The disclosure relates to the field of Device to Device (D2D) communication, and in particular to a method for managing a D2D communication group, a device and a storage medium.
In the current Long Term Evolution (LTE) network and LTE-Advanced (LTE-A) network, D2D communication is that a mobile device directly performs Peer to Peer (P2P) communication by sharing/reusing a wireless link (an up link or a down link) of a wireless communication network. In the current infrastructure-based cellular mobile communication network, a base station, as a central control node, is the only access point for the mobile device to obtain network services. All mobile devices can communicate with a certain particular base station in the network only through an uplink or downlink channel in a cellular system.
At present, during the D2D communication, a D2D group sets a Group Owner (GO) to manage devices in the D2D group, and a shared key of the D2D group is managed by a D2D functional entity at a network side, that is, the management of the D2D group and the management of the shared key are two independent processes, then a situation where the two processes are out of sync may appear; for example, after a new device joins in the D2D group, in order to ensure the communication security of the D2D group, the D2D functional entity at the network side will not issue the shared key to the new device, so the new device cannot communicate with the other devices in the group even it joins in the D2D group; if the D2D functional entity at the network side issues the shared key to the new device separately, there may be a risk of divulging the key caused by issuing the key separately.
Thus, in the prior art, there is not a method for managing a D2D communication group that can give consideration to both reliability of D2D communication and dynamic change of devices in the D2D group.
In view of the above, embodiments of the disclosure are intended to provide a method for managing a D2D communication group, a device and a storage medium, so as to give consideration to both reliability of D2D communication and dynamic change of devices in the D2D group.
The technical solutions of the disclosure are implemented as follows.
In a first aspect, the disclosure provides a method for managing a D2D communication group, which includes: a network-side device establishes a D2D communication group, and issues a shared key generated for the D2D communication group to all devices in the D2D communication group, herein the shared key is used for D2D communication of all the devices; and the network-side device determines that the D2D communication of the D2D communication group ends, and deletes the D2D communication group and the shared key.
Based on the above solution, the step that the network-side device establishes the D2D communication group may include: the network-side device receives a group establishing request sent by a first device, herein the group establishing request carries first identity information of the first device and second identity information of a second device; and the network-side device establishes the D2D communication group based on the first identity information and the second identity information.
Based on the above solution, after the network-side device generates the shared key for the D2D communication group, and before the network-side device determines that the D2D communication of the D2D communication group ends, the method may further include: the network-side device sends group identity information of the D2D communication group and the shared key to all the devices; the step that the network-side device deletes the D2D communication group and the shared key may include: the network-side device deletes the group identity information and the shared key.
Based on the above solution, the step that the network-side device determines that the D2D communication of the D2D communication group ends may include: the network-side device receives a communication ending message from the first device, and confirms that the D2D communication of the D2D communication group ends.
In a second aspect, the disclose provides a method for managing a D2D communication group, which includes: the first device sends the group establishing request to the network-side device, herein the group establishing request is used for the network-side device to establish the D2D communication group; the first device receives the shared key from the network-side device, and performs the D2D communication with the second device in the D2D communication group based on the shared key; after the D2D communication ends, the first device sends a communication ending message, and deletes the shared key.
Based on the above solution, the step that the first device sends the group establishing request to the network-side device may include: the first device generates the group establishing request carrying the first identity information of the first device and the second identity information of the second device; and the first device sends the group establishing request to the network-side device.
Based on the above solution, before the first device performs the D2D communication based on the shared key, the method may further include: the first device receives the group identity information sent by the network-side device; the step that the first device sends the communication ending message may include: the first device sends the communication ending message carrying the group identity information.
Based on the above solution, the step that the first device performs the D2D communication based on the shared key may include: the first device generates a session key based on the shared key; and the first device performs the D2D communication with the second device by using the session key.
In a third aspect, the disclosure provides a method for managing a D2D communication group, which includes: the second device receives the shared key for the D2D communication group sent by the network-side device; the second device performs the D2D communication with the first device in the D2D communication group based on the shared key; and the second device receives the communication ending message from the first device, and deletes the shared key.
