CN104348627B

CN104348627B - Secret key sending method, the method and relevant device that authorization check is carried out to UE

Info

Publication number: CN104348627B
Application number: CN201410608570.9A
Authority: CN
Inventors: 张丽佳; 李志明; 曹龙雨
Original assignee: Shanghai Huawei Technologies Co Ltd
Current assignee: Shanghai Huawei Technologies Co Ltd
Priority date: 2014-10-31
Filing date: 2014-10-31
Publication date: 2019-02-01
Anticipated expiration: 2034-10-31
Also published as: CN104348627A; WO2016065985A1

Abstract

The method and relevant device of authorization check are carried out the embodiment of the invention provides a kind of secret key sending method, to UE, wherein secret key sending method includes: to generate multimedia broadcast multi-broadcasting business key MSK；Establish or obtain from broadcast multicast service center BM-SC the group mark of MSK and each group communication service GCSE group and/or the mapping relations of service identification；The user equipment (UE) being sent to the MSK of generation according to the group mark of MSK and each GCSE group and/or the mapping relations of service identification in corresponding GCSE group.The embodiment of the present invention can be under the premise of BM-SC be sightless to GCSE group, ensure to reuse service authorization inspection of the BM-SC realization to UE under MBMS security mechanism scene completely, and GCS AS completes issuing for MSK under partial reuse MBMS security mechanism scene, so that MBMS security mechanism is to ensure that the safety of communication.

Description

Secret key sending method, the method and relevant device that authorization check is carried out to UE

Technical field

The present embodiments relate to field of communication technology more particularly to a kind of secret key sending method, authorization inspection is carried out to UE The method and relevant device looked into.

Background technique

Multimedia broadcast multi-broadcasting business (Multimedia Broadcast Multicast Service, MBMS) is third For multi-media broadcast defined in partner program (The 3rd Generation Partnership Project, 3GPP) R6 Broadcast multicast functionality.

MBMS supports multi-media broadcasting service and multicast service both of which, both can by multimedia video information directly to All users broadcast, the contracted user that can also be sent to one group of charge watch, can help operator carry out multimedia advertising, A variety of business applications such as free and pay-television channels, multimedia message mass-sending.Operator can be carried out with lower network lower deployment cost Mobile phone TV services.

MBMS change main to existing communication network is: increasing broadcast multicast service center (Broadcast Multicast Service Center, BM-SC), to existing packet switch (Packet Switch, PS) domain related network elements into Row MBMS function upgrading, to support the peculiar interface function of MBMS (such as Gmb), peculiar channel, peculiar physical layer procedure and peculiar industry Process of being engaged in (as subscribed to).

BM-SC can realize offer and management to MBMS business.For content providers, BM-SC is MBMS business content Entrance；For bearer network, BM-SC is responsible for authorization, initiates MBMS business, and scheduling, transmission MBMS business content.As The core functional entities of MBMS, BM-SC include 5 partial functions:

1) member relation function: it is responsible for saving the subscription information of user, user equipment (User Equipment, UE) is added Enter MBMS business and carry out authorisation process, and generates the station message recording.

2) session and transfer function: being responsible for initiating and terminating MBMS session, carries out authorization identifying to external content providers, And it is responsible for sending and receiving MBMS data.

3) agency and forwarding capability: BM-SC is internal each function and gateway general packet radio service on a control plane Signaling is carried out between supporting node (Gateway General Packet Radio Service Support Node, GGSN) Interactive agency is the bridge of session and transfer function to GGSN transmission MBMS data on user face.

4) service statement function: it is responsible for providing MBMS information to UE, including media specifier is (such as: video type, sound Coding) and session specification (such as: service identification, address, play time).

5) security function: integrality and privacy protection are provided for MBMS data, is mentioned to the UE that MBMS is authorized has been obtained For key.

BM-SC realizes the control to MBMS business by two control plane interfaces (Gmb interface, Mz interface).Wherein Gmb connects Mouth supports the Signalling exchange between GGSN and BM-SC, is the edge of MBMS bearer service；Mz interface is supported in different BM-SC Between carry out Signalling exchange, for MBMS business provide across BM-SC roaming ability.The signaling packet interacted on the two interfaces It includes: MBMS carrying related (such as: MBMS session start stops) (such as: authorization, MBMS business activation) two related to MBMS user Class.Furthermore BM-SC transmits MBMS data by Gi interface.

Group communication service (Group Communication Service Enabler over based on long term evolution Long Term Evolution, GCSE_LTE) it is the cluster communication based on LTE network, unicast bearer or multicast can be passed through Carrying can realize the foundation of multicast carrying to realize by MBMS.SA2 is determined by group communication service application server at present (Group Communication Service Enabler Application Server, GCS AS) carries out group communication service (Group Communication Service Enabler, GCSE) management and group, management and group pass through application layer signaling reality It is existing.In this case, when selecting multicast carrying, BM-SC is invisible to GCSE group.The content transmitted in different GCSE groups May be different, need to identify for different group communication distribution different business (such as a police office staff is as one GCSE group, for a fire brigade staff as a GCSE group, police office is different with fire brigade's group communication content, needs Otherwise same service identification realizes multicast/multicast service in group), GCSE group member accesses corresponding service identification to connect Receive data.

I.e. in the cluster communication based on LTE network, GCSE management and group is carried out by GCS AS, BM-SC is to GCSE group It is invisible.If reusing MBMS mechanism (BM-SC, which is executed, provides whole processes of MBMS business) completely, BM-SC is upper can not be to asking The UE of the business is asked to carry out authorization check；If reusing part MBMS mechanism, (BM-SC, which is executed, provides the part stream of MBMS business Journey, GCS AS, which is executed, provides another part process of MBMS business), then the function that BM-SC issues MSK will be placed on GCS AS, How GCS AS realizes that issuing for MSK is a urgent problem to be solved.

Summary of the invention

In view of this, the embodiment of the invention provides a kind of secret key sending method, to UE carry out authorization check method and Relevant device, can be under the premise of BM-SC be sightless to GCSE group, it is ensured that reuses under MBMS security mechanism scene completely BM-SC, which is realized, completes under MSK GCS AS under the service authorization inspection and partial reuse MBMS security mechanism scene of UE Hair, so that MBMS security mechanism is to ensure that the safety of communication.

In a first aspect, group communication service application server GCS AS provided in an embodiment of the present invention, comprising:

MSK generation unit, for generating multimedia broadcast multi-broadcasting business key MSK；

Processing unit, for establishing or obtaining MSK and each group communication service GCSE from broadcast multicast service center BM-SC The group mark of group and/or the mapping relations of service identification；

Transmission unit, for that will be generated according to the group mark of MSK and each GCSE group and/or the mapping relations of service identification MSK be sent to the user equipment (UE) in corresponding GCSE group.

With reference to first aspect, in the first embodiment of first aspect, the transmission unit is also used to, described Before MSK generation unit generates MSK, request message, the group mark comprising request in the request message are sent to the BM-SC Number and/or group number and/or the business number of request, the request message is for requesting the BM-SC distribution service identification And/or group mark；

The GCS AS further include:

First receiving unit includes described in the response message for receiving the response message of the BM-SC transmission The service identification and/or group mark of BM-SC distribution；

The transmission unit is also used to, and establishes the group mark and/or business of MSK and each GCSE group in the processing unit After the mapping relations of mark, MSK is sent to the BM-SC.

With reference to first aspect, in second of embodiment of first aspect, the transmission unit is also used to, described After MSK generation unit generates MSK, request message, the group mark comprising request in the request message are sent to the BM-SC Number and MSK, the request message is for requesting the BM-SC distribution group mark and/or service identification and establishing each group of mark The mapping relations of knowledge and/or each service identification and each MSK；

The processing unit is specifically used for, and receives the response message that the BM-SC is sent, and includes each in the response message The mapping relations of a group of mark and/or each service identification and each MSK.

With reference to first aspect, in the third embodiment of first aspect, the GCS AS further include:

Unit is established in mapping, for establishing the group of MSK Yu each GCSE group after the MSK generation unit generates MSK The mapping relations of mark；

The transmission unit is also used to, and is sent request message to the BM-SC, is included each MSK in the request message With the mapping relations of the group mark of each GCSE group, the request message is for requesting the BM-SC distribution service identification and building Found the mapping relations of each service identification Yu each group of mark；

The processing unit is specifically used for, and receives the response message that the BM-SC is sent, and includes each in the response message The mapping relations of a group of mark and each service identification.

With reference to first aspect, in the 4th kind of embodiment of first aspect, the GCS AS further include:

Second receiving unit is asked for before the MSK generation unit generates MSK, receiving the key that the BM-SC is sent Message is sought, includes MSK number of service identification and request in the secret key request message；

Second of embodiment of the first embodiment or first aspect with reference to first aspect or first aspect The 4th kind of embodiment of the third embodiment or first aspect, it is described in the 5th kind of embodiment of first aspect MSK generation unit is also used to, and generates MSK mark and key validity period for each MSK；

The transmission unit is also used to, and is sent to while MSK is sent to the BM-SC or later and by MSK When UE in corresponding GCSE group, also by the MSK mark of each MSK and key validity period and the corresponding GCSE group of each MSK Group mark and/or service identification are sent to the UE in the BM-SC and corresponding GCSE group.

Second of embodiment of the first embodiment or first aspect with reference to first aspect or first aspect The 4th kind of embodiment of the third embodiment or first aspect, it is described in the 6th kind of embodiment of first aspect GCS AS further include:

Third receiving unit, for the group mark and/or business mark in the transmission unit according to MSK and each GCSE group The MSK of generation is sent to before the UE in corresponding GCSE group by the mapping relations of knowledge, receives each MSK that the BM-SC is sent MSK mark and key validity period, each MSK MSK mark and key validity period generated by BM-SC；

The transmission unit is also used to, and is sent to while MSK is sent to the BM-SC or later and by MSK When corresponding to the UE in GCSE group, the group mark and/or service identification of the corresponding GCSE group of each MSK are also sent to the BM- SC；By the MSK mark of each MSK and key validity period and the group mark and/or business mark of the corresponding GCSE group of each MSK Know the UE being sent in corresponding GCSE group.

With reference to first aspect or second of embodiment of the first embodiment of first aspect or first aspect, or The third embodiment of first aspect or the 4th kind of embodiment of first aspect, in the 7th kind of embodiment party of first aspect In formula, the GCS AS further include:

Judging unit, for judging whether MSK needs to update according to preset rules；

The MSK generation unit is also used to, and when the judging result of the judging unit is to be, generates new MSK；

The transmission unit is also used to, and sends first key update message to the BM-SC, the UE into corresponding GCSE group The second key updating message is sent, so that the UE more new key in the BM-SC and corresponding GCSE group, the first key is more It include the new MSK in new information and the second key updating message.

The 7th kind of embodiment with reference to first aspect, in the 8th kind of embodiment of first aspect, the default rule Then include the addition of the interior UE of the GCSE group and/or leaves or MSK is to validity period.

The 7th kind of embodiment with reference to first aspect, in the 9th kind of embodiment of first aspect, the MSK is generated Unit is also used to, and before the transmission unit sends first key update message to the BM-SC, generates the new MSK MSK mark and key validity period；

The first key update message and the second key updating message also include: the MSK mark of the new MSK And key validity period, the group mark and/or service identification of the corresponding GCSE group of the new MSK.

The 7th kind of embodiment with reference to first aspect, in the tenth kind of embodiment of first aspect, the GCS AS Further include:

4th receiving unit, for connecing before the transmission unit sends first key update message to the BM-SC Receive MSK mark and the key validity period of the new MSK that the BM-SC is sent；

Also include in the first key update message: the group mark and/or business mark of the corresponding GCSE of the new MSK Know；Include in the second key updating message: the MSK of new MSK mark and key validity period, described new MSK pairs The group of the GCSE answered identifies and/or service identification.

With reference to first aspect or second of embodiment of the first embodiment of first aspect or first aspect, or The third embodiment of first aspect or the 4th kind of embodiment of first aspect, in a kind of the tenth implementation of first aspect In mode, the GCS AS further include:

5th receiving unit triggers message, the key updating triggering for receiving the key updating that the BM-SC is issued The MSK mark of group mark and/or service identification and/or the MSK for needing to update in message comprising GCSE group；

The MSK generation unit is also used to, and generates new MSK；

The transmission unit is also used to, and sends third key updating message to the BM-SC, the UE into corresponding GCSE group The 4th key updating message is sent, so that the UE more new key in the BM-SC and corresponding GCSE group, the third key is more It include the new MSK in new information and the 4th key updating message.

The tenth a kind of embodiment with reference to first aspect, in the 12nd kind of embodiment of first aspect, the MSK Generation unit is also used to, and before the transmission unit sends third key updating message to the BM-SC, is generated described new The MSK of MSK is identified and key validity period；

The third key updating message and the 4th key updating message also include: the MSK mark of the new MSK And key validity period, the group mark and/or service identification of the corresponding GCSE group of the new MSK.

The tenth a kind of embodiment with reference to first aspect, in the 13rd kind of embodiment of first aspect, the GCS AS further include:

6th receiving unit, for connecing before the transmission unit sends third key updating message to the BM-SC Receive MSK mark and the key validity period of the new MSK that the BM-SC is sent；

Also include in the third key updating message: the group mark and/or business of the corresponding GCSE group of the new MSK Mark；Also include in the 4th key updating message: the MSK of new MSK mark and key validity period, described new The group of the corresponding GCSE group of MSK identifies and/or service identification.

