WO2022032525A1 - Group key distribution method and apparatus - Google Patents

Abstract

A group key distribution method and apparatus, wherein same are used for providing a unified group key distribution mechanism, so as to improve the security of group communication. The method comprises: a group key management function network element acquiring a key identifier of a first device and a group identifier of the first device; the group key management function network element determining a group key according to the group identifier of the first device, wherein the group key is used to protect communication content of members in a group, and the members in the group include the first device; the group key management function network element determining a protective key according to the key identifier of the first device; the group key management function network element generating a group key parameter according to the group key and the protective key, and sending the group key parameter to the first device; and the first device determining the group key according to the group key parameter and the protective key. In this way, the group key distribution is protected by means of a group key parameter, such that the security of group key distribution is improved, and the security of group communication can be improved.

Description

Method and device for group key distribution technical field

The present application relates to the field of communication technologies, and in particular, to a group key distribution method and device.

Background technique

There are a large number of group communication services in the mobile network communication system, such as location service (LCS), proximity service (Proximity-based services, ProSe), multimedia broadcast multicast service (MBMS), fifth generation ( ^5th generation, 5G) local area network services, etc. Group key management is involved when securing group communications. Currently, group keys are generally shared by multiple group members, and are more difficult to distribute and manage than independent keys. In the current mobile network communication system, different group communications use their own methods for the distribution of group keys, resulting in different security of group keys (for example, LCS uses NAS messages to transmit group keys, but the encryption of NAS messages is optional), different pre-configured content (ProSe and MBMS may require terminal equipment to pre-configure a symmetric key or certificate), decentralized group key storage management (different group communication service group keys are stored on different servers), And these are easy to attack weak points. Therefore, the current distribution method of the group key will cause the security of the group communication to be low.

SUMMARY OF THE INVENTION

The present application provides a group key distribution method and device, which are used to propose a unified group key distribution mechanism to improve the security of group communication.

In a first aspect, the present application provides a group key distribution method, the method may include: a group key management function network element acquiring a key identifier of a first device, and acquiring a group identifier of the first device; the The group key management function network element determines the group key according to the group identification of the first device, and determines the protection key according to the key identification of the first device; the group key management function network element determines the protection key according to the group identification of the first device; The key and the protection key generate a group key parameter, and send the group key parameter to the first device; wherein the group key is used to protect the communication content of the members of the group, and the group key A member contains the first device.

Through the above method, the distribution of the group key is protected by the group key parameter, the security of the group key distribution can be improved, and the security of the group communication can be improved.

In a possible design, the group key management function network element determines the group key according to the group identifier of the first device, and the specific method may be: the group key management function network element selects the group key from the The group key information is queried for the group key. If the group key information includes the corresponding relationship between the group identifier and the group key, the group key management function network element retrieves the group key from the group key. The group key corresponding to the group identifier is obtained from the information; if the group key information does not include the correspondence between the group identifier and the group key, the network element of the group key management function generates the the group key.

Through the above method, the network element of the group key management function can accurately obtain the group key, and then generate group key parameters according to the group key.

In a possible design, the group key management function network element generates the group key, and a specific method may be: the group key management function network element generates the group key according to the root group key. In this way, when the group key is not queried, the network element of the group key management function can accurately obtain the group key, and then generate a group key parameter according to the group key.

In a possible design, after the group key management function network element generates the group key, the corresponding relationship between the group identifier and the group key is stored. In this way, the group key management function network element can successfully query the group key according to the group identifier in the subsequent process.

In a possible design, the group key management function network element determines the protection key according to the key identifier of the first device, and the specific method may be: the group key management function network element determines the protection key according to the stored first device. The corresponding relationship between the key identifier of the device and the protection key is to determine the protection key corresponding to the key identifier of the first device; The key identifier obtains the protection key from the key function network element.

Through the above method, the network element of the group key management function can accurately obtain the protection key, and then generate a group key parameter according to the protection key.

In a possible design, the group key management function network element determines the protection key according to the key identifier of the first device, and the specific method may be: the group key management function network element determines the protection key according to the first device. The key identifier of the device determines a second key; the group key management function network element generates the protection key according to the second key.

Through the above method, the network element of the group key management function can accurately obtain the protection key, and then generate a group key parameter according to the protection key.

In a possible design, the group key management function network element generates the protection key according to the second key, and a specific method may be: the group key management function network element generates the protection key according to the second key. generating the protection key; the generation parameters of the protection key include one or more of the following: a first self-owned parameter, a first reception parameter, and a first transmission parameter; wherein , the first self-owned parameter includes a preset character string; the first received parameter includes one or more of the following: the identification of the first device, the key identification of the first device, the group identification, the application type, the application identification , a random number, a counter, and a timestamp; the first sending parameter includes one or more of the following: group key identifier, random number, counter, and timestamp.

Through the above method, the network element of the group key management function can accurately obtain the protection key, and then generate a group key parameter according to the protection key.

In a possible design, the group key management function network element receives a first reception parameter indication from the first device or group management function network element, and obtains the first reception parameter indication according to the first reception parameter indication parameter. In this way, the network element of the group key management function can generate the protection key according to the first reception parameter, and then generate a group key parameter according to the protection key.

In a possible design, the group key management function network element sends a first sending parameter indication to the first device, where the first sending parameter indication is used to indicate the first sending parameter.

In a possible design, the group key management function network element determines the second key according to the key identifier of the first device, and the specific method may be: the group key management function network element determines the second key according to the stored first device. The correspondence between the key identifier of a device and the first key is to determine the first key corresponding to the key identifier of the first device; or the group key management function network element obtains the first key from the key function network element. a key; the group key management function network element generates the second key according to the first key.

Through the above method, the group key management function network element can accurately obtain the second key, and then generate a protection key according to the second key.

In a possible design, the group key management function network element generates the second key according to the first key, and a specific method may be: the group key management function network element generates the second key according to the first key. The key and the generation parameters of the second key generate the second key; the generation parameters of the second key include one or more of the following: a second own parameter, a second received parameter, a second Sending parameters; wherein, the second self-owned parameter includes a preset character string; the second receiving parameter includes one or more of the following: the identification of the first device, the key identification of the first device, the group identification, the random number, counter, and timestamp; the second transmission parameter includes one or more of the following: random number, counter, and timestamp.

Through the above method, the group key management function network element can accurately obtain the second key, and then generate a protection key according to the second key.

In a possible design, the group key management function network element receives a second reception parameter indication from the first device or the group management function network element, and obtains the second reception parameter indication according to the second reception parameter indication parameter. In this way, the group key management function network element can generate the second key according to the second reception parameter, and then generate a protection key according to the second key.

In a possible design, the group key management function network element sends a second transmission parameter indication to the first device or group management function network element, where the second transmission parameter indication is used to instruct the second transmission parameter.

In a possible design, the first key is K _AUSF or K _SEAF or K _AMF or K _AF .

In a possible design, the group key management function network element generates a group key parameter according to the group key and the protection key, and the specific method may be: the group key management function network element The group key, the protection key and the first algorithm generate the group key parameter, and the first algorithm is a reversible algorithm. In this way, the network element of the group key management function can successfully obtain the group key parameters, and then use the group key parameters to protect the distribution of the group key, which can improve the security of group key distribution and thus the security of group communication. .

In a possible design, the first algorithm may be one of the following algorithms: exclusive OR, exclusive OR, addition, subtraction, and encryption.

In a possible design, the key identifier of the first device may be an identifier of the first device or a key set identifier of the first device.

In a possible design, the group key management function network element obtains the key identifier of the first device, and the specific method may be: the group key management function network element obtains the first device from the first device. The key identifier of the device; or, the group key management function network element obtains the key identifier of the first device from the group management function network element. In this way, the network element of the group key management function can accurately obtain the key identifier of the first device, and then accurately obtain the protection key based on the key identifier of the first device.

In a possible design, the group key management function network element obtains the group identifier of the first device, and the specific method may be: the group key management function network element obtains the first device from the group management function network element. A group identifier of a device; or, the group key management function network element acquires the group identifier of the first device from the first device. In this way, the network element of the group key management function can accurately obtain the group identifier of the first device, and then accurately obtain the group key based on the group identifier of the first device.

In a possible design, when the group management function network element is an application function (application function, AF) network element, the first device may send an application request message to the AF, where the application request message includes The group identifier of the first device, whereby the AF sends the group identifier of the first device to the group key management function network element.

In a possible design, the group key management function network element sends the group key parameter to the first device, which may specifically be: the group key management function network element sends the group key parameter to the first device through the AF The first device sends the group key parameter.

In a possible design, the group key management function network element sends the group key parameter to the first device, which may specifically be: the group key management function network element manages the access and mobility An access and mobility management function (AMF) network element sends the group key parameter to the first device.

In a possible design, when the group management function network element session management function (session management function, SMF) network element, the first device may send a protocol data unit (protocol data unit, PDU) to the SMF A session establishment request message, thereby triggering the SMF to send the group identifier of the first device to the group key management function network element.

In a possible design, the group key management function network element sends the group key parameter to the first device, which may specifically be: the group key management function network element sends the group key parameter to the first device through the SMF. The first device sends the group key parameter.

In a possible design, the group key management function network element determines the group key identifier according to the group identifier.

In a possible design, the group key management function network element determines the group key identifier according to the group identifier, and the specific method may be: the group key management function network element obtains the group key from the group key according to the group identifier Obtain the group key identifier from the information, and the group key information includes the correspondence between the group identifier and the group key identifier; or, the group key management function network element uses the group identifier as the group key or the group key management function network element determines the group key identifier according to the group identifier and the application type.

In a possible design, the group key management function network element sends the group key identifier to the first device.

In a second aspect, the present application provides a method for distributing a group key, the method may include: a first device receives a group key parameter from a network element with a group key management function; the first device receives a group key parameter according to the group key parameter and a protection key to determine the group key, the group key being used to protect the communication content of the members of the group, the members of the group including the first device.

Through the above method, the distribution of the group key is protected by the group key parameter, the security of the group key distribution can be improved, and the security of the group communication can be improved.

In a possible design, the first device generates a second key according to the first key, and generates the protection key according to the second key. In this way, the first device can obtain the protection key accurately, and then obtain the group key accurately based on the protection key.

In a possible design, the group key management function network element generates a protection key according to the second key, and the specific method may be: the first device generates a protection key according to the second key and the protection key. Generating parameters to generate the protection key; the protection key generation parameters include one or more of the following: a first self-owned parameter, a first receiving parameter, and a first sending parameter; wherein, the first self-owned parameter includes A preset character string; the first receiving parameter includes one or more of the following: the identifier of the first device, the first device key identifier, the group identifier, the application type, the application identifier, the random number, the counter, and the timestamp; The first sending parameter includes one or more of the following: a group key identifier, a random number, a counter, and a timestamp. In this way, the first device can obtain the protection key accurately, and then obtain the group key accurately based on the protection key.

In a possible design, the first device sends a first reception parameter indication to the secondary group key management function network element, where the first reception parameter indication is used to indicate the first reception parameter.

In a possible design, the first device receives a first transmission parameter indication from the group key management function network element, and acquires the first transmission parameter according to the first transmission parameter indication. In this way, the first device can accurately obtain the first transmission parameter, and then obtain the protection key accurately based on the first transmission parameter.

In a possible design, the first device generates the second key according to the first key, and the specific method may be: the first device generates the second key according to the difference between the first key and the second key. The generation parameters determine the second key; the generation parameters of the second key include one or more of the following: a second self-owned parameter, a second receiving parameter, and a second sending parameter; wherein the second self-owned parameter Some parameters include a preset character string; the second receiving parameter includes one or more of the following: the identifier of the first device, the key identifier of the first device, the group identifier, a random number, a counter, and a timestamp; the first device Two transmission parameters include one or more of the following: random number, counter, timestamp. In this way, the first device can accurately obtain the second key, and then obtain the protection key accurately based on the second key.