Based on the above solution, the step that the second device performs the D2D communication with the first device in the D2D communication group based on the shared key may include: the second device generates the session key based on the shared key; and the second device performs the D2D communication with the first device by using the session key.
In a fourth aspect, the disclosure provides a network-side device, which includes: a group establishing unit, a key generating unit, a first sending unit and a group deleting unit; herein, the group establishing unit is arranged to establish the D2D communication group; the key generating unit is arranged to generate the shared key for the D2D communication group, herein the shared key is used for the D2D communication of all the devices in the D2D communication group; and the first sending unit is arranged to issue the shared key to all the devices; the group deleting unit is arranged to determine that the D2D communication of the D2D communication group ends, and delete the D2D communication group and the shared key.
Based on the above solution, the group establishing unit may include: a receiving subunit arranged to receive the group establishing request sent by the first device, herein the group establishing request carries the first identity information of the first device and the second identity information of the second device; and a group establishing subunit arranged to establish the D2D communication group based on the first identity information and the second identity information.
Based on the above solution, the first sending unit is further arranged to, after the group establishing unit generates the shared key for the D2D communication group, and before the deleting unit determines that the D2D communication of the D2D communication group ends, send the group identity information of the D2D communication group and the shared key to all the devices; the group deleting unit is further arranged to delete the group identity information and the shared key.
Based on the above solution, the group deleting unit is arranged to receive the communication ending message from the first device, and confirm that the D2D communication of the D2D communication group ends.
In a fifth aspect, the disclosure provides a device, which includes: a second sending unit, a first receiving unit, a first D2D communication unit and a first deleting unit; herein the second sending unit is arranged to send the group establishing request to the network-side device, herein the group establishing request is used for the network-side device to establish the D2D communication group; the second sending unit is further arranged to, after the D2D communication with the second device in the D2D communication group ends, send the communication ending message; the first receiving unit is arranged to receive the shared key from the network-side device; the first D2D communication unit is arranged to perform the D2D communication based on the shared key; and the first deleting unit is arranged to delete the shared key.
Based on the above solution, the second sending unit includes a generating subunit arranged to generate the group establishing request carrying the first identity information of the first device and the second identity information of the second device; and a sending subunit arranged to send the group establishing request to the network-side device.
Based on the above solution, the first receiving unit is arranged to, before the first D2D communication unit performs the D2D communication based on the shared key, receive the group identity information sent by the network-side device; the second sending unit is arranged to send the communication ending message carrying the group identity information.
Based on the above solution, the first D2D communication unit is arranged to generate the session key based on the shared key, and perform the D2D communication with the second device by using the session key.
In a sixth aspect, the disclosure provides a device, which includes: a second receiving unit, a second D2D communication unit and a second deleting unit; herein, the second receiving unit is arranged to receive the shared key for the D2D communication group from the network-side device; the second D2D communication unit is arranged to perform the D2D communication with the first device in the D2D communication group based on the shared key, and receive the communication ending message from the first device; the second deleting unit is arranged to delete the shared key.
Based on the above solution, the second D2D communication unit is further arranged to generate the session key based on the shared key, and perform the D2D communication with the first device by using the session key.
In a seventh aspect, the disclosure provides a computer storage medium having stored thereon a computer executable instruction used for performing at least one of the methods in the first aspect to the third aspect.
According to the method and device for managing a D2D communication group and the storage medium provided by the embodiments of the disclosure, the network-side device establishes the D2D communication group, generates the shared key for the D2D communication group and issues the shared key to all the devices in the D2D communication group; then, after the D2D communication is completed, the network-side device deletes the D2D communication group and the shared key, so it is required to re-establish a group in the next communication. In this way, a group is established and a new key is issued when a communication is performed each time, so that when there is a new device joining the D2D group, the network-side device issues the shared key to all devices in a new group when establishing the new group, thereby it is possible to prevent the risk of divulging the key caused by issuing the key separately, ensure the security of the D2D communication, and give consideration to the dynamic change of the devices in the D2D group.
