WO2013118096A1 - Procédé, appareil et programme d'ordinateur pour faciliter des informations de découverte d2d sécurisée - Google Patents

Procédé, appareil et programme d'ordinateur pour faciliter des informations de découverte d2d sécurisée Download PDF

Info

Publication number
WO2013118096A1
WO2013118096A1 PCT/IB2013/051060 IB2013051060W WO2013118096A1 WO 2013118096 A1 WO2013118096 A1 WO 2013118096A1 IB 2013051060 W IB2013051060 W IB 2013051060W WO 2013118096 A1 WO2013118096 A1 WO 2013118096A1
Authority
WO
WIPO (PCT)
Prior art keywords
security key
terminal
discovery information
security
discovery
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2013/051060
Other languages
English (en)
Inventor
Timo Koskela
Sami-Jukka Hakola
Samuli Turtinen
Anna Pantelidou
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Renesas Electronics Corp
Original Assignee
Renesas Mobile Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Renesas Mobile Corp filed Critical Renesas Mobile Corp
Publication of WO2013118096A1 publication Critical patent/WO2013118096A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/005Discovery of network devices, e.g. terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup

Definitions

  • the present invention relates to a method, apparatus and computer program for determining the security level of D2D discovery information, and to a method, apparatus and computer program for distributing a security key relating to a D2D discovery signal.
  • Embodiments of the present invention relate generally to wireless communication technology and, in particular embodiments, relate to an apparatus, method and computer program product for facilitating secure device-to-device discovery.
  • D2D communication technologies may use radio resources of a hosting cellular system, but allow two computing devices, such as mobile terminals (also referred to as user equipment (UEs) or stations (STAs)), to communicate directly with each other without routing their communications through components of the cellular system.
  • UEs user equipment
  • STAs stations
  • D2D communication may offer several advantages. For example, the direct communication link between mobile terminals engaged in D2D communication may result in reduced end-to-end delay time for data exchanged between the terminals as compared to indirect communication via cellular system components. Further, since communications may be offloaded from the cellular network to D2D communication links, network load may be reduced. Additional benefits of D2D communication may include improved local area coverage, improved serving network resource efficiency, and conservation of transmission power by both UEs and network access points.
  • D2D communication may support a variety of end user services, such as peer-to-peer applications, social applications, voice over internet protocol (VoIP) conversation, head-to-head gaming applications, collaborative applications, local advertising, network offloading, and/or other services that may involve transfer of data between computing devices that may be within relatively close proximity of each other.
  • end user services such as peer-to-peer applications, social applications, voice over internet protocol (VoIP) conversation, head-to-head gaming applications, collaborative applications, local advertising, network offloading, and/or other services that may involve transfer of data between computing devices that may be within relatively close proximity of each other.
  • VoIP voice over internet protocol
  • a method comprising receiving, at a terminal, a device-to-device (D2D) discovery signal, the D2D discovery signal comprising D2D discovery information and an indication of a security level applied to the D2D discovery information included in the D2D discovery signal; and determining, based at least in part on the indication, the security level applied to the D2D discovery information.
  • D2D device-to-device
  • apparatus for use in a communication terminal, the apparatus comprising a processing system arranged to cause the apparatus to at least: determine a security level applied to D2D discovery information received in a device-to-device (D2D) discovery signal based at least in part on an indication received in the device-to-device (D2D) discovery signal of the security level applied to the D2D discovery information included in the D2D discovery signal.
  • D2D device-to-device
  • the apparatus of the second example embodiment provides for secure device-to-device discovery.
  • a computer program comprising instructions, which when performed by an apparatus, are arranged to cause the apparatus to at least: determine a security level applied to D2D discovery information received in a device-to-device (D2D) discovery signal based at least in part on an indication received in the device-to-device (D2D) discovery signal of the security level applied to the D2D discovery information included in the D2D discovery signal.
  • the computer program product of the third example embodiment provides for secure device-to-device discovery.
  • apparatus comprising: means for determining a security level applied to D2D discovery information received in a device-to-device (D2D) discovery signal based at least in part on an indication received in the device- to-device (D2D) discovery signal of the security level applied to the D2D discovery information included in the D2D discovery signal. This provides for secure device-to- device discovery.
  • D2D device-to-device
  • a method comprising: determining that a terminal that has associated with a network has been authenticated to be permitted to receive a security key usable for one or more of decrypting or encrypting at least a portion of a device-to-device (D2D) discovery signal; and responsive to the determination, causing the security key to be distributed to the terminal.
  • D2D device-to-device
  • the method of the fifth example embodiment facilitates secure device-to-device discovery.
  • apparatus for use in a network entity, the apparatus comprising a processing system arranged to cause the apparatus to at least: determine that a terminal that has associated with a network has been authenticated to be permitted to receive a security key usable for one or more of decrypting or encrypting at least a portion of a device- to-device (D2D) discovery signal; and responsive to the determination, cause the security key to be distributed to the terminal.
  • D2D device- to-device
  • the apparatus of the sixth example embodiment facilitates secure device-to-device discovery.
  • a computer program comprising instructions, which when performed by an apparatus, are arranged to cause the apparatus to at least: determine that a terminal that has associated with a network has been authenticated to be permitted to receive a security key usable for one or more of decrypting or encrypting at least a portion of a device- to-device (D2D) discovery signal; and responsive to the determination, cause the security key to be distributed to the terminal.
  • the computer program product of the seventh example embodiment facilitates secure device-to-device discovery.
  • apparatus comprising: means for determining that a terminal that has associated with a network has been authenticated to be permitted to receive a security key usable for one or more of decrypting or encrypting at least a portion of a device-to-device (D2D) discovery signal; and means for, responsive to the determination, causing the security key to be distributed to the terminal.
  • D2D device-to-device
  • the computer programs described above may be stored in or on a computer program product comprising at least one non-transitory computer-readable storage medium having computer-readable program code stored therein, the computer- readable program code including or providing the instructions referred to above.
  • the processing systems described above may be provided by at least one processor and at least one memory including computer program instructions, the at least one memory and the computer program instructions being configured to, with the at least one processor, cause the apparatus at least to perform as described above.