Second aspect, GCS AS provided in an embodiment of the present invention, comprising:

Acquiring unit, for obtaining multimedia broadcast multi-broadcasting business key MSK from broadcast multicast service center BM-SC；

Unit is established in mapping, and group for establishing MSK and each group communication service GCSE group identifies and/or service identification Mapping relations；

In conjunction with second aspect, in the first embodiment of second aspect, the transmission unit is also used to, and is obtained described Before taking unit to obtain MSK from the BM-SC, request message is sent to the BM-SC, includes request in the request message Group mark number and/or the business number for organizing number and/or request, the request message is for requesting the BM-SC distribution MSK And service identification and/or group identify；

The acquiring unit is specifically used for, and receives the response message that the BM-SC is sent, and includes institute in the response message State the MSK and service identification and/or group mark that BM-SC is distributed.

In conjunction with the first embodiment of second aspect, in second of embodiment of second aspect, the request disappears Breath is also used to request the BM-SC to be that each MSK generates MSK mark and key validity period；

MSK mark and key validity period in the response message also comprising each MSK；

The transmission unit is also used to, in the UE being sent to MSK in corresponding GCSE group, also by the mark of each MSK And the group mark and/or service identification of key validity period and the corresponding GCSE group of each MSK are sent in corresponding GCSE group UE。

The third aspect, broadcast multicast service center BM-SC provided in an embodiment of the present invention, comprising:

Unit is established in list, and the Authorized UE List foundation for being sent according to group communication service application server GCS AS is asked It asks and establishes the corresponding Authorized UE List of service identification；

Receiving unit includes the UE's in the service activation request for receiving the service activation request of UE transmission Mark and the UE want the service identification of the business of activation；

Authorization check unit, for checking the service identification of the UE identified whether in the business of the desired activation of the UE In corresponding Authorized UE List, if, it is successful to the authorization check of the UE, if it was not then the authorization to the UE Check failure.

In conjunction with the third aspect, in the first embodiment of the third aspect, the receiving unit is also used to, in the column Table is established unit and is established before the corresponding Authorized UE List of service identification, and the request message that the GCS AS is sent is received, described Group mark number and/or group number and/or the business number of request in request message comprising request；

The BM-SC further include:

First generation unit, for generating service identification；

Transmission unit includes service identification in the response message for sending response message to the GCS AS, so that It obtains the GCS AS and service identification is distributed into each group communication service GCSE group；

The GCS AS sends the Authorized UE List according to the UE for including in each GCSE group and establishes request, the authorization The mark of service identification and corresponding authorization UE in request comprising GCSE group is established in UE list.

In conjunction with the third aspect, in second of embodiment of the third aspect, the receiving unit is also used to, in the column Table is established unit and is established before the corresponding Authorized UE List of service identification, and the request message that the GCS AS is sent is received, described Group in request message comprising GCSE group identifies；

The BM-SC further include:

Second generation unit, for generating the mapping relations of service identification and foundation group mark and service identification；

The GCS AS sends the Authorized UE List according to the UE for including in each GCSE group and establishes request, the authorization The mark of group mark and corresponding authorization UE in request comprising GCSE group is established in UE list；

The list is established unit and is specifically used for:

The corresponding business of the group mark for including in request is established according to the mapping relationship searching and the Authorized UE List Mark, establishes the corresponding Authorized UE List of service identification.

In conjunction with the first embodiment of the third aspect, in the third embodiment of the third aspect, the reception is single Member is also used to, and is received the Authorized UE List that the GCS AS is sent and is updated request, the Authorized UE List, which updates in request, includes Service identification, the mark of UE, deletion and/or addition instruction；

The BM-SC further include:

First updating unit updates corresponding Authorized UE List for updating request according to the Authorized UE List.

In conjunction with second of embodiment of the third aspect, in the 4th kind of embodiment of the third aspect, the reception is single Member is also used to, and is received the Authorized UE List that the GCS AS is sent and is updated request, the Authorized UE List, which updates in request, includes Group mark and/or service identification, the mark of UE, deletion and/or addition instruction；

The BM-SC further include:

Second updating unit updates corresponding Authorized UE List for updating request according to the Authorized UE List.

Fourth aspect, BM-SC provided in an embodiment of the present invention, comprising:

Transmission unit, for sending authorization check request to group communication service application server GCS AS, described in request GCS AS checks the corresponding group communication service of service identification of the UE identified whether in the business of the desired activation of the UE In GCSE group, if the authorization check success to the UE fails to the authorization check of the UE if not existing.

In conjunction with fourth aspect, in the first embodiment of fourth aspect, the receiving unit is also used to, and is receiving UE Before the service activation request of transmission, the request message that the GCS AS is sent is received, includes request in the request message Group mark number and/or the business number for organizing number and/or request；

The BM-SC further include:

First generation unit, for generating service identification；

The transmission unit is also used to, and is sent response message to the GCS AS, is included business mark in the response message Know, so that the GCS AS is by service identification and distributes to each GCSE group；

The mark comprising the UE and the UE want the service identification of the business of activation in the authorization check request.

In conjunction with fourth aspect, in second of embodiment of fourth aspect, the receiving unit is also used to, and is receiving UE Before the service activation request of transmission, the request message that the GCS AS is sent is received, includes GCSE group in the request message Group mark；

The BM-SC further include:

Searching unit, for searching and the industry before the transmission unit sends authorization check request to GCS AS The corresponding group of mark of service identification for including in business activation request；

It include the service identification pair of the business of the mark of the UE and the desired activation of the UE in the authorization check request The group mark answered.

5th aspect, secret key sending method provided in an embodiment of the present invention, comprising:

Generate multimedia broadcast multi-broadcasting business key MSK；

Establish or identified from the group that broadcast multicast service center BM-SC obtains MSK and each group communication service GCSE group and/ Or the mapping relations of service identification；

It is identified according to the group of MSK and each GCSE group and/or the MSK of generation is sent to pair by the mapping relations of service identification Answer the user equipment (UE) in GCSE group.

In conjunction with the 5th aspect, in the first embodiment of the 5th aspect, before generating MSK, the method is also wrapped It includes:

Request message, group mark number and/or group number comprising request in the request message are sent to the BM-SC And/or the business number of request, the request message is for requesting the BM-SC distribution service identification and/or group mark；

Receive the response message that the BM-SC is sent, the service identification comprising BM-SC distribution in the response message And/or group mark；

After establishing the mapping relations of group mark and/or service identification of MSK and each GCSE group, the method is also wrapped It includes:

MSK is sent to the BM-SC.

In conjunction with the 5th aspect, in second of embodiment of the 5th aspect, after generating MSK, the method is also wrapped It includes:

Request message is sent to the BM-SC, group mark number and MSK comprising request in the request message are described Request message is for requesting the BM-SC distribution group mark and/or service identification and establishing each group of mark and/or each business The mapping relations of mark and each MSK；

The mapping relations packet of the group mark and/or service identification that MSK and each GCSE group are obtained from the BM-SC It includes:

The response message that the BM-SC is sent is received, includes each group of mark and/or each business in the response message The mapping relations of mark and each MSK.

In conjunction with the 5th aspect, in the third embodiment of the 5th aspect, after generating MSK, the method is also wrapped It includes:

Establish the mapping relations of the group mark of MSK and each GCSE group；

Request message is sent to the BM-SC, what the group comprising MSK and each GCSE group identified in the request message reflects Relationship is penetrated, the request message is for requesting the BM-SC distribution service identification and establishing each service identification and each group of mark The mapping relations of knowledge；

The response message that the BM-SC is sent is received, includes each group of mark and each business mark in the response message The mapping relations of knowledge.

In conjunction with the 5th aspect, in the 4th kind of embodiment of the 5th aspect, before generating MSK, the method is also wrapped It includes:

The secret key request message that the BM-SC is sent is received, includes service identification and request in the secret key request message MSK number；

MSK is sent to the BM-SC.

In terms of in conjunction with the first embodiment of the 5th aspect or second of embodiment or the 5th of the 5th aspect The 4th kind of embodiment of the third embodiment or the 5th aspect, in the 5th kind of embodiment of the 5th aspect, in basis The MSK of generation is sent in corresponding GCSE group by MSK with the mapping relations of the group mark of each GCSE group and/or service identification Before UE, further includes:

MSK mark and key validity period are generated for each MSK；

When being sent to the UE in corresponding GCSE group while MSK is sent to the BM-SC or later and by MSK also Include:

By the MSK mark of each MSK and key validity period and the group mark and/or industry of the corresponding GCSE group of each MSK Business mark is sent to the UE in the BM-SC and corresponding GCSE group.

In terms of in conjunction with the first embodiment of the 5th aspect or second of embodiment or the 5th of the 5th aspect The 4th kind of embodiment of the third embodiment or the 5th aspect, in the 6th kind of embodiment of the 5th aspect, described The MSK of generation is sent in corresponding GCSE group with the mapping relations of the group mark of each GCSE group and/or service identification according to MSK UE before, further includes:

Receive MSK mark and the key validity period of each MSK that the BM-SC is sent, the MSK mark of each MSK And key validity period is generated by BM-SC；

The group mark and/or service identification of the corresponding GCSE group of each MSK are sent to the BM-SC；By each MSK's The group mark and/or service identification of MSK mark and key validity period and the corresponding GCSE group of each MSK are sent to correspondence UE in GCSE group.

In conjunction with second of embodiment of the first embodiment or the 5th aspect of the 5th aspect or the 5th aspect, or The 4th kind of embodiment of the third embodiment of the 5th aspect or the 5th aspect, in the 7th kind of embodiment party of the 5th aspect In formula, the method also includes:

Judge whether MSK needs to update according to preset rules；

If it is, generating new MSK；

First key update message is sent to the BM-SC, the UE into corresponding GCSE group sends the second key updating and disappears Breath, so that the UE more new key in the BM-SC and corresponding GCSE group, the first key update message and described second close It include the new MSK in key update message.

In conjunction with the 7th kind of embodiment of the 5th aspect, in the 8th kind of embodiment of the 5th aspect, the default rule Then include the addition of the interior UE of the GCSE group and/or leaves or MSK is to validity period.

In conjunction with the 7th kind of embodiment of the 5th aspect, in the 9th kind of embodiment of the 5th aspect, to the BM- SC is sent before first key update message, further includes:

Generate MSK mark and the key validity period of the new MSK；

In conjunction with the 7th kind of embodiment of the 5th aspect, in the tenth kind of embodiment of the 5th aspect, to the BM- SC is sent before first key update message, further includes:

Receive MSK mark and the key validity period of the new MSK that the BM-SC is sent；

In conjunction with second of embodiment of the first embodiment or the 5th aspect of the 5th aspect or the 5th aspect, or The 4th kind of embodiment of the third embodiment of the 5th aspect or the 5th aspect, in a kind of the tenth implementation of the 5th aspect In mode, the method also includes:

The key updating triggering message that the BM-SC is issued is received, includes GCSE group in the key updating triggering message Group mark and/or service identification and/or need update MSK MSK mark；

Generate new MSK；

Third key updating message is sent to the BM-SC, the UE into corresponding GCSE group sends the 4th key updating and disappears Breath, so that the UE more new key in the BM-SC and corresponding GCSE group, the third key updating message and described 4th close It include the new MSK in key update message.

In conjunction with a kind of the tenth embodiment of the 5th aspect, in the 12nd kind of embodiment of the 5th aspect, to institute Before stating BM-SC transmission third key updating message, further include；

Generate MSK mark and the key validity period of the new MSK；

In conjunction with a kind of the tenth embodiment of the 5th aspect, in the 13rd kind of embodiment of the 5th aspect, to institute State BM-SC send third key updating message before, further includes:

6th aspect, secret key sending method provided in an embodiment of the present invention, comprising:

Multimedia broadcast multi-broadcasting business key MSK is obtained from broadcast multicast service center BM-SC；

Establish the group mark of MSK and each group communication service GCSE group and/or the mapping relations of service identification；

In conjunction with the 6th aspect, in the first embodiment of the 6th aspect, before obtaining MSK from the BM-SC, institute State method further include:

Request message, group mark number and/or group number comprising request in the request message are sent to the BM-SC And/or the business number of request, the request message is for requesting the BM-SC distribution MSK and service identification and/or group mark Know；

It is described to include: from BM-SC acquisition MSK

Receive the response message that the BM-SC is sent, MSK and industry comprising BM-SC distribution in the response message Business mark and/or group mark.

In conjunction with the first embodiment of the 6th aspect, in second of embodiment of the 6th aspect, the request disappears Breath is also used to request the BM-SC to be that each MSK generates MSK mark and key validity period；

In the UE being sent to MSK in corresponding GCSE group further include:

By the group of the mark of each MSK and key validity period and the corresponding GCSE group of each MSK mark and/or business Identify the UE being sent in corresponding GCSE group.

7th aspect, the method provided in an embodiment of the present invention that authorization check is carried out to user equipment (UE), comprising:

The Authorized UE List sent according to group communication service application server GCS AS establishes request and establishes service identification pair The Authorized UE List answered；

The service activation request that UE is sent is received, the mark comprising the UE and the UE think in the service activation request The service identification for the business to be activated；

Check the corresponding Authorized UE List of service identification of the UE identified whether in the business of the desired activation of the UE In, if, it is successful to the authorization check of the UE, if it was not then the authorization check to the UE fails.

