The present invention relates to the filed of wireless communication and, in particular, to a method and a device for negotiating machine type communication device group algorithms.
Machine-to-machine (Machine to Machine, M2M) technology refers to a technology that a machine can communicate with another machine directly without manual intervention. The M2M communication is also called machine type communication (Machine Type Communication, MTC), therefore the M2M device is also called the MTC device.
In the M2M technology, the M2M devices can access the network by utilizing remote connection techniques and close connection techniques. The remote connection techniques includes techniques of a radio access type (Radio Access Type, RAT) such as a global system for mobile communications (Global System For Mobile communications, GSM), a general packet radio service (General Packet Radio Service, GPRS), an universal mobile telecommunications system (Universal Mobile Telecommunications System, UMTS), a system architecture evolution (System Architecture Evolution, SAE) and a worldwide interoperability for microwave access (Worldwide Interoperability For Microwave Access, WiMAX). The close connection techniques includes techniques such as the 802.11b/g, the bluetooth (BlueTooth), the zigbee (Zigbee), a radio frequency identification (Radio Frequency Identification, RFID) technique, and an ultra wideband (Ultra Wideband, UWB) technique. Certainly, some other techniques used to support the M2M communication are not excluded.
A plurality of MTC devices may form a MTC device group, the MTC devices in the group may perform communications between the MTC devices, and may also perform the group communication.
The existing MTC device may negotiate encryption algorithms and integrity algorithms with other MTC devices, so as to realize the encryption and the integrity protection of communicated contents. However, there is not any mechanism for negotiating the group encryption algorithms and the group integrity algorithms currently, therefore, the encryption and the integrity protection of communicated contents cannot be realized when the MTC devices performs the group communication.
In order to solve the problem that the encryption and the integrity protection of communication contents cannot be realized when the MTC devices performs the group communication, multiple aspects of the present invention provide a method for negotiating machine type communication (MTC) device group algorithms, a network side, and a machine type communication device.
An aspect of the present invention provides a method for negotiating machine type communication (MTC) device group algorithms, including: selecting a negotiated group encryption algorithm and a negotiated group integrity algorithm from group encryption algorithms and group integrity algorithms supported by a MTC device; and sending a security mode command message or a radio resource control (RRC) connection reconfiguration message to the MTC device, where the security mode command message or the RRC connection reconfiguration message carries the negotiated group encryption algorithm and the negotiated group integrity algorithm.
Another aspect of the present invention provides a method for negotiating MTC device group algorithms, including: receiving a security mode command message or a radio resource control (RRC) connection reconfiguration message sent by a network side, where the security mode command message or the RRC connection reconfiguration message carries a negotiated group encryption algorithm and a negotiated group integrity algorithm; and obtaining a group integrity key and a group encryption key according to the negotiated group encryption algorithm and the negotiated group integrity algorithm.
Still another aspect of the present invention provides a network side device, including: a first processing module, configured to select a negotiated group encryption algorithm and a negotiated group integrity algorithm from group encryption algorithms and group integrity algorithms supported by a machine type communication (MTC) device; and a first sending module, configured to send a security mode command message or a radio resource control (RRC) connection reconfiguration message to the MTC device, where the security mode command message or the RRC connection reconfiguration message carries the negotiated group encryption algorithm and the negotiated group integrity algorithm selected by the first processing module.
Still another aspect of the present invention provides a MTC device, including: a third receiving module, configured to receive a security mode command message or a radio resource control (RRC) connection reconfiguration message sent by a network side, where the security mode command message or the RRC connection reconfiguration message carries a negotiated group encryption algorithm and a negotiated group integrity algorithm; and a second processing module, configured to obtain a group integrity key and a group encryption key according to the negotiated group encryption algorithm and the negotiated group integrity algorithm received by the third receiving module.
According to the solutions provided in the above aspects, the negotiated group encryption algorithm and the negotiated group integrity algorithm are selected from the group encryption algorithms and the group integrity algorithms supported by the MTC device, and sent to the MTC device, so that the MTC device obtains a group integrity key and a group encryption key according to the group encryption algorithm and the group integrity algorithm. Thus, the MTC device can realize the encryption and the integrity protection of communication contents when performing group communication.
