secure mode activation process.

As described above, after the second terminal device receives the direct connection security mode command message, the signaling interacted between the second terminal device and the first terminal device may be encrypted using EK.

Thus, the direct connection security mode complete message sent by the second terminal device is a message encrypted using EK.

The embodiment of the application does not limit the specific content of the first parameter.

In one implementation, the first parameter may be the MSB of the K _NRP ID.

In another implementation, the first parameter may be the LSB of the K _NRP ID.

It will be appreciated that the first parameter may be uniquely indexed to K _NRP stored by the second terminal device, whether the first parameter is the MSB or LSB of K _NRP ID.

Accordingly, in S320, the first terminal device receives the first message from the second terminal device and decrypts the first message based on the EK to obtain the first parameter included in the first message.

S330, the first terminal equipment sends a second message based on EK encryption to the second terminal equipment.

It will be appreciated that after the first terminal device generates the EK, the second message sent by the first terminal device to the second terminal device is a message encrypted using the EK.

The second message includes a second parameter, which is used to generate a K _NRP ID.

In one implementation, the second message may be a direct communication accept (direct communication accept) message during unicast connection establishment.

As described above, after the direct-connection security mode command message sent by the first terminal device to the second terminal device, the signaling interacted between the second terminal device and the first terminal device may be encrypted using EK.

Thus, the direct communication accept message sent by the first terminal device may be a message encrypted using EK.

In another implementation, the second message may also be a direct-connected secure mode confirm (direct security mode confirm) message during secure mode activation.

In the embodiment of the application, a direct connection security mode confirmation message is newly added in the existing security mode activation process. The first terminal device may send the second parameter to the second terminal device with the second parameter carried in the direct connection security mode acknowledgement message.

Likewise, the direct connection secure mode confirm message sent by the first terminal device may be a message encrypted using EK.

The embodiment of the application does not limit the specific content of the second parameter.

In one implementation, the second parameter may be the MSB of K _NRP ID.

In another implementation, the second parameter may be the LSB of the K _NRP ID.

It will be appreciated that the second parameter, whether it is the MSB or LSB of the K _NRP ID, may be uniquely indexed to the K _NRP held by the first terminal device.

Accordingly, in S330, the second terminal device receives the second message from the first terminal device and decrypts the second message based on the EK to obtain the second parameter included in the second message.

S340, the second terminal device and the first terminal device generate a K _NRP ID by using the first parameter and the second parameter.

It should be appreciated that the first and second parameters cannot be the MSB and LSB of the K _NRP ID together. That is, if the first parameter is the MSB of K _NRP ID, the second parameter is the LSB of K _NRP ID, and if the first parameter is the LSB of K _NRP ID, the second parameter is the MSB of K _NRP ID.

It should also be understood that if the second terminal device and the first terminal device acquire a plurality of first parameters or second parameters, the second terminal device and the first terminal device generate K _NRP ID using the newly acquired first parameters and second parameters.

For example, the first parameter is the LSB of K _NRP ID and the second parameter is the MSB of K _NRP ID. The first terminal device carries the MSB#1 of K _NRP ID (i.e., the first second parameter) in the direct-connection security mode command message sent to the second terminal device, and the second terminal device carries the LSB#1 of K _NRP ID (i.e., the first parameter) in the direct-connection security mode completion message sent to the first terminal device. Further, the first terminal device carries msb#2 (i.e., the second parameter) of K _NRP ID in the direct communication accept message sent to the second terminal device. In this case, both the second terminal device and the first terminal device acquire msb#1 and msb#2 (i.e., two second parameters) of K _NRP ID, and acquire lbs#1 of K _NRP ID. It will be appreciated that the first and second terminal devices have acquired the first second parameter (msb#1 of K _NRP ID) and then acquired the second parameter (msb#2 of K _NRP ID), i.e. msb#2 of K _NRP ID is the most recently acquired by the first and second terminal devices, so that the second and second terminal devices have msb#2 and lsb#1 generate K _NRP ID.

In the embodiment of the application, after the second terminal equipment and the first terminal equipment generate the encryption key for encrypting the signaling, the second terminal equipment and the first terminal equipment interact again to form the most significant bit and the least significant bit of the key identification. In this case, the signaling interacted between the second terminal device and the first terminal device is the signaling encrypted by the encryption key, so that the attacker cannot acquire the most significant bit and the least significant bit of the key identification carried in the signaling interacted between the second terminal device and the first terminal device. Further, even if the second terminal device carries the key identifier generated in the current unicast connection establishment process in the direct communication request message sent next, after the attacker obtains the key identifier, the unicast connection between the second terminal device and the first terminal device at this time cannot be associated with the unicast connection between the second terminal device and the first terminal device at next time.

Fig. 4 shows a schematic flow chart of a method for the second terminal device to establish a unicast connection again with the first terminal device. As shown in fig. 4, the method 400 may include S410 to S450, and the respective steps are described in detail below. It should be understood that fig. 4 only illustrates an example of the second terminal device initiating the unicast connection, and should not limit the embodiment of the present application. The first terminal device may also actively initiate a unicast connection with the second terminal device again.

S410, the second terminal device sends the first request message in a broadcast manner.

The first request message is for requesting establishment of a unicast connection with at least one other terminal device. The first request message includes the K _NRP ID generated by the second terminal device and the first terminal device in the last unicast connection establishment procedure. The first request message may be a DCR message.

It will be appreciated that before the second terminal device sends the first request message, the second terminal device has established a unicast connection with the first terminal device and the second terminal device still maintains the unicast connection with the first terminal device (an example of a first unicast connection), i.e. data or traffic is still transmitted between the second terminal device and the first terminal device over the previously established unicast link.

For ease of understanding, the unicast connection established with the first terminal device before the second terminal device sends the first request message is hereinafter referred to as a first unicast connection, and the unicast connection established again based on the first request message between the second terminal device and the first terminal device is hereinafter referred to as a second unicast connection.

In case the second terminal device maintains the first unicast connection with the first terminal device, the second terminal device initiates a unicast connection request for the second unicast connection. At this time, the second terminal device does not perceive whether the first terminal device is interested in the new service request, but hopes to reuse the generated key in the first unicast connection if the first terminal device is interested in the new service request, and then the second terminal device carries the K _NRP ID generated in the first unicast connection in the broadcasted DCR message.

Correspondingly, after the first terminal device receives the DCR message from the second terminal device, K _NRP used in the first unicast connection with the second terminal device may be associated according to the K _NRP ID in the DCR message.

Further, the first terminal device may determine, according to other parameters carried in the DCR message, whether the first unicast connection may be multiplexed, that is, whether new data or service may be transmitted on a unicast link established in the first unicast connection procedure.

If the first terminal device determines that the first unicast connection cannot be multiplexed, S420a is performed.

If the first terminal device determines that the first unicast connection can be multiplexed, S420b is performed.

S420a, the first terminal device sends a first response message to the second terminal device.