In a possible design, the first device sends a second reception parameter indication to the group key management function network element, where the second reception parameter indication is used to indicate the second reception parameter.

In a possible design, the first device receives a second transmission parameter indication from the group key management function network element, and acquires the second transmission parameter according to the second transmission parameter indication. In this way, the first device can accurately obtain the second transmission parameter, and then obtain the second key accurately based on the second transmission parameter.

In a possible design, the first device determines the group key according to the group key parameter and the protection key, and a specific method may be: the first device determines the group key according to the protection key, The group key parameter and a second algorithm determine the group key, and the second algorithm is a reversible algorithm. In this way, the first device can successfully obtain the group key. Since the distribution of the group key is protected by the group key parameter, the security of the group key distribution can be improved, thereby the security of the group communication can be improved.

In a possible design, the second algorithm may be one of the following algorithms: exclusive OR, exclusive OR, addition, subtraction, and decryption.

In a possible design, the first key is K _AUSF or K _SEAF or K _AMF or K _AF .

In a possible design, the first device sends the key identifier of the first device to the group key management function network element; or, the first device sends the group key to the group key management function network element through the group management function network element The management function network element sends the key identifier and group identifier of the first device.

In a possible design, the key identifier of the first device may be an identifier of the first device or a key set identifier of the first device.

In a third aspect, the present application provides a group key distribution method, the method may include: a key function network element receiving a key identifier of a first device from a group key management function network element; the key function network element The first key is determined according to the key identifier of the first device; the key function network element determines the second key according to the first key.

Through the above method, the key function network element can subsequently provide the second key for the first device and the group key management function network element, so that the first device and the group key management function network element can further determine the protection key.

In a possible design, the key function network element determines the second key according to the first key, including:

The key function network element generates the second key according to the generation parameters of the first key and the second key; the generation parameters of the second key include one or more of the following: Two self-owned parameters, a second receiving parameter, and a second sending parameter; wherein, the second self-owned parameter includes a preset character string; the second receiving parameter includes one or more of the following: the identifier of the first device, The key identifier, group identifier, random number, counter, and timestamp of the first device; the second sending parameter includes one or more of the following: random number, counter, and timestamp. In this way, the key function network element can accurately determine the second key.

In a possible design, the key function network element receives a second reception parameter indication from the first device or the group key management function network element, and obtains the second reception parameter indication according to the second reception parameter indication parameter. In this way, the key function network element can accurately obtain the second receiving parameter, and then determine the second key according to the second receiving parameter.

In a possible design, the key function network element sends a second transmission parameter indication to the first device or the group key management function network element, where the second transmission parameter indication is used to instruct the second transmission parameter.

In a possible design, the key function network element determines the protection key according to the second key; the key function network element sends the protection key to the group key management function network element. In this way, the key function network element can directly provide the protection key to the group key management function network element, so that the group key management function network element can generate group key parameters according to the protection key. , to improve the security of key distribution.

In a possible design, the key function network element determines the protection key according to the second key, including:

The key function network element generates the protection key according to the second key and the generation parameters of the protection key; the generation parameters of the protection key include one or more of the following: the first self-owned parameter, first receiving parameter, and first sending parameter; wherein, the first self-owned parameter includes a preset character string; the first receiving parameter includes one or more of the following: the identifier of the first device, the first device key identifier, group identifier, application type, application identifier, random number, counter, and timestamp; the first sending parameter includes one or more of the following: group key identifier, random number, counter, and timestamp. In this way, the key function network element can accurately determine the protection key.

In a possible design, the key function network element receives the first reception parameter indication from the first device or group key management function network element, and obtains the first reception parameter indication according to the first reception parameter indication A received parameter. In this way, the key function network element can accurately obtain the first receiving parameter, and then determine the protection key according to the first receiving parameter.

In a possible design, the key function network element sends the first transmission parameter indication to the first device or group key management function network element, where the first transmission parameter indication is used to indicate the first transmission parameter - Send parameters.

In a possible design, the key function network element sends the second key to the group key management function network element. In this way, the network element of the group key management function can subsequently generate the protection key according to the second key.

In a possible design, the first key is K _AUSF or K _SEAF or K _AMF or K _AF .

In a possible design, the key function network element may be an authentication server function (authentication server function, AUSF) network element.

In a fourth aspect, the present application provides a group key distribution device, the group key distribution device may be a network element with a group key management function, and the group key distribution device has the ability to implement the first aspect or the first aspect. The functionality of the group key management function network element in each possible design example. The functions can be implemented by hardware, or by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above functions.

In a possible design, the structure of the group key distribution apparatus may include a transceiver unit and a processing unit, and these units may execute the group key management function network in the first aspect or each possible design example of the first aspect. For the corresponding function of the element, please refer to the detailed description in the method example for details, which will not be repeated here.

In a possible design, the structure of the group key distribution apparatus includes a transceiver and a processor, and optionally a memory. The transceiver is used to send and receive data, and to communicate with other devices in the communication system. , the processor is configured to support the group key distribution apparatus to perform the corresponding function of the group key management function network element in the first aspect or each possible design example of the first aspect. A memory is coupled to the processor and holds program instructions and data necessary for the set of key distribution means.

In a fifth aspect, the present application provides a group key distribution apparatus, the group key distribution apparatus may be a first device, and the group key distribution apparatus has various possible designs for implementing the above second aspect or the second aspect The function of the first device in the example. The functions can be implemented by hardware, or by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above functions.

In a possible design, the structure of the group key distribution apparatus may include a transceiver unit and a processing unit, and these units may perform the corresponding functions of the first device in the second aspect or each possible design example of the second aspect , please refer to the detailed description in the method example for details, which will not be repeated here.

In a possible design, the structure of the group key distribution apparatus includes a transceiver and a processor, and optionally a memory. The transceiver is used to send and receive data, and to communicate with other devices in the communication system. , the processor is configured to support the group key distribution apparatus to perform the corresponding function of the first device in the second aspect or each possible design example of the second aspect. A memory is coupled to the processor and holds program instructions and data necessary for the set of key distribution means.

In a sixth aspect, the present application provides a group key distribution device, the group key distribution device may be a key function network element, and the group key distribution device has various possibilities for implementing the third aspect or the third aspect. The function of the key function network element in the design example. The functions can be implemented by hardware, or by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above functions.

In a possible design, the structure of the group key distribution apparatus may include a transceiver unit and a processing unit, and these units may perform the key function network element in the third aspect or each possible design example of the third aspect. For the corresponding function, please refer to the detailed description in the method example for details, which will not be repeated here.

In a possible design, the structure of the group key distribution apparatus includes a transceiver and a processor, and optionally a memory. The transceiver is used to send and receive data, and to communicate with other devices in the communication system. , the processor is configured to support the group key distribution apparatus to perform the corresponding function of the key function network element in the third aspect or each possible design example of the third aspect. A memory is coupled to the processor and holds program instructions and data necessary for the set of key distribution means.

In a seventh aspect, an embodiment of the present application provides a communication system, which may include the above-mentioned group key management function network element, a first device, a key function network element, and the like.

In an eighth aspect, a computer-readable storage medium provided by an embodiment of the present application, the computer-readable storage medium stores a program instruction, and when the program instruction is executed on a computer, makes the computer execute the first aspect of the embodiment of the present application and its contents. Any possible design, the second aspect and any possible design thereof, or the third aspect and any possible design thereof. Illustratively, a computer-readable storage medium can be any available medium that can be accessed by a computer. Taking this as an example but not limited to: computer readable media may include non-transitory computer readable media, random-access memory (RAM), read-only memory (ROM), electrically erasable Except programmable read only memory (electrically EPROM, EEPROM), CD-ROM or other optical disk storage, magnetic disk storage medium or other magnetic storage device, or capable of carrying or storing desired program code in the form of instructions or data structures and capable of Any other media accessed by a computer.

In a ninth aspect, the embodiments of the present application provide a computer program product including computer program codes or instructions, which, when run on a computer, enables the computer to implement the above-mentioned first aspect and any possible design thereof, the second aspect and its Any possible design or method of the third aspect and any possible design thereof.

In a tenth aspect, the present application also provides a chip, which is coupled to a memory and used to read and execute program instructions stored in the memory, so as to implement the above-mentioned first aspect and any possible designs thereof, the third A method of the second aspect and any possible design thereof or the third aspect and any possible design thereof.

Please refer to the above description of the technical effects that can be achieved by various possible solutions in the first aspect, the second aspect or the third aspect. Repeat again.

Description of drawings

1 is a schematic diagram of the architecture of a communication system provided by the application;

Fig. 2 is the flow chart of a kind of group key distribution method provided by this application;

3 is a flowchart of an example of a group key distribution method provided by the present application;

4 is a flowchart of an example of another group key distribution method provided by the present application;

5 is a flowchart of an example of another group key distribution method provided by the present application;

6 is a schematic structural diagram of a group key distribution device provided by the present application;

FIG. 7 is a structural diagram of a group key distribution apparatus provided by the present application.

detailed description

The embodiments of the present application will be described in detail below with reference to the accompanying drawings.

Embodiments of the present application provide a group key distribution method and device, which are used to propose a unified group key distribution mechanism to improve the security of group communication. The methods and devices described in this application are based on the same technical concept. Since the methods and devices have similar principles for solving problems, the implementations of the devices and methods can be referred to each other, and repeated descriptions will not be repeated here.

It should be noted that, in the description of this application, words such as "first" and "second" are only used for the purpose of distinguishing the description, and cannot be understood as indicating or implying relative importance, nor can they be understood as indicating or implying order. In the description in this application, "at least one (species)" refers to one (species) or multiple (species), and multiple (species) refers to two (species) or more than two (species). "And/or", which describes the association relationship of the associated objects, means that there can be three kinds of relationships, for example, A and/or B, it can mean that A exists alone, A and B exist at the same time, and B exists alone, where A, B can be singular or plural. The character "/" generally indicates that the associated objects are an "or" relationship.

In order to describe the technical solutions of the embodiments of the present application more clearly, the data association method and apparatus of the terminal equipment provided by the embodiments of the present application will be described in detail below with reference to the accompanying drawings.

The embodiments of the present application provide a possible architecture of a communication system to which the communication method is applicable. The architecture of the communication system may include: an access network and a core network. The access network is used to realize functions related to wireless access, and the access network includes the 3rd generation partnership project (3GPP) access network and the non-3GPP (non-3GPP access network). The core network mainly includes the following key logical network elements: access and mobility management function network elements, session management function network elements, user plane function network elements, policy control function network elements, and unified data management function network elements. For example, FIG. 1 shows a possible example of the architecture of the communication system, and each network element or device in the architecture of the communication system is shown as a specific example. Specifically, the architecture of the communication system shown in FIG. 1 may include: terminal equipment (using user equipment (UE) as an example), an access and mobility management function (access and mobility management function, AMF) network element, session management function (SMF) network element, user plane function (UPF) network element, policy control function (PCF) network element, unified data management function network element (unified data management, UDM), authentication server function (AUSF) network element, network exposure function (NEF) network element, application function (application function, AF) network element, (wireless) access network (( radio) access network, (R)AN) equipment. The AMF network element and the access network device can be connected through the N2 interface, the access network device and the UPF can be connected through the N3 interface, the SMF and the UPF can be connected through the N4 interface, and the AMF network element and the UE can be connected through the N4 interface. It can be connected through the N1 interface. The interface name is only an example description, which is not specifically limited in this embodiment of the present application. It should be understood that the embodiments of the present application are not limited to the communication system shown in FIG. 1 , and the names of the network elements shown in FIG. 1 are only described here as an example, not as a communication system architecture applicable to the communication method of the present application. Limitation of included network elements. The following describes the functions of each network element or device in the communication system in detail:

Terminal equipment: can be UE, handheld terminal, notebook computer, subscriber unit (subscriber unit), cellular phone (cellular phone), smart phone (smart phone), wireless data card, personal digital assistant (personal digital assistant, PDA) computer, Tablet computer, wireless modem (modem), handheld device (handheld), laptop computer (laptop computer), cordless phone (cordless phone) or wireless local loop (wireless local loop, WLL) station, machine type communication (machine type communication) type communication, MTC) terminal or other device that can access the network. A certain air interface technology (such as new radio (NR), LTE) is used to communicate with each other between the terminal device and the access network device. In vehicle networking communication, the communication terminal uploaded by the vehicle is a terminal device, and the roadside unit (RSU) can also be used as a terminal device. The drone is loaded with a communication terminal, which can be regarded as a terminal device.