In order to make the objectives, technical solutions, and advantages of embodiments of the present invention more clearly, the technical solutions in embodiments of the present invention are hereinafter described clearly and completely with reference to the accompanying drawings in embodiments of the present invention. Obviously, the described embodiments are only a part of embodiments of the present invention, rather than all embodiments of the present invention. All the other embodiments obtained by persons of ordinary skill in the art based on embodiments of the present invention without any creative efforts shall fall within the protection scope of the present invention.
Please refer to
S11, selecting a negotiated group encryption algorithm and a negotiated group integrity algorithm from group encryption algorithms and group integrity algorithms supported by a UE.
In this embodiment, the UE serves as a MTC device supporting the group communication and belongs to a MTC device group. The network side device may obtain group security capabilities of the UE firstly, where the group security capabilities include group encryption algorithms and group integrity algorithms supported by the UE. Then, the network side device may select the negotiated group encryption algorithm and the negotiated group integrity algorithm from the group encryption algorithms and the group integrity algorithms supported by the UE. Preferably, the network side device may select the negotiated group encryption algorithm and the negotiated group integrity algorithm from the group encryption algorithms and the group integrity algorithms supported by the UE according to an algorithm priority list of a network side.
In an implementation of this embodiment, group security capabilities of all the MTC devices in the MTC device group are the same, and the network side device has pre-configured the group security capabilities of the UE. Therefore, the UE does not need to report the group security capabilities to the network side device. The network side device selects the negotiated group encryption algorithm and the negotiated group integrity algorithm according to the pre-configured group security capabilities.
In another implementation of this embodiment, the UE sends an attach request (attach request) message to the network side device. The attach request message carries group security capabilities of the UE. For example, a user equipment security capability (UE security capability) IE (Information Element) in the attach request message may be extended to carry the group security capabilities, or, a user equipment group security capability (UE group security capability) IE (Information Element) may be added in the attach request message to carry the group security capabilities.
In another implementation of this embodiment, device security capabilities of all the MTC devices in the MTC device group are the same, where the device security capabilities include device encryption algorithms and device integrity algorithms. Moreover, the group security capabilities of all the MTC devices in the MTC device group are consistent with the device security capabilities thereof. That is to say, the group encryption algorithms supported by the UE are the same as the device encryption algorithms supported by the UE, and the group integrity algorithms supported by the UE are the same as the device integrity algorithms supported by the UE. In this case, the UE sends the attach request message to the network side device, where the attach request message carries device security capabilities of the UE. The network side device may select group algorithms such as the negotiated group algorithm and the negotiated group integrity algorithm according to the device security capabilities of the UE directly. Optionally, the network side device may also deem the negotiated group encryption algorithm as a negotiated device encryption algorithm, and deem the negotiated group integrity algorithm as a negotiated device integrity algorithm.
S12, sending a security mode command message or a radio resource control (Radio Resource Control, RRC) connection reconfiguration message to the UE, where the security mode command message or the RRC connection reconfiguration message carries the negotiated group encryption algorithm and the negotiated group integrity algorithm.
In this embodiment, the UE receives the negotiated group encryption algorithm and the negotiated group integrity algorithm sent by the network side device, and obtains a group integrity key and a group encryption key according to the negotiated group encryption algorithm and the negotiated group integrity algorithm.
In an implementation of this embodiment, the network side device sends a security mode command (Security Mode Command, SMC) to the UE. A group security config security mode command (group security config SMC) IE (Information Element) is added in the security mode command message to carry the negotiated group encryption algorithm and the negotiated group integrity algorithm; or, a group security config (group security config) IE (Information Element) is added in a security config security mode command (security config SMC) IE (Information Element) in the security mode command message to carry the negotiated group encryption algorithm and the negotiated group integrity algorithm; or, two parameters are added in a security algorithm config (Security Algorithm Config) IE (Information Element) in the security mode command message to carry the negotiated group encryption algorithm and the negotiated group integrity algorithm.