The first response message is used for initiating a unicast connection security negotiation flow with the second terminal device. The first response message may include a K _NRP ID.K_NRP ID generated during the first unicast connection to indicate that the second terminal device may reuse K _NRP in the first unicast connection in the second unicast connection. The first response message may be a direct-connected secure mode command message in the secure mode activation process.

And if the first terminal equipment determines that the first unicast connection cannot be multiplexed, initiating a security negotiation flow of a second unicast connection with the second terminal equipment. The first terminal device may include, in the direct-connect secure mode command message sent to the second terminal device, a K _NRP ID,K_NRP ID in the first unicast connection for indicating that the second terminal device may reuse K _NRP in the first unicast connection in the second unicast connection.

In the case where the second terminal device and the first terminal device reuse K _NRP of the first unicast connection, the second terminal device and the first terminal device may not perform the direct connection authentication and key establishment procedure in the security negotiation procedure of the second unicast connection. I.e. the second terminal device and the first terminal device use the K _NRP generated during the first unicast connection setup procedure in the second unicast connection.

S420b, the first terminal device sends a second request message to the second terminal device.

The second request message is used to request modification of the first unicast connection, i.e. to request modification of a unicast link established in the first unicast connection.

And if the first terminal equipment determines that the first unicast connection can be multiplexed, initiating a modification flow of the unicast link established in the first unicast connection so as to simultaneously transmit new service and previous service on the unicast link established in the first unicast connection.

In the embodiment of the application, if the second terminal equipment hopes that the first terminal equipment intentionally establishes unicast connection with the second terminal equipment again in the process of establishing unicast connection of new service, the second terminal equipment carries the key identification in the broadcast direct communication request message. Accordingly, the first terminal device can index the saved key of the existing unicast connection (i.e. the first unicast connection) according to the key identifier carried in the direct communication request message, so as to determine that the key of the existing unicast connection can be reused in the process of establishing the unicast connection again. Therefore, the node authentication and key establishment flow in the unicast connection establishment process can be omitted, and the connection establishment speed is increased.

Optionally, before the second terminal device sends the direct communication request message, that is, before the second terminal device initiates the second unicast connection establishment to the first terminal device, the second terminal device may initiate a connection identifier update procedure to update the key identifier.

It should be understood that fig. 4 illustrates an example of the connection identifier update procedure initiated before the second terminal device initiates the second unicast connection establishment to the first terminal device.

In some possible implementations, the second terminal device may also initiate a connection identity update procedure to update the key identity immediately after the first unicast connection is established with the first terminal device.

In other possible implementations, the second terminal device may initiate the connection identifier update procedure to update the key identifier at any time after the first unicast connection is established with the first terminal device and before the second unicast connection is established.

The step of the second terminal device initiating a connection identity update procedure to update the key identity may comprise S430 to S450.

S430, the second terminal device sends a connection identification update request (LINK IDENTIFIER update request) message to the first terminal device.

It will be appreciated that the second terminal device may generate an EK during the first unicast connection and thus the second terminal device may encrypt the connection identity update request message using the EK, in case the second terminal device still maintains the first unicast connection.

A third parameter may be included in the connection identification update request message, the third parameter being used to generate the K _NRP ID.

The embodiment of the application does not limit the specific content of the third parameter.

In one implementation, the third parameter may be the MSB of K _NRP ID.

In another implementation, the third parameter may be the LSB of the K _NRP ID.

It will be appreciated that the third parameter, whether it is the MSB or LSB of the K _NRP ID, may be uniquely indexed to the K _NRP held by the second terminal device.

Accordingly, in S430, after the first terminal device receives the connection identifier update request message from the second terminal device, the connection identifier update request message may be decrypted based on the EK to obtain the third parameter included in the connection identifier update request message.

S440, the first terminal device sends a connection identification update response (LINK IDENTIFIER update response) based on EK encryption to the second terminal device.

A fourth parameter may be included in the connection identification update response message, the fourth parameter being used to generate the K _NRP ID.

The embodiment of the application does not limit the specific content of the fourth parameter.

In one implementation, the fourth parameter may be the MSB of the K _NRP ID.

In another implementation, the fourth parameter may be the LSB of the K _NRP ID.

It will be appreciated that the fourth parameter, whether it is the MSB or LSB of the K _NRP ID, may be uniquely indexed to the K _NRP held by the first terminal device.

Accordingly, in S440, after the second terminal device receives the connection identification update response message from the first terminal device, the connection identification update response message may be decrypted based on the EK to obtain the fourth parameter included in the connection identification update response message.

S450, the first terminal device and the second terminal device generate key identification based on the third parameter and the fourth parameter.

It should be appreciated that the third and fourth parameters cannot be the MSB and LSB of the K _NRP ID together. That is, if the third parameter is the MSB of K _NRP ID, the fourth parameter is the LSB of K _NRP ID, and if the third parameter is the LSB of K _NRP ID, the fourth parameter is the MSB of K _NRP ID.

It should also be understood that if the second terminal device and the first terminal device acquire a plurality of third parameters or fourth parameters, the second terminal device and the first terminal device generate the key identification using the newly acquired third parameters and fourth parameters.

In the embodiment of the application, before the second terminal equipment initiates unicast connection to the first terminal equipment again, a connection identifier updating flow is initiated, so that the first terminal equipment and the second terminal equipment can generate a new key identifier. And the first terminal device and the second terminal device encrypt the signaling interacted in the connection identifier modification procedure using EK, so neither MSB nor LSB for generating the new key identifier is transmitted in plaintext. Therefore, even if the plaintext in the direct communication request message sent by the second terminal device carries the key identifier in the process that the second terminal device initiates the second unicast connection to the first terminal device, the third party attacker cannot correlate the two unicast connections between the first terminal device and the second terminal device after obtaining the key identifier.

Fig. 5 shows a schematic flow chart of a method provided by an embodiment of the application. As shown in fig. 5, the method 500 may include S501 to S515, each of which is described in detail below.

S501, the second terminal device sends a direct communication request message #1. Accordingly, in S501, the first terminal device receives the direct communication request message #1 from the second terminal device.

By way of example and not limitation, parameters nonce #2, the application layer identification of the second terminal device, and the MSB of K _NRP-sess _ID may be included in the direct communication request message # 1.

In the case that the second terminal device designates that the unicast connection is to be established with the first terminal device, the direct communication request message #1 may further include an application layer identifier of the first terminal device.

Assuming that the second terminal device and the first terminal device initially establish a unicast connection based on the direct communication request message #1, the method 500 may further include S502 after S501.

S502, a direct connection authentication and key establishment flow is executed between the second terminal equipment and the first terminal equipment.

In particular, specific steps of performing the direct connection authentication and key establishment procedure between the second terminal device and the first terminal device may refer to the prior art, and for brevity, embodiments of the present application will not be described in detail.

It will be appreciated that after the direct authentication and key establishment procedure, K _NRP may be negotiated between the second terminal device and the first terminal device for use in the subsequent unicast communication procedure.