The corresponding authorization UE of service identification is being established in the first embodiment of the 7th aspect in conjunction with the 7th aspect Before list, further includes:

Receive the request message that the GCS AS is sent, in the request message group mark number comprising request and/or Group number and/or the business number of request；

Generate service identification；

Response message is sent to the GCS AS, includes service identification in the response message, so that the GCS AS Service identification is distributed into each group communication service GCSE group；

The corresponding authorization UE of service identification is being established in second of embodiment of the 7th aspect in conjunction with the 7th aspect Before list, further includes:

The request message that the GCS AS is sent is received, the group comprising GCSE group identifies in the request message；

Generate the mapping relations of service identification and foundation group mark and service identification；

The GCS AS sends the Authorized UE List according to the UE for including in each GCSE group and establishes request, the authorization The mark of group mark and corresponding authorization UE in request comprising GCSE group is established in UE list, described to be sent out according to the GCS AS The Authorized UE List foundation request sent establishes the corresponding Authorized UE List of service identification and includes:

In conjunction with the first embodiment of the 7th aspect, in the third embodiment of the 7th aspect, the method is also Include:

It receives the Authorized UE List that the GCS AS is sent and updates request, it includes industry in request that the Authorized UE List, which updates, Business mark, the mark of UE, deletion and/or addition instruction；

Request, which is updated, according to the Authorized UE List updates corresponding Authorized UE List.

In conjunction with second of embodiment of the 7th aspect, in the 4th kind of embodiment of the 7th aspect, the method is also Include:

It receives the Authorized UE List that the GCS AS is sent and updates request, it includes group in request that the Authorized UE List, which updates, Mark and/or service identification, the mark of UE, deletion and/or addition instruction；

Eighth aspect, the method provided in an embodiment of the present invention that authorization check is carried out to user equipment (UE), comprising:

Authorization check request is sent to group communication service application server GCS AS, to request described in the GCS AS inspection UE's identifies whether in the corresponding group communication service GCSE group of service identification that the UE wants the business of activation, if, Authorization check success to the UE fails to the authorization check of the UE if not existing.

In conjunction with eighth aspect, in the first embodiment of eighth aspect, in the service activation request for receiving UE transmission Before, the method also includes:

Generate service identification；

Response message is sent to the GCS AS, includes service identification in the response message, so that the GCS AS By service identification and distribute to each GCSE group；

In conjunction with eighth aspect, in second of embodiment of eighth aspect, in the service activation request for receiving UE transmission Before, the method also includes:

Before sending authorization check request to GCS AS, further includes:

The corresponding group of mark of service identification searched and include in the service activation request；

As can be seen from the above technical solutions, the embodiment of the present invention has the advantage that

In the embodiment of the present invention, GCS AS can be generated or from BM-SC obtain MSK, establish or from BM-SC obtain MSK with The group mark of each GCSE group and/or the mapping relations of service identification, then identified according to the group of MSK and each GCSE group and/ Or MSK is handed down to the UE in corresponding GCSE group by the mapping relations of service identification, that is, is realized in partial reuse MBMS safe machine GCS AS completes issuing for MSK under scene processed.

In addition, the Authorized UE List that BM-SC can be sent according to GCS AS, which establishes request, establishes Authorized UE List, exist in this way After the service activation request for receiving UE transmission, the inspection of the authorization to UE is can be realized in the Authorized UE List directly established according to itself It looks into；Or BM-SC can send authorization check request to GCS AS, to ask after the service activation request for receiving UE transmission It asks GCS AS to carry out authorization check to UE, realizes in this way when BM-SC is invisible to GCSE group, reusing MBMS completely Service authorization inspection of the BM-SC to UE under security mechanism scene.

Detailed description of the invention

In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.

Fig. 1 is GCS AS one embodiment schematic diagram of the present invention；

Fig. 2 is another embodiment schematic diagram of GCS AS of the present invention；

Fig. 3 is another embodiment schematic diagram of GCS AS of the present invention；

Fig. 4 is another embodiment schematic diagram of GCS AS of the present invention；

Fig. 5 is another embodiment schematic diagram of GCS AS of the present invention；

Fig. 6 is another embodiment schematic diagram of GCS AS of the present invention；

Fig. 7 is another embodiment schematic diagram of GCS AS of the present invention；

Fig. 8 is another embodiment schematic diagram of GCS AS of the present invention；

Fig. 9 is BM-SC one embodiment schematic diagram of the present invention；

Figure 10 is another embodiment schematic diagram of BM-SC of the present invention；

Figure 11 is another embodiment schematic diagram of BM-SC of the present invention；

Figure 12 is another embodiment schematic diagram of BM-SC of the present invention；

Figure 13 is another embodiment schematic diagram of BM-SC of the present invention；

Figure 14 is another embodiment schematic diagram of BM-SC of the present invention；

Figure 15 is secret key sending method one embodiment schematic diagram of the present invention；

Figure 16 is another embodiment schematic diagram of secret key sending method of the present invention；

Figure 17 is another embodiment schematic diagram of secret key sending method of the present invention；

Figure 18 is another embodiment schematic diagram of secret key sending method of the present invention；

Figure 19 is another embodiment schematic diagram of secret key sending method of the present invention；

Figure 20 is key updating method one embodiment schematic diagram of the present invention；

Figure 21 is another embodiment schematic diagram of key updating method of the present invention；

Figure 22 is another embodiment schematic diagram of secret key sending method of the present invention；

Figure 23 is another embodiment schematic diagram of secret key sending method of the present invention；

Figure 24 is method one embodiment schematic diagram that the present invention carries out authorization check to UE；

Figure 25 is another embodiment schematic diagram of method that the present invention carries out authorization check to UE；

Figure 26 is another embodiment schematic diagram of method that the present invention carries out authorization check to UE；

Figure 27 is another embodiment schematic diagram of method that the present invention carries out authorization check to UE；

Figure 28 is another embodiment schematic diagram of method that the present invention carries out authorization check to UE；

Figure 29 is another embodiment schematic diagram of method that the present invention carries out authorization check to UE.

Specific embodiment

Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention is clearly retouched It states, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Based on the present invention In embodiment, those skilled in the art's every other embodiment obtained shall fall within the protection scope of the present invention.

Since in the cluster communication based on LTE network, BM-SC is invisible to GCSE group, GCS AS is responsible for GCSE group The management of interior UE, i.e. GCSE know which UE belongs to which GCSE group, only the no service identification of each GCSE group, it is also possible to not have There is a group mark.GCSE group can be established by GCS AS when UE is registered, and certain GCSE group can also pre-establish.For example, UE is to GCS AS is registered, and the mark of UE is carried in registration information, and GCS AS is that registration UE establishes GCSE group, and the quantity for registering UE can be one Or it is multiple, the quantity of the GCSE group of foundation is also possible to one or more, herein without limitation；Alternatively, GCSE group is to build in advance It has been stood that, directly carrying group identifies the mark with UE when UE is registered to GCS AS.When determine UE using multicast carry and pass through again When establishing of multicast carrying is realized with part MBMS mechanism, needs to consider how GCS AS realizes that MSK's issues problem；Work as determination UE is carried and passed through using multicast reuses when establishing of MBMS mechanism realization multicast carrying completely, needs to consider how right BM-SC is The UE of the business is requested to carry out authorization check.The multicast being previously mentioned in the embodiment of the present invention can be multicast, be also possible to broadcast. It is illustrated separately below by different embodiments.

Installation practice one:

Referring to Fig. 1, Fig. 1 is GCS AS one embodiment schematic diagram of the present invention, the GCS AS 10 of the present embodiment is for real Existing MSK's issues, and the GCS AS of the present embodiment includes:

MSK generation unit 11, for generating MSK；

Processing unit 12, for establishing or obtaining from BM-SC the group mark and/or service identification of MSK and each GCSE group Mapping relations；

In the specific implementation, establishing or obtaining MSK and the group mark of each GCSE group and/or reflecting for service identification from BM-SC The relationship of penetrating includes: the mapping relations for the group mark for establishing or obtaining from BM-SC MSK and each GCSE group, establishes or obtains from BM-SC The mapping relations of the service identification of MSK and each GCSE group are taken, and establish or obtain from BM-SC the group of MSK, each GCSE group The mapping relations of the service identification three of mark, each GCSE group.

Wherein, group mark can be GCS AS distributes for GCSE group or GCSE group itself the just fixed group mark of some, It can be the Temporary Mobile Group Identity that BM-SC is generated according to the request of GCS AS, such as TMGI (Temporary Mobile Group Identity)。

The MSK of generation can have multiple, and each GCSE group can establish mapping relations with a MSK, can also with it is multiple MSK establishes mapping relations, i.e., each GCSE group can also have multiple MSK with only one MSK.For ease of description, subsequent reality Applying will be with each only one MSK of GCSE group in example, and each GCSE group is only identified with a group and/or the feelings of service identification Shape is illustrated.

Transmission unit 13, for that will be given birth to according to MSK and the group mark of each GCSE group and/or the mapping relations of service identification At MSK be sent to the UE in corresponding GCSE group.

Installation practice two:

The present embodiment is a specific descriptions to GCS AS of the present invention, referring to Fig. 2, the GCS AS 20 of the present embodiment Include:

Transmission unit 21, for sending request message to BM-SC, the group comprising request identifies number in the request message And/or organize the business number of number and/or request；

First receiving unit 22 includes described in the response message for receiving the response message of the BM-SC transmission The service identification and/or group mark of BM-SC distribution；

MSK generation unit 23, for generating MSK；

Processing unit 24, for establishing the group mark of MSK and each GCSE group and/or the mapping relations of service identification；

Transmission unit 21, is also used to for MSK being sent to BM-SC, and identified according to the group of MSK and each GCSE group and/ Or the MSK of generation is sent to the user equipment (UE) in corresponding GCSE group by the mapping relations of service identification.

In the present embodiment, it can be understood as the group of GCSE group is identified as the Temporary Mobile Group Identity generated by BM-SC.

In the specific implementation, transmission unit 21 sends request message to BM-SC, described when determining UE using multicast carrying Request message is for requesting BM-SC distribution service identification and/or group mark, the group mark comprising request in the request message Number and/or group number and/or the business number of request.Group mark number and/or the business number for organizing number and/or request can be with The group number of the GCSE group managed by GCS AS determines that i.e. GCS AS manages several GCSE groups, subsequent just request several groups of marks Knowledge and/or several service identifications.

In the present embodiment, it is to be understood that GCS AS itself knows which UE belongs to which GCSE group, only each GCSE group without group mark and service identification needs that BM-SC is requested to generate.

After BM-SC generation group mark and/or service identification, response message is sent to GCS AS, includes BM- in response message The group mark and/or service identification, the first receiving unit 22 that SC is generated receive the response message.

Following MSK generation unit 23 generates MSK, and processing unit 24 establishes MSK and group identifies and/or service identification reflects Relationship is penetrated, MSK is sent to BM-SC by transmission unit 21, and will according to MSK and group mark and/or the mapping relations of service identification MSK is sent to the UE in corresponding GCSE group.Citing is illustrated below:

For example, GCS AS manages two GCSE groups, includes UE1 and UE2 in first GCSE group, include in the 2nd GCSE group UE3 and UE4.MSK is generated in GCS AS and after BM-SC acquisition group mark and service identification, it is (interim to move to establish MSK, group mark Dynamic group mark), the mapping relations one by one of service identification three (such as by MSK1, group mark 1 and service identification 1 as one group simultaneously First GCSE group is given, MSK2, group mark 2 and service identification 2 as one group and are given into second GCSE group), subsequent GCS The MSK of generation is directly sent to BM-SC by AS, and MSK is sent in corresponding GCSE group according to the mapping relations established MSK1 is sent to the UE in first GCSE group in this example by UE, MSK2 is sent in second GCSE group UE。

In addition, each MSK should also have MSK mark and key validity period.The MSK of each MSK is identified and key is effective Phase can be generated by GCS AS, can also be generated by BM-SC and be handed down to GCS AS.

When being generated by GCS AS the MSK of each MSK mark and key validity period, transmission unit 21 is sent to by MSK While UE in BM-SC and corresponding GCSE group, it is also necessary to by the MSK mark of each MSK and key validity period and each The group mark and/or service identification of the corresponding GCSE group of MSK are sent to the UE in BM-SC and corresponding GCSE group.

It is generated when the MSK mark of each MSK and key validity period by BM-SC, when being then sent to GCS AS, is needed by the Three receiving units 25 receive MSK mark and the key validity period for each MSK that BM-SC generates and sends.In this case, it sends out Send unit 21 while the UE being sent to MSK in BM-SC and corresponding GCSE group, it is also necessary to which each MSK is corresponding The group of GCSE group identifies and/or service identification is sent to BM-SC；By the MSK mark of each MSK and key validity period, and respectively The group mark and/or service identification of the corresponding GCSE group of a MSK are sent to the UE in corresponding GCSE group.

Installation practice three:

The present embodiment is another specific descriptions to GCS AS of the present invention, referring to Fig. 3, the GCS AS 30 of the present embodiment Include:

MSK generation unit 31, for generating MSK；

Transmission unit 32, for sending request message to BM-SC, the group comprising request identifies number in the request message And MSK；

Processing unit 33 includes each group of mark in the response message for receiving the response message of BM-SC transmission And/or the mapping relations of each service identification and each MSK；

Transmission unit 32 is also used to, will according to the mapping relations of the group mark and/or service identification of MSK and each GCSE group The MSK of generation is sent to the user equipment (UE) in corresponding GCSE group.

In the specific implementation, MSK generation unit 31 generates MSK according to the number of the GCS AS GCSE group managed, generate MSK's Number can be identical as the number of GCSE group that GCS AS is managed.MSK generation unit 31 generate MSK after, transmission unit 32 to BM-SC sends request message, and group mark number and MSK comprising request in the request message, the request message is for asking It asks BM-SC distribution group to identify and/or service identification and establishes reflecting for each group of mark and/or each service identification and each MSK Penetrate relationship.