In another implementation of this embodiment, the network side device sends a RRC connection reconfiguration message to the UE. Two parameters are added in the security algorithm config (Security Algorithm Config) IE (Information Element) in the RRC connection configuration message to carry the negotiated group encryption algorithm and the negotiated group integrity algorithm; or, a group security config IE (Information Element) is added in the RRC connection reconfiguration message to carry the negotiated group encryption algorithm and the negotiated group integrity algorithm.
In another implementation of this embodiment, the device security capabilities of all the MTC devices in the MTC device group are the same, and the group security capabilities of all the MTC devices in the MTC device group are consistent with the device security capabilities thereof. The negotiated group encryption algorithm selected by the network side device is the same as the negotiated device encryption algorithm, and the negotiated group integrity algorithm is the same as the negotiated device integrity algorithm. In this case, the network side device sends a security mode command message or a RRC connection reconfiguration message to the UE. The security mode command message or the RRC connection reconfiguration message carries the negotiated group encryption algorithm, the negotiated group integrity algorithm, and a group algorithm opening indication, where the group algorithm opening indication is used to indicate that the negotiated group encryption algorithm is the same as the negotiated device encryption algorithm, and the negotiated group integrity algorithm is the same as the negotiated device integrity algorithm.
In this embodiment, the negotiated group encryption algorithm and the negotiated group integrity algorithm are selected from the group encryption algorithms and the group integrity algorithms supported by the MTC device, and sent to the MTC device, so that the MTC device obtains a group integrity key and a group encryption key according to the group encryption algorithm and the group integrity algorithm. Thus, the MTC device can realize the encryption and the integrity protection of communication contents when performing group communication.
Please refer to
S21, receiving a security mode command message or a radio resource control (RRC) connection reconfiguration message sent by a network side, where the security mode command message or the RRC connection reconfiguration message carries a negotiated group encryption algorithm and a negotiated group integrity algorithm.
In an implementation of this embodiment, before S21, the method further includes: sending an attach request message to the network side, where the attach request message carries group encryption algorithms and group integrity algorithms supported by the user equipment, so that the network side selects the negotiated group encryption algorithm and the negotiated group integrity algorithm from the group encryption algorithms and the group integrity algorithms supported by the user equipment.
In another implementation of this embodiment, before S21, the method further includes: sending an attach request message to the network side, wherein the attach request message carries device encryption algorithms and device integrity algorithms supported by the user equipment, the group encryption algorithms supported by the user equipment are the same as the device encryption algorithms supported by the user equipment, and the group integrity algorithms supported by the user equipment are the same as the device integrity algorithms supported by the user equipment, so that the network side selects the negotiated group encryption algorithm and the negotiated group integrity algorithm from the group encryption algorithms and the group integrity algorithms supported by the user equipment.
Optionally, the network side device may also deem the negotiated device encryption algorithm as the negotiated group encryption algorithm, and deem the negotiated device integrity algorithm as the negotiated group integrity algorithm. In this case, preferably, the security mode command message or the RRC connection reconfiguration message in S21 carries the negotiated group encryption algorithm, the negotiated group integrity algorithm and a group algorithm opening indication. The group algorithm opening indication is used to indicate that the negotiated group encryption algorithm is the same as the negotiated device encryption algorithm, and the negotiated group integrity algorithm is the same as the negotiated device integrity algorithm.
S22, obtaining a group integrity key and a group encryption key according to the negotiated group encryption algorithm and the negotiated integrity algorithm.
Please refer to
In an implementation of this embodiment, the network side device 30 further includes a first receiving module 33 which is configured to receive an attach request message sent by the user equipment, where the attach request message carries the group encryption algorithms and the group integrity algorithms supported by the user equipment.
In another implementation of this embodiment, the network side device 30 further includes a second receiving module 34 which is configured to receive an attach request message sent by the user equipment, where the attach request message carries device encryption algorithms and device integrity algorithms supported by the user equipment. The group encryption algorithms supported by the user equipment are the same as the device encryption algorithms supported by the user equipment, and the group integrity algorithms supported by the user equipment are the same as the device integrity algorithms supported by the user equipment.