Further, the first terminal device may generate K _NRP-sess according to nonce #2 obtained from the direct communication request message, nonce #1 generated by the first terminal device, and K _NRP. Still further, the first terminal device may generate EK and IK using K _NRP-sess. The EK and IK are used for encrypting and integrity protecting the signaling interacted between the second terminal device and the first terminal device.

S503, the first terminal device sends a direct connection security mode command message #1 to the second terminal device. Accordingly, in S503, the second terminal device receives the direct connection security mode command message #1 from the first terminal device.

By way of example and not limitation, the direct mode secure command message #1 may include parameters of LSB and nonce #2 of K _NRP-sess ID.

Optionally, msb#1 of K _NRP ID (denoted as K _NRP ID msb#1) may also be included in the direct security mode command message #1. It will be appreciated that since the direct secure mode command message #1 is not encrypted, the K _NRP ID MSB #1 in the direct secure mode command message #1 is readily available to third party attackers.

After receiving the direct security mode command message #1, the second terminal device may generate K _NRP-sess according to nonce #1, nonce #2, and K _NRP. Further, the second terminal device generates EK and IK using K _NRP-sess.

It will be appreciated that after the second terminal device receives the direct connection secure mode command message #1, both the second terminal device and the first terminal device may generate EK and IK, and therefore, the second terminal device and the first terminal device may use EK and IK to encrypt and integrity protect signaling of subsequent interactions.

S504, the second terminal device transmits the direct connection security mode complete message #1 (an example of the first message) based on EK encryption to the first terminal device.

The direct security mode complete message #1 may include LSB #1 of K _NRP ID (an example of the first parameter is denoted as K _NRP ID LSB # 1).

Accordingly, in S504, the first terminal device receives the direct-connection security mode completion message #1 from the second terminal device, and may decrypt the direct-connection security mode completion message #1 based on the EK to acquire the K _NRP ID LSB #1 included in the direct-connection security mode completion message #1.

S505, the first terminal apparatus transmits the direct communication accept message #1 (an example of the second message) based on the EK encryption to the second terminal apparatus.

The direct communication accept message #1 may include the msb#2 of K _NRP ID (an example of the second parameter is denoted as K _NRP ID msb#2). It should be appreciated that K _NRP ID MSB#2 is different from K _NRP ID MSB#1.

Accordingly, in S505, the second terminal device receives the direct communication accept message #1 from the first terminal device, and may decrypt the direct communication accept message #1 based on the EK to acquire K _NRP ID msb#2 included in the direct communication accept message # 1.

It will be appreciated that after the second terminal device receives the direct communication accept message #1 from the first terminal device, it indicates that the unicast connection between the first terminal device and the second terminal device (i.e. connection 1 shown in fig. 5, an example of the first unicast connection) has been successfully established.

S506, the first terminal device and the second terminal device generate K _NRP ID (an example of key identification).

It should be understood that the first terminal device and the second terminal device generate K _NRP ID based on the LSB and MSB of the K _NRP ID newly acquired. That is, the first terminal device and the second terminal device generate K _NRP ID based on K _NRP ID msb#2 and K _NRP ID lsb#1.

It is understood that in S506, neither the K _NRP ID msb#2 nor the K _NRP ID lsb#1 used by the first terminal device and the second terminal device to generate the K _NRP ID is transmitted in the plain text. Thus, the third party attacker cannot obtain K _NRP ID msb#2 and K _NRP ID lsb#1.

After the first terminal device establishes the connection 1 with the second terminal device, the first terminal device or the second terminal device may initiate the unicast connection request again. The following description will take the example that the second terminal device initiates the unicast connection request again.

S507, the second terminal device transmits a direct communication request message #2 (an example of the first request message).

The direct communication request message #2 may include an application layer identifier of the second terminal device, and a K _NRP ID generated by the second terminal device in the process of establishing the connection 1.

As is clear from the above, neither K _NRP ID msb#2 nor K _NRP ID lsb#1 for generating K _NRP ID is transmitted in the clear, and therefore, even if a third party attacker acquires K _NRP ID from the direct communication request message #2, connection 1 cannot be associated with the present unicast connection (connection 2 shown in fig. 5, an example of the second unicast connection).

The second terminal device carries K _NRP ID in the direct communication request message #2, for example, two cases are as follows:

Case one:

In case the second terminal device still maintains the connection 1 established with the first terminal device, a unicast connection of the new service is initiated in a broadcast manner, i.e. the direct communication request message #2 is sent in a broadcast manner. The second terminal device, although not specifying to establish a unicast connection with that terminal device, wishes to reuse K _NRP generated during connection 1 establishment if the first terminal device is interested in a new service request, and therefore the second terminal device carries K _NRP ID in the sent direct communication request message.

And a second case:

The second terminal device and the first terminal device both release connection 1, but in case the security context of connection 1 is still preserved, the second terminal device designates to establish the unicast connection again with the first terminal device. In this case, the direct communication request message #2 may further include the first terminal device application layer identifier.

Accordingly, in S507, the first terminal device receives the direct communication request message #2 from the second terminal device.

In the case that the first terminal device still maintains the connection 1 established with the second terminal device, after the first terminal device receives the direct communication request message #2 from the second terminal device, it is determined whether the connection 1 can be reused or not according to other parameters carried in the direct communication request message, that is, it is determined whether new data or service can be transmitted on the unicast link established in the connection 1.

If the first terminal device determines that connection 1 can be multiplexed, S511 to S515 are performed after S507.

If the first terminal device determines that connection 1 cannot be multiplexed, S508a to S510, and S515 are performed after S507.

After the first terminal device receives the direct communication request message #2 from the second terminal device, the first terminal device can identify the identity of the second terminal device according to the application layer identifier of the second terminal device, and determine K _NRP capable of multiplexing the connection 1 according to the K _NRP ID. Therefore, the direct connection authentication and key establishment procedure can be omitted in the process of establishing the connection 2 by the first terminal device and the second terminal device. Further, S508b to S510, and S515 are performed after S507.

S508a, the first terminal device transmits a direct connection security mode command message #2 (an example of the first response message) to the second terminal device.

K _NRP ID may be included in the direct security mode command message # 2.

As described above, the first terminal device transmits the direct connection security mode command message #2 to the second terminal device to initiate a security negotiation flow of a new unicast connection with the second terminal device in case it is determined that the connection 1 cannot be multiplexed. The K _NRP ID carried in the direct security mode command message #2 is used to indicate that the second terminal device can reuse K _NRP in connection 1.

Optionally, msb#3 of K _NRP ID (denoted as K _NRP ID msb#3) may also be included in the direct security mode command message #2.

S508b, the first terminal device sends a direct connection security mode command message #3 to the second terminal device.

Msb#3 of K _NRP ID (denoted as K _NRP ID msb#3) may be included in the direct connection security mode command message # 3.

S509, the second terminal device sends the first terminal device an EK-encryption-based direct connection security mode complete message #2.