  • Methods, apparatus and computer program products are provided herein for facilitating secure device-to-device discovery.
  • Embodiments provided herein may provide several advantages to network providers, wireless service providers, computing devices, and computing device users.
  • some example embodiments provide varying levels of security that may be applied to D2D discovery signalling.
  • An indication of the level of security applied to D2D discovery signalling may be included in a D2D discovery signal.
  • a device receiving the D2D discovery signal may determine the level of security applied to the signal and determine whether the device is permitted to access discovery information included in the D2D discovery signal and/or how to access discovery information in the D2D discovery signal. If a device receives a D2D discovery signal having information that the device is not permitted to access, the device may discard the received signal to avoid processing overhead.
  • a varying level of encryption security may be applied to information included within a D2D discovery signal.
  • Distribution of security keys of some such example embodiments is limited to a group of permitted devices, such that only devices permitted to receive a security key needed to decrypt an encrypted portion of a D2D discovery signal may obtain the security key and decrypt the encrypted portion. Accordingly, some example embodiments allow only those devices that belong to the same predefined group to discover each other's D2D discovery signalling and establish a D2D link with each other.
  • FIG. 1 shows schematically an example system for facilitating secure D2D discovery according to some example embodiments
  • FIG. 2 shows a schematic block diagram of a network apparatus in accordance with some example embodiments
  • FIG. 3 shows a schematic block diagram of a terminal apparatus in accordance with some example embodiments
  • FIG. 4 shows schematically an example an example D2D discovery signal frame according to some example embodiments
  • FIG. 5 shows schematically an example system for facilitating secure D2D discovery according to some example embodiments
  • FIG. 6 shows a flowchart according to an example method for obtaining a common security key according to some example embodiments
  • FIG. 7 shows a flowchart according to an example method for obtaining a private security key according to some example embodiments
  • FIG. 8 shows a flowchart according to an example method for updating a security key according to some example embodiments
  • FIG. 9 shows a flowchart according to an example method for generating a secure D2D discovery signal according to some example embodiments
  • FIG. 10 shows a flowchart according to an example method for processing a received D2D discovery signal according to some example embodiments
  • FIG. 11 shows a flowchart according to another example method for processing a received D2D discovery signal according to some example embodiments
  • FIG. 12 shows a flowchart according to an example method for facilitating secure D2D discovery according to some example embodiments
  • FIG. 13 shows a flowchart according to an example method for distributing a common security key according to some example embodiments
  • FIG. 14 shows a flowchart according to an example method for distributing a private security key according to some example embodiments.
  • the terms “data”, “content”, “information” and similar terms may be used interchangeably to refer to data capable of being transmitted, received, displayed and/or stored in accordance with various example embodiments. Thus, use of any such terms should not be taken to limit the spirit and scope of the disclosure.
  • a computing device is described herein to receive data from another computing device, it will be appreciated that the data may be received directly from the another computing device or may be received indirectly via one or more intermediary computing devices, such as, for example, one or more servers, relays, routers, network access points, base stations, and/or the like.
  • circuitry refers to all of the following:
  • circuitry (a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry) and (b) to combinations of circuits and software (and/or firmware), such as (as applicable): (i) to a combination of processor(s) or (ii) to portions ofprocessor(s)/software (including digital signal processor(s)), software, and memory(ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) and (c) to circuits, such as a microprocessor(s) or a portion of a microprocessor(s), that require software or firmware for operation, even if the software or firmware is not physically present.
  • circuitry applies to all uses of this term in this specification, including in any claims.
  • circuitry would also cover an implementation of merely a processor (or multiple processors) or portion of a processor and its (or their) accompanying software and/or firmware.
  • circuitry would also cover, for example and if applicable to the particular claim element, a baseband integrated circuit or applications processor integrated circuit for a mobile phone or a similar integrated circuit in server, a cellular network device or other network device.
  • FIG. 1 illustrates an example system 100 for facilitating secure D2D discovery in accordance with some example embodiments.
  • system 100 as well as the illustrations in other figures are each provided as an example of an embodiment(s) and should not be construed to narrow the scope or spirit of the disclosure in any way.
  • the scope of the disclosure encompasses many potential embodiments in addition to those illustrated and described herein.
  • FIG. 1 illustrates one example of a configuration of a system for facilitating secure D2D discovery
  • embodiments of the present invention may be implemented in systems having numerous other configurations.
  • the system 100 includes a network apparatus 102 and a plurality of terminal apparatus 104. Two such terminal apparatus 104 are illustrated in FIG. 1 by way of example. However, it will be appreciated that the system 100 may include any number of terminal apparatus 104.
  • the system 100 further comprises a network 106.
  • the network 106 may comprise one or more wireline networks, one or more wireless networks, or some combination thereof.
  • the network 106 comprises a public land mobile network (for example, a cellular network), such as may be implemented by a network operator (for example, a cellular access provider).
  • the network 106 may, for example, operate in accordance with current and future implementations of Third Generation Partnership Project (3 GPP) Long Term Evolution (LTE) standards, including Long Term Evolution- Advanced (LTE-A) standards and/or the like.
  • 3 GPP Third Generation Partnership Project
  • LTE Long Term Evolution
  • LTE-A Long Term Evolution- Advanced
  • the network 106 is not limited to embodiment as an LTE network.
  • the network 106 may employ a network implementing any type of mobile and/or wireless access mechanism, such as LTE, LTE-A, Time Division Synchronous Code Division Multiple Access (TD-SCDMA), wideband code division multiple access (W-CDMA), CDMA2000, global system for mobile communications (GSM), general packet radio service (GPRS), a wireless local area network (WLAN) access mechanism (e.g., Institute for Electrical and Electronics Engineers (IEEE) 802.11), a WIMAX access mechanism (e.g. IEEE 802.16), a wireless regional area network access mechanism (e.g. IEEE 802.22), and/or the like.
  • LTE Long Term Evolution
  • LTE-A Time Division Synchronous Code Division Multiple Access
  • W-CDMA wideband code division multiple access
  • CDMA2000 global system for mobile communications
  • GSM global system for mobile communications
  • GPRS general packet radio service
  • WLAN wireless local area network
  • IEEE Institute for Electrical and Electronics Engineers
  • IEEE Institute for Electrical and Electronics Engineers
  • IEEE 802.16
  • references herein are made to a particular network standard and/or terminology particular to a network standard, the references are provided merely by way of example and not by way of limitation.