In another implementation of this embodiment, the first processing module 31 is specifically configured to select the negotiated group encryption algorithm and the negotiated group integrity algorithm from the group encryption algorithms and the group integrity algorithms supported by the user equipment, where the group encryption algorithms and the group integrity algorithms supported by the user equipment are pre-configured.
In another implementation of this embodiment, the first processing module 31 is specifically configured to select the negotiated group encryption algorithm and the negotiated group integrity algorithm from the group encryption algorithms and the group integrity algorithms supported by the user equipment according to an algorithm priority list of a network side.
In another implementation of this embodiment, the first sending module 32 is specifically configured to send a security mode command message or a RRC connection reconfiguration message to the user equipment, where the security mode command message or the RRC connection reconfiguration message carries the negotiated group encryption algorithm and the negotiated group integrity algorithm selected by the first processing module 31 and a group algorithm opening indication. The group algorithm opening indication is used to indicate that the negotiated group encryption algorithm is the same as negotiated device encryption algorithm, and the negotiated group integrity algorithm is the same as negotiated device integrity algorithm.
Please refer to
In an implementation of this embodiment, the MTC device 40 further includes a second sending module 43 which is configured to send an attach request message to the network side, where the attach request message carries group encryption algorithms and group integrity algorithms supported by the MTC device, so that the network side selects the negotiated group encryption algorithm and the negotiated integrity algorithm from the group encryption algorithms and the group integrity algorithms supported by the MTC device.
In another implementation of this embodiment, the MTC device 40 further includes a third sending module 44 which is configured to send an attach request message to the network side, where the attach request message carries device encryption algorithms and device integrity algorithms supported by the MTC device, the group encryption algorithms supported by the MTC device are the same as the device encryption algorithms supported by the MTC device, and the group integrity algorithms supported by the MTC device are the same as the device encryption algorithms supported by the MTC device, so that the network side selects the negotiated group encryption algorithm and the negotiated group integrity algorithm from the group encryption algorithms and the group integrity algorithms supported by the MTC device.
In another implementation of this embodiment, the third receiving module 41 is specifically configured to receive a security mode command (SMC) message or a radio resource control (RRC) connection reconfiguration message sent by the network side, where the security mode command message or the RRC connection reconfiguration message carries the negotiated group encryption algorithm, the negotiated group integrity algorithm and a group algorithm opening indication. The group algorithm opening indication is used to indicate that the negotiated group encryption algorithm is the same as the negotiated device encryption algorithm, and the negotiated group integrity algorithm is the same as the negotiated device integrity algorithm.
Finally, persons of ordinary skill in the art may understand that all or a part of the steps of the methods according to embodiments of the present invention may be implemented by a program instructing relevant hardware. The program may be stored in a computer readable storage medium. When the program runs, the steps of the methods according to the foregoing embodiments are performed. The storage medium may be a disk, a CD, a read-only memory (ROM), or a random access memory (RAM), etc.
In embodiments of the present invention, it may that all functional units are integrated within one processing module, it may also be that each functional unit is in separate physical existence, and it may also be that two or more such units are integrated within one module. The above-mentioned integrated module may be realized in the form of hardware, and may also be realized in the form of software function module. If the integrated module is realized in the form of software function module and is for sale or used as an independent product, it may also be stored in a computer readable storage medium. The mentioned storage medium may be a read-only memory, a disk, or a CD, etc. Each device or system mentioned above can implement the corresponding methods according to the embodiments.
The above are merely preferred embodiments of the present invention, and shall not be considered as a limitation to the present invention. Any amendment, equivalent replacement, and improvement within the spirit and the principle of the present invention shall fall within the protection scope of the present invention.
Number | Date | Country | Kind |
---|---|---|---|
201110162932.2 | Jun 2011 | CN | national |
This application is a continuation of International Patent Application No. PCT/CN2012/077083, filed on Jun. 18, 2012, which claims priority to Chinese Patent Application No. 201110162932.2, filed on Jun. 17, 2011, both of which are hereby incorporated by reference in their entireties.
Number | Date | Country | |
---|---|---|---|
Parent | PCT/CN2012/077083 | Jun 2012 | US |
Child | 14109809 | US |