Lsb#2 of K _NRP ID (denoted as K _NRP ID lsb#2) may be included in the direct connection security mode message # 2.

Accordingly, in S509, the first terminal device receives the direct connection security mode completion message #2 from the second terminal device, and decrypts the direct connection security mode completion message #2 based on the EK to acquire the K _NRP ID LSB #2 included in the direct connection security mode completion message #2.

S510, the first terminal device sends the direct communication accept message #2 based on EK encryption to the second terminal device.

The direct communication accept message #2 may include the MSB #4 of K _NRP ID (denoted as K _NRP ID MSB # 4).

Accordingly, in S510, the second terminal device receives the direct communication accept message #2 from the first terminal device, and decrypts the direct communication accept message #2 based on the EK to acquire K _NRP ID msb#4 included in the direct communication accept message #2.

S511, the first terminal device and the second terminal device execute a connection modification procedure.

In case the first terminal device determines that connection 1 can be multiplexed, a modification procedure of the unicast link of connection 1 is initiated such that new traffic and previous traffic are transmitted simultaneously on the unicast link established in connection 1.

In particular, the steps of the connection modification procedure performed by the first terminal device and the second terminal device may refer to the prior art, and for brevity, the embodiment of the present application will not be described in detail.

S512, the first terminal apparatus transmits a connection identifier update request message (an example of the second request message) based on EK encryption to the second terminal apparatus.

The connection identification update request message may include the msb#3 of K _NRP ID (denoted as K _NRP ID msb#3).

Accordingly, in S512, the second terminal device receives the connection identification update request message from the first terminal device, and decrypts the connection identification update request message based on the EK to acquire K _NRP ID msb#3 included in the connection identification update request message.

S513, the second terminal device sends a connection identifier update response message based on EK encryption to the first terminal device.

Lsb#2 of K _NRP ID msb#3 and K _NRP ID (denoted as K _NRP ID lsb#2) may be included in the connection identification update response message.

Accordingly, in S513, the first terminal device receives the connection identification update response message from the second terminal device, and decrypts the connection identification update response message based on the EK to acquire K _NRP ID msb#3 and K _NRP ID lsb#2 included in the connection identification update request message.

S514, the first terminal device sends an EK-encryption-based connection identifier update acknowledgement (LINK IDENTIFIER update ack) message to the second terminal device.

The connection identification update confirm message may include K _NRP ID LSB #2.

Accordingly, in S514, the second terminal device receives the connection identification update confirm message from the first terminal device, and decrypts the connection identification update confirm message based on the EK to obtain the K _NRP ID LSB #2 included in the connection identification update confirm message.

S515, the first terminal device and the second terminal device generate K _NRP ID.

It should be understood that the first terminal device and the second terminal device generate K _NRP ID based on the LSB and MSB of the K _NRP ID newly acquired.

If, after S507, the method 500 performs S508a to S510, in S515, the first and second terminal apparatuses generate K _NRP ID based on K _NRP ID msb#4 and K _NRP ID lsb#2.

If, after S507, the method 500 performs S508b to S510, in S515, the first and second terminal apparatuses generate K _NRP ID based on K _NRP ID msb#4 and K _NRP ID lsb#2.

If, after S507, the method 500 performs S511 to S514, in S515, the first and second terminal apparatuses generate K _NRP ID based on K _NRP ID msb#3 and K _NRP ID lsb#2.

In the embodiment of the application, in the process of establishing the connection 1 between the first terminal device and the second terminal device, the second terminal device carries the MSB#2 used for generating the K _NRP ID in the direct connection security mode completion message #1, so that the LSB#1 and the MSB#2 used for generating the K _NRP ID are ensured not to be transmitted in the plaintext. In the process of establishing the connection 2 between the first terminal device and the second terminal device, even if the second terminal device carries the K _NRP ID in the DCR message, the third party attacker cannot correlate the previously obtained msb#1 with the K _NRP ID carried in the DCR message, so that the connection privacy of the first terminal device and the second terminal device is protected.

Fig. 6 shows a schematic flow chart of a method provided by an embodiment of the application. As shown in fig. 6, the method 600 may include S601 to S617, and the respective steps are described in detail below.

S601, the second terminal device sends a direct communication request message #1. Accordingly, in S601, the first terminal device receives the direct communication request message #1 from the second terminal device.

S602, a direct connection authentication and key establishment flow is executed between the second terminal equipment and the first terminal equipment.

S603, the first terminal device sends a direct connection security mode command message #1 to the second terminal device. Accordingly, in S603, the second terminal device receives the direct connection security mode command message #1 from the first terminal device.

Optionally, msb#1 of K _NRP ID (denoted as K _NRP ID msb#1) may also be included in the direct security mode command message # 1.

S604, the second terminal device transmits the direct connection security mode complete message #1 (an example of the first message) based on EK encryption to the first terminal device.

Accordingly, in S604, the first terminal device receives the direct-connection security mode completion message #1 from the second terminal device, and may decrypt the direct-connection security mode completion message #1 based on the EK to obtain the K _NRP ID LSB #1 included in the direct-connection security mode completion message #1.

The manner in which the first terminal device and the second terminal device generate the EK may refer to the descriptions in S502 to S503, and for brevity, the embodiments of the present application are not repeated.

S605, the first terminal apparatus transmits the direct connection secure mode confirm message #1 (an example of the second message) based on EK encryption to the second terminal apparatus.

The direct security mode acknowledgement message #1 may include the msb#2 of K _NRP ID (an example of the second parameter is denoted as K _NRP ID msb#2).

Accordingly, in S605, the second terminal device receives the direct connection secure mode confirm message #1 from the first terminal device, and may decrypt the direct connection secure mode confirm message #1 based on the EK to obtain the K _NRP ID msb#2 included in the direct connection secure mode confirm message #1.

S606, the second terminal device sends the direct communication accept message #1 based on EK encryption to the first terminal device.

It will be appreciated that after the second terminal device receives the direct communication accept message #1 from the first terminal device, it indicates that the unicast connection between the first terminal device and the second terminal device (i.e. connection 1 shown in fig. 6, an example of the first unicast connection) has been successfully established.

S607, the first terminal apparatus and the second terminal apparatus generate K _NRP ID (an example of key identification).

It is understood that in S607, neither the K _NRP ID msb#2 nor the K _NRP ID lsb#1 used by the first terminal device and the second terminal device to generate the K _NRP ID is transmitted in the plain text. Thus, the third party attacker cannot obtain K _NRP ID msb#2 and K _NRP ID lsb#1.

S608, the second terminal device transmits the direct communication request message #2 (an example of the first request message).

As is clear from the above, neither K _NRP ID msb#2 nor K _NRP ID lsb#1 for generating K _NRP ID is transmitted in the clear, and therefore, even if a third party attacker acquires K _NRP ID from the direct communication request message #2, connection 1 cannot be associated with the present unicast connection (connection 2 shown in fig. 6, an example of the second unicast connection).