(R)AN equipment: equipment that provides access for terminal equipment, including RAN equipment and AN equipment. The RAN device is mainly a 3GPP network wireless network device, and the AN can be an access network device defined by non-3GPP. RAN equipment: It is mainly responsible for functions such as radio resource management, quality of service (QoS) management, data compression and encryption on the air interface side. The access network equipment may include various forms of base stations, such as: a macro base station, a micro base station (also referred to as a small cell), a relay station, an access point, and the like. In systems using different radio access technologies, the names of devices with base station functions may be different, for example, in 5G systems, they are called RAN or gNB (5G NodeB), etc.

Access and mobility management function network element: mainly responsible for the signaling processing part, such as: access control, mobility management, attachment and detachment, and gateway selection and other functions. When the AMF network element provides services for the session in the terminal device, it provides storage resources of the control plane for the session to store the session identifier, the SMF network element identifier associated with the session identifier, and the like. For example, in 5G, the access and mobility management function network elements can be AMF network elements, such as shown in Figure 1; in future communications, such as 6G, the access and mobility management function network elements can still be AMF network elements , or other names, which are not limited in this application. When the access and mobility management function network element is an AMF network element, the AMF can provide Namf services.

Session management function network element: It is mainly responsible for session management in the mobile network, such as session establishment, modification and release. Specific functions such as assigning IP addresses to users and selecting UPFs that provide packet forwarding functions. For example, in 5G, the session management function network element can be an SMF network element, such as shown in Figure 1; in future communications, such as 6G, the session management function network element can still be an SMF network element, or have other names, this Application is not limited. When the session management function network element is an SMF network element, the SMF can provide Nsmf services.

User plane function network element: responsible for forwarding and receiving user data in terminal equipment. The user data can be received from the data network and transmitted to the terminal device through the access network device; the UPF network element can also receive the user data from the terminal device through the access network device and forward it to the data network. The transmission resources and scheduling functions that provide services to terminal equipment in the UPF network element are managed and controlled by the SMF network element. For example, in 5G, the user plane function network element can be a UPF network element, such as shown in Figure 1; in future communications, such as 6G, the user plane function network element can still be a UPF network element, or have other names. Application is not limited.

Policy control function network element: mainly supports providing a unified policy framework to control network behavior, provides policy rules to the control layer network function, and is responsible for obtaining user subscription information related to policy decision-making. For example, in 5G, the policy control function network element can be a PCF network element, such as shown in Figure 1; in future communications, such as 6G, the policy control function network element can still be a PCF network element, or have other names, this Application is not limited. When the policy control function network element is a PCF network element, the PCF network element can provide Npcf services.

Network open function network element: mainly supports the secure interaction between 3GPP network and third-party applications. For example, in 5G, the network opening function network element can be a NEF network element, such as shown in Figure 1; in future communications, such as 6G, the network opening function network element can still be a NEF network element, or have other names, this Application is not limited. When the network open function network element is an NEF, the NEF can provide Nnef services to other network function network elements.

Application function network element: mainly supports interaction with the 3GPP core network to provide services, such as influencing data routing decisions, policy control functions, or providing some third-party services to the network side. For example, in 5G, the application function network element may be an AF network element, such as shown in Figure 1; in future communications, such as in 6G, the application function network element may still be an AF network element, or have other names, and this application does not Do limit. When the application function network element is the AF network element, the AF network element can provide the Naf service. Among them, the service enabler architecture layer server ((service enabler architecture layer, SEAL) server) can provide server-side functions corresponding to specific services. Specifically, if the service is a group communication service, it can include a group management function, which is a kind of Special AF. Specifically, the SEAF is used to provide vertical application services, for example, including location management, group management, configuration management, identity management, key management, network resource management, and the like.

The AKMA anchor function (AKMA anchor function, AAnF) is the function of enabling AKMA anchor key derivation in the AKMA service.

The security anchor function (SEAF) is a network element that provides authentication functions for the service network through AMF, and supports the first authentication.

Unified data management function network element: used to generate authentication credential, user identification processing (such as storing and managing user permanent identity, etc.), access authorization control and contract data management, etc. For example, in 5G, the unified data management function network element can be a UDM network element, such as shown in Figure 1; in future communications, such as in 6G, the unified data management function network element can still be a UDM network element, or have other names , which is not limited in this application. When the unified data management function network element is a UDM network element, the UDM network element can provide Nudm services.

Authentication server function network element: an authentication function used to support UE to perform 3GPP access or non-3GPP access. For example, in 5G, the authentication server function network element can be an AUSF network element, such as shown in Figure 1; in future communications, such as 6G, the authentication server function network element can still be an AUSF network element, or have other names, this Application is not limited. When the authentication server function network element is an AUSF network element, the AUSF network element can provide the Nausf service.

A data network (DN) refers to a service network that provides data transmission services for users, such as IP multi-media service (IMS) and the Internet.

The UE accesses the DN through a protocol data unit (protocol data unit, PDU) session established between the UE and the DN.

Among them, each network element in the core network can also be called a functional entity or a device, which can be either a network element implemented on dedicated hardware, a software instance running on dedicated hardware, or a virtualization on an appropriate platform. An example of a function, for example, the above-mentioned virtualization platform may be a cloud platform.

It should be noted that the architecture of the communication system shown in FIG. 1 is not limited to including only the network elements shown in the figure, but may also include other devices not shown in the figure, and the specific application will not list them one by one here. .

It should be noted that the embodiments of the present application do not limit the distribution form of each network element, and the distribution form shown in FIG. 1 is only exemplary, and is not limited in the present application.

For the convenience of description, the following description in this application will take the network element shown in FIG. 1 as an example, and the XX network element is directly abbreviated as XX. It should be understood that the names of all network elements in this application are only examples, and may also be referred to as other names in future communications, or the network elements involved in this application may also be identified by other entities or devices with the same function in future communications. Instead, this application does not limit this. A unified description is made here, and will not be repeated in the future.

It should be noted that the communication system shown in FIG. 1 does not constitute a limitation of the communication system to which the embodiments of the present application can be applied. The communication system architecture shown in FIG. 1 is a 5G system architecture. Optionally, the methods in the embodiments of the present application are also applicable to various future communication systems, such as 6G or other communication networks.

The group key distribution method provided by the present application can be applied to the communication system (mobile communication network) shown in FIG. 1 , and the distribution of the group key in group communication is proposed. In this application, a group management function (GMF) network element is used to provide group information of group members, and the group information is used to indicate the relationship between group members and the group, and may include a group identifier and a member list. Group ID is used to identify a group. In particular, in this application, all members of the same group communicate using the same group key. For example, the group identifier can be an external group identifier (external group ID), an internal group identifier (internal group ID), the group members can include terminal devices, network functions (NF), AF, etc., and the member list can be a contract permanent identifier ( subscription permanent identifier, SUPI) list, generic public subscription identifier (generic public subscription identifier, GPSI) list, AF identifier list, NF identifier list, etc. GMF can be an independent entity, or AMF, SMF, UDM, PCF, SEAL, AF, etc.

The group key management function (GKMF) network element is used to provide group key information of group members. The group key information is used to indicate the relationship between the key of the group member and the group, and can include the group ID and the group key. Optionally, the group key information also includes a group key identifier and a member list. The group key identifier is used to identify the group key, and the group key identifier and the group identifier are in one-to-one correspondence. The group key identifier can also be the same as the group identifier, and in this case, the group key identifier is the group identifier. The group key of the group members of the same group is the same, and the group key is used for communication protection of the members in the group. GKMF can be an independent entity or PCF, UDM, AUSF, SEAL, AAnF, etc.

A key function (key function, KF) network element is an optional network element, and the KF is used to provide the first key of the group member. The first key is generated by the UE and the KF after the two-way authentication process is performed, for example, it may be generated according to the permanent key K of the UE. KF can be AUSF, AMF, SEAF, AAnF. When KF is AUSF, the first key may be K _AUSF ; when KF is SEAF, the first key may be K _SEAF ; when KF is AMF, the first key may be K _AMF ; when KF is AAnF , the first key may be K _AF .

In order to describe the technical solutions of the embodiments of the present application more clearly, the group key distribution method and apparatus provided by the embodiments of the present application will be described in detail below with reference to the accompanying drawings.

The group key distribution method provided by the embodiment of the present application can be applied to the communication system shown in FIG. 1 . Referring to FIG. 2 , the specific process of the method may include:

Step 201: The network element of the group key management function obtains the key identifier of the first device.

Specifically, the first device may be any one of the members of the group, for example, the first device may be a terminal device or the like.

Exemplarily, the key identifier of the first device may be an identifier of the first device or a key set identifier of the first device. For example, when the first device is a terminal device, the key identifier of the terminal device may be the identifier of the terminal device, such as SUPI or GPSI, or the key set identifier (KSI) of the terminal device. ).

In an optional implementation manner, the group key management function network element obtains the key identifier of the first device, and the specific method may be: the group key management function network element obtains the key identifier from the first device. The key identifier of the first device, for example, the first device directly sends the key identifier of the first device to the group key management function network element (for example, as shown in the example of step 201a in FIG. 2), or , the first device sends the key identifier of the first device to the intermediate device, and the intermediate device sends the key identifier of the first device to the group key management function network element; or, the group key management function The network element acquires the key identifier of the first device from the intermediate device. For example, the first device sends the key identifier of the first device to the intermediate device, and the intermediate device sends the key identifier of the first device to the group key management function network element. Wherein, the intermediate device may be AMF, SMF, AF, group management function network element, and the like. For example, when the intermediate device is the network element of the group management function, it may be as shown in the example of step 201b in FIG. 2 .

Step 202: The group key management function network element acquires the group identifier of the first device.

In an optional implementation manner, the group key management function network element obtains the group identifier of the first device, and the specific method may be: the group key management function network element obtains all the information from the intermediate device. The group identifier of the first device (for example, when the intermediate device is the group management function network element, it may be as shown in the example of step 202a in FIG. 2 ); or, the group key management function network element is obtained from the group key management function network element. The first device acquires the group identifier of the first device.

Wherein, when the network element of the group key management function acquires the group identifier of the first device from the intermediate device, it may be that a request from the first device to the intermediate device triggers the intermediate device to send a request to the group The key management function network element sends the group identifier of the first device, wherein the group identifier of the first device is carried in the request of the first device.

For example, when the intermediate device is an AF, the first device may send an application request message to the AF, where the application request message includes the group identifier of the first device, so that the AF sends the group secret to the AF The key management function network element sends the group identifier of the first device. For another example, when the intermediate device is an SMF, the first device may send a PDU session establishment request message to the SMF, thereby triggering the SMF to send the first device to the group key management function network element The group ID of the device.

Step 203: The network element of the group key management function determines a group key according to the group identifier of the first device, and the group key is used to protect the communication content of the members of the group, and the members of the group include the first device. a device.

In an optional implementation manner, the group key management function network element determines the group key according to the group identifier of the first device, and the specific method may be: the group key management function network element determines the group key according to the The group identifier queries the group key from the group key information, and if the group key information includes the correspondence between the group identifier and the group key, the group key management function network element retrieves the group key from the group key information. Obtain the group key corresponding to the group identifier from the group key information; if the group key information does not include the correspondence between the group identifier and the group key, the group key management function network The element generates the group key, and stores the correspondence between the group identifier and the group key.