Request message distribution group that BM-SC is sent according to transmission unit 32 mark and/or service identification simultaneously establish each group Then the mapping relations of mark and/or each service identification and each MSK send response message to GCS AS.Processing unit 33 Receive the response message that BM-SC is sent, in the response message comprising each group of mark and/or each service identification with it is each The mapping relations of MSK.

When being generated by GCS AS the MSK of each MSK mark and key validity period, transmission unit 32 is sent to by MSK When after BM-SC and MSK being sent to the UE in corresponding GCSE group, it is also necessary to which the MSK mark and key of each MSK is effective The group mark and/or service identification of phase and the corresponding GCSE group of each MSK are sent to the UE in BM-SC and corresponding GCSE group.

It is generated when the MSK mark of each MSK and key validity period by BM-SC, when being then sent to GCS AS, is needed by the Three receiving units 25 receive MSK mark and the key validity period for each MSK that BM-SC generates and sends.In this case, it sends out Send unit 21 in the UE being sent in corresponding GCSE group after MSK is sent to BM-SC and by MSK, it is also necessary to will be each The group of the corresponding GCSE group of MSK identifies and/or service identification is sent to BM-SC；The MSK mark and key of each MSK is effective The group of phase and the corresponding GCSE group of each MSK mark and/or service identification are sent to the UE in corresponding GCSE group.

Installation practice two and Installation practice three are described when the group of GCSE group is identified as the interim movement of BM-SC generation When group mark, the GCS AS that MSK is issued is realized, following two Installation practice will be introduced when the group of GCSE group is identified as fixed group When mark, the GCS AS that MSK is issued is realized.

Installation practice four:

Referring to Fig. 4, the GCS AS 40 of the present embodiment includes:

MSK generation unit 41, for generating MSK；

Unit 42 is established in mapping, the mapping relations of the group mark for establishing MSK and each GCSE group；

Transmission unit 43, for sending request message to BM-SC, in the request message comprising each MSK with it is each The mapping relations of the group mark of GCSE group；

Processing unit 44, for receiving the response message of BM-SC transmission, in the response message comprising each group of mark with The mapping relations of each service identification.

In the specific implementation, MSK generation unit 41 generates MSK according to the number of the GCS AS GCSE group managed, generate MSK's Number can be identical as the number of GCSE group that GCS AS is managed.After MSK generation unit 41 generates MSK, unit is established in mapping 42 establish the mapping relations of the group mark of MSK and each GCSE group, and then transmission unit 43 sends request message, institute to BM-SC The mapping relations of the group mark comprising each MSK and each GCSE group in request message are stated, the request message is for requesting BM- SC distribution service identification and the mapping relations for establishing each service identification Yu each group of mark.BM-SC generates service identification, generates The number of service identification can with MSK and/or group mark number it is identical, generate service identification after, BM-SC foundation group mark with The mapping relations of service identification simultaneously send response message to GCS AS.Processing unit 44 receives the response message that BM-SC is sent, institute State the mapping relations in response message comprising each group of mark and each service identification.

In the present embodiment, GCS AS itself establish and preserve GCSE group group mark and MSK mapping relations, from After BM-SC obtains the mapping relations of service identification and group mark, GCS AS just has MSK, group mark, service identification three Between mapping relations, the UE that MSK can be sent to according to the mapping relations GCS AS of this three in corresponding GCSE group.Below Citing is illustrated:

For example, GCS AS manages two GCSE groups, the group of first GCSE group is identified as a group mark 1 (fixed group mark), It include UE1 and UE2 in first GCSE group, the group of the 2nd GCSE group is identified as a group mark 2 (fixed group mark), second GCSE It include UE3 and UE4 in group.GCS AS generate MSK after, establish MSK and group mark mapping relations (such as group mark 1 with MSK1 is one group, and group mark 2 and MSK2 is one group).In GCS AS from BM-SC acquisition group mark and the mapping relations of service identification (such as group mark 1 and service identification 1 are one group, as soon as group mark 2 is group with service identification 2) after, GCS AS has (i.e. MSK1, group mark 1 and service identification 1 correspond to as one group for MSK, group mark, the mapping relations one by one of service identification three First GCSE group, MSK2, group mark 2 and service identification 2 correspond to second GCSE group as one group), subsequent GCS AS root According to acquired mapping relations MSK1 is sent to first in this example by the UE that MSK is sent in corresponding GCSE group MSK2 is sent to the UE in second GCSE group by the UE in a GCSE group.

When being generated by GCS AS the MSK of each MSK mark and key validity period, transmission unit 43 is sent to by MSK While after BM-SC and MSK is sent to the UE in corresponding GCSE group, it is also necessary to by the MSK mark and key of each MSK The group of validity period and the corresponding GCSE group of each MSK mark and/or service identification are sent in BM-SC and corresponding GCSE group UE.

It is generated when the MSK mark of each MSK and key validity period by BM-SC, when being then sent to GCS AS, is needed by the Three receiving units 45 receive MSK mark and the key validity period for each MSK that BM-SC generates and sends.In this case, it sends out Send unit 43 while the UE being sent in corresponding GCSE group after MSK is sent to BM-SC and by MSK, it will also be each The group of the corresponding GCSE group of MSK identifies and/or service identification is sent to BM-SC；The MSK mark and key of each MSK is effective The group of phase and the corresponding GCSE group of each MSK mark and/or service identification are sent to the UE in corresponding GCSE group.

Installation practice five:

Referring to Fig. 5, the GCS AS 50 of the present embodiment includes:

Second receiving unit 51 includes for receiving the secret key request message of BM-SC transmission, in the secret key request message MSK number of service identification and request；

MSK generation unit 52, for generating MSK；

Processing unit 53, for establishing the group mark of MSK and each GCSE group and/or the mapping relations of service identification；

Transmission unit 55, for MSK to be sent to BM-SC, and according to the group of MSK and each GCSE group mark and/or industry MSK is sent to the UE in corresponding GCSE group by the mapping relations of business mark.

In the specific implementation, GCS AS can be sent to BM-SC comprising group number according to the number of the GCSE group of self-management And/or the request message of business number, BM-SC send key request according to the GCS AS group number sent and/or business number Message, includes MSK number of service identification and request in the secret key request message, and the second receiving unit 51 receives the key Request message, MSK generation unit 52 generate MSK according to secret key request message.Processing unit 53 establishes MSK and each GCSE group MSK is sent to BM-SC by the mapping relations of group mark and/or service identification, transmission unit 55, and according to MSK and each GCSE MSK is sent to the UE in corresponding GCSE group by the group mark of group and/or the mapping relations of service identification.

When being generated by GCS AS the MSK of each MSK mark and key validity period, transmission unit 55 is sent to by MSK While UE in BM-SC and corresponding GCSE group, it is also necessary to by the MSK mark of each MSK and key validity period and each The group mark and/or service identification of the corresponding GCSE group of MSK are sent to the UE in BM-SC and corresponding GCSE group.

It is generated when the MSK mark of each MSK and key validity period by BM-SC, when being then sent to GCS AS, is needed by the Three receiving units 54 receive MSK mark and the key validity period for each MSK that BM-SC generates and sends.In this case, it sends out Send unit 55 while the UE being sent to MSK in BM-SC and corresponding GCSE group, also by the corresponding GCSE group of each MSK Group mark and/or service identification be sent to BM-SC；By the MSK of each MSK mark and key validity period and MSK pairs each The group for the GCSE group answered identifies and/or service identification is sent to the UE in corresponding GCSE group.

Several Installation practices, which describe, above realizes the GCS AS that issues of MSK, below several Installation practices will describe Realize the GCS AS that MSK updates.

Installation practice six:

Referring to Fig. 6, the GCS AS 60 of the present embodiment includes:

Judging unit 61, for judging whether MSK needs to update according to preset rules；

The preset rules include the addition of the UE GCSE group Nei and/or leave or MSK is to validity period.

MSK generation unit 62 is when being, to generate new MSK for the judging result in judging unit 61；

Transmission unit 64, for sending first key update message to BM-SC, the UE into corresponding GCSE group sends second Key updating message, so that the UE more new key in BM-SC and corresponding GCSE group, the first key update message and described It include the new MSK in second key updating message.

The new MSK should also have MSK mark and key validity period.The MSK of the new MSK is identified and key has The effect phase can be generated by GCS AS, can also be generated by BM-SC and be handed down to GCS AS.

When being generated by GCS AS the MSK of new MSK mark and key validity period, MSK generation unit 62 is also used to Before transmission unit 64 sends first key update message to BM-SC, the MSK mark and key for generating the new MSK have The effect phase.The first key update message and the second key updating message also include: the MSK of new MSK mark and Key validity period, the group mark and/or service identification of the corresponding GCSE group of the new MSK.

When the MSK of new MSK mark and key validity period being generated by BM-SC and being handed down to GCS AS, the 4th is connect Unit 63 is received before transmission unit 64 sends first key update message to BM-SC, receive that BM-SC sends is described new The MSK of MSK is identified and key validity period.Also include in the first key update message: the corresponding GCSE of the new MSK Group mark and/or service identification；Include in the second key updating message: the MSK mark and key of the new MSK is effective Phase, the group mark and/or service identification of the corresponding GCSE of the new MSK.

Installation practice six describes the GCS AS for voluntarily carrying out MSK update, and Installation practice seven will describe to be touched by BM-SC Hair carries out the GCS AS of MSK update.

Installation practice seven:

Referring to Fig. 7, the GCS AS 70 of the present embodiment includes:

5th receiving unit 71 triggers message for receiving the key updating that BM-SC is issued, and the key updating triggering disappears The MSK mark of group mark and/or service identification and/or the MSK for needing to update in breath comprising GCSE group；

In the specific implementation, BM-SC can determine whether MSK needs to update, the criterion of judgement for example: key to validity period.Such as Fruit MSK needs to update, then BM-SC issues key updating triggering message to GCS AS.

MSK generation unit 72, for generating new MSK；

Transmission unit 74, for sending third key updating message to BM-SC, the UE into corresponding GCSE group sends the 4th Key updating message, so that the UE more new key in BM-SC and corresponding GCSE group, the third key updating message and described It include the new MSK in 4th key updating message.

When being generated by GCS AS the MSK of new MSK mark and key validity period, MSK generation unit 72 is also used to Before transmission unit 74 sends third key updating message to BM-SC, the MSK mark and key for generating the new MSK have The effect phase.The third key updating message and the 4th key updating message also include: the MSK of new MSK mark and Key validity period, the group mark and/or service identification of the corresponding GCSE group of the new MSK.

When the new MSK MSK mark and key validity period generated by BM-SC and be handed down to GCS AS when, need by 6th receiving unit 73 receives the described of BM-SC transmission before transmission unit 74 sends third key updating message to BM-SC The MSK of new MSK is identified and key validity period.Also include in the third key updating message: the new MSK is corresponding The group of GCSE identifies and/or service identification；Include in the 4th key updating message: the MSK of new MSK mark and close Key validity period, the group mark and/or service identification of the corresponding GCSE of the new MSK.

When seven Installation practices above describe MSK by GCS AS itself generation, the GCS AS that MSK is issued is realized, When following Installation practice will introduce MSK and be generated by BM-SC, the GCS AS that MSK is issued is realized.

Installation practice eight:

Referring to Fig. 8, the GCS AS 80 of the present embodiment includes:

Acquiring unit 81, for obtaining MSK from BM-SC；

Unit 82 is established in mapping, for establishing the group mark and/or service identification of MSK and each group communication service GCSE group Mapping relations；

Transmission unit 83, for that will be given birth to according to MSK and the group mark of each GCSE group and/or the mapping relations of service identification At MSK be sent to the user equipment (UE) in corresponding GCSE group.

In a specific embodiment, transmission unit 83 can be according to the number of the GCS AS GCSE group managed to BM-SC Request message is sent, the group comprising request identifies number and/or organizes the business of number and/or request in the request message Number, request message is for requesting BM-SC distribution MSK and service identification and/or group mark.The group mark requested in the request message Know number and/or group number and/or the business number of request can be identical as the number of GCSE group that GCS AS is managed.

BM-SC is that GCSE distributes MSK and service identification and/or group mark, and sends response message to GCS AS.It obtains single Member 81 receives the response message that the BM-SC is sent, MSK and business mark comprising BM-SC distribution in the response message Know and/or group identifies.In addition, the request message is also used to request BM-SC to be that each MSK generates MSK mark and key is effective Phase；MSK mark and key validity period in the response message also comprising each MSK.

Mapping establishes unit 82 and establishes MSK and the group mark of each group communication service GCSE group and/or reflecting for service identification Penetrate relationship, transmission unit 83 is identified according to the group of MSK and each GCSE group and/or the mapping relations of service identification are by generation The group of MSK, the mark of each MSK and key validity period and the corresponding GCSE group of each MSK mark and/or service identification hair Give the UE in corresponding GCSE group.

In a specific embodiment: GCS AS may include processor and transmitter, in which:

Processor is used for, and generates MSK, is established or is identified from the group that BM-SC obtains MSK and each group communication service GCSE group And/or the mapping relations of service identification；

Transmitter is used for, and is identified according to the group of MSK and each GCSE group and/or the mapping relations of service identification are by generation MSK is sent to the user equipment (UE) in corresponding GCSE group.