Accordingly, in S608, the first terminal device receives the direct communication request message #2 from the second terminal device.

If the first terminal apparatus determines that connection 1 can be multiplexed, S613 to S617 are performed after S608.

If the first terminal apparatus determines that connection 1 cannot be multiplexed, S609a to S612 and S617 are performed after S608.

After the first terminal device receives the direct communication request message #2 from the second terminal device, the first terminal device can identify the identity of the second terminal device according to the application layer identifier of the second terminal device, and determine K _NRP of the reusable connection 1 according to the K _NRP ID. Therefore, the direct connection authentication and key establishment procedure can be omitted in the process of establishing the connection 2 by the first terminal device and the second terminal device. Further, S609b to S612, and S617 are performed after S507.

S609a, the first terminal device transmits a direct connection security mode command message #2 (an example of the first response message) to the second terminal device.

K _NRP ID may be included in the direct security mode command message # 2.

S609b, the first terminal device sends a direct connection security mode command message #3 to the second terminal device.

S610, the second terminal device sends the first terminal device an EK encryption based direct connection security mode complete message #2.

Accordingly, in S610, the first terminal device receives the direct connection security mode completion message #2 from the second terminal device, and decrypts the direct connection security mode completion message #2 based on the EK to acquire the K _NRP ID LSB #2 included in the direct connection security mode completion message #2.

S611, the first terminal device sends the direct connection security mode confirm message #2 based on EK encryption to the second terminal device.

Accordingly, in S611, the second terminal device receives the direct connection security mode confirm message #2 from the first terminal device, and decrypts the direct connection security mode confirm message #2 based on the EK to acquire the K _NRP ID MSB #4 included in the direct connection security mode confirm message #2.

S612, the second terminal device sends the direct communication accept message #2 based on EK encryption to the first terminal device.

S613, the first terminal device and the second terminal device execute the connection modification procedure.

S614, the first terminal device transmits a connection identifier update request message (an example of the second request message) based on EK encryption to the second terminal device.

Accordingly, in S614, the second terminal device receives the connection identification update request message from the first terminal device, and decrypts the connection identification update request message based on the EK to acquire K _NRP ID msb#3 included in the connection identification update request message.

S615 the second terminal device sends a connection identifier update response message based on EK encryption to the first terminal device.

Accordingly, in S615, the first terminal device receives the connection identification update response message from the second terminal device, and decrypts the connection identification update response message based on the EK to acquire K _NRP ID msb#3 and K _NRP ID lsb#2 included in the connection identification update request message.

S616, the first terminal device sends an EK-encryption-based connection identifier update confirm (LINK IDENTIFIER update ack) message to the second terminal device.

Accordingly, in S616, the second terminal device receives the connection identification update confirm message from the first terminal device, and decrypts the connection identification update confirm message based on the EK to acquire the K _NRP ID LSB #2 included in the connection identification update confirm message.

S617, the first terminal device and the second terminal device generate K _NRP ID.

If the method 600 performs S609a to S612 after S608, the first and second terminal apparatuses generate K _NRP ID based on K _NRP ID msb#4 and K _NRP ID lsb#2 in S617.

If, after S608, the method 800 performs S609b to S612, then in S617 the first and second terminal devices generate K _NRP ID based on K _NRP ID msb#4 and K _NRP ID lsb#2.

If, after S608, the method 600 performs S613 to S616, in S617, the first and second terminal devices generate K _NRP ID based on K _NRP ID msb#3 and K _NRP ID lsb#2.

In the embodiment of the application, in the process of establishing the connection 1 between the first terminal device and the second terminal device, the second terminal device carries the MSB#2 used for generating the K _NRP ID in the direct communication acknowledgement message #1, so that the LSB#1 and the MSB#2 used for generating the K _NRP ID are ensured not to be transmitted in the plaintext. In the process of establishing the connection 2 between the first terminal device and the second terminal device, even if the second terminal device carries the K _NRP ID in the DCR message, the third party attacker cannot correlate the previously obtained msb#1 with the K _NRP ID carried in the DCR message, so that the connection privacy of the first terminal device and the second terminal device is protected.

Fig. 7 shows a schematic flow chart of a method provided by an embodiment of the application. As shown in fig. 7, the method 700 may include S701 to S718, and the respective steps are described in detail below.

S701, the second terminal device sends a direct communication request message #1. Accordingly, in S701, the first terminal device receives the direct communication request message #1 from the second terminal device.

S702, a direct connection authentication and key establishment flow is executed between the second terminal equipment and the first terminal equipment.

S703, the first terminal device sends a direct connection security mode command message #1 to the second terminal device. Accordingly, in S503, the second terminal device receives the direct connection security mode command message #1 from the first terminal device.

S704, the second terminal device sends the first terminal device an EK-encryption-based direct connection security mode complete message #1.

LSB #1 of K _NRP ID may be included in the direct security mode complete message #1.

Accordingly, in S704, the first terminal device receives the direct connection security mode completion message #1 from the second terminal device, and may decrypt the direct connection security mode completion message #1 based on the EK to acquire the K _NRP ID LSB #1 included in the direct connection security mode completion message #1.

S705, the first terminal device sends the direct communication accept message #1 based on EK encryption to the second terminal device.

S706, the second terminal device sends the connection identifier update request message #1 based on EK encryption to the first terminal device.

The connection identifier update request message #1 may include the msb#2 of K _NRP ID (an example of the third parameter is denoted as K _NRP ID msb#2).

Accordingly, in S706, the first terminal device receives the connection identification update request message #1 from the second terminal device, and may decrypt the connection identification update request message #1 based on the EK to acquire the K _NRP ID MSB #2 included in the connection identification update request message #1.

S707, the first terminal apparatus transmits a connection identification update response message #1 based on EK encryption to the second terminal apparatus.

The connection identifier update response message #1 may include K _NRP ID MSB #2 and LSB #2 of K _NRP ID (an example of the fourth parameter is denoted as K _NRP ID LSB # 2).

Accordingly, in S707, the second terminal apparatus receives the connection identification update response message #1 from the first terminal apparatus, and may decrypt the connection identification update response message #1 based on the EK to acquire the K _NRP ID LSB #2 included in the connection identification update response message #1.

S708, the second terminal device sends a connection identifier update confirm message #1 based on EK encryption to the first terminal device.

K _NRP ID lsb#2 may be included in the connection identification update confirm message #1.

Accordingly, in S708, the second terminal device receives the connection identification update confirm message #1 from the first terminal device, and decrypts the connection identification update confirm message #1 based on the EK to acquire the K _NRP ID LSB #2 included in the connection identification update confirm message # 1.

S709, the first terminal device and the second terminal device generate K _NRP ID (an example of key identification).

It should be understood that the first terminal device and the second terminal device generate K _NRP ID based on the LSB and MSB of the K _NRP ID newly acquired. I.e. the first and second terminal devices generate K _NRP ID based on K _NRP ID msb#2 and K _NRP ID lsb#2.