The preferred embodiments of the disclosure are elaborated below in combination with the accompanying drawings. It should be understood that the preferred embodiments elaborated below are only used for illustrating the disclosure and not intended to limit the disclosure.
Through the method for managing a D2D communication group in the embodiment of the disclosure, when it is needed to perform D2D group communication each time, a D2D communication group is established and a generated shared key is sent to all the devices in the D2D communication group, and after this D2D group communication of the D2D communication group ends, the D2D communication group and the shared key are deleted in time; in this way, there is no possibility that a new device needs to join because of the long existence of the group, and there is no possibility that it is needed to distribute the shared key to the new device; moreover, deleting the D2D communication group and the shared key in time improves the security of the shared key.
The embodiment of the disclosure provides a D2D communication system;
The network-side device 10 is arranged to establish a D2D group, store and manage D2D group information, and generate and issue a shared key;
the first device 20 is arranged to send data to the second device 30 based on the shared key, so as to perform D2D communication, herein the first device 20 and the second device 30 are in the same D2D group; and
the second device 30 is arranged to receive the data from the first device 20 based on the shared key, so as to perform the D2D communication.
In practical application, the network-side device 10 can be an evolved NodeB (eNB), or a Mobility Management Entity (MME), or a ProSE Function device, or a Home Subscriber Server (HSS), or a Serving General Packet Radio Service Support Node (SGSN), or other available network-side devices, which is not limited by the disclosure.
In practical application, the first device 20 and the second device 30 can be mobile terminals for communication in the mobile communication network. A Universal Integrated Circuit Card (UICC) is set on the first device 20 and the second device 30.
In combination with the embodiment of the disclosure, in the D2D communication system, the network-side device 10 is arranged to establish the D2D communication group, and issue the shared key generated for the D2D communication group to all devices in the D2D communication group, herein the shared key is used for the D2D communication of all the devices; the network-side device 10 is further arranged to determine that the D2D communication of the D2D communication group ends, and delete the D2D communication group and the shared key.
The first device 20 is arranged to send a group establishing request to the network-side device, herein the group establishing request is used for the network-side device 10 to establish the D2D communication group, receive the shared key from the network-side device 10, perform the D2D communication with the second device 30 in the D2D communication group based on the shared key, and after the D2D communication ends, send a communication ending message and delete the shared key.
The second device 30 is arranged to receive the shared key for the D2D communication group sent by the network-side device 10, perform the D2D communication with the first device 20 in the D2D communication group based on the shared key, receive the communication ending message from the first device 20, and delete the shared key.
Note that, functions of the first device 20 and the second device 30 can be either integrated on a physical entity, or realized by multiple physical entities, which is not limited by the disclosure.
The method for managing a D2D communication group in the embodiment of the disclosure is elaborated below with reference to the D2D communication system.
In S201, the first device sends a group establishing request to the network-side device;
specifically, the first device generates the group establishing request based on first identity information of the first device, like the International Mobile Subscriber Identification Number (IMSI), the International Mobile Equipment Identity (IMEI) or application identity information on the first device, and second identity information of the second device, like the IMSI, the IMEI or application identity information on the second device; at this point, the group establishing request carriers the first identity information and the second identity information; then, the first device sends the group establishing request to the network-side device.
In S202, the network-side device establishes a D2D communication group;
specifically, after receiving the group establishing request sent by the first device, the network-side device establishes the D2D communication group based on the first identity information and the second identity information, herein the D2D communication group is composed of the first device and the second device.
Based on the above solution, the network-side device may further allocate a group of identity information to the D2D group, so as to uniquely identify the D2D group composed of the first device and the second device.
In S203, the network-side device generates a shared key for the D2D communication group;
herein, the shared key is used for D2D communication between all devices in the D2D group, namely the first device and the second device.
In the present embodiment, the shared key can be either an encrypted key or an encrypted key and an integrity protection key, which is not limited by the disclosure.
In practical application, after S203, the method may also include the following steps.