Or

Processor is used for, and obtains MSK from BM-SC, the group for establishing MSK and each group communication service GCSE group identify and/or The mapping relations of service identification；

It should be noted that in each embodiment that GCS AS is described above, it can be understood as BM-SC to In the various mapping relations that GCS AS is sent, mapping relations are indicated using MSK, group mark and service identification itself in itself , MSK, group mark, service identification itself therefore, in mapping relations were both contained, also comprising the mapping relations between three.When So, in other examples, mapping relations can also utilize other of the mark of MSK, representative group mark and service identification Information expression, then when BM-SC sends various mapping relations to GCS AS, it should also be by the MSK involved in mapping relations, group Mark and service identification are sent to GCS AS.

In addition, the various mappings that GCS AS itself is established are closed in each embodiment that GCS AS is described above System, it can be understood as GCS AS establishes mapping relations using MSK, group mark, service identification itself, it is understood that is GCS AS Mapping relations are established using MSK mark, representative group mark, the information of service identification, are not specifically limited herein.

The BM-SC of the embodiment of the present invention is described below, the BM-SC of the embodiment of the present invention is for realizing the authorization inspection to UE It looks into.

Installation practice nine:

Referring to Fig. 9, the BM-SC 90 of the present embodiment includes:

Unit 91 is established in list, and it is corresponding that service identification is established in the Authorized UE List foundation request for being sent according to GCS AS Authorized UE List；

Receiving unit 92 includes the UE in the service activation request for receiving the service activation request of UE transmission Mark and the UE want activation business service identification；

Authorization check unit 93, for checking the business mark of the UE identified whether in the business of the desired activation of the UE Know in corresponding Authorized UE List, if, it is successful to the authorization check of the UE, if it was not then being awarded to the UE Power checks failure.

Installation practice ten:

The present embodiment is that one of BM-SC of the present invention is discussed in detail, referring to Fig. 10, the BM-SC of the present embodiment includes:

Receiving unit 101 receives the request message that GCS AS is sent, the group mark comprising request in the request message Number and/or group number and/or the business number of request；

First generation unit 102, for generating service identification；

Transmission unit 103 includes service identification in the response message for sending response message to GCS AS, so that It obtains the GCS AS and service identification is distributed into each GCSE group；

Receiving unit 101 is also used to, and receives the Authorized UE List foundation request that GCS AS is sent and the business that UE is sent is swashed Request living；

BM-SC further include:

Unit 104 is established in list, and the Authorized UE List for being sent according to GCS AS establishes request and establishes service identification pair The Authorized UE List answered；

Authorization check unit 105, the service identification for identifying whether to want in UE the business of activation for checking UE are corresponding Authorized UE List in, if to the success of the authorization check of the UE, if it was not then to the authorization check of the UE Failure.

In other examples, BM-SC can also include the first updating unit 106, for being connect according to receiving unit 101 The Authorized UE List of receipts updates request and updates corresponding Authorized UE List.

In a specific embodiment, GCS AS sends to BM-SC according to the number of the GCSE group of self-management and requests Message, group mark number in the request message comprising request and/or the business number for organizing number and/or request, it is described to ask The group mark number and/or group number and/or the business number of request asked can be with the number phases of the GCS AS GCSE group managed Together.Receiving unit 101 receives the request message that GCS AS is sent.

In the present embodiment, it is to be understood that GCS AS itself knows which UE belongs to which GCSE group, but each GCSE Group is without group mark and service identification, it is therefore desirable to BM-SC be requested to generate.

First generation unit 102 generates service identification according to request message.Transmission unit 103 is according to the first generation unit 102 service identifications generated send response message to GCS AS, include service identification in the response message, so that GCS AS Service identification is distributed into each group communication service GCSE group.After service identification is distributed to each GCSE group by GCS AS, root The Authorized UE List is sent according to the UE for including in each GCSE group and establishes request, and the Authorized UE List, which is established in request, includes The mark of the service identification of GCSE group and corresponding authorization UE.

List, which establishes the Authorized UE List that unit 104 sends according to GCS AS and establishes request, establishes that service identification is corresponding to be awarded UE list is weighed, includes the mark of corresponding UE in the corresponding Authorized UE List of each service identification.UE is received in receiving unit 101 After the service activation request of transmission, authorization check unit 105 check the UE identify whether the UE want activation In the corresponding Authorized UE List of the service identification of business, if, it is successful to the authorization check of the UE, if it was not then Authorization check failure to the UE.Mark and the UE in the service activation request comprising the UE want the industry of activation The service identification of business.

In addition, the first generation unit 102 can also generate a group mark while generating service identification according to request message, and A group mark is sent to GCS AS together, so that a group mark is also allocated to each GCSE group by GCS AS.Here group mark It can be understood as mobile interim group mark.Citing is illustrated below:

For example, GCS AS manages two GCSE groups, includes UE1 and UE2 in first GCSE group, include in the 2nd GCSE group UE3 and UE4.After the group mark and service identification of generation are sent to GCS AS by BM-SC, GCS AS is (interim by group mark Mobile group designation), service identification distributes to each GCSE group and (such as group mark 1 and service identification 1 as one group and given the Group mark 2 and service identification 2 as one group and are given second GCSE group by one GCSE group), subsequent GCS AS is to BM-SC It sends Authorized UE List and establishes request, mark (such as industry of the service identification comprising GCSE group and corresponding authorization UE in request The mark of business mark 1 and UE1, UE2, the mark of service identification 2 and UE3, UE4).BM-SC establishes award corresponding with service identification Weighing UE list (includes UE1 and UE2, the corresponding Authorized UE List of service identification 2 i.e. in the corresponding Authorized UE List of service identification 1 In include UE3 and UE4).When BM-SC receives the service activation request of some UE transmission, so that it may search and judge the UE Identify whether the UE want activation business the corresponding Authorized UE List of service identification in, if to the UE's Authorization check success, if it was not then the authorization check to the UE fails.

It is subsequent when GCS AS discovery Authorized UE List need to update when, can to BM-SC send Authorized UE List update ask It asks, receiving unit 101 receives the Authorized UE List and updates request, and it includes business mark in request that the Authorized UE List, which updates, Knowledge, the mark of UE, deletion and/or addition instruction；First updating unit 106 updates request update pair according to the Authorized UE List The Authorized UE List answered.

Installation practice 11:

It is considered that GCSE group does not need group mark or group is identified as the interim shifting of BM-SC generation in Installation practice ten Dynamic group mark, the BM-SC of authorization check is carried out to UE, please be joined when the group for introducing GCSE is identified as fixed group mark by the present embodiment Figure 11 is read, the BM-SC 110 of the present embodiment includes:

Receiving unit 111 includes the group of GCSE group for receiving the request message of GCS AS transmission, in the request message Mark；

Second generation unit 112, for generating the mapping relations of service identification and foundation group mark and service identification；

Receiving unit 111 is also used to, and receives the business that the Authorized UE List that GCS AS is sent establishes request and UE is sent Activation request, the Authorized UE List establish the mark of group mark and corresponding authorization UE in request comprising GCSE group；

BM-SC further include:

Unit 113 is established in list, is wrapped for being established in request according to the mapping relationship searching with the Authorized UE List The group contained identifies corresponding service identification, establishes the corresponding Authorized UE List of service identification；

Authorization check unit 114, for checking the business of the UE identified whether in the business of the desired activation of the UE It identifies in corresponding Authorized UE List, if, it is successful to the authorization check of the UE, if it was not then to the UE's Authorization check failure.

In other examples, BM-SC can also include the second updating unit 115, for being connect according to receiving unit 111 The Authorized UE List of receipts updates request and updates corresponding Authorized UE List.

In a specific embodiment, GCS AS sends to BM-SC according to the number of the GCSE group of self-management and requests Message, the group in the request message comprising GCSE group identify, the number for the GCSE group that the number and GCS AS for organizing mark manage Identical, receiving unit 111 receives the request message.Second generation unit 112 generates service identification according to request message and builds The mapping relations of vertical group mark and service identification.

The GCS AS sends Authorized UE List according to the UE for including in each GCSE group and establishes request, the authorization UE column Table establishes the mark of group mark and corresponding authorization UE in request comprising GCSE group.Receiving unit 111 receives the authorization Request is established in UE list, and mapping relationship searching and institute of the unit 113 according to the group mark established with service identification are established in list It states Authorized UE List and establishes the group for including in request and identify corresponding service identification, establish that the service identification found is corresponding to be awarded Weigh UE list.It include the mark of corresponding UE in Authorized UE List.

After the service activation request that receiving unit 111 receives UE transmission, authorization check unit 114, for checking Identifying whether in the corresponding Authorized UE List of service identification that the UE wants the business of activation for UE is stated, if right The authorization check success of the UE, if it was not then the authorization check to the UE fails.

It is subsequent when GCS AS discovery Authorized UE List need to update when, can to BM-SC send Authorized UE List update ask It asks, receiving unit 111 receives the Authorized UE List and updates request, and it includes service identification in request that the Authorized UE List, which updates, And/or group mark, the mark of UE, deletion and/or addition instruction；Second updating unit 115 is updated according to the Authorized UE List Request updates corresponding Authorized UE List.

In a specific embodiment, BM-SC can also include processor and receiver, wherein

Processor is used for, and the Authorized UE List sent according to GCS AS establishes request and establishes the corresponding authorization UE of service identification List；

Receiver is used for, and receives the service activation request that UE is sent, and includes the mark of the UE in the service activation request Knowledge and the UE want the service identification of the business of activation；

The processor is also used to, and checks the service identification of the UE identified whether in the business of the desired activation of the UE In corresponding Authorized UE List, if, it is successful to the authorization check of the UE, if it was not then the authorization to the UE Check failure.

It Installation practice ten and 11 describes itself and establishes Authorized UE List, authorization check is carried out to UE to realize BM-SC, the following examples will describe itself not establish Authorized UE List, but need to carry out authorization check to UE BM-SC。

Installation practice 12:

Figure 12 is please referred to, the BM-SC 120 of the present embodiment includes:

Receiving unit 121 includes the UE in the service activation request for receiving the service activation request of UE transmission Mark and the UE want activation business service identification；

Transmission unit 122, for sending authorization check request to GCS AS, to request the GCS AS to check the UE's It identifies whether in the corresponding group communication service GCSE group of service identification that the UE wants the business of activation, if to institute The authorization check success for stating UE fails to the authorization check of the UE if not existing.

Installation practice 13:

The detailed description that the present embodiment is BM-SC of the present invention, please refers to Figure 13, and the BM-SC 130 of the present embodiment is wrapped It includes:

Receiving unit 131 includes request in the request message for receiving the request message of the GCS AS transmission Group mark number and/or the business number for organizing number and/or request；

First generation unit 132, for generating service identification；

Transmission unit 133 includes service identification in the response message for sending response message to GCS AS, so that GCS AS is obtained by service identification and distributes to each GCSE group；

Receiving unit 131 is also used to, and is received the authorization check request that UE is sent, is included described in the authorization check request The mark of UE and the UE want the service identification of the business of activation；

Transmission unit 133 is also used to, and authorization check request is sent to GCS AS, to request the GCS AS to check the UE Identify whether the UE want activation business the corresponding group communication service GCSE group of service identification in, if right The authorization check success of the UE fails to the authorization check of the UE if not existing.

In a specific embodiment, GCS AS sends to BM-SC according to the number of the GCSE group of self-management and requests Message, group mark number in the request message comprising request and/or the business number for organizing number and/or request, it is described to ask The group mark number and/or group number and/or the business number of request asked can be with the number phases of the GCS AS GCSE group managed Together.Receiving unit 131 receives the request message that GCS AS is sent.

First generation unit 132 generates service identification according to request message.Transmission unit 133 is according to the first generation unit 132 service identifications generated send response message to GCS AS, include service identification in the response message, so that GCS AS Service identification is distributed into each group communication service GCSE group, being equivalent to just in GCS AS has the corresponding authorization UE of service identification List.

After the service activation request that receiving unit 131 receives UE transmission, transmission unit 133 is awarded to GCS AS transmission Power checks request, to request GCS AS to check the service identification pair of the UE identified whether in the business of the desired activation of the UE In the group communication service GCSE group answered, if in, authorization if do not exist, to the UE successful to the authorization check of the UE Check failure.The mark comprising the UE and the UE want the service identification of the business of activation in the authorization check request. After GCS AS carries out authorization check to UE, authorization check result can be sent to BM-SC.

In addition, the first generation unit 132 can also generate a group mark while generating service identification according to request message, and A group mark is sent to GCS AS together, so that a group mark is also allocated to each GCSE group by GCS AS.Here group mark It can be understood as mobile interim group mark.Citing is illustrated below:

For example, GCS AS manages two GCSE groups, it include UE1 and UE2, packet in second GCSE group in first GCSE group Containing UE3 and UE4.After the group mark and service identification of generation are sent to GCS AS by BM-SC, GCS AS (faces a group mark When mobile group designation), service identification distribute to each GCSE group (such as by group mark 1 and service identification 1 as one group and giving Group mark 2 and service identification 2 as one group and are given second GCSE group by first GCSE group), it is subsequent when BM-SC is received To some UE send service activation request when, so that it may to GCS AS send authorization check request, with request GCS AS check The UE's identifies whether in the corresponding GCSE group of service identification that the UE wants the business of activation, if to the UE's Authorization check success, if it was not then the authorization check to the UE fails.