Exemplarily, the group key management function network element generates the group key, and the specific method may be: the group key management function network element generates the group key according to the root group key; or the group key management function network element generates the group key; The key management function network element randomly generates the group key.

Optionally, the group key management function network element may determine the group key identifier according to the group identifier. For example, the group key management function network element queries the group key identifier from the group key information according to the group identifier, if the group key information includes the difference between the group identifier and the group key identifier If the group key management function network element obtains the group key identifier corresponding to the group identifier from the group key information; if the group key information does not include the group identifier and the If the corresponding relationship between the group key identifiers is determined, the group key management function network element generates the group key identifiers, and stores the corresponding relationship between the group identifiers and the group key identifiers.

For example, the group key management function network element may directly use the group ID as the group key ID, or the group key management function network element may also map a group key ID according to the group ID. Optionally, if the group key management function network element obtains the application type (used to indicate the type of the current application, such as multicast broadcast service (MBS), ProSe, LCS, etc.), the The network element of the group key management function may map a group key identifier according to the group identifier and the application type. The group key management function network element may acquire the application type from the group management function network element, or the group key management function network element may acquire the application type from the first device. For example, the group key management function network element obtains the group identifier 123 , and the group key management function network element may directly use the group identifier as the group key identifier, that is, 123 . Alternatively, the group key management function network element obtains the group identifier 123 and the group application type MBS, and the group key management function network element maps a group key identifier X1. For another example, the group key management function network element obtains the group identifier 123 and the group application type ProSe, and the group key management function network element maps a group key identifier X2. By using the group key identifier mapping method, ID conflicts caused when the group identifiers obtained by the network element of the group key management function are repeated can be prevented.

Exemplarily, the group key may be Kgroup.

Step 204: The group key management function network element determines a protection key according to the key identifier of the first device.

In an optional implementation manner, the network element of the group key management function determines the protection key according to the key identifier of the first device, which may specifically include the following methods:

Method a1: The group key management function network element determines the protection key (such as KGKMF) corresponding to the key identifier of the first device according to the stored correspondence between the key identifier of the first device and the protection key. ).

Method a2: the group key management function network element determines a second key (eg KGKMF) according to the key identifier of the first device; the group key management function network element determines a second key (KGKMF) according to the second key (KGKMF) ) to generate the protection key (eg Ktemp).

In an optional implementation manner, the network element of the group key management function generates the protection key (such as Ktemp) according to the second key (such as KGKMF), and the specific method may be: the group key The key management function network element generates the protection key (such as Ktemp) according to the second key and the generation parameters of the protection key; the generation parameters of the protection key include one or more of the following: first Own parameters, first receiving parameters, first sending parameters; wherein, the first own parameters include preset character strings (for example, "GK", "GKM", "GKMF", "GCSE", etc.); The first receiving parameter includes one or more of the following: the identification of the first device (such as SUPI, GPSI), the key identification of the first device, the group identification, the application type (such as MBS, ProSe, eLCS, etc.), the application identification (It is used to indicate the current application, which can be expressed in the form of AF ID or in the form of a full domain name), random number (RAND), counter (COUNT), timestamp, etc.; the first sending parameters include the following One or more items: group key ID, nonce, counter, timestamp.

The first self-owned parameter is an existing parameter of the group key management function network element and the first device.

Specifically, the group key management function network element may receive the first reception parameter indication from the first device or the group management function network element, and obtain the first reception parameter according to the first reception parameter indication.

Specifically, the group key management function network element sends a first sending parameter indication to the first device, where the first sending parameter indication is used to indicate the first sending parameter.

In the above method, the application type and/or the application identifier are used as the generation parameters of the protection key, so that the network element of the group key management function is different even if the second key of the same first device is used. When an app generates a group key, it can generate different protection keys.

In an optional implementation manner, the network element of the group key management function determines a second key (eg KGKMF) according to the key identifier of the first device, and the specific method may be: the group key management The functional network element determines, according to the stored correspondence between the key identifier of the first device and the first key, the first key corresponding to the key identifier of the first device; or the group key management function network element from the The key function network element obtains the first key; then, the group key management function network element generates the second key (eg KGKMF) according to the first key. Alternatively, the group key management function network element determines the second key corresponding to the key identifier of the first device according to the stored correspondence between the key identifier of the first device and the second key.

Exemplarily, the group key management function network element generates the second key (such as KGKMF) according to the first key, and the specific method may be: the group key management function network element generates the second key according to the first key. A key and the generation parameters of the second key (such as KGKMF) generate the second key; the generation parameters of the second key include one or more of the following: a second own parameter, a second key Receiving parameters, second sending parameters; wherein, the second self-owned parameters include preset character strings (for example: "GK", "GKM", "GKMF", "GCSE", etc.); the second receiving parameters include One or more of the following: the identifier of the first device (such as SUPI, GPSI), the key identifier of the first device, the group identifier, the random number, the counter, and the timestamp; the second transmission parameter includes one or more of the following Items: random numbers (RAND), counters (COUNT), timestamps, etc.

Specifically, the group key management function network element receives the second reception parameter indication from the first device or the group management function network element, and obtains the second reception parameter according to the second reception parameter indication.

Specifically, the group key management function network element sends a second transmission parameter indication to the first device or the group management function network element, where the second transmission parameter indication is used to indicate the second transmission parameter.

Wherein, using the preset character string as a parameter of the derivation of the second key in the above-mentioned manner can prevent the generated second key from duplicating other keys existing in the first device. For example, in the prior art, Kausf, SUPI, and the string "AKMA" are used to generate Kakma. In order to make the second key different from Kakma, the second key can be derived by using Kausf, SUPI, and a string different from "AKMA". . At the same time, own parameters do not need to be passed, which can reduce the transmission complexity.

In the case of using the identity of the first device, the key identity of the first device, even if different first devices hold the same root key, when the identity of the first device is introduced, the key identity of the first device Afterwards, different first devices can use the same key to deduce different second keys.

The use of the group identification makes it possible to generate different second keys even when the same first device's root key is used to generate keys for different groups.

In the case of using random numbers, counters, and timestamps, it is possible to prevent the duplication of the second key generated twice in a row. For example, if COUNT is used for the first derivation, and after the derivation is completed, COUNT+1, then the second derivation uses the increased COUNT value, and the second key generated twice will be different.

In an optional implementation manner, the group key management function network element obtains the second key (eg KGKMF) from the key function network element according to the key identifier of the first device. Specifically, the key function network element receives the key identifier of the first device from the group key management function network element, determines the first key according to the key identifier of the first device, and determines the first key according to the first key. Second key (eg KGKMF); the key function network element sends the second key (eg KGKMF) to the group key management function network element.

Specifically, the method for the key function network element to determine the second key (eg KGKMF) according to the first key, and the method for the group key management function network element to generate the second key according to the first key. The method for describing the second key (such as KGKMF) is the same, which can be referred to each other, and will not be described in detail here.

Method a3: the group key management function network element determines a first key according to the key identifier of the first device; the group key management function network element generates the protection key according to the first key (eg KGKMF).

In an optional implementation manner, the group key management function network element determines the first key according to the key identifier of the first device, and the specific method may be: the group key management function network element determines the first key according to the key identifier of the first device. The stored correspondence between the key identifier of the first device and the first key, to determine the first key corresponding to the key identifier of the first device; or the group key management function network element is obtained from the key function network Meta gets the first key.

In an optional implementation manner, the group key management function network element generates the protection key (eg KGKMF) according to the first key, and the specific method may be: the group key management function network element The element generates the protection key according to the generation parameters of the first key and the protection key (such as KGKMF); the generation parameters of the protection key may include one or more of the following: the protection key The generated parameters include one or more of the following: second own parameters, second receiving parameters, second sending parameters; wherein, the second own parameters include preset character strings (for example: "GK", "GKM" ", "GKMF", "GCSE", etc.); the second receiving parameter includes one or more of the following: the identification of the first device (such as SUPI, GPSI), the key identification of the first device, the group identification, the random number, counter, time stamp; the second transmission parameter includes one or more of the following: random number (RAND), counter (COUNT), time stamp and so on.

Method a4: The group key management function network element obtains the protection key (eg KGKMF or Ktemp) from the key function network element according to the key identifier of the first device. For example, this may be shown as optional step 204a in FIG. 2 .

Wherein, the key function network element stores the correspondence between the key identifier of the first device and the protection key (such as KGKMF). Or after the key function network element determines the second key, a protection key (such as Ktemp) is determined according to the second key (such as KGKMF); the key function network element reports to the group key management function network element. Send the protection key. The key function network element stores the correspondence between the key identifier of the first device and the first key.

Specifically, for the method for determining the second key (eg, KGKMF) by the key function network element, reference may be made to the relevant description in method a3.

Specifically, the method for determining the protection key (such as Ktemp) by the second key (such as KGKMF) of the key function network element is the same as that of the group key management function network element involved in the above method a3 according to the The method for generating the protection key (eg Ktemp) by the second key (eg KGKMF) is the same, which can be referred to each other, and will not be described in detail here.

It should be noted that the above-mentioned KGKMF can be directly used as a protection key; KGKMF can also be used as a second key to obtain the protection key Ktemp.

Exemplarily, the first key may be K _AUSF or K _SEAF or K _AMF or K _AF .

Step 205: The group key management function network element generates a group key parameter according to the group key and the protection key.

In an optional implementation manner, the network element of the group key management function generates a group key parameter (for example, DerPara) according to the group key and the protection key (for example, KGKMF or Ktemp), and the specific method may be as follows: The steps are: the group key management function network element generates the group key parameter according to the group key, the protection key and a first algorithm, where the first algorithm is a reversible algorithm.

Exemplarily, the first algorithm may be one of the following algorithms: exclusive OR, exclusive OR, addition, subtraction, and encryption. The corresponding inverse algorithms are: XOR, XOR, subtraction, addition, and decryption. The encryption algorithm may include advanced encryption standard (AES), SNOW, Zu Chongzhi's algorithm ZUC, etc.

Step 206: The group key management function network element sends the group key parameter to the first device.

Optionally, the group key management function network element sends a group key identifier to the first device.

Step 207: The first device determines the group key according to the group key parameter and the protection key.

In an optional implementation manner, before the first device determines the group key according to the group key parameter and the protection key, the first device generates a second key ( KGKMF), the protection key (eg Ktemp) is generated according to the second key.

Specifically, the method for the group key management function network element to generate a protection key (eg Ktemp) according to the second key (KGKMF) and the method for the group key management function network element in step 204 according to the second key (KGKMF) The methods for generating and protecting keys are similar, and can refer to each other, and will not be described in detail here.

Specifically, the method for the first device to generate the second key according to the first key is similar to the method for the group key management function network element to generate the second key according to the first key in step 204 , can refer to each other, and will not be described in detail here.

In another optional implementation manner, before the first device determines the group key according to the group key parameter and the protection key, the first device generates a protection key ( KGKMF).

Specifically, the method for the first device to generate a protection key (KGKMF) according to the first key is the same as the method for generating the protection key (eg, the group key management function network element in step 204) according to the first key. KGKMF) method is similar, can refer to each other, and will not be described in detail here.

Optionally, the first device determines the group key according to the group key parameter and the protection key, and the specific method may be: the first device determines the group key according to the protection key, the group key The key parameter and a second algorithm determine the group key (eg, Kgroup), and the second algorithm is an inverse algorithm corresponding to the first algorithm.

Exemplarily, the second algorithm may be one of the following algorithms: exclusive OR, exclusive OR, addition, subtraction, and decryption.