In S204, the network-side device may further send a group establishment completion message to the first device;
herein, the group establishment completion message is used for informing the first device that the D2D group has been established;
In S205, the network-side device issues the shared key to all the devices in the D2D communication group;
in a specific implementation process, the network-side device may further send group identity information allocated for the D2D group to all the devices in the D2D group while issuing the shared key.
Correspondingly, except receiving the shared key, the first device may further receive the group identity information; likewise, the second also receives the group identity information while receiving the shared key.
In practical application, the network-side device can push the D2D shared key and/or the group identity information to the first device and the second device by way of pushing, or directly send the D2D shared key and/or the group identity information to the first device and the second device by way of security protection of an access layer. Certainly, there may further be other issuing ways, which is not limited by the disclosure.
In S206, the first device saves the shared key;
based on the above solution, the first device saves the shared key and the group identity information.
In S207, the second device saves the shared key;
based on the above solution, the second device saves the shared key and the group identity information.
Note that, S206 and S207 are not ordered; preferably, S206 and S207 are performed at the same time.
In S208, the first device performs the D2D communication with the second device in the D2D communication group based on the shared key;
that is, the first device sends communication data to the second device based on the shared key; after receiving the communication data, the second device verifies the security of the communication data based on the shared key, so as to realize the safe and reliable D2D communication between the first device and the second device.
In S209, after the D2D communication ends, the first device sends a communication ending message to the network-side device and the second device respectively.
In S210, the first device deletes the shared key;
based on the above solution, the first device may further delete the group identity information saved before.
In S211, after receiving the communication ending message, the network-side device determines that the D2D communication of the D2D communication group ends, and deletes the D2D communication group and the shared key;
based on the above solution, after determining that the D2D communication of the D2D communication group ends, the network-side device deletes the group identity information and the shared key.
In S212, the second device deletes the shared key;
based on the above solution, the second may further delete the group identity information saved before.
In another embodiment,
In S308, the first device generates a session key based on the shared key;
specifically, in order to improve the security of the D2D communication, when the first device is about to perform the D2D communication with the second device, first, the first device sends a communication request to the second device, herein the communication request can carry the group identity information and a random number or any other parameter information for ensuring freshness of the key; furthermore, the first device generates the session key by bringing the shared key and the random number or the parameter information for ensuring freshness of the key in a key generation algorithm.
In S309, the second device generates the session key based on the shared key;
specifically, after receiving the communication request, the second device sends a communication response to the first device and establishes a D2D communication connection with the first device; furthermore, the second device generates the session key that is the same as the first device by bringing the shared key and the random number or the parameter information for ensuring freshness of the key in the key generation algorithm that is the same as the first device.
Certainly, the session key may further be generated by other key generation algorithms, which is not limited by the disclosure.
Note that, S308 and S309 are not ordered; preferably, S206 and S207 are performed at the same time.
In S310, the first device and the second device perform the D2D communication by using the session key;
specifically, the first device first encrypts the data to be sent to the second device by using the session key, and then sends the data to the second device; after receiving the data from the first device, the second device decrypts the data by using the session key; in this way, when the first device and the second device perform a session each time, they generate the same session key, so the reliability of session is greatly improved in the process of the D2D communication between the first device and the second device.
Correspondingly, after S209, the method further includes the following steps.
In S311, the first device deletes the shared key and the session key.
In S312, the second device deletes the shared key and the session key.
Based on the above solution, the first device and the second device may further delete the group identity information while deleting the shared key and the session key.
Now, the flow that the D2D communication system manages the D2D communication group is completed.
It can be seen from above that when performing the D2D communication once, the network-side device re-establishes a D2D group and issues a new shared key, so that when there is a new device joining the D2D group, the network-side device issues the shared key to all the devices in the group while establishing a new group, thereby preventing the risk of divulging the key caused by issuing the key separately, ensuring the security of the D2D communication, and giving consideration to the dynamic change of the devices in the D2D group.
The method for managing a D2D communication group is elaborated below from the perspective of the network-side device.