Installation practice 14:

It is considered that GCSE group does not need group mark or group is identified as the interim of BM-SC generation in Installation practice 13 Mobile group designation carries out the BM-SC of authorization check to UE, asks when the group for introducing GCSE is identified as fixed group mark by the present embodiment Refering to fig. 14, the BM-SC 140 of the present embodiment include:

Receiving unit 141 includes GCSE group in the request message for receiving the request message of the GCS AS transmission Group mark；

Second generation unit 142, for generating the mapping relations of service identification and foundation group mark and service identification；

Receiving unit 141 is also used to receive the service activation request of UE transmission, includes UE's in the service activation request Mark and UE want the service identification of the business of activation；

BM-SC further include:

Searching unit 143, corresponding group of mark of service identification for searching with including in the service activation request；

Transmission unit 144 is requested for sending authorization check to GCS AS, includes in the authorization check request, described The mark of UE and the UE want corresponding group of mark of service identification of the business of activation, to request GCS AS to check the UE's It identifies whether in the corresponding GCSE group of corresponding group of mark of service identification that the UE wants the business of activation.

In a specific embodiment, GCS AS sends to BM-SC according to the number of the GCSE group of self-management and requests Message, the group in the request message comprising GCSE group identify, and being equivalent to GCS AS itself in this case, there is group to identify pair The Authorized UE List answered, receiving unit 141 receive the request message.Second generation unit 142 generates industry according to request message Business identifies and establishes a group mapping relations for mark and service identification.

After receiving unit 141 receives the service activation request of UE transmission, searching unit 143 is searched to swash with the business The corresponding group of mark of service identification for including in request living, the mark comprising the UE and the UE in the service activation request Want the service identification of the business of activation.Transmission unit 144 sends authorization check request to GCS AS, wraps in authorization check request Mark and the UE containing the UE want corresponding group of mark of service identification of the business of activation, to request GCS AS to check institute Identifying whether in the corresponding GCSE group of group mark found for UE is stated, if no to UE authorization check success Then, fail to the UE authorization check.After GCS AS carries out authorization check to UE, authorization check result can be sent to BM- SC。

In a specific embodiment, BM-SC can also include receiver and transmitter, wherein

Transmitter is used for, and authorization check request is sent to group communication service application server GCS AS, to request the GCS AS checks the corresponding group communication service GCSE group of service identification of the UE identified whether in the business of the desired activation of the UE In, if the authorization check success to the UE fails to the authorization check of the UE if not existing.

Secret key sending method provided by the invention is introduced below.

Embodiment of the method one:

Figure 15 is please referred to, Figure 15 is secret key sending method one embodiment, and the method for the present embodiment includes:

S11, GCS AS generate MSK；

S12, GCS AS establish or obtain from BM-SC the group mark of MSK and each GCSE group and/or the mapping of service identification Relationship；

Wherein, group mark can be GCS AS distributes for GCSE group or GCSE group itself the just fixed group mark of some, It can be the Temporary Mobile Group Identity that BM-SC is generated according to the request of GCS AS, such as TMGI.

S13, GCS AS are identified according to the group of MSK and each GCSE group and/or the mapping relations of service identification are by generation MSK is sent to the UE in corresponding GCSE group.

In the present embodiment, MSK is can be generated in GCS AS, and establishes or obtain from BM-SC the group mark of MSK and each GCSE group The mapping relations of knowledge and/or service identification, then according to the mapping of the group mark and/or service identification of MSK and each GCSE group MSK is handed down to the UE in corresponding GCSE group by relationship, that is, it is complete to realize the GCS AS under partial reuse MBMS security mechanism scene At issuing for MSK.

Embodiment of the method two:

The present embodiment is to please refer to Figure 16, the side of the present embodiment to a specific descriptions of secret key sending method of the present invention Method includes:

S21, GCS AS send request message, group mark number and/or group comprising request in request message to BM-SC Number and/or the business number of request；

In the specific implementation, GCS AS sends request message, the request to BM-SC when determining UE using multicast carrying Message is for requesting BM-SC distribution service identification and/or group mark, and the group comprising request identifies number in the request message And/or organize the business number of number and/or request.Group mark number and/or the business number for organizing number and/or request can be by The group number of the GCSE group of GCS AS management determines that the several GCSE groups of i.e. GCS AS management are subsequent just request several groups of marks And/or several service identifications.

S22, GCS AS receive the response message that BM-SC is sent, the business mark comprising BM-SC distribution in response message Know and/or group identifies；

BM-SC generation group mark and/or service identification, and response message is sent to GCS AS, it include BM- in response message The group mark and/or service identification that SC is generated, GCS AS receive the response message.

S23, GCS AS generate MSK；

S24, GCS AS establish the group mark of MSK and each GCSE group and/or the mapping relations of service identification；

MSK is sent to BM-SC by S25, GCS AS, and according to the group of MSK and each GCSE group mark and/or business mark The MSK of generation is sent to the UE in corresponding GCSE group by the mapping relations of knowledge.Citing is illustrated below:

When being generated by GCS AS the MSK of each MSK mark and key validity period, MSK is being sent to BM-SC by GCS AS And while corresponding to the UE in GCSE group, it is also necessary to which the MSK mark of each MSK and key validity period and each MSK is corresponding GCSE group group mark and/or service identification be sent to the UE in BM-SC and corresponding GCSE group.

It is generated when the MSK mark of each MSK and key validity period by BM-SC, when being then sent to GCS AS, in step Before S25, GCS AS will also receive MSK mark and the key validity period of each MSK that BM-SC generates and sends.In this feelings Under condition, GCS AS is while the UE being sent to MSK in BM-SC and corresponding GCSE group, it is also necessary to which each MSK is corresponding The group of GCSE group identifies and/or service identification is sent to BM-SC；By the MSK mark of each MSK and key validity period, and respectively The group mark and/or service identification of the corresponding GCSE group of a MSK are sent to the UE in corresponding GCSE group.

Embodiment of the method three:

The present embodiment is to please refer to Figure 17, the side of the present embodiment to a specific descriptions of secret key sending method of the present invention Method includes:

S31, GCS AS generate MSK；

In the specific implementation, GCS AS generates MSK according to the number of the GCSE group of self-management, the number for generating MSK can be with The number of the GCSE group of GCS AS management is identical.

S32, GCS AS send request message to BM-SC, group mark number comprising request in the request message and MSK；

The request message for request BM-SC distribution group identify and/or service identification and establish each group of mark and/or The mapping relations of each service identification and each MSK.

S33, GCS AS receive the response message that BM-SC is sent, comprising each group of mark and/or each in the response message The mapping relations of a service identification and each MSK；

S34, GCS AS are identified according to the group of MSK and each GCSE group and/or the mapping relations of service identification are by generation MSK is sent to the user equipment (UE) in corresponding GCSE group.

When being generated by GCS AS the MSK of each MSK mark and key validity period, MSK is being sent to BM-SC by GCS AS When being sent to the UE in corresponding GCSE group later and by MSK, it is also necessary to by the MSK of each MSK mark and key validity period, with And the group mark and/or service identification of the corresponding GCSE group of each MSK are sent to the UE in BM-SC and corresponding GCSE group.

It is generated when the MSK mark of each MSK and key validity period by BM-SC, when being then sent to GCS AS, in step Before S34, GCS AS also needs to receive MSK mark and the key validity period for each MSK that BM-SC generates and sends.This In the case of, GCS AS is in the UE being sent in corresponding GCSE group after MSK is sent to BM-SC and by MSK, it is also necessary to will The group mark and/or service identification of the corresponding GCSE group of each MSK are sent to BM-SC；By the MSK mark and key of each MSK The group of validity period and the corresponding GCSE group of each MSK mark and/or service identification are sent to the UE in corresponding GCSE group.

Embodiment of the method two and embodiment of the method three are described when the group of GCSE group is identified as the interim movement of BM-SC generation When group mark, realize that the method that MSK is issued, following two embodiment of the method will be introduced when the group of GCSE group is identified as fixed group mark When knowledge, the method that MSK is issued is realized.

Embodiment of the method four:

Figure 18 is please referred to, the method for the present embodiment includes:

S41, GCS AS generate MSK；

GCS AS can generate MSK according to the number of the GCSE group of self-management, and the number for generating MSK can be managed with GCS AS GCSE group number it is identical.

S42, GCS AS establish the mapping relations of the group mark of MSK and each GCSE group；

S43, GCS AS send request message to BM-SC, include each MSK and each GCSE group in the request message The mapping relations of group mark；

S44, GCS AS receive the response message that BM-SC is sent, in the response message comprising each group of mark with it is each The mapping relations of service identification；

S45, GCS AS send MSK according to MSK and the group mark of each GCSE group and/or the mapping relations of service identification To the UE in corresponding GCSE group.

When being generated by GCS AS the MSK of each MSK mark and key validity period, MSK is being sent to BM-SC by GCS AS While being sent to the UE in corresponding GCSE group later and by MSK, it is also necessary to which the MSK mark and key of each MSK is effective The group mark and/or service identification of phase and the corresponding GCSE group of each MSK are sent to the UE in BM-SC and corresponding GCSE group.

It is generated when the MSK mark of each MSK and key validity period by BM-SC, when being then sent to GCS AS, in step Before S45, GCS AS also needs to receive MSK mark and the key validity period for each MSK that BM-SC generates and sends.This In the case of, GCS AS will also while the UE being sent in corresponding GCSE group after MSK is sent to BM-SC and by MSK The group mark and/or service identification of the corresponding GCSE group of each MSK are sent to BM-SC；By the MSK mark and key of each MSK The group of validity period and the corresponding GCSE group of each MSK mark and/or service identification are sent to the UE in corresponding GCSE group.

Embodiment of the method five:

Figure 19 is please referred to, the secret key sending method of the present embodiment includes:

S51, GCS AS receive the secret key request message that BM-SC is sent, and include service identification in the secret key request message With MSK number of request；

GCS AS can be sent to BM-SC comprising group number and/or business number according to the number of the GCSE group of self-management Request message, BM-SC sends secret key request message, the key according to the GCS AS group number sent and/or business number It include MSK number of service identification and request in request message, GCS AS receives the secret key request message.

S52, GCS AS generate MSK；

S53, GCS AS establish the group mark of MSK and each GCSE group and/or the mapping relations of service identification；

MSK is sent to BM-SC by S54, GCS AS, and according to the group of MSK and each GCSE group mark and/or service identification Mapping relations MSK is sent to the UE in corresponding GCSE group.

When being generated by GCS AS the MSK of each MSK mark and key validity period, MSK is being sent to BM-SC by GCS AS And while UE in corresponding GCSE group, it is also necessary to by the MSK mark of each MSK and key validity period and MSK pairs each The group mark and/or service identification of the GCSE group answered are sent to the UE in BM-SC and corresponding GCSE group.

It is generated when the MSK mark of each MSK and key validity period by BM-SC, when being then sent to GCS AS, in step Before S54, GCS AS also needs to receive MSK mark and the key validity period for each MSK that BM-SC generates and sends.This In the case of, transmission unit 55 is also corresponding by each MSK while the UE being sent to MSK in BM-SC and corresponding GCSE group GCSE group group mark and/or service identification be sent to BM-SC；By the MSK mark of each MSK and key validity period, and The group mark and/or service identification of the corresponding GCSE group of each MSK are sent to the UE in corresponding GCSE group.

Several embodiments of the method describe MSK delivery method above, below several embodiments of the method will describe complete MSK After issuing, method that MSK is updated.

Embodiment of the method six:

Figure 20 is please referred to, the present embodiment MSK update method includes:

S61, GCS AS judge whether MSK needs to update according to preset rules；If so, thening follow the steps S62, otherwise, hold Row step S64 is ended processing；

S62, GCS AS generate new MSK；

S63, GCS AS send first key update message to BM-SC, and the UE into corresponding GCSE group sends the second key Update message, so that the UE more new key in BM-SC and corresponding GCSE group.The first key update message and described second It include the new MSK in key updating message.

When being generated by GCS AS the MSK of new MSK mark and key validity period, GCS AS is sending first key Before update message, MSK mark and the key validity period of the new MSK are also generated.The first key update message and institute Stating the second key updating message also includes: the MSK mark and key validity period, the new MSK of the new MSK is corresponding The group of GCSE group identifies and/or service identification.

When the MSK of new MSK mark and key validity period being generated by BM-SC and being handed down to GCS AS, GCS AS Before sending first key update message to BM-SC, the MSK mark and key of the new MSK that also reception BM-SC is sent Validity period.Also include in the first key update message: the group mark and/or business mark of the corresponding GCSE of the new MSK Know；Include in the second key updating message: the MSK of new MSK mark and key validity period, described new MSK pairs The group of the GCSE answered identifies and/or service identification.

Embodiment of the method six describes the method that GCS AS voluntarily carries out MSK update, and embodiment of the method seven will be described by BM- SC triggers the method that GCS AS carries out MSK update.

Embodiment of the method seven:

Figure 21 is please referred to, the MSK update method of the present embodiment includes:

S71, GCS AS receive the key updating triggering message that BM-SC is issued, and include in the key updating triggering message The group mark and/or service identification of GCSE group and/or the MSK mark for the MSK for needing to update；

S72, new MSK is generated；

S73, third key updating message is sent to BM-SC, the UE into corresponding GCSE group sends the 4th key updating and disappears Breath, so that the UE more new key in BM-SC and corresponding GCSE group, the third key updating message and the 4th key are more It include the new MSK in new information.

When being generated by GCS AS the MSK of new MSK mark and key validity period, GCS AS is sent to BM-SC Before third key updating message, MSK mark and the key validity period of the new MSK are also generated.The third key updating Message and the 4th key updating message also include: the MSK mark of the new MSK and key validity period, the new MSK The group of corresponding GCSE group identifies and/or service identification.