  • terminology such as “evolved Node B” or “eNB”
  • base station such as “base transceiver station”
  • node B node B
  • Access Point AP
  • a terminal apparatus 104 may comprise any computing device configured to associate with the network 106 so as to receive network access via the network 106 and to establish a D2D communication link, such as the D2D communication link 108 with another computing device, such as another terminal apparatus 104.
  • a terminal apparatus 104 may be embodied as a mobile communication device, mobile telephone, personal digital assistant (PDA), smart phone, tablet computing device, pager, laptop computer, desktop computer with a cellular network adapter, portable game device, audio/video player, television device, radio receiver, a digital camera/camcorder, positioning device, some combination thereof, or the like.
  • PDA personal digital assistant
  • the terminal apparatus 104 may be embodied as a user equipment (UE) device, which may be configured to access a cellular network, such as an LTE network.
  • UE user equipment
  • LTE long term evolution
  • a terminal apparatus 104 may associate with and receive network access from the network 106 via a network access point, which may, for example, form a portion of a radio access network (RAN).
  • the network access point may be configured to provide access to the network 106 to one or more terminal apparatus 104 via a radio uplink.
  • the radio uplink may comprise a radio uplink conforming to a cellular networking standard, such as by way of non-limiting example, an LTE standard.
  • a network access point through which a terminal apparatus 104 may associate with and access the network 106 may comprise a base station, base transceiver station (BTS), node B, evolved node B (eNB), and/or the like
  • a terminal apparatus 104 may be configured to communicate with the network apparatus 102 over the network 106.
  • the network apparatus 102 may comprise a node of the network 106.
  • the network apparatus 102 may be at least partially embodied on one or more computing devices that comprise a core network (CN) entity of the network 106.
  • the network apparatus 102 may, for example, be at least partially embodied on a mobility management entity (MME) of the core network.
  • MME mobility management entity
  • the network apparatus may comprise one or more dedicated computing devices, such as a D2D server that may comprise a portion of a CN portion of the network 106.
  • the network apparatus 106 may additionally or alternatively be at least partially embodied on or by one or more computing devices that comprise an element of a radio access network (RAN) portion of the network 106.
  • RAN radio access network
  • the network apparatus 102 may, for example, be at least partially embodied on an access point of the network 106, such as a base station, BTS, node B, eNB, WLAN AP and/or the like.
  • the network apparatus 102 may be embodied as a plurality of computing devices that collectively provide functionality attributed to the network apparatus 102 herein.
  • the plurality of computing devices may, for example, be located in a CN portion of the network 106, a RAN portion of the network 106, or some combination thereof.
  • a terminal apparatus 104 may be configured with cognitive radio (CR) capabilities such that a terminal apparatus 104 may be configured to sense other terminal apparatus 104 within a proximate range and detect whether such sensed terminal apparatus 104 are configured for device-to-device (D2D) communication.
  • CR cognitive radio
  • terminal apparatus 104 may be configured to exchange D2D discovery signalling to enable device discovery and facilitate establishment of D2D links between devices. Accordingly, two or more terminal apparatus 104 may establish a D2D connection 108 with each other in order to engage in D2D communication with each other.
  • a D2D connection 108 may, for example, comprise a direct radio link between two or more terminal apparatus 104 and may enable the terminal apparatus 104 engaged in D2D communication to communicate directly with each other without routing their communications via one or more elements of the network 106.
  • the D2D connection 108 may utilise resources within a band that may be used for radio access to the network 106, such as a cellular band. Additionally or alternatively, the D2D connection 108 may utilise an unlicensed band, such as a band in the industrial, scientific, and medical (ISM) range, to facilitate wireless transmission of data between devices.
  • ISM industrial, scientific, and medical
  • FIG. 2 illustrates a block diagram of a network apparatus 202 in accordance with some example embodiments.
  • the network apparatus 202 illustrates an example of an apparatus that may be implemented on a network apparatus 102 in accordance with some example embodiments.
  • the components, devices or elements illustrated in and described with respect to FIG. 2 below may not be mandatory and thus some may be omitted in certain embodiments. Additionally, some embodiments may include further or different components, devices or elements beyond those illustrated in and described with respect to FIG. 2.
  • the network apparatus 202 may be implemented on an MME, a home subscriber server (HSS), a dedicated D2D server, some combination thereof, or the like. Accordingly, it will be appreciated that while the network apparatus 202 is illustrated as a single apparatus, it will be appreciated that the network apparatus 202 may comprise a plurality of separate apparatus, which may collectively comprise the network apparatus 202. Thus, for example, a first functionality attributed to the network apparatus 202 may be performed by an MME, while a second functionality that may be attributed to the network apparatus 202 may be performed by a separate entity, such as a dedicated D2D server. In embodiments wherein the network apparatus 202 comprises a plurality of separate apparatus, elements illustrated in FIG.
  • a processing circuitry 210, communication interface 216, and/or the like may be implemented on each of the apparatus that may comprise the network apparatus 202.
  • the key management controller 218 may be implemented on a first apparatus, such as an MME, HSS, and/or the like, while the D2D registration controller 220 may be implemented on a second apparatus, such as a D2D server.
  • the network apparatus 202 may include or otherwise be in communication with processing circuitry 210 that is configurable to perform actions in accordance with one or more example embodiments disclosed herein.
  • the processing circuitry 210 may be configured to perform and/or control performance of one or more functionalities of the network apparatus 202 in accordance with various example embodiments, and thus may provide means for performing functionalities of the network apparatus 202 in accordance with various example embodiments.
  • the processing circuitry 210 may be configured to perform data processing, application execution and/or other processing and management services according to one or more example embodiments.
  • the network apparatus 202 or a portion(s) or component(s) thereof, such as the processing circuitry 210 may be embodied as or comprise a chip or chip set.
  • the network apparatus 202 or the processing circuitry 210 may comprise one or more physical packages (e.g. chips) including materials, components and/or wires on a structural assembly (e.g. a baseboard).