In S401, the network-side device establishes the D2D communication group, and issues the shared key generated for the D2D communication group to all the devices in the D2D communication group, herein the shared key is used for the D2D communication of all the devices;
based on the above solution, S401 may include that: the network-side device receives the group establishing request sent by the first device, herein the group establishing request carries the first identity information of the first device and the second identity information of the second device; and the network-side device establishes the D2D communication group based on the first identity information and the second identity information.
In S402, the network-side device determines that the D2D communication of the D2D communication group ends, and deletes the D2D communication group and the shared key.
Specifically, the step that the network-side device determines that the D2D communication of the D2D communication group ends includes that: the network-side device receives the communication ending message from the first device, and confirms that the D2D communication of the D2D communication group ends.
Based on the above solution, after S401 and before S402, the method further includes that: the network-side device sends the group identity information of the D2D communication group and the shared key to all the devices;
correspondingly, S402 may include that: the network-side device deletes the group identity information and the shared key.
The method for managing a D2D communication group is elaborated below from the perspective of the first device.
In S501, the first device sends the group establishing request to the network-side device, herein the group establishing request is used for the network-side device to establish the D2D communication group;
specifically, S501 may include that: the first device generates the group establishing request carrying the first identity information of the first device and the second identity information of the second device; and the first device sends the group establishing request to the network-side device.
In S502, the first device receives the shared key from the network-side device, and performs the D2D communication with the second device in the D2D communication group based on the shared key;
in a specific implementation process, the step that the first device performs the D2D communication with the second device in the D2D communication group based on the shared key includes that: the first device generates the session key based on the shared key, and performs the D2D communication with the second by using the session key.
In S503, after the D2D communication ends, the first device sends the communication ending message, and deletes the shared key.
Specifically, the first device sends the communication ending message to the network-side device and the second device respectively, and deletes the shared key.
Based on the above solution, the first device may further delete the session key while deleting the shared key.
In another embodiment, before S502 that the first device performs the D2D communication with the second device in the D2D communication group based on the shared key, the method may also include that: the first device receives the group identity information sent by the network-side device.
Correspondingly, the step that the first device sends the communication ending message in S503 includes that: the first device sends the communication ending message carrying the group identity information.
Based on the above solution, the first device may further delete the group identity information while deleting the shared key.
The method for managing a D2D communication group is elaborated below from the perspective of the second device.
In S601, the second device receives the shared key for the D2D communication group sent by the network-side device.
In S602, the second device performs the D2D communication with the first device in the D2D communication group based on the shared key.
In S603, the second device receives the communication ending message from the first device, and deletes the shared key.
In a specific implementation process, the second device may further receive the group identity information while receiving the shared key, then the second device may further delete the group identity information while deleting the shared key.
In another embodiment, S602 includes that: the second device generates the session key based on the shared key; and the second device performs the D2D communication with the first device by using the session key.
Correspondingly, the second device may further delete the session key while deleting the shared key.
Based on the same inventive concept, the embodiment of the disclosure also provides a network-side device, which is consistent with the network-side device in the above one or more embodiments.
Based on the above solution, the group establishing unit 71 includes: a receiving subunit arranged to receive the group establishing request sent by the first device, herein the group establishing request carries the first identity information of the first device and the second identity information of the second device; and a group establishing subunit arranged to establish the D2D communication group based on the first identity information and the second identity information.
Based on the above solution, the first sending unit 73 is further arranged to, after the group establishing unit generates the shared key for the D2D communication group, and before the deleting unit determines that the D2D communication of the D2D communication group ends, send the group identity information of the D2D communication group and the shared key to all the devices; the group deleting unit 74 is further arranged to delete the group identity information and the shared key.
Based on the above solution, the group deleting unit 74 is arranged to receive the communication ending message from the first device, and confirm that the D2D communication of the D2D communication group ends.
All of the group establishing unit 71, the key generating unit 72, the first sending unit 73 and the group deleting unit 74 can be set in either processors like CPU and ARM of the device, or an embedded controller or a system-on-chip, which is not limited by the disclosure.
Based on the same inventive concept, the embodiment of the disclosure also provides a device, which is consistent with the first device in the above one or more embodiments.