Specifically, after obtaining the group key (Kgroup), the first device can use Kgroup to protect the content of communication with members in the group. Wherein, intra-group communication can be ProSe communication, proximity-based service communication 5 ((proximity-based services, ProSe) communication 5, PC5) communication, V2X communication, RAN-based local exchange, UPF-based local exchange, MBS communication, Broadcast communication or LCS communication, etc. Optionally, the first device also obtains the group key identifier. Members of the group use Kgroup and group key identification to protect intra-group communication. For example, if a member AF in the group sends group communication data to UE1 and UE2, the AF encrypts the communication content using Kgroup or a key and an encryption algorithm derived from Kgroup, and uses Kgroup or a key and an integrity protection algorithm derived from Kgroup. The integrity of the communication content is protected, and then the group key identification and the protected communication content are broadcast. UE1 and UE2 obtain the Kgroup according to the group key identifier, use Kgroup or the key and encryption algorithm derived from Kgroup to decrypt the communication content, and use Kgroup or the key and integrity protection algorithm derived from Kgroup to perform integrity checking on the communication content. test.

Optionally, when the UE1 does not have the broadcasted group key identifier, the UE1 requests the network element of the group key management function to obtain the group key corresponding to the group key identifier. In this way, the UE1 can decrypt and/or check the integrity of the communication content.

In the above method, for different group members, a group key parameter is generated for the group key shared by a plurality of group members by using the existing one-to-one key between the group member and the mobile network, which can be generated for different group members. Different group key parameters, so even if the group key parameter is transmitted in clear text, since the attacker does not have the key, the group key cannot be obtained from the group key parameter.

The present application introduces a unified group key management function network element in the mobile network to realize the storage and distribution of the group key, and the group key management function network element can obtain the group information of the first device from different group management network elements, The member information of the group can also be obtained from the first device, and the existing key information of the first device UE in the mobile network can be obtained from the key function network element according to the member information of the group, and then the key information in the existing mobile network can be obtained. key and some related transmission parameters to protect the key distribution process.

By using the key distribution method provided by the present application, the distribution of the group key is protected by the group key parameter, the security of the group key distribution is improved, and the security of the group communication can be improved.

Based on the above embodiments, the group key distribution method provided by the present application will be described in detail below through specific examples. In the following example, the first device is the UE and the network element of the group key management function is the GKMF as an example for description.

FIG. 3 shows an example of a group key distribution method provided by the present application. In this example, the group management function GMF network element is AF, and the key function KF network element is AUSF as an example for detailed description. Specifically, the process of this example can be:

Step 301: The UE sends an application request message (app request) to the AF, where the application request message is used to request to obtain an application service.

Step 302: GKMF obtains the key ID 2 and the group ID 2 of the UE.

The AF sends the key identifier 1 and the group identifier 1 of the UE to the GKMF, and the GKMF obtains the key identifier 2 and the group identifier 2. Optionally, the AF also sends the application identifier to the GKMF. The AF may obtain the key ID 1 and the group ID 1 of the UE from the application request message. The AF may also obtain the context of the UE according to the application request message, and obtain the key ID 1 and the group ID 1 of the UE from the context of the UE. The AF may obtain the application identifier according to the application currently accessed by the UE.

In an optional way, if the AF directly communicates with the GKMF, the key identifier 2 and the group identifier 2 of the UE obtained by the GKMF are the key identifier 1 and the group identifier 2. The group identifies 1. The key identifier 1 may be SUPI, and the group identifier 1 may be an internal group ID (internal group ID).

In another optional manner, if the AF communicates with the GKMF through the NEF, the NEF may transfer the UE to the UE after obtaining the key identifier 1 and the group identifier 1 of the UE. The key identifier 1 of the UE is mapped to the key identifier 2 of the UE, and/or the group identifier 1 is mapped to the group identifier 2 of the UE. Then the NEF sends the key ID 2 and/or the group ID 2 of the UE to the GKMF. For example, the key identifier 1 is GPSI, the group identifier 1 is an external group ID (external group ID), the key identifier 2 is SUPI, and the group identifier 2 is an internal group ID.

Step 303: The GKMF determines the group key Kgroup according to the group identifier 2.

Specifically, for the method for determining the group key Kgroup by the GKMF according to the group identifier 2, reference may be made to the specific implementation method in step 203 of the embodiment shown in FIG. 2 , which will not be described in detail here.

Step 304: The GKMF sends the key identifier 2 of the UE to the AUSF to request to obtain the KGKMF of the UE.

At this time, the KGKMF may be the above-mentioned second key or the above-mentioned protection key under different circumstances.

Optionally, the GKMF may also send a second reception parameter indication to the AUSF, where the second reception parameter indication is used to indicate the second reception parameter.

Step 305: the AUSF obtains the KGKMF according to the key identifier 2 of the UE.

The AUSF obtains the K _AUSF (that is, the first key involved in the above) according to the key identifier 2 of the UE.

Specifically, the KGKMF may be generated by the AUSF according to the K _AUSF (that is, the first key involved in the above). Specifically, the specific method for the AUSF to generate the KGKMF according to the K _AUSF (that is, the above-mentioned first key) may be: the AUSF generates the KGKMF according to the K _AUSF and the generation parameters of the KGKMF ; The generation parameters of the KGKMF include one or more of the following: the second own parameter, the second receiving parameter, the second sending parameter; wherein, the second own parameter includes a preset character string (for example: "GK ", "GKM", "GKMF", "GCSE", etc.); the second receiving parameter includes one or more of the following: the identification of the first device (such as SUPI, GPSI), the key identification of the first device, Group ID, random number, counter, timestamp; the second transmission parameter includes one or more of the following: random number (RAND), counter (COUNT), timestamp, etc.

Wherein, the generation of the KGKMF may also be generated in advance before step 304 .

Step 306: The AUSF sends the KGKMF to the GKMF.

Optionally, the AUSF may also send a second transmission parameter indication to the GKMF, where the second transmission parameter indication is used to indicate the second transmission parameter.

Step 307: The GKMF determines the group key parameter DerPara according to the KGKMF and the Kgroup.

In one way, the GKMF determines the DerPara according to the KGKMF, the Kgroup and the first algorithm. In this case, the KGKMF is used as the protection key.

In another manner, the GKMF determines Ktemp according to the KGKMF, and then the GKMF determines the DerPara according to the Ktemp, the Kgroup and the first algorithm. In this case, the KGKMF is used as the second key, and the Ktemp is used as the protection key.

Wherein, the method for determining Ktemp by the GKMF according to the KGKMF may refer to the group key management function network element involved in step 204 in the embodiment shown in FIG. The implementation method of the protection key (such as Ktemp) described above will not be described in detail here.

For the description of the first algorithm, reference may also be made to the related description of the first algorithm involved in the embodiment shown in FIG. 2 , and the description is not repeated here.

Step 308: The GKMF sends the DerPara to the AF.

Optionally, the GKMF may also send a group key identifier to the AF.

Optionally, the GKMF may also send the first transmission parameter indication and/or the second transmission parameter indication to the AF.

For example, the GKMF may also send group identity 2 to the UE.

Exemplarily, the GKMF may also send the Kgroup and the group key identifier to the AF.

Step 309: The AF sends an application response message to the UE, where the application response message includes the DerPara.

Optionally, the application response message may further include one or more of the group key identifier, the first transmission parameter indication or the second transmission parameter indication.

Step 310: the UE determines the Kgroup according to the DerPara.

Specifically, for the method for the UE to determine the Kgroup according to the DerPara, reference may be made to the relevant description involved in step 207 of the embodiment shown in FIG. 2 , which will not be described in detail here.

Step 311: The UE uses the Kgroup to perform group communication, so that the UE uses the Kgroup to protect the content of the communication.

Specifically, for the relevant description of the content that the UE uses Kgroup to protect the communication, reference may be made to the relevant description involved in step 207 of the embodiment shown in FIG. 2 , which will not be described in detail here.

The above example describes, in combination with a specific scenario, that the distribution of the group key is protected by the group key parameter, which improves the security of the group key distribution, thereby improving the security of the group communication.

Fig. 4 shows an example of another group key distribution method provided by the present application. In this example, the group management function GMF network element is used as AF, the key function KF network element is used as AUSF, and the GKMF is used as PCF or UDM Take an example to describe in detail. Specifically, the process of this example can be:

Steps 401 to 405 are the same as steps 301 to 305 in the embodiment shown in FIG. 3 , and may refer to each other, and will not be repeated here.

Step 406 is the same as step 306 in the embodiment shown in FIG. 3 , and can be referred to each other, and details are not repeated here.

Optionally, in this step 406, the AUSF may also send an AMF identifier to the GKMF, where the AMF identifier may be obtained by the AUSF from the stored context according to the AMF accessed by the UE.

Step 407 is the same as step 307 in the embodiment shown in FIG. 3 , which can be referred to each other, and will not be repeated here.

Step 408: The GKMF sends the identity of the UE and the DerPara to the AMF.

Wherein, the identifier of the UE may be SUPI, and the identifier of the UE is obtained by the GKMF according to the key identifier 2 (Key ID2) of the UE.

Optionally, the GKMF may also send a group key identifier to the AMF.

Optionally, the GKMF may also send the first sending parameter indication and the second sending parameter indication to the AMF.

For example, the GKMF may also send the group ID 2 to the AMF.

Optionally, the GKMF sends the above parameters to the AMF according to the identity of the AMF.

Step 409: The GKMF sends a confirmation message to the AF.

Optionally, the confirmation message may include the Kgroup and the group key identifier. Wherein, the GKMF may send the confirmation message to the AF after the AMF feedback.

Step 410: The AMF sends a downlink non-access stratum (non access stratum, NAS) message to the UE, where the downlink NAS message includes the DerPara. Wherein, the AMF finds the UE according to the identity of the UE, and delivers the downlink NAS message.

Optionally, the downlink NAS message may further include a group key identifier, a first transmission parameter indication and a second transmission parameter indication.

For example, the downlink NAS message may further include the group identifier 2 .

Optionally, if the AMF cannot send the downlink NAS message to the UE, the AMF fails to reply to the GKMF. At this time, the GKMF does not send the confirmation message in step 409 to the AF, and can send failure message.

Specifically, the downlink NAS message may be a downlink NAS transmission message or a UE configuration update request command message.

Optionally, the downlink NAS transmission message includes a UE policy container, and the UE policy container includes a UE route selection policy (UE route selection policy, URSP), and the URSP may include an application identifier, a group key identifier, and the DerPara .

Step 411: The AF sends an application response message to the UE.

Steps 412 to 413 are the same as steps 310 to 311 in the embodiment shown in FIG. 3 , which can be referred to each other, and will not be repeated here.

The above example describes, in combination with a specific scenario, that the distribution of the group key is protected by the group key parameter, which improves the security of the group key distribution, thereby improving the security of the group communication. At the same time, the GKMF can send DerPara to the UE by means of the control plane tunnel between the UE and the AMF, without changing the user plane protocol between the UE and the AF outside the scope of 3GPP.

FIG. 5 shows an example of another group key distribution method provided by the present application. In this example, the group management function GMF network element is an SMF as an example for detailed description. Specifically, the process of this example can be:

Step 501: The UE sends a protocol data unit (protocol data unit, PDU) session establishment request message to the SMF, where the PDU session establishment request message is used to request the establishment of a PDU session.

Optionally, the PDU session establishment request may include a group key request indication, where the group key request indication is used to request to obtain a group key. The group key request indication may be an explicit indication or an implicit indication. For example, the implicit indication may be an application type, and when the application type indicates a specific application (eg, MBS), the SMF triggers a request to obtain the UE's group key. Optionally, the PDU session establishment request message may further include a group identifier.

Step 502: The SMF sends the identifier of the UE and the group identifier to the GKMF.

Wherein, the SMF may send the identifier of the UE and the group identifier to the GKMF through a key request (key request) message.

The SMF determines the context information of the UE according to the PDU session request message, and obtains the identity SUPI of the UE from the context information of the UE.