  • the structural assembly may provide physical strength, conservation of size, and/or limitation of electrical interaction for component circuitry included thereon.
  • the network apparatus 202 or the processing circuitry 210 may therefore, in some cases, be configured to implement an embodiment of the invention on a single chip or as a single "system-on-a-chip".
  • a chip or chipset may constitute means for performing one or more operations for providing the functionalities described herein.
  • the processing circuitry 210 may include a processor 212 and, in some embodiments, such as that illustrated in FIG. 2, may further include memory 214.
  • the processing circuitry 210 may be in communication with or otherwise control a communication interface 216, key management controller 218, and/or a D2D registration controller 220.
  • the processing circuitry 210 may be embodied as a circuit chip (e.g. an integrated circuit chip) configured (e.g. with hardware, software or a combination of hardware and software) to perform operations described herein. However, in some embodiments, the processing circuitry 210 may be embodied as a portion of a server, computer, workstation or other computing device.
  • one or more of the elements illustrated in FIG. 2 may provide a processing system, which may be arranged to perform one or more functionalities attributed to the network apparatus 202 in accordance with various example embodiments.
  • the processing circuitry 210, processor 212, memory 214, communication interface 216, key management controller 218, D2D registration controller 220, or some combination thereof may form a processing system.
  • the processor 212 may be embodied in a number of different ways.
  • the processor 212 may be embodied as various processing means such as one or more of a microprocessor or other processing element, a coprocessor, a controller or various other computing or processing devices including integrated circuits such as, for example, an ASIC (application specific integrated circuit), an FPGA (field programmable gate array), or the like.
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the processor 212 may comprise a plurality of processors. The plurality of processors may be in operative communication with each other and may be collectively configured to perform one or more functionalities of the network apparatus 202 as described herein.
  • the plurality of processors may be embodied on a single computing device or distributed across a plurality of computing devices collectively configured to function as the network apparatus 202.
  • the processor 212 may be configured to execute instructions stored in the memory 214 or otherwise accessible to the processor 212.
  • the processor 212 may represent an entity (e.g. physically embodied in circuitry, in the form of processing circuitry 210) capable of performing operations according to embodiments of the present invention while configured accordingly.
  • the processor 212 when the processor 212 is embodied as an ASIC, FPGA or the like, the processor 212 may be specifically configured hardware for conducting the operations described herein.
  • the processor 212 when the processor 212 is embodied as an executor of software instructions, the instructions may specifically configure the processor 212 to perform one or more operations described herein.
  • the memory 214 may include one or more non-transitory memory devices such as, for example, volatile and/or non-volatile memory that may be either fixed or removable.
  • the memory 214 may comprise a non-transitory computer-readable storage medium. It will be appreciated that while the memory 214 is illustrated as a single memory, the memory 214 may comprise a plurality of memories. The plurality of memories may be embodied on a single computing device or may be distributed across a plurality of computing devices collectively configured to function as the network apparatus 202.
  • the memory 214 may be configured to store information, data, applications, instructions or the like for enabling the network apparatus 202 to carry out various functions in accordance with one or more example embodiments.
  • the memory 214 may be configured to buffer input data for processing by the processor 212. Additionally or alternatively, the memory 214 may be configured to store instructions for execution by the processor 212. As yet another alternative, the memory 214 may include one or more databases that may store a variety of files, contents or data sets. Among the contents of the memory 214, applications may be stored for execution by the processor 212 in order to carry out the functionality associated with each respective application. In some cases, the memory 214 may be in communication with one or more of the processor 212, communication interface 216, key management controller 218, or D2D registration controller 220 via a bus(es) for passing information among components of the network apparatus 202. The communication interface 216 may include one or more interface mechanisms for enabling communication with other devices and/or networks.
  • the communication interface 216 may be any means such as a device or circuitry embodied in either hardware, or a combination of hardware and software that is configured to receive and/or transmit data from/to a network and/or any other device or module that may be in communication with the processing circuitry 210.
  • the communication interface 216 may be configured to facilitate communication between one or more terminal apparatus 104 and the network apparatus 202.
  • the communication interface 216 may accordingly include, for example, an antenna (or multiple antennas) and supporting hardware and/or software for enabling communications with a wireless communication network and/or a communication modem or other hardware/software for supporting communication via cable, digital subscriber line (DSL), universal serial bus (USB), Ethernet or other methods.
  • DSL digital subscriber line
  • USB universal serial bus
  • the processor 212 may be embodied as, include, or otherwise control a key management controller 218.
  • the key management controller 218 may be embodied as various means, such as circuitry, hardware, a computer program product comprising a computer readable medium (for example, the memory 214) storing computer readable program instructions executable by a processing device (for example, the processor 212), or some combination thereof.
  • the key management controller 218 may be capable of communication with one or more of the memory 214, communication interface 216, or D2D registration controller 220 to access, receive, and/or send data as may be needed to perform one or more of the functionalities of the key management controller 218 as described herein.
  • the processor 212 or the processing circuitry
  • the D2D registration controller 220 may additionally or alternatively be embodied as, include, or otherwise control a D2D registration controller 220.
  • the D2D registration controller 220 may be embodied as various means, such as circuitry, hardware, a computer program product comprising a computer readable medium (for example, the memory 214) storing computer readable program instructions executable by a processing device (for example, the processor 212), or some combination thereof.
  • the D2D registration controller 220 may be capable of communication with one or more of the memory 214, communication interface 216, or key management controller 218 to access, receive, and/or send data as may be needed to perform one or more of the functionalities of the D2D registration controller 220 as described herein.
  • FIG. 3 illustrates a block diagram of a terminal apparatus 302 in accordance with some example embodiments.
  • the terminal apparatus 302 may comprise an apparatus that may be implemented on a terminal apparatus 104 in accordance with some example embodiments. It should be noted, however, that the components, devices or elements illustrated in and described with respect to FIG. 3 below may not be mandatory and thus some may be omitted in certain embodiments. Additionally, some embodiments may include further or different components, devices or elements beyond those illustrated in and described with respect to FIG. 3.
  • the terminal apparatus 302 may include or otherwise be in communication with processing circuitry 310 that is configurable to perform actions in accordance with one or more example embodiments disclosed herein.