It is understood that in S709, neither the K _NRP ID msb#2 nor the K _NRP ID lsb#2 used by the first terminal device and the second terminal device to generate the K _NRP ID is transmitted in the plain text. Thus, the third party attacker cannot obtain K _NRP ID msb#2 and K _NRP ID lsb#2.

S710, the second terminal device transmits a direct communication request message #2 (an example of the first request message).

As is clear from the above, neither K _NRP ID msb#2 nor K _NRP ID lsb#1 for generating K _NRP ID is transmitted in the clear, and therefore, even if a third party attacker acquires K _NRP ID from the direct communication request message #2, connection 1 cannot be associated with the present unicast connection (connection 2 shown in fig. 7, an example of the second unicast connection).

Accordingly, in S710, the first terminal device receives the direct communication request message #2 from the second terminal device.

If the first terminal device determines that connection 1 can be multiplexed, S714 to S718 are performed after S710.

If the first terminal apparatus determines that connection 1 cannot be multiplexed, S711a to S713, and S718 are performed after S710.

After the first terminal device receives the direct communication request message #2 from the second terminal device, the first terminal device can identify the identity of the second terminal device according to the application layer identifier of the second terminal device, and determine K _NRP of the reusable connection 1 according to the K _NRP ID. Therefore, the direct connection authentication and key establishment procedure can be omitted in the process of establishing the connection 2by the first terminal device and the second terminal device. Further, S711b to S713, and S718 are performed after S710.

S711a, the first terminal device transmits a direct connection security mode command message #2 (an example of the first response message) to the second terminal device.

K _NRP ID may be included in the direct security mode command message # 2.

S711b, the first terminal device transmits a direct connection security mode command message #3 to the second terminal device.

S712, the second terminal device sends the first terminal device an EK-encryption-based direct connection security mode complete message #2.

Lsb#3 of K _NRP ID (denoted as K _NRP ID lsb#3) may be included in the direct connection security mode message # 2.

Accordingly, in S712, the first terminal device receives the direct connection security mode completion message #2 from the second terminal device, and decrypts the direct connection security mode completion message #2 based on the EK to acquire the K _NRP ID LSB #3 included in the direct connection security mode completion message #2.

S713, the first terminal device sends the direct communication accept message #2 based on EK encryption to the second terminal device.

S714, the first terminal device and the second terminal device execute the connection modification procedure.

S715, the first terminal device transmits a connection identifier update request message #2 (an example of the second request message) based on EK encryption to the second terminal device.

The connection identification update request message #2 may include the MSB #4 of K _NRP ID (denoted as K _NRP ID MSB # 4).

Accordingly, in S715, the second terminal device receives the connection identification update request message #2 from the first terminal device, and decrypts the connection identification update request message #2 based on the EK to acquire the K _NRP ID MSB #4 included in the connection identification update request message #2.

S716, the second terminal device sends the connection identifier update response message #2 based on EK encryption to the first terminal device.

Lsb#4 of K _NRP ID msb#4 and K _NRP ID (denoted as K _NRP ID lsb#4) may be included in the connection identification update response message # 2.

Accordingly, in S716, the first terminal device receives the connection identification update response message #2 from the second terminal device, and decrypts the connection identification update response message #2 based on the EK to acquire K _NRP ID msb#4 and K _NRP ID lsb#4 included in the connection identification update request message # 2.

S717, the first terminal device transmits the connection identifier update confirm message #2 based on EK encryption to the second terminal device.

K _NRP ID LSB #4 may be included in the connection identification update confirm message # 2.

Accordingly, in S717, the second terminal device receives the connection identification update confirm message #2 from the first terminal device, and decrypts the connection identification update confirm message #2 based on the EK to acquire the K _NRP ID LSB #4 included in the connection identification update confirm message #2.

S718, the first terminal device and the second terminal device generate K _NRP ID.

If, after S710, the method 700 performs S711a to S713, in S718, the first and second terminal devices generate K _NRP ID based on K _NRP ID msb#3 and K _NRP ID lsb#3.

If, after S710, the method 700 performs S711b to S713, in S718, the first and second terminal devices generate K _NRP ID based on K _NRP ID msb#3 and K _NRP ID lsb#3.

Optionally, after S713, the second terminal device may actively initiate a connection identifier modification procedure to update the key identifier.

If, after S710, the method 700 performs S714 to S717, then in S718, the first and second terminal devices generate K _NRP ID based on K _NRP ID msb#4 and K _NRP ID lsb#4.

In the embodiment of the application, in the process of establishing the connection 1 between the first terminal device and the second terminal device, the second terminal device updates the MSB#2 and the LSB#2 for generating the K _NRP ID in a manner of triggering a connection identification update flow, so that the LSB#2 and the MSB#2 for generating the K _NRP ID are ensured not to be transmitted in the plaintext. In the process of establishing the connection 2 between the first terminal device and the second terminal device, even if the second terminal device carries the K _NRP ID in the DCR message, the third party attacker cannot correlate the previously obtained msb#1 with the K _NRP ID carried in the DCR message, so that the connection privacy of the first terminal device and the second terminal device is protected.

The method provided by the embodiment of the application is described in detail above with reference to fig. 3 to 7. The following describes in detail the apparatus provided in the embodiment of the present application with reference to fig. 8 to 9.

Fig. 8 is a schematic block diagram of a communication device provided by an embodiment of the present application. As shown in fig. 8, the communication apparatus 2000 may include a processing unit 2100 and a transceiving unit 2200.

In one possible design, the communication device 2000 may correspond to the first terminal device in the above method embodiment, for example, may be the first terminal device, or a component (such as a chip or a chip system) configured in the first terminal device.

It is understood that the communication apparatus 2000 may correspond to the first terminal device in the methods 300, 400, 500, 600, 700 according to embodiments of the present application, and the communication apparatus 2000 may include units for performing the methods 300, 400, 500, 600, 700 in fig. 3,4,5, 6, and 7. And, each unit in the communication device 2000 and the other operations and/or functions described above are respectively for implementing the corresponding flows of the method 300 in fig. 3, the method 400 in fig. 4, the method 500 in fig. 5, the method 600 in fig. 6, and the method 700 in fig. 7. It should be understood that the specific process of each unit performing the corresponding steps has been described in detail in the above method embodiments, and is not described herein for brevity.

It should also be appreciated that when the communication apparatus 2000 is a first terminal device, the transceiver unit 2200 in the communication apparatus 2000 may be implemented by a transceiver, for example, may correspond to the transceiver 3020 in the terminal device 3000 shown in fig. 9, and the processing unit 2100 in the communication apparatus 2000 may be implemented by at least one processor, for example, may correspond to the processor 3010 in the terminal device 3000 shown in fig. 9.