When the MSK of new MSK mark and key validity period being generated by BM-SC and being handed down to GCS AS, GCS AS Before sending third key updating message to BM-SC, the MSK mark and key of the new MSK that also reception BM-SC is sent Validity period.Also include in the third key updating message: the group mark and/or business mark of the corresponding GCSE of the new MSK Know；Include in the 4th key updating message: the MSK of new MSK mark and key validity period, described new MSK pairs The group of the GCSE answered identifies and/or service identification.

When seven embodiments of the method above describe MSK by GCS AS itself generation, GCS AS realizes the side that MSK is issued When method, embodiment of the method below will introduce MSK and be generated by BM-SC, GCS AS realizes the method that MSK is issued.

Embodiment of the method eight:

Figure 22 is please referred to, the method for the present embodiment includes:

S81, GCS AS obtain MSK from BM-SC；

S82, GCS AS establish the group mark of MSK and each group communication service GCSE group and/or the mapping of service identification is closed System；

S83, GCS AS are identified according to the group of MSK and each GCSE group and/or the mapping relations of service identification are by generation MSK is sent to the UE in corresponding GCSE group.

In the present embodiment, GCS AS can obtain MSK from BM-SC, the group that establish MSK and each GCSE group identify and/or The mapping relations of service identification, then will according to the mapping relations of the group mark and/or service identification of MSK and each GCSE group MSK is handed down to the UE in corresponding GCSE group, that is, realizes the GCS AS under partial reuse MBMS security mechanism scene and complete MSK's It issues.

Embodiment of the method nine:

Figure 23 is please referred to, when MSK is generated by BM-SC, GCS AS realizes a specific embodiment of the method that MSK is issued Include:

S91, GCS AS send request message to BM-SC, group mark number comprising request in the request message and/or Group number and/or the business number of request；

GCS AS can send request message to BM-SC according to the number of the GCSE group of self-management, in the request message The group mark number and/or group number and/or the business number of request of request can be with the number phases of the GCS AS GCSE group managed Together.

The request message is for requesting BM-SC distribution MSK and service identification and/or group mark, in addition, the request disappears Breath is also used to request BM-SC to be that each MSK generates MSK mark and key validity period.

S92, GCS AS receive the response message that BM-SC is sent, and include BM-SC distribution in the response message MSK and service identification and/or group mark；

In addition, MSK mark and key validity period in the response message also comprising each MSK.

S93, GCS AS establish the group mark of MSK and each group communication service GCSE group and/or the mapping of service identification is closed System；

S94, GCS AS are identified according to the group of MSK and each GCSE group and/or the mapping relations of service identification are by generation MSK is sent to the UE in corresponding GCSE group.

In addition, GCS AS is also by the mark of each MSK and key validity period and the group of the corresponding GCSE group of each MSK Mark and/or service identification are sent to the UE in corresponding GCSE group.

It should be noted that in each embodiment that secret key sending method is described above, it can be understood as BM- For SC into the various mapping relations that GCS AS is sent, mapping relations are to utilize MSK, group mark and service identification itself in itself It indicates, therefore, in mapping relations had both contained MSK, group mark, service identification itself, and also closed comprising the mapping between three System.Certainly, in other examples, mapping relations can also utilize the mark of MSK, representative group mark and service identification Other information indicates, then when BM-SC sends various mapping relations to GCS AS, it should also will be involved in mapping relations MSK, group mark and service identification are sent to GCS AS.

In addition, GCS AS itself is established various in each embodiment that secret key sending method is described above Mapping relations, it can be understood as GCS AS establishes mapping relations using MSK, group mark, service identification itself, it is understood that is GCS AS is identified using MSK, representative group mark, the information of service identification establish mapping relations, is not specifically limited herein.

The method provided by the invention for carrying out authorization check to UE is introduced below.

Embodiment of the method ten:

Figure 24 is please referred to, the method for the present embodiment includes:

The Authorized UE List that S101, BM-SC are sent according to GCS AS establishes request and establishes the corresponding authorization UE of service identification List；

S102, BM-SC receive the service activation request that UE is sent, and include the mark of the UE in the service activation request And the UE wants the service identification of the business of activation；

S103, BM-SC check that the service identification for identifying whether to want in the UE business of activation of the UE is corresponding In Authorized UE List, if, it is successful to the authorization check of the UE, if it was not then the authorization check to the UE loses It loses.

In the present embodiment, the Authorized UE List that BM-SC can be sent according to GCS AS establishes request and establishes Authorized UE List, In this way after the service activation request for receiving UE transmission, the Authorized UE List directly established according to itself be can be realized to UE's Authorization check is realized when BM-SC is invisible to GCSE group in this way, is being reused under MBMS security mechanism scene completely Service authorization inspection of the BM-SC to UE.

Embodiment of the method 11:

The present embodiment is that the present invention is discussed in detail one that UE carries out authorization check method, please refers to Figure 25, this reality The method for applying example includes:

S111, BM-SC receive the request message that GCS AS is sent, and the group comprising request identifies number in the request message And/or organize the business number of number and/or request；

GCS AS sends request message, the group mark of the request to BM-SC according to the number of the GCSE group of self-management Number and/or group number and/or the business number of request can be identical as the number of GCSE group that GCS AS is managed.

S112, BM-SC generate service identification；

S113, BM-SC send response message to GCS AS, include service identification in the response message, so that described Service identification is distributed to each GCSE group by GCS AS；

In addition, BM-SC can also generate group mark while generating service identification according to request message, and by a group mark one And it is sent to GCS AS, so that a group mark is also allocated to each GCSE group by GCS AS.Here group mark can be understood as Mobile interim group mark.

The Authorized UE List that S114, BM-SC are sent according to GCS AS establishes request and establishes the corresponding authorization UE of service identification List；

After service identification is distributed to each GCSE group by GCS AS, according to the UE transmission for including in each GCSE group Authorized UE List establishes request, and the Authorized UE List establishes service identification and corresponding authorization in request comprising GCSE group The mark of UE.It include the mark of corresponding UE in the corresponding Authorized UE List of each service identification.

S115, BM-SC receive the service activation request that GCS AS is sent；

Mark and the UE in the service activation request comprising the UE want the service identification of the business of activation.

S116, BM-SC check the corresponding authorization UE column of service identification for identifying whether to want the business of activation in UE of UE In table, if, it is successful to the authorization check of the UE, if it was not then the authorization check to the UE fails；

S117, BM-SC receive the Authorized UE List that GCS AS is sent and update request；

S118, BM-SC update corresponding Authorized UE List.

It is subsequent when GCS AS discovery Authorized UE List need to update when, can to BM-SC send Authorized UE List update ask It asks, the BM-SC reception Authorized UE List updates request, and it includes service identification, UE in request that the Authorized UE List, which updates, Instruction is deleted and/or added to mark；BM-SC updates request according to the Authorized UE List and updates corresponding Authorized UE List.Under Face citing is illustrated:

Embodiment of the method 12:

It is considered that GCSE group does not need group mark or group is identified as the interim of BM-SC generation in embodiment of the method 11 Mobile group designation, BM-SC carries out the side of authorization check to UE when the group for introducing GCSE is identified as fixed group mark by the present embodiment Method, please refers to Figure 26, and the method for the present embodiment includes:

S121, BM-SC receive the request message that GCS AS is sent, and the group comprising GCSE group identifies in the request message；

GCS AS sends request message to BM-SC according to the number of the GCSE group of self-management, wraps in the request message The group of the group containing GCSE identifies, and the number for organizing mark is identical as the number of GCSE group that GCS AS is managed.

S122, BM-SC generate the mapping relations of service identification and foundation group mark and service identification；

The Authorized UE List that S123, BM-SC are sent according to GCS AS establishes request and establishes Authorized UE List, the authorization UE The mark of group mark and corresponding authorization UE in request comprising GCSE group is established in list；

GCS AS sends Authorized UE List according to the UE for including in each GCSE group and establishes request, and the Authorized UE List is built The mark of group mark and corresponding authorization UE in vertical request comprising GCSE group.BM-SC is according to the group mark and industry established Mapping relationship searching and the Authorized UE List for mark of being engaged in establish the corresponding service identification of the group mark for including in request, foundation The corresponding Authorized UE List of the service identification found.It include the mark of corresponding UE in Authorized UE List.

S124, BM-SC receive the service activation request that UE is sent；

Mark and UE in service activation request comprising UE want the service identification of the business of activation.

S125, BM-SC check that the service identification for identifying whether to want in the UE business of activation of the UE is corresponding In Authorized UE List, if, it is successful to the authorization check of the UE, if it was not then the authorization check to the UE loses It loses；

The received Authorized UE List of S126, BM-SC updates request；

S127, BM-SC update corresponding Authorized UE List.

It is subsequent when GCS AS discovery Authorized UE List need to update when, can to BM-SC send Authorized UE List update ask Ask, BM-SC receives the Authorized UE List and updates request, the Authorized UE List update in request comprising service identification and/or Group mark, the mark of UE, deletion and/or addition instruction；BM-SC updates request according to the Authorized UE List and updates corresponding award Weigh UE list.

Embodiment of the method 11 and 12 describes BM-SC itself and establishes Authorized UE List, carries out to realize to UE The method of authorization check, the following examples will describe BM-SC itself and do not establish Authorized UE List, but need to carry out UE The method of authorization check.

Embodiment of the method 13:

Figure 27 is please referred to, the method for the present embodiment includes:

S131, BM-SC receive the service activation request that UE is sent, and include the mark of the UE in the service activation request And the UE wants the service identification of the business of activation；

S132, authorization check request is sent to GCS AS, to request the GCS AS to check identifying whether for the UE The UE wants in the corresponding group communication service GCSE group of service identification of the business of activation, if in authorization to the UE It checks successfully, if not existing, fails to the authorization check of the UE.

In the present embodiment, BM-SC sends authorization check to GCS AS and asks after the service activation request for receiving UE transmission It asks, to request GCS AS to carry out authorization check to UE, realizes in this way when BM-SC is invisible to GCSE group, complete Reuse service authorization inspection of the BM-SC to UE under MBMS security mechanism scene.

Embodiment of the method 14:

The present embodiment is the method that BM-SC itself does not establish Authorized UE List, but needs to carry out authorization check to UE One detailed description, please refer to Figure 28, the method for the present embodiment includes:

S141, BM-SC receive the request message that the GCS AS is sent, the group mark comprising request in the request message Number and/or group number and/or the business number of request；

GCS AS sends request message to BM-SC according to the number of the GCSE group of self-management, wraps in the request message Group mark number and/or group number and/or the business number of request containing request, the group mark number and/or group of the request Number and/or the business number of request can be identical as the number of GCSE group that GCS AS is managed, and BM-SC receives the GCS AS The request message of transmission.

S142, BM-SC generate service identification；

S143, BM-SC send response message to GCS AS, include service identification in the response message, so that GCS AS is by service identification and distributes to each GCSE group；

At this point, being equivalent in GCS AS just has the corresponding Authorized UE List of service identification.

S144, BM-SC receive the authorization check request that UE is sent, and include the mark of the UE in the authorization check request And the UE wants the service identification of the business of activation；

S145, BM-SC send authorization check request to GCS AS, are with the mark for requesting the GCS AS to check the UE In the corresponding group communication service GCSE group of service identification of the no business for wanting activation in the UE, if to the UE's Authorization check success fails to the authorization check of the UE if not existing.

After GCS AS carries out authorization check to UE, authorization check result can be sent to BM-SC.

Citing is illustrated below:

Embodiment of the method 15:

It is considered that GCSE group does not need group mark or group is identified as the interim of BM-SC generation in embodiment of the method 14 Mobile group designation, the method that the present embodiment carries out authorization check to UE when the group for introducing GCSE is identified as fixed group mark, is asked Refering to Figure 29, the method for the present embodiment includes:

S151, BM-SC receive the request message that GCS AS is sent, and the group comprising GCSE group identifies in the request message；

In the specific implementation, GCS AS can send request message, institute to BM-SC according to the number of the GCSE group of self-management It states the group in request message comprising GCSE group to identify, being equivalent to GCS AS itself in this case, there is group to identify corresponding authorization UE list.

S152, the mapping relations for generating service identification and foundation group mark and service identification；

S153, the service activation request that UE is sent is received, the mark comprising UE and UE want in the service activation request The service identification of the business of activation；

S154, it searches and corresponding group of mark of service identification for including in the service activation request；

S155, it is requested for sending authorization check to GCS AS, includes the mark of the UE in the authorization check request And the UE wants corresponding group of mark of service identification of the business of activation, to request GCS AS to check identifying whether for the UE In the corresponding GCSE group of corresponding group of mark of service identification that the UE wants the business of activation.

In several embodiments provided herein, it should be understood that disclosed device, it can be by another way It realizes.For example, the apparatus embodiments described above are merely exemplary, such as the division of the unit, it is only a kind of Logical function partition, there may be another division manner in actual implementation, such as multiple units or components can combine or can To be integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual Coupling, direct-coupling or communication connection can be through some interfaces, the indirect coupling or communication connection of device or unit, It can be electrical or other forms.

The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.

It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.

If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the present invention whole or Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code Medium.

The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations；Although referring to before Stating embodiment, invention is explained in detail, those skilled in the art should understand that: it still can be to preceding Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features；And these It modifies or replaces, the range for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.