Optionally, the SMF obtains the group identifier from the PDU session establishment request message, or the SMF requests the UDM to obtain the subscription information of the UE, and the subscription information of the UE includes the group of the UE. logo. Specifically, the SMF sends the SUPI of the UE to the UDM, and the UDM obtains the group identifier corresponding to the UE according to the SUPI, and returns the group identifier to the SMF.

Optionally, the SMF triggers sending the identifier of the UE and the group identifier to the GKMF according to the group key request indication.

Step 503: The GKMF determines the group key Kgroup according to the group identifier.

Specifically, for the method for determining the group key Kgroup by the GKMF according to the group identifier, reference may be made to the specific implementation method in step 203 of the embodiment shown in FIG. 2 , which will not be described in detail here.

Step 504: The GKMF sends the identifier of the UE to the KF to request to obtain the KGKMF of the UE.

At this time, the KGKMF may be the above-mentioned second key or the above-mentioned protection key under different circumstances.

Specifically, the GKMF may send the identifier of the UE to the KF through a key request (key request) message.

Step 505: The KF determines the KGKMF according to the identifier of the UE.

The KF obtains the first key according to the target 2 of the UE. Specifically, the KGKMF may be generated by the KF according to the first key.

Specifically, the specific method for the KF to generate the KGKMF according to the first key may be: the KF generates the KGKMF according to the first key and the generation parameters of the KGKMF; the generation of the KGKMF The parameters include one or more of the following: a second own parameter, a second receiving parameter, a second sending parameter; wherein, the second own parameter includes a preset character string (for example: "GK", "GKM", "GKMF", "GCSE", etc.); the second receiving parameter includes one or more of the following: the identifier of the first device (such as SUPI, GPSI), the key identifier of the first device, the group identifier, the random number, Counter, timestamp; the second transmission parameter includes one or more of the following: random number (RAND), counter (COUNT), timestamp and so on.

Step 506: The KF sends the KGKMF to the GKMF.

Step 507: The GKMF determines the group key parameter DerPara according to the KGKMF and the Kgroup.

In one way, the GKMF determines the DerPara according to the KGKMF, the Kgroup and the first algorithm. In this case, the KGKMF is used as the protection key.

In another manner, the GKMF determines Ktemp according to the KGKMF, and then the GKMF determines the DerPara according to the Ktemp, the Kgroup and the first algorithm. In this case, the KGKMF is used as the second key, and the Ktemp is used as the protection key.

Wherein, the method for determining Ktemp by the GKMF according to the KGKMF may refer to the group key management function network element involved in step 204 in the embodiment shown in FIG. The implementation method of the protection key (such as Ktemp) described above will not be described in detail here.

For the description of the first algorithm, reference may also be made to the related description of the first algorithm involved in the embodiment shown in FIG. 2 , and the description is not repeated here.

Step 508: The GKMF sends the DerPara to the SMF.

Optionally, the GKMF may also send a group key identifier to the SMF.

Optionally, the GKMF may also send the first transmission parameter indication and/or the second transmission parameter indication to the SMF. For example, the GKMF may also send group identity 2 to the UE.

Step 509: The SMF sends a PDU session establishment accept message to the UE, where the PDU session establishment accept message includes the DerPara.

Optionally, the PDU session establishment accept message may further include a group key identifier.

Optionally, the PDU session establishment accept message may further include the first transmission parameter indication and/or the second transmission parameter indication.

Steps 510 to 511 are the same as steps 310 to 311 in the embodiment shown in FIG. 3 , which can be referred to each other, and will not be repeated here.

The above example describes, in combination with a specific scenario, that the distribution of the group key is protected by the group key parameter, which improves the security of the group key distribution, thereby improving the security of the group communication.

Based on the above embodiments, the embodiments of the present application further provide a group key distribution apparatus. As shown in FIG. 6 , the group key distribution apparatus 600 may include a transceiver unit 601 and a processing unit 602 . Wherein, the transceiver unit 601 is used for the group key distribution apparatus 600 to receive information (message or data) or send information (message or data), and the processing unit 602 is used for the transmission of the group key distribution apparatus 600 Actions are controlled and managed. The processing unit 602 may also control the steps performed by the transceiving unit 601 .

Exemplarily, the group key distribution apparatus 600 may be the group key management function network element in the foregoing embodiment, and specifically may be a processor, or a chip or a chip system in the group key management function network element, or is a functional module, etc.; or, the group of key distribution apparatuses 600 may be the first device in the above-mentioned embodiment, and specifically may be a processor in the first device, or a chip or a chip system, or a functional module, etc.; Alternatively, the set of key distribution apparatuses 600 may be a key function network element in the above embodiment, and may specifically be a processor, a chip or a chip system, or a function module in the key function network element.

In one embodiment, when the group key distribution apparatus 600 is used to implement the function of the group key management function network element (eg GKMF) in the above embodiment, it may specifically include:

The processing unit 602 is configured to acquire the key identifier of the first device; acquire the group identifier of the first device; determine a group key according to the group identifier of the first device, and the group key is used to protect the Communication content of members, the members of the group include the first device; determine a protection key according to the key identifier of the first device; generate a group key parameter according to the group key and the protection key; The transceiver unit 601 is configured to send the group key parameter to the first device.

In an optional implementation manner, when determining the group key according to the group identifier of the first device, the processing unit 602 is specifically configured to: query the group from group key information according to the group identifier key, if the group key information includes the correspondence between the group identifier and the group key, obtain the group key corresponding to the group identifier from the group key information; If the group key information does not include the corresponding relationship between the group identifier and the group key, the group key is generated.

Specifically, when generating the group key, the processing unit 602 is specifically configured to: generate the group key according to the root group key.

In an example, when determining the protection key according to the key identifier of the first device, the processing unit 602 is specifically configured to: determine, according to the stored correspondence between the key identifier of the first device and the protection key, to determine the protection key. The protection key corresponding to the key identifier of the first device; or, obtaining the protection key from a key function network element according to the key identifier of the first device.

In another example, when determining the protection key according to the key identifier of the first device, the processing unit 602 is specifically configured to: determine the second key according to the key identifier of the first device; The second key generates the protection key.

Specifically, when generating the protection key according to the second key, the processing unit 602 is specifically configured to: generate the protection key according to the second key and the generation parameters of the protection key ; The generation parameters of the protection key include one or more of the following: a first self-owned parameter, a first receiving parameter, and a first sending parameter; wherein, the first self-owned parameter includes a preset character string; the The first receiving parameter includes one or more of the following: the identifier of the first device, the key identifier of the first device, the group identifier, the application type, the application identifier, the random number, the counter, and the timestamp; the first sending parameter includes One or more of the following: group key identification, nonce, counter, timestamp.

Optionally, the transceiver unit 601 is further configured to receive a first reception parameter indication from the first device or group management function network element; the processing unit 602 is further configured to obtain the first reception parameter indication according to the first reception parameter indication. The first receive parameter.

Optionally, the transceiver unit 601 is further configured to send a first transmission parameter indication to the first device, where the first transmission parameter indication is used to indicate the first transmission parameter.

Specifically, when determining the second key according to the key identifier of the first device, the processing unit 602 is specifically configured to: determine according to the stored correspondence between the key identifier of the first device and the first key The key identifier of the first device corresponds to the first key; or the transceiver unit 601 is controlled to obtain the first key from the key function network element; and the second key is generated according to the first key.

Exemplarily, when generating the second key according to the first key, the processing unit 602 is specifically configured to: generate the second key according to the generation parameters of the first key and the second key. The second key; the generation parameters of the second key include one or more of the following: a second own parameter, a second receiving parameter, a second sending parameter; wherein, the second own parameter includes a preset character string; the second receiving parameter includes one or more of the following: the identifier of the first device, the key identifier of the first device, the group identifier, the random number, the counter, and the timestamp; the second sending parameter includes the following One or more items: nonce, counter, timestamp.

Optionally, the transceiver unit 601 is further configured to receive a second reception parameter indication from the first device or group management function network element; the processing unit 602 is further configured to obtain the second reception parameter indication according to the second reception parameter indication. The second receive parameter.

Optionally, the transceiver unit 601 is further configured to send a second sending parameter indication to the first device or the network element of the group management function, where the second sending parameter indication is used to indicate the second sending parameter.

In an optional implementation manner, the first key is K _AUSF or K _SEAF or K _AMF or K _AF .

In a specific manner, when generating the group key parameter according to the group key and the protection key, the processing unit 602 is specifically configured to: according to the group key, the protection key and the protection key The first algorithm generates the set of key parameters, and the first algorithm is a reversible algorithm.

Optionally, the first algorithm may be one of the following algorithms: exclusive OR, exclusive OR, addition, subtraction, and encryption.

Exemplarily, the key identifier of the first device may be an identifier of the first device or a key set identifier of the first device.

In an optional implementation manner, when acquiring the key identifier of the first device, the processing unit 602 is specifically configured to: control the transceiver unit 601 to acquire the encryption key of the first device from the first device or, control the transceiver unit 601 to obtain the key identifier of the first device from the group management function network element.

In an optional implementation manner, when acquiring the group identifier of the first device, the processing unit 602 is specifically configured to: control the transceiver unit 601 to acquire the first device's group identifier from the group management function network element. group identifier; or, control the transceiver unit 601 to acquire the group identifier of the first device from the first device.

In another embodiment, when the group key distribution apparatus 600 is used to implement the function of the first device (eg, UE) in the foregoing embodiment, it may specifically include:

The transceiver unit 601 is configured to receive the group key parameter from the network element of the group key management function; the processing unit 602 is configured to determine the group key according to the group key parameter and the protection key, and the group key The key is used to protect the content of communications of members of a group that includes the first device.

In an optional implementation manner, the processing unit 602 is further configured to: generate a second key according to the first key; and generate the protection key according to the second key.

Specifically, when generating the protection key according to the second key, the processing unit 602 is specifically configured to: generate the protection key according to the second key and the generation parameters of the protection key; the protection key The key generation parameters include one or more of the following: a first self-owned parameter, a first receiving parameter, and a first sending parameter; wherein the first self-owned parameter includes a preset character string; the first receiving parameter includes One or more of the following: first device identifier, first device key identifier, group identifier, application type, application identifier, random number, counter, timestamp; the first sending parameter includes one or more of the following : Group key ID, nonce, counter, timestamp.

Optionally, the transceiver unit 601 is further configured to send a first reception parameter indication to the secondary group key management function network element, where the first reception parameter indication is used to indicate the first reception parameter.

Optionally, the transceiver unit 601 is further configured to receive a first transmission parameter indication from the group key management function network element; the processing unit 602 is further configured to obtain the second transmission parameter indication according to the first transmission parameter indication. Send parameters.

In an optional implementation manner, when generating the second key according to the first key, the processing unit 602 is specifically configured to: generate according to the first key and the second key The parameters determine the second key; the generation parameters of the second key include one or more of the following: a second self-owned parameter, a second receiving parameter, and a second sending parameter; wherein the second self-owned parameter The parameter includes a preset character string; the second receiving parameter includes one or more of the following: an identification of the first device, a key identification of the first device, a group identification, a random number, a counter, and a timestamp; the second Send parameters include one or more of the following: random number, counter, timestamp.

Optionally, the transceiver unit 601 is further configured to send a second reception parameter indication to the group key management function network element, where the second reception parameter indication is used to indicate the second reception parameter.

Optionally, the transceiver unit 601 is further configured to receive a second transmission parameter indication from the group key management function network element; the processing unit 602 is further configured to obtain the first transmission parameter indication according to the second transmission parameter indication. Send parameters.

Specifically, when determining the group key according to the group key parameter and the protection key, the processing unit 602 is specifically configured to: according to the protection key, the group key parameter and the second The algorithm determines the group key, and the second algorithm is a reversible algorithm.

