Key exchange method and apparatus
First Claim
1. A key exchange method, wherein a device to device (D2D) link is established between a first user equipment and a second user equipment, and the method comprises:
- acquiring, by a network device, a first key;
sending, by the network device, a message comprising the first key to the second user equipment;
determining, by the network device, a cryptographic algorithm usable by the first user equipment and the second user equipment, the cryptographic algorithm including an encryption algorithm and an integrity protection algorithm;
sending, by the network device, the cryptographic algorithm to the first user equipment and the second user equipment, whereinthe first user equipment is configured toacquire the first key,generate an encryption key according to the first key and the encryption algorithm,generate an integrity protection key according to the first key and the integrity protection algorithm, andwhen transmitting a first information to the second user equipment using the D2D link, use the encryption key to encrypt the first information and the integrity protection key to perform integrity protection on the first information,the second user equipment is configured to, upon receiving the first key from the network device,generate the encryption key according to the first key and the encryption algorithm,generate the integrity protection key according to the first key and the integrity protection algorithm, andwhen transmitting a second information to the first user equipment using the D2D link, use the encryption key to encrypt the second information and the integrity protection key to perform integrity protection on the second information.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention disclose a key exchange method and apparatus, which relate to the communications field, and can enable user equipments establishing a D2D link to share a set of keys, and further, information security can be achieved when a user equipment transmits service data or a signaling message through a Ud interface. A specific solution is that: a network device acquires a first key, and sends a message including the first key to a second user equipment, so that the second user equipment uses, when communicating with a first user equipment by using a D2D link, the first key to protect transmitted information. The present invention is applicable to an exchange process of keys for protecting data on a D2D link.
17 Citations
38 Claims
-
1. A key exchange method, wherein a device to device (D2D) link is established between a first user equipment and a second user equipment, and the method comprises:
-
acquiring, by a network device, a first key; sending, by the network device, a message comprising the first key to the second user equipment; determining, by the network device, a cryptographic algorithm usable by the first user equipment and the second user equipment, the cryptographic algorithm including an encryption algorithm and an integrity protection algorithm; sending, by the network device, the cryptographic algorithm to the first user equipment and the second user equipment, wherein the first user equipment is configured to acquire the first key, generate an encryption key according to the first key and the encryption algorithm, generate an integrity protection key according to the first key and the integrity protection algorithm, and when transmitting a first information to the second user equipment using the D2D link, use the encryption key to encrypt the first information and the integrity protection key to perform integrity protection on the first information, the second user equipment is configured to, upon receiving the first key from the network device, generate the encryption key according to the first key and the encryption algorithm, generate the integrity protection key according to the first key and the integrity protection algorithm, and when transmitting a second information to the first user equipment using the D2D link, use the encryption key to encrypt the second information and the integrity protection key to perform integrity protection on the second information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A key exchange method, wherein a device to device (D2D) link is established between a first user equipment and a second user equipment, and the method comprises:
-
acquiring, by the first user equipment, a first key; receiving, by the first user equipment, a cryptographic algorithm from a network device, the cryptographic algorithm including an encryption algorithm and an integrity protection algorithm; generating, by the first user equipment, an encryption key according to the first key and the encryption algorithm; generating, by the first user equipment, an integrity protection key according to the first key and the integrity protection algorithm; using, by the first user equipment when transmitting a first information to the second user equipment by using the D2D link, the first encryption key to encrypt the first information and the integrity protection key to perform integrity protection on the first information, wherein the second user equipment is configured to receive the first key from the network device, generate the encryption key according to the first key and the encryption algorithm, generate the integrity protection key according to the first key and the integrity protection algorithm, and, when transmitting a second information to the first user equipment using the D2D link, use the encryption key to encrypt a second information and the integrity protection key to perform integrity protection on the second information. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A key exchange method, wherein a device to device (D2D) link is established between a first user equipment and a second user equipment, and the method comprises:
-
acquiring, by the first user equipment, a first Diffie-Hellman (DH) exchange value by generating the first DH exchange value using a first value of a primitive root parameter and a second value of a prime number parameter; sending, by the first user equipment, the first DH exchange value to a network device, so that;
the network device sends the first DH exchange value to the second user equipment;
the second user equipment acquires a second DH exchange value by generating the second DH exchange value using the first value and the second value as a primitive root parameter and a prime number parameter, respectively;
further, the second user equipment generates a key according to the first DH exchange value; and
further, the second user equipment sends the second DH exchange value to the network device; andreceiving, by the first user equipment, the second DH exchange value from the network device, and generating the key according to the second DH exchange value, wherein; the key is used to protect data transmitted on the D2D link.