Based on the above solution, the second sending unit 81 includes a generating subunit arranged to generate the group establishing request carrying the first identity information of the first device and the second identity information of the second device; and a sending subunit arranged to send the group establishing request to the network-side device.
Based on the above solution, the first receiving unit 82 is arranged to, before the first D2D communication unit performs the D2D communication based on the shared key, receive the group identity information sent by the network-side device; the second sending unit is arranged to send the communication ending message carrying the group identity information.
Based on the above solution, the first D2D communication unit is arranged to generate the session key based on the shared key, and perform the D2D communication with the second device by using the session key.
All of the second sending unit 81, the first receiving unit 82 and the first deleting unit 84 can be set in the processors like CPU and ARM of the device, or the embedded controller or the system-on-chip, which is not limited by the disclosure.
Based on the same inventive concept, the embodiment of the disclosure also provides a device, which is consistent with the second device in the above one or more embodiments.
Based on the above solution, the second D2D communication unit 92 is further arranged to generate the session key based on the shared key, and perform the D2D communication with the first device by using the session key.
All of the second receiving unit 91, the second D2D communication unit 92 and the second deleting unit 93 can be set in the processors like CPU and ARM of the device, or the embedded controller or the system-on-chip, which is not limited by the disclosure.
The embodiment of the disclosure also records a computer storage medium, in which a computer program is stored; the computer program is used for perform the method for managing a D2D communication group, specifically one or more of the method as shown in
The computer storage media can be various media that can store program codes, such as a U disk, a mobile hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or a compact disc; in some embodiments, the computer storage media is the instantaneous storage media.
Those skilled in the art should understand that the embodiments of the disclosure can be provided as a method, a system or a computer program product. Thus, forms of hardware embodiments, software embodiments or embodiments integrating software and hardware can be adopted in the disclosure. Moreover, a form of the computer program product implemented on one or more computer available storage media (including, but not limited to, a disk memory, an optical memory and the like) containing computer available program codes can be adopted in the disclosure.
The disclosure is described with reference to flowcharts and/or block diagrams of the method, the equipment (system) and the computer program product according to the embodiments of the disclosure. It should be understood that each flow and/or block in the flowcharts and/or the block diagrams and a combination of the flows and/or the blocks in the flowcharts and/or the block diagrams can be realized by computer program instructions. These computer program instructions can be provided for a general computer, a dedicated computer, an embedded processor or processors of other programmable data processing devices to generate a machine, so that an apparatus for realizing functions assigned in one or more flows of the flowcharts and/or one or more blocks of the block diagrams is generated via instructions executed by the computers or the processors of the other programmable data processing devices.
These computer program instructions may further be stored in a computer readable memory capable of guiding the computers or the other programmable data processing devices to work in a specific mode, so that a manufactured product including an instruction apparatus is generated via the instructions stored in the computer readable memory, and the instruction apparatus realizes the functions assigned in one or more flows of the flowcharts and/or one or more blocks of the block diagrams.
These computer program instructions may further be loaded to the computers or the other programmable data processing devices, so that processing realized by the computers is generated by executing a series of operation steps on the computers or the other programmable devices, and therefore the instructions executed on the computers or the other programmable devices provide a step of realizing the functions assigned in one or more flows of the flowcharts and/or one or more blocks of the block diagrams.
The above is only the preferred embodiments of the disclosure and not intended to limit the scope of protection of the disclosure. Any modification made according to the principle of the disclosure should fall within the scope of protection of the disclosure.
In the embodiments of the disclosure, in the process of managing a D2D communication group, when it is needed to perform D2D group communication, a D2D communication group is established and a shared key is generated; after the D2D group communication ends, the established D2D communication group and the shared key are deleted, then all devices needing communication join in the D2D communication group at once, there is no device joining subsequently; in this way, the problem of the device joining in the D2D communication group and the security of the shared key is solved well, and the security of the D2D group communication is improved.
Number | Date | Country | Kind |
---|---|---|---|
201410571609.4 | Oct 2014 | CN | national |
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/CN2015/074124 | 3/12/2015 | WO | 00 |