It should be further understood that, when the communication apparatus 2000 is a chip or a chip system configured in the first terminal device, the transceiver unit 2200 in the communication apparatus 2000 may be implemented through an input/output interface, and the processing unit 2100 in the communication apparatus 2000 may be implemented through a processor, a microprocessor, an integrated circuit, or the like integrated on the chip or the chip system.

In another possible design, the communication device 2000 may correspond to the second terminal device in the above method embodiment, for example, may be the second terminal device, or a component (such as a chip or a chip system) configured in the second terminal device.

It is understood that the communication apparatus 2000 may correspond to the second terminal device in the methods 300, 400, 500, 600, 700 according to embodiments of the present application, and the communication apparatus 2000 may include units for performing the methods 300, 400, 500, 600, 700 in fig. 3,4,5, and 7. And, each unit in the communication device 2000 and the other operations and/or functions described above are respectively for implementing the corresponding flows of the method 300 in fig. 3, the method 400 in fig. 4, the method 500 in fig. 5, the method 600 in fig. 6, and the method 700 in fig. 7. It should be understood that the specific process of each unit performing the corresponding steps has been described in detail in the above method embodiments, and is not described herein for brevity.

It should also be appreciated that when the communication apparatus 2000 is a second terminal device, the transceiver unit 2200 in the communication apparatus 2000 may be implemented by a transceiver, for example, may correspond to the transceiver 3020 in the terminal device 3000 shown in fig. 9, and the processing unit 2100 in the communication apparatus 2000 may be implemented by at least one processor, for example, may correspond to the processor 3010 in the terminal device 3000 shown in fig. 9.

It should be further understood that, when the communication apparatus 2000 is a chip or a chip system configured in the second terminal device, the transceiver unit 2200 in the communication apparatus 2000 may be implemented through an input/output interface, and the processing unit 2100 in the communication apparatus 2000 may be implemented through a processor, a microprocessor, an integrated circuit, or the like integrated on the chip or the chip system.

Fig. 9 is a schematic structural diagram of a terminal device 3000 according to an embodiment of the present application. The terminal device 3000 may be applied to a system as shown in fig. 1, and perform the functions of the terminal device in the above-described method embodiment. As shown, the terminal device 3000 includes a processor 3010 and a transceiver 3020. Optionally, the terminal device 3000 further comprises a memory 3030. Wherein the processor 3010, the transceiver 3002 and the memory 3030 may communicate with each other via internal connection paths to transfer control and/or data signals, the memory 3030 is used to store a computer program, and the processor 3010 is used to call and run the computer program from the memory 3030 to control the transceiver 3020 to send and receive signals. Optionally, the terminal device 3000 may further include an antenna 3040, for sending uplink data or uplink control signaling output by the transceiver 3020 through a wireless signal.

The processor 3010 and the memory 3030 may be combined into one processing device, and the processor 3010 is configured to execute program codes stored in the memory 3030 to implement the functions described above. In particular implementations, the memory 3030 may also be integrated into the processor 3010 or independent of the processor 3010. The processor 3010 may correspond to the processing unit 2100 in fig. 8.

The transceiver 3020 may correspond to the transceiver unit 2200 in fig. 8, and may also be referred to as a transceiver unit. The transceiver 2020 may include a receiver (or receiver, receiving circuitry) and a transmitter (or transmitter, transmitting circuitry). Wherein the receiver is for receiving signals and the transmitter is for transmitting signals.

It will be appreciated that the terminal device 3000 shown in fig. 9 is capable of carrying out the respective procedures involving the first terminal device in the method embodiments shown in fig. 3 to 7. The operations and/or functions of the respective modules in the terminal device 3000 are respectively for implementing the respective flows in the above-described method embodiments. Reference is specifically made to the description in the above method embodiments, and detailed descriptions are omitted here as appropriate to avoid repetition.

The processor 3010 may be configured to perform the actions described in the foregoing method embodiments as being performed internally by the first terminal device, such as negotiating an encryption key with the second terminal device, generating a key identification, etc. The transceiver 3020 may be used to perform the actions described in the method embodiments above as the first terminal device sending or receiving from the second terminal device, such as sending the second message, receiving the first message, etc. Please refer to the description of the foregoing method embodiments, and details are not repeated herein.

It should also be understood that the terminal device 3000 shown in fig. 9 is capable of implementing the various processes involving the second terminal device in the method embodiments shown in fig. 3-7. The operations and/or functions of the respective modules in the terminal device 3000 are respectively for implementing the respective flows in the above-described method embodiments. Reference is specifically made to the description in the above method embodiments, and detailed descriptions are omitted here as appropriate to avoid repetition.

The processor 3010 may be configured to perform the actions described in the foregoing method embodiments as being performed internally by the second terminal device, such as negotiating an encryption key with the first terminal device, generating a key identification, etc. The transceiver 3020 may be used to perform the actions described in the method embodiments above for the second terminal device to send to or receive from the first terminal device, such as sending a first message, receiving a second message, etc. Please refer to the description of the foregoing method embodiments, and details are not repeated herein.

The terminal device 3000 may further include a power source 3050 for providing power to various devices or circuits in the terminal device.

In addition to this, in order to make the functions of the terminal device more complete, the terminal device 3000 may further include one or more of an input unit 3060, a display unit 3070, an audio circuit 3080, a camera 3090, a sensor 3100, etc., and the audio circuit may further include a speaker 3082, a microphone 3084, etc.

The embodiment of the application also provides a processing device which comprises a processor and an interface, wherein the processor is used for executing the method in any method embodiment.

It should be understood that the processing means described above may be one or more chips. For example, the processing device may be a field programmable gate array (field programmable GATE ARRAY, FPGA), an Application Specific Integrated Chip (ASIC), a system on chip (SoC), a central processing unit (central processor unit, CPU), a network processor (network processor, NP), a digital signal processing circuit (DIGITAL SIGNAL processor, DSP), a microcontroller (micro controller unit, MCU), a programmable controller (programmable logic device, PLD) or other integrated chip.

In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The steps of a method disclosed in connection with the embodiments of the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in the processor for execution. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method. To avoid repetition, a detailed description is not provided herein.

It should be noted that the processor in the embodiments of the present application may be an integrated circuit chip with signal processing capability. In implementation, the steps of the above method embodiments may be implemented by integrated logic circuits of hardware in a processor or instructions in software form. The processor may be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, or discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.

It will be appreciated that the memory in embodiments of the application may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an erasable programmable ROM (erasable PROM), an electrically erasable programmable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM) which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available, such as static random access memory (STATIC RAM, SRAM), dynamic random access memory (DYNAMIC RAM, DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (double DATA RATE SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (ENHANCED SDRAM, ESDRAM), synchronous link dynamic random access memory (SYNCHLINK DRAM, SLDRAM), and direct memory bus random access memory (direct rambus RAM, DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.

According to the method provided by the embodiment of the application, the application further provides a computer program product, which comprises computer program code for causing a computer to execute the method respectively executed by the first terminal device and the second terminal device in the embodiments shown in fig. 3 to 7 when the computer program code runs on the computer.