Optionally, the second algorithm may be one of the following algorithms: exclusive OR, exclusive OR, addition, subtraction, and decryption.

Exemplarily, the first key may be K _AUSF or K _SEAF or K _AMF or K _AF .

In an optional implementation manner, the transceiver unit 601 is further configured to: send the key identifier of the first device to the group key management function network element; or, send the group key management function network element to the group The key management function network element sends the key identifier and group identifier of the first device.

Optionally, the key identifier of the first device is an identifier of the first device or a key set identifier of the first device.

In another embodiment, when the group key distribution apparatus 600 is used to implement the function of the key function network element (eg KF, AUSF) in the above embodiment, it may specifically include:

The transceiver unit 601 is configured to receive the key identifier of the first device from the group key management function network element; the processing unit 602 is configured to determine the first key according to the key identifier of the first device; The key determines the second key.

Specifically, when determining the second key according to the first key, the processing unit 602 is specifically configured to: generate the first key according to the generation parameters of the first key and the second key Second key; the generation parameters of the second key include one or more of the following: a second own parameter, a second receiving parameter, a second sending parameter; wherein, the second own parameter includes a preset character string; the second receiving parameter includes one or more of the following: the identifier of the first device, the key identifier of the first device, the group identifier, the random number, the counter, and the timestamp; the second sending parameter includes the following one Item or items: nonce, counter, timestamp.

Optionally, the transceiver unit 601 is further configured to receive a second reception parameter indication from the first device or the network element of the group key management function; the processing unit 602 is further configured to obtain the indication according to the second reception parameter the second received parameter.

Optionally, the transceiver unit 601 is further configured to send a second transmission parameter indication to the first device or the network element of the group key management function, where the second transmission parameter indication is used to indicate the second transmission parameter.

Optionally, the processing unit 602 is further configured to determine a protection key according to the second key; the transceiver unit 601 is further configured to send the protection key to a network element with a group key management function.

Specifically, when determining the protection key according to the second key, the processing unit 602 is specifically configured to: generate the protection key according to the second key and the generation parameter of the protection key ; The generation parameters of the protection key include one or more of the following: a first self-owned parameter, a first receiving parameter, and a first sending parameter; wherein, the first self-owned parameter includes a preset character string; the The first receiving parameter includes one or more of the following: the identifier of the first device, the key identifier of the first device, the group identifier, the application type, the application identifier, the random number, the counter, and the timestamp; the first sending parameter includes One or more of the following: group key identification, nonce, counter, timestamp.

Optionally, the transceiver unit 601 is further configured to receive the first reception parameter indication from the first device or the network element of the group key management function; the processing unit 602 is further configured to receive the first reception parameter according to the first reception parameter Instruct to acquire the first reception parameter.

Optionally, the transceiver unit 601 is further configured to send the first sending parameter indication to the first device or the network element with the group key management function, where the first sending parameter indication is used to indicate the first sending parameter.

Exemplarily, the transceiver unit 601 is further configured to send the second key to the network element of the group key management function.

Optionally, the first key may be K _AUSF or K _SEAF or K _AMF or K _AF .

It should be noted that the division of units in the embodiments of the present application is illustrative, and is only a logical function division, and other division methods may be used in actual implementation. Each functional unit in the embodiments of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit. The above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.

The integrated unit, if implemented as a software functional unit and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solutions of the present application can be embodied in the form of software products in essence, or the parts that contribute to the prior art, or all or part of the technical solutions, and the computer software products are stored in a storage medium , including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to execute all or part of the steps of the methods in the various embodiments of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk and other media that can store program codes .

Based on the above embodiments, the embodiments of the present application further provide a group key distribution apparatus. As shown in FIG. 7 , the group key distribution apparatus 700 may include a transceiver 701 and a processor 702 . Optionally, the group key distribution apparatus 700 may further include a memory 703 . The memory 703 may be arranged inside the group key distribution apparatus 700 or outside the group key distribution apparatus 700 . The processor 702 may control the transceiver 701 to receive and transmit data or information.

Specifically, the processor 702 may be a central processing unit (central processing unit, CPU), a network processor (network processor, NP), or a combination of CPU and NP. The processor 702 may further include hardware chips. The above-mentioned hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (PLD) or a combination thereof. The above-mentioned PLD can be a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), a general array logic (generic array logic, GAL) or any combination thereof.

The transceiver 701 , the processor 702 and the memory 703 are connected to each other. Optionally, the transceiver 701, the processor 702 and the memory 703 are connected to each other through a bus 704; the bus 704 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) ) bus, etc. The bus can be divided into address bus, data bus, control bus and so on. For ease of presentation, only one thick line is used in FIG. 7, but it does not mean that there is only one bus or one type of bus.

In an optional implementation manner, the memory 703 is used to store programs and the like. Specifically, the program may include program code, the program code including computer operation instructions. Memory 703 may include RAM, and may also include non-volatile memory, such as one or more disk memories. The processor 702 executes the application program stored in the memory 703 to realize the above-mentioned functions, thereby realizing the function of the group key distribution apparatus 700 .

Exemplarily, the group key distribution apparatus 700 may be the above-mentioned group key management function network element, the first device or the key function network element.

In one embodiment, when the group key distribution apparatus 700 is used to implement the function of the group key management function network element (eg GKMF) in the above embodiment, it may specifically include:

The processor 702 is configured to acquire the key identifier of the first device; acquire the group identifier of the first device; determine a group key according to the group identifier of the first device, and the group key is used to protect the Communication content of members, the members of the group include the first device; determine a protection key according to the key identifier of the first device; generate a group key parameter according to the group key and the protection key; The transceiver 701 is configured to send the group key parameter to the first device.

In an optional implementation manner, when determining the group key according to the group identifier of the first device, the processor 702 is specifically configured to: query the group from group key information according to the group identifier key, if the group key information includes the correspondence between the group identifier and the group key, obtain the group key corresponding to the group identifier from the group key information; If the group key information does not include the corresponding relationship between the group identifier and the group key, the group key is generated.

Specifically, when generating the group key, the processor 702 is specifically configured to: generate the group key according to the root group key.

In an example, when determining the protection key according to the key identifier of the first device, the processor 702 is specifically configured to: determine, according to the stored correspondence between the key identifier of the first device and the protection key, to determine the protection key. The protection key corresponding to the key identifier of the first device; or, obtaining the protection key from a key function network element according to the key identifier of the first device.

In another example, when determining the protection key according to the key identifier of the first device, the processor 702 is specifically configured to: determine the second key according to the key identifier of the first device; The second key generates the protection key.

Specifically, when generating the protection key according to the second key, the processor 702 is specifically configured to: generate the protection key according to the second key and the generation parameters of the protection key ; The generation parameters of the protection key include one or more of the following: a first self-owned parameter, a first receiving parameter, and a first sending parameter; wherein, the first self-owned parameter includes a preset character string; the The first receiving parameter includes one or more of the following: the identifier of the first device, the key identifier of the first device, the group identifier, the application type, the application identifier, the random number, the counter, and the timestamp; the first sending parameter includes One or more of the following: group key identification, nonce, counter, timestamp.

Optionally, the transceiver 701 is further configured to receive a first reception parameter indication from the first device or group management function network element; the processor 702 is further configured to obtain the first reception parameter indication according to the first reception parameter indication. The first receive parameter.

Optionally, the transceiver 701 is further configured to send a first transmission parameter indication to the first device, where the first transmission parameter indication is used to indicate the first transmission parameter.

Specifically, when determining the second key according to the key identifier of the first device, the processor 702 is specifically configured to: determine according to the stored correspondence between the key identifier of the first device and the first key The key identifier of the first device corresponds to the first key; or the transceiver 701 is controlled to obtain the first key from the key function network element; and the second key is generated according to the first key.

Exemplarily, when generating the second key according to the first key, the processor 702 is specifically configured to: generate the second key according to the generation parameters of the first key and the second key. The second key; the generation parameters of the second key include one or more of the following: a second own parameter, a second receiving parameter, a second sending parameter; wherein, the second own parameter includes a preset character string; the second receiving parameter includes one or more of the following: the identifier of the first device, the key identifier of the first device, the group identifier, the random number, the counter, and the timestamp; the second sending parameter includes the following One or more items: nonce, counter, timestamp.

Optionally, the transceiver 701 is further configured to receive a second reception parameter indication from the first device or group management function network element; the processor 702 is further configured to obtain the second reception parameter indication according to the second reception parameter indication. The second receive parameter.

Optionally, the transceiver 701 is further configured to send a second transmission parameter indication to the first device or group management function network element, where the second transmission parameter indication is used to indicate the second transmission parameter.

In an optional implementation manner, the first key is K _AUSF or K _SEAF or K _AMF or K _AF .

In a specific manner, when generating the group key parameter according to the group key and the protection key, the processor 702 is specifically configured to: according to the group key, the protection key and the protection key The first algorithm generates the set of key parameters, and the first algorithm is a reversible algorithm.

Optionally, the first algorithm may be one of the following algorithms: exclusive OR, exclusive OR, addition, subtraction, and encryption.

Exemplarily, the key identifier of the first device may be an identifier of the first device or a key set identifier of the first device.

In an optional implementation manner, when acquiring the key identifier of the first device, the processor 702 is specifically configured to: control the transceiver 701 to acquire the encryption key of the first device from the first device or, control the transceiver 701 to obtain the key identifier of the first device from the group management function network element.

In an optional implementation manner, when acquiring the group identifier of the first device, the processor 702 is specifically configured to: control the transceiver 701 to acquire the group identifier of the first device from the group management function network element. group identifier; or, controlling the transceiver 701 to obtain the group identifier of the first device from the first device.

In another embodiment, when the group key distribution apparatus 700 is configured to implement the function of the first device (eg, UE) in the foregoing embodiment, it may specifically include:

The transceiver 701 is configured to receive the group key parameter from the group key management function network element; the processor 702 is configured to determine the group key according to the group key parameter and the protection key, and the group key The key is used to protect the content of communications of members of a group that includes the first device.

In an optional implementation manner, the processor 702 is further configured to: generate a second key according to the first key; and generate the protection key according to the second key.

Specifically, when generating the protection key according to the second key, the processor 702 is specifically configured to: generate the protection key according to the second key and the generation parameters of the protection key; the protection key The key generation parameters include one or more of the following: a first self-owned parameter, a first receiving parameter, and a first sending parameter; wherein the first self-owned parameter includes a preset character string; the first receiving parameter includes One or more of the following: first device identifier, first device key identifier, group identifier, application type, application identifier, random number, counter, timestamp; the first sending parameter includes one or more of the following : Group key ID, nonce, counter, timestamp.

Optionally, the transceiver 701 is further configured to send a first reception parameter indication to the secondary group key management function network element, where the first reception parameter indication is used to indicate the first reception parameter.

Optionally, the transceiver 701 is further configured to receive a first transmission parameter indication from the group key management function network element; the processor 702 is further configured to obtain the second transmission parameter indication according to the first transmission parameter indication. Send parameters.

In an optional implementation manner, when generating the second key according to the first key, the processor 702 is specifically configured to: generate according to the first key and the second key The parameters determine the second key; the generation parameters of the second key include one or more of the following: a second self-owned parameter, a second receiving parameter, and a second sending parameter; wherein the second self-owned parameter The parameter includes a preset character string; the second receiving parameter includes one or more of the following: an identifier of the first device, a key identifier of the first device, a group identifier, a random number, a counter, and a timestamp; the second Send parameters include one or more of the following: random number, counter, timestamp.

Optionally, the transceiver 701 is further configured to send a second reception parameter indication to the group key management function network element, where the second reception parameter indication is used to indicate the second reception parameter.

Optionally, the transceiver 701 is further configured to receive a second transmission parameter indication from the group key management function network element; the processor 702 is further configured to obtain the first transmission parameter indication according to the second transmission parameter indication. Send parameters.