  • the processing circuitry 310 may be configured to perform and/or control performance of one or more functionalities of the terminal apparatus 302 in accordance with various example embodiments, and thus may provide means for performing functionalities of the terminal apparatus 302 in accordance with various example embodiments.
  • the processing circuitry 310 may be configured to perform data processing, application execution and/or other processing and management services according to one or more example embodiments.
  • the terminal apparatus 302 or a portion(s) or component(s) thereof, such as the processing circuitry 310 may be embodied as or comprise a chip or chip set.
  • the terminal apparatus 302 or the processing circuitry 310 may comprise one or more physical packages (e.g. chips) including materials, components and/or wires on a structural assembly (e.g. a baseboard).
  • the structural assembly may provide physical strength, conservation of size, and/or limitation of electrical interaction for component circuitry included thereon.
  • the terminal apparatus 302 or the processing circuitry 310 may therefore, in some cases, be configured to implement an embodiment of the invention on a single chip or as a single "system-on-a-chip".
  • a chip or chipset may constitute means for performing one or more operations for providing the functionalities described herein.
  • the processing circuitry 310 may include a processor 312 and, in some embodiments, such as that illustrated in FIG. 3, may further include memory 314.
  • the processing circuitry 310 may be in communication with or otherwise control a user interface 316, a communication interface 318, and/or a D2D discovery controller 320.
  • the processing circuitry 310 may be embodied as a circuit chip (e.g. an integrated circuit chip) configured (e.g. with hardware, software or a combination of hardware and software) to perform operations described herein.
  • one or more of the elements illustrated in FIG. 3 may provide a processing system, which may be arranged to perform one or more functionalities attributed to the terminal apparatus 302 in accordance with various example embodiments.
  • the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, D2D discovery controller 320, or some combination thereof may form a processing system.
  • the processor 312 may be embodied in a number of different ways.
  • the processor 312 may be embodied as various processing means such as one or more of a microprocessor or other processing element, a coprocessor, a controller or various other computing or processing devices including integrated circuits such as, for example, an ASIC (application specific integrated circuit), an FPGA (field programmable gate array), or the like.
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the processor 312 may comprise a plurality of processors. The plurality of processors may be in operative communication with each other and may be collectively configured to perform one or more functionalities of the terminal apparatus 302 as described herein.
  • the plurality of processors may be embodied on a single computing device or distributed across a plurality of computing devices collectively configured to function as the terminal apparatus 302.
  • the processor 312 may be configured to execute instructions stored in the memory 314 or otherwise accessible to the processor 312.
  • the processor 312 may represent an entity (e.g. physically embodied in circuitry, in the form of processing circuitry 310) capable of performing operations according to embodiments of the present invention while configured accordingly.
  • the processor 312 when the processor 312 is embodied as an ASIC, FPGA or the like, the processor 312 may be specifically configured hardware for conducting the operations described herein.
  • the processor 312 when the processor 312 is embodied as an executor of software instructions, the instructions may specifically configure the processor 312 to perform one or more operations described herein.
  • the memory 314 may include one or more non-transitory memory devices such as, for example, volatile and/or non-volatile memory that may be either fixed or removable.
  • the memory 314 may comprise a non-transitory computer-readable storage medium.
  • the memory 314 may comprise a plurality of memories.
  • the plurality of memories may be embodied on a single computing device or may be distributed across a plurality of computing devices collectively configured to function as the terminal apparatus 302.
  • the memory 314 may be configured to store information, data, applications, instructions or the like for enabling the terminal apparatus 302 to carry out various functions in accordance with one or more example embodiments.
  • the memory 314 may be configured to buffer input data for processing by the processor 312. Additionally or alternatively, the memory 314 may be configured to store instructions for execution by the processor 312. As yet another alternative, the memory 314 may include one or more databases that may store a variety of files, contents or data sets. Among the contents of the memory 314, applications may be stored for execution by the processor 312 in order to carry out the functionality associated with each respective application. In some cases, the memory 314 may be in communication with one or more of the processor 312, user interface 316, communication interface 318, or D2D discovery controller 320 via a bus(es) for passing information among components of the terminal apparatus 302.
  • the user interface 316 may be in communication with the processing circuitry 310 to receive an indication of a user input at the user interface 316 and/or to provide an audible, visual, mechanical or other output to the user.
  • the user interface 316 may include, for example, a keyboard, a mouse, a joystick, a display, a touch screen, a microphone, a speaker, and/or other input/output mechanisms.
  • the communication interface 318 may include one or more interface mechanisms for enabling communication with other devices and/or networks.
  • the communication interface 318 may be any means such as a device or circuitry embodied in either hardware, or a combination of hardware and software that is configured to receive and/or transmit data from/to a network and/or any other device or module in communication with the processing circuitry 310.
  • the communication interface 318 may be configured to provide a cellular network interface (e.g. a cellular modem) to enable the terminal apparatus 302 to interface with a cellular network, such as via an access point.
  • the communication interface 318 may be configured to enable the terminal apparatus 302 to associate with and access the network 106.
  • the communication interface 318 may provide an interface to enable the terminal apparatus 302 to engage in D2D communication with another terminal apparatus, such as via a D2D connection 108.
  • the communication interface 318 may include, for example, an antenna (or multiple antennas) and supporting hardware and/or software for enabling communications with a wireless communication network (e.g. a cellular network, WSN, and/or the like) and/or a communication modem or other hardware/software for supporting communication via cable, digital subscriber line (DSL), universal serial bus (USB), Ethernet or other methods.
  • a wireless communication network e.g. a cellular network, WSN, and/or the like
  • a communication modem or other hardware/software for supporting communication via cable, digital subscriber line (DSL), universal serial bus (USB), Ethernet or other methods.
  • the processor 312 may be embodied as, include, or otherwise control a D2D discovery controller 320.
  • the D2D discovery controller 320 may be embodied as various means, such as circuitry, hardware, a computer program product comprising computer readable program instructions stored on a computer readable medium (for example, the memory 314) and executed by a processing device (for example, the processor 312), or some combination thereof.
  • the D2D discovery controller 320 may be capable of communication with one or more of the memory 314, user interface 316, or communication interface 318 to access, receive, and/or send data as may be needed to perform one or more of the functionalities of the D2D discovery controller 320 as described herein.