-
-
19. A key exchange method, wherein a device to device (D2D) link is established between a first user equipment and a second user equipment, and the method comprises:
-
receiving, by a network device, a first Diffie-Hellman (DH) exchange value from the first user equipment, the DH exchange value having been generated by the first user equipment using a first value of a primitive root parameter and a second value of a prime number parameter; sending, by the network device, the first DH exchange value to the second user equipment, so that the second user equipment acquires a second DH exchange value having been generated by the second user equipment by using the first value and the second value as a primitive root parameter and a prime number parameter, respectively, and further, the second user equipment generates a key according to the first DH exchange value; receiving, by the network device, the second DH exchange value from the second user equipment; and sending, by the network device, the second DH exchange value to the first user equipment, so that the first user equipment generates the key according to the second DH exchange value.
-
-
20. A network device, wherein a device to device (D2D) link is established between a first user equipment configured to acquire and use a first key and a second user equipment, and the network device comprises:
-
a transmitter; and at least one processor, configured to acquire a first key used by the first user equipment, determine a cryptographic algorithm usable by the first user equipment and the second user equipment, the cryptographic algorithm including an encryption algorithm and an integrity protection algorithm, control the transmitter to send the cryptographic algorithm to the first user equipment, so that the first user equipment acquires the first key, generates an encryption key according to the first key and the encryption algorithm, generates an integrity protection key according to the first key and the integrity protection algorithm, and uses, when transmitting a first information to the second user equipment using the D2D link, the encryption key to encrypt the first information and the integrity protection key to perform integrity protection on the first information, and control the transmitter to send the cryptographic algorithm and a message comprising the first key to the second user equipment, so that the second user equipment generates an encryption key according to the first key and the encryption algorithm, generates an integrity protection key according to the first key and the integrity protection algorithm and uses, when transmitting a second information to the first user equipment by using the D2D link, the encryption key to encrypt the second information and the integrity protection key to perform integrity protection on the second information. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A user equipment, wherein a device to device (D2D) link is established between the user equipment and a second user equipment, and the user equipment comprises:
-
a receiver to receive a cryptographic algorithm from a network device, the cryptographic algorithm including an encryption algorithm and an integrity protection algorithm; at least one processor, configured to acquire a first key, generate encryption key according to the first key and the encryption algorithm; generate an integrity protection key according to the first key and the integrity protection algorithm; and a memory, configured to store the first key acquired by the at least one processor, wherein; the at least one processor is further configured to use, when communicating with the second user equipment by using the D2D link by transmitting a first information to the second user equipment, use the encryption key to encrypt a first information and the integrity protection key to perform integrity protection on the first information, and receive a second information from the second user equipment by using the D2D link, the second information being protected by the second user equipment using the first key by the second information having been encrypted using the encryption key generated according to the first key and the encryption algorithm. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
-
-
37. A user equipment, wherein a device to device (D2D) link is established between the user equipment and a second user equipment, and the user equipment comprises:
-
a transmitter; a receiver; and at least one processor, configured to acquire a first Diffie-Hellman (DH) exchange value by generating the first DH exchange value using a first value of a primitive root parameter and a second value of a prime number parameter; control the transmitter to send the first DH exchange value to a network device, so that the network device sends the first DH exchange value to the second user equipment;
the second user equipment acquires a second DH exchange value by generating the second DH exchange value using the first value and the second value as a primitive root parameter and a prime number parameter, respectively;
further, the second user equipment generates a key according to the first DH exchange value; and
further, the second user equipment sends the second DH exchange value to the network device; andupon the receiver receiving the second DH exchange value from the network device, generate the key according to the second DH exchange value, wherein; the key is used to protect data transmitted on the D2D link.
-
-
38. A network device, wherein a device to device (D2D) link is established between a first user equipment and a second user equipment, and the network device comprises:
-
a receiver, configured to receive a first Diffie-Hellman (DH) exchange value from the first user equipment, the DH exchange value having been generated by the first user equipment using a first value of a primitive root parameter and a second value of a prime number parameter; and a transmitter, configured to send the first DH exchange value to the second user equipment, so that the second user equipment acquires a second DH exchange value having been generated by the second user equipment by using the first value and the second value as a primitive root parameter and a prime number parameter, respectively, and further, the second user equipment generates a key according to the first DH exchange value, wherein the receiver is further configured to receive the second DH exchange value from the second user equipment; and the transmitter is further configured to send the second DH exchange value to the first user equipment, so that the first user equipment generates the key according to the second DH exchange value.
-
Specification