Specifically, when determining the group key according to the group key parameter and the protection key, the processor 702 is specifically configured to: according to the protection key, the group key parameter and the second The algorithm determines the group key, and the second algorithm is a reversible algorithm.

Optionally, the second algorithm may be one of the following algorithms: exclusive OR, exclusive OR, addition, subtraction, and decryption.

Exemplarily, the first key may be K _AUSF or K _SEAF or K _AMF or K _AF .

In an optional implementation manner, the transceiver 701 is further configured to: send the key identifier of the first device to the group key management function network element; or send the group key management function network element to the group The key management function network element sends the key identifier and group identifier of the first device.

Optionally, the key identifier of the first device is an identifier of the first device or a key set identifier of the first device.

In another embodiment, when the group key distribution apparatus 700 is used to implement the function of the key function network element (eg KF, AUSF) in the above embodiment, it may specifically include:

The transceiver 701 is configured to receive the key identifier of the first device from the group key management function network element; the processor 702 is configured to determine the first key according to the key identifier of the first device; The key determines the second key.

Specifically, when determining the second key according to the first key, the processor 702 is specifically configured to: generate the first key according to the generation parameters of the first key and the second key Second key; the generation parameters of the second key include one or more of the following: a second own parameter, a second receiving parameter, a second sending parameter; wherein, the second own parameter includes a preset character string; the second receiving parameter includes one or more of the following: the identifier of the first device, the key identifier of the first device, the group identifier, the random number, the counter, and the timestamp; the second sending parameter includes the following one Item or items: nonce, counter, timestamp.

Optionally, the transceiver 701 is further configured to receive a second reception parameter indication from the first device or the network element of the group key management function; the processor 702 is further configured to obtain the indication according to the second reception parameter the second received parameter.

Optionally, the transceiver 701 is further configured to send a second transmission parameter indication to the first device or the network element of the group key management function, where the second transmission parameter indication is used to indicate the second transmission parameter.

Optionally, the processor 702 is further configured to determine a protection key according to the second key; the transceiver 701 is further configured to send the protection key to a network element with a group key management function.

Specifically, when determining the protection key according to the second key, the processor 702 is specifically configured to: generate the protection key according to the second key and the generation parameter of the protection key ; The generation parameters of the protection key include one or more of the following: a first self-owned parameter, a first receiving parameter, and a first sending parameter; wherein, the first self-owned parameter includes a preset character string; the The first receiving parameter includes one or more of the following: the identifier of the first device, the key identifier of the first device, the group identifier, the application type, the application identifier, the random number, the counter, and the timestamp; the first sending parameter includes One or more of the following: group key identification, nonce, counter, timestamp.

Optionally, the transceiver 701 is further configured to receive the first receiving parameter indication from the first device or the network element of the group key management function; the processor 702 is further configured to receive the first receiving parameter according to the first receiving parameter Instruct to acquire the first reception parameter.

Optionally, the transceiver 701 is further configured to send the first sending parameter indication to the first device or the network element of the group key management function, where the first sending parameter indication is used to indicate the first sending parameter.

Exemplarily, the transceiver 701 is further configured to send the second key to the group key management function network element.

Optionally, the first key may be K _AUSF or K _SEAF or K _AMF or K _AF .

Based on the above embodiments, the embodiments of the present application provide a communication system, and the communication system may include a group key management function network element, a first device, a key function network element, etc. involved in the above embodiments.

Embodiments of the present application further provide a computer-readable storage medium, where the computer-readable storage medium is used to store a computer program, and when the computer program is executed by a computer, the computer can implement the group key distribution provided by the foregoing method embodiments method.

Embodiments of the present application further provide a computer program product, where the computer program product is used to store a computer program, and when the computer program is executed by a computer, the computer can implement the group key distribution method provided by the above method embodiments.

An embodiment of the present application further provides a chip, where the chip is coupled to a memory, and the chip is used to implement the group key distribution method provided by the above method embodiments.

An embodiment of the present application further provides a chip system, where the chip system includes a processor, configured to support the above-mentioned group key distribution apparatus to implement the above-mentioned functions. In a possible design, the chip system further includes a memory for storing necessary program instructions and data of the group key distribution apparatus. The chip system may be composed of chips, or may include chips and other discrete devices.

As will be appreciated by those skilled in the art, the embodiments of the present application may be provided as a method, a system, or a computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the present application. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.

Obviously, those skilled in the art can make various changes and modifications to the present application without departing from the protection scope of the present application. Thus, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to include these modifications and variations.

Claims (30)

A method for group key distribution, comprising: The network element of the group key management function obtains the key identifier of the first device; The group key management function network element obtains the group identifier of the first device; The group key management function network element determines a group key according to the group identifier of the first device, where the group key is used to protect the communication content of members of the group, and the members of the group include the first device; The group key management function network element determines a protection key according to the key identifier of the first device; The group key management function network element generates a group key parameter according to the group key and the protection key; The group key management function network element sends the group key parameter to the first device. The method of claim 1, wherein the group key management function network element determines the group key according to the group identifier of the first device, comprising: The group key management function network element queries the group key from the group key information according to the group identifier, If the group key information includes the correspondence between the group identifier and the group key, the group key management function network element acquires the group corresponding to the group identifier from the group key information key; If the group key information does not include the corresponding relationship between the group identifier and the group key, the group key management function network element generates the group key. The method according to claim 1 or 2, wherein the group key management function network element determines the protection key according to the key identifier of the first device, comprising: The group key management function network element determines the protection key corresponding to the key identifier of the first device according to the stored correspondence between the key identifier of the first device and the protection key; or The group key management function network element obtains the protection key from the key function network element according to the key identifier of the first device. The method according to claim 1 or 2, wherein the group key management function network element determines the protection key according to the key identifier of the first device, comprising: The group key management function network element determines the second key according to the key identifier of the first device; The group key management function network element generates the protection key according to the second key. The method according to claim 4, wherein generating the protection key according to the second key by the group key management function network element comprises: The group key management function network element generates the protection key according to the second key and the generation parameters of the protection key; the generation parameters of the protection key include one or more of the following: first Self-owned parameter, first receiving parameter, first sending parameter; wherein, the first self-owned parameter includes a preset character string; the first receiving parameter includes one or more of the following: the identification of the first device, the first A key identifier, group identifier, application type, application identifier, random number, counter, and timestamp of a device; the first transmission parameter includes one or more of the following: group key identifier, random number, counter, timestamp . The method of claim 5, wherein the method further comprises: The group key management function network element receives a first reception parameter indication from the first device or the group management function network element, and acquires the first reception parameter according to the first reception parameter indication. The method of claim 5 or 6, wherein the method further comprises: The group key management function network element sends a first sending parameter indication to the first device, where the first sending parameter indication is used to indicate the first sending parameter. The method according to any one of claims 4-7, wherein the group key management function network element determines the second key according to the key identifier of the first device, comprising: The network element of the group key management function determines the first key corresponding to the key identifier of the first device according to the stored correspondence between the key identifier of the first device and the first key; or the group key The key management function network element obtains the first key from the key function network element; The group key management function network element generates the second key according to the first key. The method according to claim 8, wherein the group key management function network element generates the second key according to the first key, comprising: The group key management function network element generates the second key according to the generation parameters of the first key and the second key; the generation parameters of the second key include one or more of the following : a second own parameter, a second receiving parameter, a second sending parameter; wherein, the second own parameter includes a preset character string; the second receiving parameter includes one or more of the following: The identifier, the key identifier of the first device, the group identifier, the random number, the counter, and the timestamp; the second transmission parameter includes one or more of the following: random number, counter, and timestamp. The method of claim 9, wherein the method further comprises: The group key management function network element receives the second reception parameter indication from the first device or the group management function network element, and acquires the second reception parameter according to the second reception parameter indication. The method of claim 9 or 10, wherein the method further comprises: The group key management function network element sends a second transmission parameter indication to the first device or the group management function network element, where the second transmission parameter indication is used to indicate the second transmission parameter. The method according to any one of claims 8-11, wherein the first key is K _AUSF or K _SEAF or K _AMF or K _AF . The method according to any one of claims 1-12, wherein the group key management function network element generates a group key parameter according to the group key and the protection key, comprising: The group key management function network element generates the group key parameter according to the group key, the protection key and a first algorithm, where the first algorithm is a reversible algorithm. The method of claim 13, wherein the first algorithm is one of the following algorithms: exclusive OR, exclusive OR, addition, subtraction, and encryption. A method for group key distribution, comprising: the first device receives the group key parameter from the group key management function network element; The first device determines the group key according to the group key parameter and the protection key, where the group key is used to protect the communication content of members of the group, and the members of the group include the first device. The method of claim 15, wherein the method further comprises: The first device generates a second key according to the first key; The first device generates the protection key based on the second key. The method of claim 16, wherein the group key management function network element generates a protection key according to the second key, comprising: The first device generates the protection key according to the second key and the generation parameters of the protection key; the protection key generation parameters include one or more of the following: a first self-owned parameter, a first received parameters, the first sending parameter; wherein, the first self-owned parameter includes a preset character string; the first receiving parameter includes one or more of the following: the identification of the first device, the identification of the first device key, the group identifier, application type, application identifier, random number, counter, and timestamp; the first sending parameter includes one or more of the following: group key identifier, random number, counter, and timestamp. The method of claim 17, wherein the method further comprises: The first device sends a first reception parameter indication to the secondary group key management function network element, where the first reception parameter indication is used to indicate the first reception parameter. The method of claim 17 or 18, wherein the method further comprises: The first device receives a first transmission parameter indication from the group key management function network element, and acquires the first transmission parameter according to the first transmission parameter indication. The method according to any one of claims 16-19, wherein the first device generates a second key according to the first key, comprising: The first device determines the second key according to the generation parameters of the first key and the second key; the generation parameters of the second key include one or more of the following: a second automatic key; There are parameters, second receiving parameters, and second sending parameters; wherein, the second self-owned parameter includes a preset character string; the second receiving parameter includes one or more of the following: the identification of the first device, the first The device's key identifier, group identifier, random number, counter, and timestamp; the second transmission parameter includes one or more of the following: random number, counter, and timestamp. The method of claim 20, wherein the method further comprises: The first device sends a second reception parameter indication to the group key management function network element, where the second reception parameter indication is used to indicate the second reception parameter. The method of claim 20 or 21, wherein the method further comprises: The first device receives a second transmission parameter indication from the group key management function network element, and acquires the second transmission parameter according to the second transmission parameter indication. The method according to any one of claims 15-22, wherein the first device determines the group key according to the group key parameter and the protection key, comprising: The first device determines the group key according to the protection key, the group key parameter, and a second algorithm, where the second algorithm is a reversible algorithm. The method of claim 23, wherein the second algorithm is one of the following algorithms: exclusive OR, exclusive OR, addition, subtraction, and decryption. The method according to any one of claims 16-22, wherein the first key is K _AUSF or K _SEAF or K _AMF or K _AF . A group key distribution apparatus, characterized by comprising a unit or module for executing the method according to any one of claims 1-14. A group key distribution apparatus, characterized by comprising a unit or module for executing the method according to any one of claims 15-25. A group key distribution device, comprising a processor and a transceiver, wherein: the transceiver for sending and receiving data, messages or information; The processor, coupled to the memory, is configured to invoke a program in the memory to cause the group key distribution apparatus to perform the method of any one of claims 1-14. A group key distribution device, comprising a processor and a transceiver, wherein: the transceiver for sending and receiving data, messages or information; The processor, coupled to the memory, invokes a program in the memory to cause the group key distribution apparatus to perform the method of any of claims 15-25. A computer-readable storage medium, characterized in that it includes instructions that, when the instructions are executed on a computer, cause the computer to perform the method as claimed in any one of claims 1-14, or to execute the method as claimed in claim 15- The method of any one of 25.

Images