Claims

1. a kind of group communication service application server GCS AS, which is characterized in that the GCS AS is applied to based on LTE network In cluster communication, wherein the broadcast multicast service center BM-SC in the cluster communication based on LTE network takes group communication Business GCSE group is invisible；Include:

Processing unit, for establishing or obtaining MSK and each group communication service GCSE group from broadcast multicast service center BM-SC The mapping relations of group mark and/or service identification；

Transmission unit, identifies for the group according to MSK and each GCSE group and/or the mapping relations of service identification are by generation MSK is sent to the user equipment (UE) in corresponding GCSE group；

Wherein, the transmission unit is also used to, and before the MSK generation unit generates MSK, is sent and is requested to the BM-SC Message, group mark number in the request message comprising request and/or the business number for organizing number and/or request, it is described to ask Ask message for requesting the BM-SC distribution service identification and/or group mark；The GCS AS further include: the first receiving unit, The response message sent for receiving the BM-SC, in the response message service identification comprising BM-SC distribution and/ Or group mark；The transmission unit is also used to, and establishes the group mark and/or industry of MSK and each GCSE group in the processing unit It is engaged in after the mapping relations of mark, MSK is sent to the BM-SC；

Alternatively, the transmission unit is also used to, after the MSK generation unit generates MSK, sends and request to the BM-SC Message, group mark number and MSK comprising request in the request message, the request message is for requesting the BM-SC points Combo mark and/or service identification and the mapping relations for establishing each group of mark and/or each service identification and each MSK；Institute It states processing unit to be specifically used for, receives the response message that the BM-SC is sent, include each group of mark in the response message And/or the mapping relations of each service identification and each MSK；

Alternatively, the GCS AS further include: unit is established in mapping, for establishing after the MSK generation unit generates MSK The mapping relations of the group mark of MSK and each GCSE group；The transmission unit is also used to, and sends request message to the BM-SC, The mapping relations of group mark comprising each MSK and each GCSE group in the request message, the request message is for requesting The BM-SC distributes service identification and establishes the mapping relations of each service identification Yu each group of mark；The processing unit tool Body is used for, and is received the response message that the BM-SC is sent, is included each group of mark and each service identification in the response message Mapping relations；

Alternatively, the GCS AS further include: the second receiving unit, for receiving institute before the MSK generation unit generates MSK The secret key request message of BM-SC transmission is stated, includes MSK number of service identification and request in the secret key request message；It is described Transmission unit is also used to, and the group mark of MSK and each GCSE group and/or the mapping pass of service identification are established in the processing unit After system, MSK is sent to the BM-SC.

2. GCS AS as described in claim 1, which is characterized in that the MSK generation unit is also used to, and is generated for each MSK MSK mark and key validity period；

The transmission unit is also used to, and is sent to correspondence while MSK is sent to the BM-SC or later and by MSK When UE in GCSE group, also by the MSK mark of each MSK and key validity period and the group mark of the corresponding GCSE group of each MSK Know and/or service identification is sent to the BM-SC and corresponds to the UE in GCSE group.

3. the GCS AS as described in right wants 1, which is characterized in that the GCS AS further include:

Third receiving unit, for being identified according to the group of MSK and each GCSE group and/or service identification in the transmission unit The MSK of generation is sent to before the UE in corresponding GCSE group by mapping relations, receives the MSK for each MSK that the BM-SC is sent Mark and key validity period, the MSK mark of each MSK and key validity period are generated by BM-SC；

The transmission unit is also used to, and is sent to correspondence while MSK is sent to the BM-SC or later and by MSK When UE in GCSE group, the group mark and/or service identification of the corresponding GCSE group of each MSK are also sent to the BM-SC；It will The group mark and/or service identification of the MSK mark of each MSK and key validity period and the corresponding GCSE group of each MSK are sent To the UE in corresponding GCSE group.

4. GCS AS as described in claim 1, which is characterized in that the GCS AS further include:

The transmission unit is also used to, and sends first key update message to the BM-SC, and the UE into corresponding GCSE group is sent Second key updating message, so that the UE more new key in the BM-SC and corresponding GCSE group, the first key update disappears It include the new MSK in breath and the second key updating message.

5. GCS AS as claimed in claim 4, which is characterized in that the preset rules include the addition of the UE GCSE group Nei And/or it leaves or MSK is to validity period.

6. GCS AS as claimed in claim 4, which is characterized in that

The MSK generation unit is also used to, before the transmission unit sends first key update message to the BM-SC, Generate MSK mark and the key validity period of the new MSK；

The first key update message and the second key updating message also include: the MSK of new MSK mark and close Key validity period, the group mark and/or service identification of the corresponding GCSE group of the new MSK.

7. GCS AS as claimed in claim 4, which is characterized in that the GCS AS further include:

4th receiving unit, for receiving institute before the transmission unit sends first key update message to the BM-SC State MSK mark and the key validity period of the new MSK of BM-SC transmission；

Also include in the first key update message: the group mark and/or service identification of the corresponding GCSE of the new MSK； Include in the second key updating message: the MSK mark and key validity period, the new MSK of the new MSK is corresponding The group of GCSE identifies and/or service identification.

8. GCS AS as described in claim 1, which is characterized in that the GCS AS further include:

5th receiving unit triggers message for receiving the key updating that the BM-SC is issued, and the key updating triggers message In the group mark comprising GCSE group and/or service identification and/or the MSK of MSK for needing to update identify；

The MSK generation unit is also used to, and generates new MSK；

The transmission unit is also used to, and sends third key updating message to the BM-SC, and the UE into corresponding GCSE group is sent 4th key updating message, so that the UE more new key in the BM-SC and corresponding GCSE group, the third key updating disappear It include the new MSK in breath and the 4th key updating message.

9. GCS AS as claimed in claim 8, which is characterized in that

The MSK generation unit is also used to, before the transmission unit sends third key updating message to the BM-SC, Generate MSK mark and the key validity period of the new MSK；

The third key updating message and the 4th key updating message also include: the MSK of new MSK mark and close Key validity period, the group mark and/or service identification of the corresponding GCSE group of the new MSK.

10. GCS AS as claimed in claim 8, which is characterized in that the GCS AS further include:

6th receiving unit, for receiving institute before the transmission unit sends third key updating message to the BM-SC State MSK mark and the key validity period of the new MSK of BM-SC transmission；

Also include in the third key updating message: the group mark and/or business mark of the corresponding GCSE group of the new MSK Know；Also include in the 4th key updating message: the MSK mark of the new MSK and key validity period, the new MSK The group of corresponding GCSE group identifies and/or service identification.

11. a kind of group communication service application server GCS AS, which is characterized in that the GCS AS is applied to be based on LTE network Cluster communication in, wherein broadcast multicast service center BM-SC in the cluster communication based on LTE network is to group communicating It is invisible to service GCSE group；Include:

Unit is established in mapping, for establishing the group mark of MSK and each group communication service GCSE group and/or the mapping of service identification Relationship；

The transmission unit is also used to, and before the acquiring unit obtains MSK from the BM-SC, is asked to BM-SC transmission Message is sought, the group mark number comprising request and/or group number and/or the business number of request, described in the request message Request message is for requesting the BM-SC distribution MSK and service identification and/or group mark；

The acquiring unit is specifically used for, and receives the response message that the BM-SC is sent, and includes described in the response message The MSK and service identification and/or group mark of BM-SC distribution.

12. GCS AS as claimed in claim 11, which is characterized in that the request message is also used to request the BM-SC be Each MSK generates MSK mark and key validity period；

The transmission unit is also used to, in the UE being sent to MSK in corresponding GCSE group, also by the mark of each MSK and close The group of key validity period and the corresponding GCSE group of each MSK mark and/or service identification are sent to the UE in corresponding GCSE group.

13. a kind of secret key sending method, which is characterized in that applied to the group communication service in the cluster communication based on LTE network In application server GCS AS, wherein BM-SC pairs of the broadcast multicast service center in the cluster communication based on LTE network Group communication service GCSE group is invisible；This method comprises:

Generate multimedia broadcast multi-broadcasting business key MSK；

Establish or obtain from broadcast multicast service center BM-SC the group mark and/or industry of MSK and each group communication service GCSE group The mapping relations for mark of being engaged in；

The MSK of generation is sent to according to the group mark of MSK and each GCSE group and/or the mapping relations of service identification corresponding User equipment (UE) in GCSE group；

Wherein, before generating MSK, the method also includes: request message is sent to the BM-SC, in the request message Group mark number comprising request and/or the business number for organizing number and/or request, the request message are described for requesting BM-SC distributes service identification and/or group mark；The response message that the BM-SC is sent is received, includes institute in the response message State the service identification and/or group mark of BM-SC distribution；In the group mark and/or service identification for establishing MSK and each GCSE group After mapping relations, the method also includes: MSK is sent to the BM-SC；

Alternatively, after generating MSK, the method also includes: request message is sent to the BM-SC, in the request message Group mark number and MSK comprising request, the request message is for requesting the BM-SC distribution group mark and/or business mark Know and establish the mapping relations of each group of mark and/or each service identification and each MSK；It is described to obtain MSK from the BM-SC It include: the response message for receiving the BM-SC and sending with the group mark of each GCSE group and/or the mapping relations of service identification, Mapping relations in the response message comprising each group of mark and/or each service identification and each MSK；

Alternatively, after generating MSK, the method also includes: establish the mapping relations of the group mark of MSK and each GCSE group； Request message is sent to the BM-SC, the mapping relations of the group mark comprising MSK and each GCSE group in the request message, The request message is used to request the BM-SC distribution service identification and establishes the mapping of each service identification Yu each group of mark Relationship；The mapping relations for organizing mark and/or service identification that MSK and each GCSE group are obtained from the BM-SC include: to connect The response message that the BM-SC is sent is received, the mapping comprising each group of mark and each service identification is closed in the response message System；

Alternatively, before generating MSK, the method also includes: the secret key request message of the BM-SC transmission is received, it is described close It include MSK number of service identification and request in key request message；In the group mark and/or industry for establishing MSK and each GCSE group It is engaged in after the mapping relations of mark, the method also includes: MSK is sent to the BM-SC.

14. method as claimed in claim 13, which is characterized in that in the group mark and/or industry according to MSK and each GCSE group The MSK of generation is sent to before the UE in corresponding GCSE group by the mapping relations of business mark, further includes:

MSK mark and key validity period are generated for each MSK；

It is also wrapped when while MSK is sent to the BM-SC or later and by UE that MSK is sent in corresponding GCSE group It includes:

By the MSK mark of each MSK and key validity period and the group mark and/or business mark of the corresponding GCSE group of each MSK Know the UE being sent in the BM-SC and corresponding GCSE group.

15. method as claimed in claim 13, which is characterized in that the group according to MSK and each GCSE group identify and/or The MSK of generation is sent to before the UE in corresponding GCSE group by the mapping relations of service identification, further includes:

Receive MSK mark and the key validity period of each MSK that the BM-SC is sent, the MSK mark of each MSK and close Key validity period is generated by BM-SC；

The group mark and/or service identification of the corresponding GCSE group of each MSK are sent to the BM-SC；By the MSK of each MSK The group of mark and key validity period and the corresponding GCSE group of each MSK mark and/or service identification are sent to corresponding GCSE group Interior UE.

16. method as claimed in claim 13, which is characterized in that the method also includes:

Judge whether MSK needs to update according to preset rules；

If it is, generating new MSK；

First key update message is sent to the BM-SC, the UE into corresponding GCSE group sends the second key updating message, with So that the UE more new key in the BM-SC and corresponding GCSE group, the first key update message and second key are more It include the new MSK in new information.

17. the method described in claim 16, which is characterized in that the preset rules include the addition of the UE GCSE group Nei And/or it leaves or MSK is to validity period.

18. the method described in claim 16, which is characterized in that the BM-SC send first key update message it Before, further includes:

Generate MSK mark and the key validity period of the new MSK；

19. the method described in claim 16, which is characterized in that the BM-SC send first key update message it Before, further includes:

20. method as claimed in claim 13, which is characterized in that the method also includes:

The key updating triggering message that the BM-SC is issued is received, includes the group of GCSE group in the key updating triggering message The MSK of mark and/or service identification and/or the MSK for needing to update mark；

Generate new MSK；

Third key updating message is sent to the BM-SC, the UE into corresponding GCSE group sends the 4th key updating message, with So that the UE more new key in the BM-SC and corresponding GCSE group, the third key updating message and the 4th key are more It include the new MSK in new information.

21. method as claimed in claim 20, which is characterized in that the BM-SC send third key updating message it Before, further include；

Generate MSK mark and the key validity period of the new MSK；

22. method as claimed in claim 20, which is characterized in that the BM-SC send third key updating message it Before, further includes:

23. a kind of secret key sending method, which is characterized in that applied to the group communication service in the cluster communication based on LTE network In application server GCS AS, wherein BM-SC pairs of the broadcast multicast service center in the cluster communication based on LTE network Group communication service GCSE group is invisible；This method comprises:

Wherein, before obtaining MSK from the BM-SC, the method also includes: request message is sent to the BM-SC, it is described Group mark number and/or group number and/or the business number of request, the request message in request message comprising request are used for Request the BM-SC distribution MSK and service identification and/or group mark；It is described from the BM-SC obtain MSK include: described in reception The response message that BM-SC is sent, MSK and service identification and/or group mark comprising BM-SC distribution in the response message Know.

24. method as claimed in claim 23, which is characterized in that the request message is also used to request the BM-SC to be every A MSK generates MSK mark and key validity period；

In the UE being sent to MSK in corresponding GCSE group further include:

By the group of the mark of each MSK and key validity period and the corresponding GCSE group of each MSK mark and/or service identification The UE being sent in corresponding GCSE group.