According to the method provided by the embodiment of the present application, the present application further provides a computer readable storage medium storing program code, which when executed on a computer, causes the computer to perform the method respectively performed by the first terminal device and the second terminal device in the embodiments shown in fig. 3 to 7.

According to the method provided by the embodiment of the application, the application also provides a system which comprises one or more terminal devices.

The policy control network element in the above-mentioned respective device embodiments corresponds completely to the policy control network element or the terminal device in the terminal device and method embodiments, the respective steps are performed by respective modules or units, for example, the communication unit (transceiver) performs the steps of receiving or transmitting in the method embodiments, and other steps than transmitting and receiving may be performed by the processing unit (processor). Reference may be made to corresponding method embodiments for the function of a specific unit. Wherein the processor may be one or more.

As used in this specification, the terms "component," "module," "system," and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a computing device and the computing device can be a component. One or more components may reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between 2 or more computers. Furthermore, these components can execute from various computer readable media having various data structures stored thereon. The components may communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., data from two components interacting with one another in a local system, distributed system, and/or across a network such as the internet with other systems by way of the signal).

Those of ordinary skill in the art will appreciate that the various illustrative logical blocks (illustrative logical block) and steps (steps) described in connection with the embodiments disclosed herein can be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.

In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.

In the above-described embodiments, the functions of the respective functional units may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions (programs). When the computer program instructions (program) are loaded and executed on a computer, the processes or functions according to the embodiments of the present application are fully or partially produced. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a high-density digital video disc (digital video disc, DVD)), or a semiconductor medium (e.g., a Solid State Drive (SSD)), or the like.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. The storage medium includes a U disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.

The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method for generating a key identifier, comprising:

The communication device negotiates an encryption key EK with the second terminal device;

The communication device receives a first message from the second terminal device;

The communication device decrypts the first message based on the EK to obtain a first parameter included in the first message;

The communication device sends a second message encrypted based on the EK to the second terminal device, where the second message includes a second parameter;

The communication device generates a key identifier based on the first parameter and the second parameter, and the key identifier is used to index a key generated by the communication device and the second terminal device during the process of establishing a first unicast connection.

2. The method according to claim 1, wherein the first message is a direct connection security mode completion message during the security mode activation process;

The second message is: a direct connection communication acceptance message in a unicast connection establishment process, or a direct connection security mode confirmation message in a security mode activation process.

3. The method according to claim 1 or 2, wherein the first parameter is the most significant bit (MSB) of the key identifier, and the second parameter is the least significant bit (LSB) of the key identifier; or

The first parameter is the LSB of the key identifier, and the second parameter is the MSB of the key identifier.

4. The method according to claim 1 or 2, wherein, when the communication device maintains the first unicast connection, the method further comprises:

The communication device receives a first request message from the second terminal device, where the first request message is used to request to establish a unicast connection with at least one terminal device, and the first request message includes the key identifier;

When the communication device determines that the first unicast connection cannot be reused, the communication device sends a first response message to the second terminal device, and the first response message is used to initiate a security negotiation process for a second unicast connection between the communication device and the second terminal device; wherein the first response message includes the key identifier, and the key identifier is used to indicate that the key is reused in the second unicast connection.

5. The method according to claim 1 or 2, wherein, when the communication device maintains the first unicast connection, the method further comprises:

When the communication device determines that the first unicast connection can be reused, it sends a second request message to the second terminal device, where the second request message is used to request modification of the first unicast connection.

6. The method according to claim 4, characterized in that before the communication device receives the first request message from the second terminal device, the method further comprises:

The communication device receives a connection identification update request message from the second terminal device;

The communication device decrypts the connection identifier update request message based on the EK to obtain a third parameter included in the connection identifier update request message;

The communication device sends a connection identifier update response message encrypted based on the EK to the second terminal device, where the connection identifier update response message includes a fourth parameter;

The communication device updates the key identifier based on the third parameter and the fourth parameter.

7. The method according to claim 6, wherein the third parameter is the MSB of the key identifier, and the fourth parameter is the LSB of the key identifier; or

The third parameter is the LSB of the key identifier, and the fourth parameter is the MSB of the key identifier.

8. The method according to any one of claims 1, 2, 6 or 7, characterized in that the communication device is a first terminal device or a chip in the first terminal device.

9. A communication device, comprising a transceiver unit and a processing unit:

The processing unit is used to negotiate an encryption key EK with the second terminal device;

The transceiver unit is used to receive a first message from the second terminal device;

The processing unit is further configured to decrypt the first message based on the EK to obtain a first parameter included in the first message;

The transceiver unit is further configured to send a second message encrypted based on the EK to the second terminal device, where the second message includes a second parameter;

The processing unit is further configured to generate a key identifier based on the first parameter and the second parameter, where the key identifier is used to index a key generated by the communication apparatus and the second terminal device during a process of establishing a first unicast connection.

10. The communication device according to claim 9, wherein the first message is a direct connection security mode completion message during the security mode activation process;

11. The communication device according to claim 9 or 10, wherein the first parameter is the most significant bit (MSB) of the key identifier, and the second parameter is the least significant bit (LSB) of the key identifier; or

12. The communication device according to claim 9 or 10, wherein the transceiver unit is further configured to receive a first request message from the second terminal device, the first request message being used to request establishment of a unicast connection with at least one terminal device, the first request message including the key identifier;

The transceiver unit is also used to send a first response message to the second terminal device when it is determined that the first unicast connection cannot be reused, and the first response message is used to initiate a security negotiation process for the second unicast connection between the communication device and the second terminal device; wherein the first response message includes the key identifier, and the key identifier is used to indicate that the key is reused in the second unicast connection.

13. The communication device according to claim 9 or 10, wherein the transceiver unit is further configured to receive a first request message from the second terminal device, the first request message being used to request establishment of a unicast connection with at least one terminal device, the first request message including the key identifier;

The transceiver unit is further configured to send a second request message to the second terminal device when it is determined that the first unicast connection can be reused, where the second request message is used to request modification of the first unicast connection.

14. The communication device according to claim 12, wherein the transceiver unit is further configured to receive a connection identifier update request message from the second terminal device;

The processing unit is further configured to decrypt the connection identifier update request message based on the EK to obtain a third parameter included in the connection identifier update request message;

The transceiver unit is further configured to send a connection identifier update response message encrypted based on the EK to the second terminal device, where the connection identifier update response message includes a fourth parameter;

The processing unit is further configured to update the key identifier based on the third parameter and the fourth parameter.

15. The communication device according to claim 14, wherein the third parameter is the MSB of the key identifier, and the fourth parameter is the LSB of the key identifier; or

16. A communication device, comprising at least one processor, wherein the at least one processor is configured to execute a computer program stored in a memory, so that the communication device implements the method according to any one of claims 1 to 8.

17 . A computer-readable storage medium, comprising a computer program, wherein when the computer program is run on a computer, the computer is caused to execute the method according to claim 1 .