  • the D2D discovery controller 320 may be configured to generate and/or process a D2D discovery signal frame, which may be sent by a terminal, such as a terminal 104 to facilitate device discovery and setup of a D2D connection.
  • the D2D discovery signal frame may include a portion containing D2D discovery information.
  • the D2D discovery information that may be included in a D2D discovery signal may be protected with various levels of security that may be applied to D2D discovery information.
  • an "open" level of security may be applied to D2D discovery information included in a D2D discovery signal.
  • the D2D discovery information is not encrypted.
  • a "common" level of security may be applied to D2D discovery information included in a D2D discovery signal.
  • the D2D discovery information may be encrypted with a common security key.
  • the common security key may, for example, be generated and distributed by the network apparatus 102 to any terminal apparatus that has associated with the network 106.
  • a common security key may be used across the network 106.
  • a common security key may be used across a portion of the network 106, such as within a single serving cell, a group of cells, a single D2D discovery area, a group of D2D discovery areas, a tracking area, a group of tracking areas, and/or the like.
  • multiple common security keys may be used within a given network portion.
  • the multiple common security keys may offer multiple levels of security.
  • each common security key may have a different length, thus offering a different level of protection to data encrypted with the key.
  • the key management controller 218 may be configured to generate and control distribution of common keys and/or other security keys that may be used for encrypting and/or decrypting portions of D2D discovery signals.
  • the key management controller 218 may be configured in some example embodiments to cause common security keys to be distributed to terminal apparatus 104 that have successfully authenticated themselves to and are associated with the network 106.
  • the D2D registration controller 220 may be configured to authenticate that a terminal apparatus 104 has associated with the network 106, and the key management controller 218 may selectively control distribution of a common security key to a terminal apparatus 104 based at least in part on whether the D2D registration controller 220 has authenticated the terminal apparatus 104.
  • a "private" level of security may be applied to D2D discovery information included in a D2D discovery signal.
  • the D2D discovery information may be encrypted with a private security key that may be available to only a predefined group of one or more devices.
  • a private security key may, for example, be generated by the network apparatus 102, and may be associated with a predefined group of one or more devices.
  • the network apparatus 102 may be configured to distribute a private security key to a terminal apparatus 104 only if the terminal apparatus 104 successfully authenticates itself as a member of the predefined group of one or more devices with which the private key is associated. If a terminal apparatus requesting a private security key is not a member of the group with which the private security key is associated and/or is not successfully authenticated as a member of the group with which the private security key is associated, the key request may be denied.
  • a key management controller 218 that may be associated with a network apparatus 102 may be configured to control generation and distribution of a private security key.
  • the D2D registration controller 220 may be configured to maintain a record of membership in one or more private groups.
  • a single terminal apparatus may be registered as a member of multiple private groups in some example embodiments.
  • a terminal apparatus 104 and/or user thereof may provide registration information for registration of a terminal apparatus 104 as a member of a group.
  • members of a group may be known to the D2D registration controller 220 based at least in part on a higher level identifier, such as a Skype account identifier, email address, a user name/password combination, an Internet handle, and/or the like.
  • a D2D registration controller 220 that may be associated with a terminal apparatus 104 may cause the terminal apparatus 104 to provide registration information to the network apparatus 102 for registering the terminal apparatus 104 as a member of a group.
  • the registration information may enable the D2D registration controller 220 to authenticate that the terminal apparatus 104 is a member of a group.
  • the registration information may comprise a higher level identifier that may be usable by the D2D registration controller 220 to verify that the terminal apparatus 104 and/or user thereof is a member of the group and a lower level identifier of the terminal apparatus 104, such as an International Mobile Subscriber Identity (IMSI) or the like.
  • IMSI International Mobile Subscriber Identity
  • the D2D registration controller 220 may be configured to create and maintain a binding between the higher level identifier and the lower level identifier so that the terminal apparatus 104 may be authenticated as a member of the group while associated with the network.
  • multiple private security keys may associated with a given group of one or more devices.
  • the multiple private security keys may offer multiple levels of security.
  • each private security key may have a different length, thus offering a different level of protection to data encrypted with the key.
  • a D2D discovery signal may include an indication of the security level applied to D2D discovery information included in the D2D discovery signal.
  • the indication of the security level may, for example, be included in a header of the D2D discovery signal, such as in a header portion of a D2D discovery frame that may comprise the signal.
  • the indication may be included in a field of the header.
  • the indication of the security level may, for example, comprise a predefined set of bits that may be included in the D2D discovery signal.
  • Predefined bit values may indicate specified levels of security.
  • a 2 bit field may be used to indicate the security level.
  • bit value-security level associations may be defined and used in accordance with some example embodiments:
  • a D2D discovery signal may additionally include an indication of a group identification.
  • the indication of group identification may, for example, be included in a header portion of the D2D discovery signal.
  • the group identification may identify a group for which a security key needed to decrypt D2D discovery information is an instance in which a private level of security is applied to the D2D discovery information.
  • a D2D discovery signal may further include an indication of a D2D transmitter identity (ID).
  • the indication of the D2D transmitter ID may, for example, identify a terminal apparatus that may generate and send the D2D discovery signal.
  • the D2D signal transmitter ID may be usable by a terminal receiving the D2D discovery signal to determine a security key that may be needed to decrypt a portion of the D2D discovery signal.
  • a D2D signal transmitter ID may be usable in addition to or in lieu of a group identification to identify a security key that may be needed to decrypt a portion of the D2D discovery signal.
  • FIG. 4 illustrates an example D2D discovery signal frame according to some example embodiments.
  • the example signal frame of FIG. 4 may include a header portion 402 and an information portion 404.
  • the information portion 404 may include D2D discovery information, which may be encrypted depending on the level of security applied to the D2D discovery information.
  • the header portion 402 may include a field 406 indicating a D2D signal transmitter ID that may be associated with a terminal that may have generated and sent the D2D discovery signal.
  • the header portion 402 may additionally or alternatively include a field 408 that may indicate a group identification.
  • the group identification field 408 may be used in an instance in which the D2D discovery frame is intended only for terminals belonging to a particular group, such as in an instance in which a private level of security may be applied to the D2D discovery information.
  • the header portion 402 may further include a field 410 that may indicate a security level that may be applied to the D2D discovery information that may be included in the information portion 404.
  • a D2D discovery controller 320 that may be associated with a terminal apparatus receiving a D2D discovery signal in accordance with various example embodiments, such as the D2D discovery signal frame illustrated in FIG.
  • the D2D discovery controller 320 may be configured to determine how to process the received signal based at least in part on the applied level of security.
  • the D2D discovery controller 320 may be configured in some example embodiments to read and process the D2D discovery information included in the signal as received.
  • the D2D discovery information is not encrypted. Accordingly, the D2D discovery information may be processed in the form in which it is received, without having to be decrypted.
  • the D2D discovery controller 320 may be configured to determine a security key needed to decrypt the encrypted D2D discovery information based at least in part on the applied security level. For example, if a common level of security has been applied, the D2D discovery controller 320 may determine that a common security key is needed to decrypt the D2D discovery information. As another example, if a private level of security has been applied, the D2D discovery controller 320 may determine that a private security key is needed to decrypt the D2D discovery information. In some example embodiments, the D2D discovery controller 320 may be configured to use a group identifier and/or a D2D transmitter ID that may be included in the D2D discovery signal to identify which private security key may be needed.
  • the D2D discovery controller 320 may use the security key to decrypt the encrypted portion, and may process the D2D discovery information. If, however, the receiving terminal is not permitted access to the needed security key, the D2D discovery controller 320 may discard the received signal without processing the signal. Accordingly, the D2D discovery controller 320 may avoid unnecessary processing overhead.
  • the D2D discovery controller 320 may use the pre-stored security key to decrypt the encrypted portion. If, however, the receiving terminal does not already have the required security key, the D2D discovery controller 320 may cause the terminal to send a request to the network apparatus 102 for the required security key. In an instance in which the terminal is permitted access to the key, the key management controller 218 may cause the requested security key to be distributed to the terminal in response to the request.
  • the D2D discovery controller 320 may be configured to use one or more security keys that may be distributed by the network apparatus 102 to encrypt one or more portions of the D2D discovery signal. Accordingly, the D2D discovery controller 320 may be configured to request a security key(s), if not already obtained, that may be needed to apply a desired level of security to a D2D discovery signal.
  • a header portion of a D2D discovery signal may be encrypted in addition to D2D discovery information in the D2D discovery signal.
  • the header portion may be encrypted with the same or a different key as a security key that is used to encrypt the D2D discovery information.
  • a common security key may be used to encrypt a header portion, while a private security key may be used to encrypt the D2D discovery information.
  • This arrangement may, for example, be represented as follows:
  • a first common security key may be used to encrypt a header portion, while a second common security key may be used to encrypt the D2D discovery information.
  • This arrangement may, for example, be represented as follows:
  • a first private security key may be used to encrypt a header portion, while a second private security key may be used to encrypt the D2D discovery information.
  • This arrangement may, for example, be represented as follows: I Private Key 1 1
  • the first private security key (e.g. private key 1) used to encrypt the header portion may differ in length compared to the second private security key (e.g. private key 2) used to encrypt the D2D discovery information portion.
  • the D2D discovery information portion may be encrypted with a key offering stronger encryption than a key that may be used to encrypt the header portion.
  • the header portion may be encrypted with a key offering stronger encryption than a key that may be used to encrypt the D2D discovery information portion.
  • the D2D discovery information portion and header portion may be encrypted with separate keys that may offer the same level of encryption.
  • the header portion of a D2D discovery signal may, for example, be encrypted using a private key for communications for which it may be desirable and/or necessary to be entirely encrypted, such as communications that may be sent and/or received by public safety entities, military units, government agencies, and/or the like.
  • a designated private security key that may only be available to authorised policemen may be used to cipher a header portion of a D2D discovery signal intended for other policemen.
  • Private Key 1-1 may be used for/by firemen
  • Private Key 1-2 may be used for/by policemen; etc...
  • Private Key 2-1 and Private Key 2-2 may each respectively be any private security key that may be used by the sending and intended receiving entities.
  • the key management controller 218 may be configured to periodically regenerate security keys.
  • a security key may be replaced with an updated security key, such that the replaced security key may no longer be valid for use.
  • Key regeneration may accordingly mitigate instances in which a security key may be obtained by an unauthorised entity.
  • the regeneration period may be defined based at least in part on a desired level of security.
  • the key management controller 218 may be configured to cause a terminal apparatus 104 to be notified, such as via a push notification.
  • a D2D discovery controller 320 may obtain the updated security key responsive to the notification.
  • the D2D discovery controller 320 may request the updated security key from the network apparatus 102.
  • the updated security key may automatically be provided to the terminal apparatus such that the D2D discovery controller 320 may receive the updated security key automatically sent to the terminal.
  • FIG. 5 illustrates an example system for facilitating secure D2D discovery according to some example embodiments. The system of FIG.
  • the D2D server 502 may be configured to handle D2D registration and management of private groups, while the MME 504 may be configured to manage generation and distribution of security keys.
  • the D2D server 502 and MME 504 may be implemented on separate apparatus, or may comprise separate logical entities that may be implemented on a single apparatus.
  • the system of FIG. 5 illustrates an example of an embodiment in which functionality of the network apparatus 102 may be divided among multiple logical entities.
  • a D2D registration controller 220 may be associated with the D2D server 502, and may be configured to control D2D registration and group management functionality of the D2D server 502.
  • a key management controller 218 may be associated with the MME 504, and may be configured to control key management functionalities of the MME 504.
  • the system of FIG. 5 may further comprise a radio access network, which may be provided at least in part by one or more network access points 506.
  • a network access point 506 may, for example, comprise an eNB or the like.
  • One or more UEs 508 may access the network via the RAN, such as via a radio uplink to a network access point 506.
  • the D2D server 502 and MME 504 may be configured to interface with each other via the interface 510.
  • the interface 510 may, for example, be used to enable the D2D server 502 and MME 504 to communicate information regarding authentication of a UE 508 as associated with the network and/or as an authenticated member of a private group.
  • the MME 504 may consult the D2D server 502 via the interface 510 for validation that a UE 508 is permitted access to a requested security key.
  • a UE 508 may be configured to interface with the D2D server 502 via an interface 512.
  • the interface 512 may facilitate authentication of a UE 502, registration of a UE 502 to a private group, and/or the like.
  • a UE 508 may be configured to interface with the MME 504 via an interface 514.
  • the interface 514 may facilitate distribution of security keys to a UE 508. Communications over the interfaces 512 and 514 may, for example, be relayed via the network access point(s) 506.
  • FIG. 6 illustrates a flowchart according to an example method for obtaining a common security key according to some example embodiments.
  • FIG. 6 illustrates operations that may be performed at a terminal apparatus 302.
  • the operations illustrated in and described with respect to FIG. 6 may, for example, be performed by, with the assistance of, and/or under the control of one or more of the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, or D2D discovery controller 320.
  • the operations of the method of FIG. 6 may, for example, be performed prior to a need for the security key, such as prior to the security key being needed to decrypt a portion of a received D2D discovery signal. Additionally or alternatively, the operations of the method of FIG. 6 may be performed responsive to a determination that the security key is needed, such as to decrypt an encrypted portion of a received D2D discovery signal or to encrypt a portion of a D2D discovery signal to be sent.
  • Operation 600 may comprise a higher level, such as a user application or the network, initiating a D2D discovery process.
  • the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 600.
  • Operation 610 may comprise authenticating the terminal apparatus to the cellular network.
  • the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 610.
  • Operation 620 may comprise registering to a network apparatus (e.g., the network apparatus 102, D2D server 502, or the like).
  • a network apparatus e.g., the network apparatus 102, D2D server 502, or the like.
  • the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 620.
  • Operation 630 may comprise obtaining at least a common security key from the network responsive to authentication and registration of the terminal.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 630.
  • FIG. 7 illustrates a flowchart according to an example method for obtaining a private security key according to some example embodiments.
  • FIG. 7 illustrates operations that may be performed at a terminal apparatus 302.
  • the operations illustrated in and described with respect to FIG. 7 may, for example, be performed by, with the assistance of, and/or under the control of one or more of the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, or D2D discovery controller 320.
  • the operations of the method of FIG. 7 may, for example, be performed prior to a need for the security key, such as prior to the security key being needed to decrypt a portion of a received D2D discovery signal. Additionally or alternatively, the operations of the method of FIG.
  • Operation 700 may be performed responsive to a determination that the security key is needed, such as to decrypt an encrypted portion of a received D2D discovery signal or to encrypt a portion of a D2D discovery signal to be sent.
  • Operation 700 may comprise a higher level, such as a user application or the network, initiating a D2D discovery process.
  • the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 700.
  • Operation 710 may comprise authenticating the terminal apparatus to the cellular network.
  • the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 710.
  • Operation 720 may comprise registering to a network apparatus (e.g., the network apparatus 102, D2D server 502, or the like).
  • the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 720.
  • Operation 730 may comprise registering as a member of at least one private D2D group.
  • the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 730.
  • Operation 740 may comprise obtaining at least a private security key from the network responsive to registration and authentication of the terminal as a member of the D2D group.
  • FIG. 8 illustrates a flowchart according to an example method for updating a security key according to some example embodiments.
  • FIG. 8 illustrates operations that may be performed at a terminal apparatus 302.
  • the operations illustrated in and described with respect to FIG. 8 may, for example, be performed by, with the assistance of, and/or under the control of one or more of the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, or D2D discovery controller 320.
  • Operation 800 may comprise receiving a notification from the network indicating that a security key has been replaced with an updated security key.
  • the received notification may, for example, comprise a push notification.
  • the notification may comprise an indication that may be included in received system information.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 800.
  • Operation 810 may comprise obtaining the updated security key in response to the notification.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 810.
  • FIG. 9 illustrates a flowchart according to an example method for generating a secure D2D discovery signal according to some example embodiments.
  • FIG. 9 illustrates operations that may be performed at a terminal apparatus 302.
  • the operations illustrated in and described with respect to FIG. 9 may, for example, be performed by, with the assistance of, and/or under the control of one or more of the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, or D2D discovery controller 320.
  • Operation 900 may optionally comprise using a security key distributed by a network entity to encrypt D2D discovery information to be included in a D2D discovery signal.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 900.
  • Operation 910 may comprise generating a D2D discovery signal for transmission.
  • the generated D2D discovery signal may comprise D2D discovery information and an indication of a security level applied to the D2D discovery information.
  • the D2D discovery information included in the D2D discovery signal may comprise encrypted D2D discovery information, and the indication of the security level may be indicative of a security level of encryption applied to the D2D discovery information and a security key that may be needed to decrypt the D2D discovery information.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 910.
  • FIG. 10 illustrates a flowchart according to an example method for processing a received D2D discovery signal according to some example embodiments.
  • FIG. 10 illustrates operations that may be performed at a terminal apparatus 302.
  • the operations illustrated in and described with respect to FIG. 10 may, for example, be performed by, with the assistance of, and/or under the control of one or more of the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, or D2D discovery controller 320.
  • Operation 1000 may comprise receiving a D2D discovery signal comprising D2D discovery information and an indication of a security level applied to the D2D discovery information.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 1000.
  • Operation 1010 may comprise determining, based at least in part on the indication, the security level applied to the D2D discovery information.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 1010.
  • FIG. 11 illustrates a flowchart according to another example method for processing a received D2D discovery signal according to some example embodiments.
  • FIG. 11 illustrates operations that may be performed at a terminal apparatus 302.
  • the operations illustrated in and described with respect to FIG. 11 may, for example, be performed by, with the assistance of, and/or under the control of one or more of the processing circuitry 310, processor 312, memory 314, user interface 316, communication interface 318, or D2D discovery controller 320.
  • Operation 1100 may comprise receiving a D2D discovery signal.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 1100.
  • Operation 1110 may comprise determining the security level applied to an information part of the D2D discovery signal that includes D2D discovery information.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 1110.
  • the method may proceed to operation 1120, which may comprise processing the information part as it was received in the D2D discovery signal.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 1120.
  • the method may proceed to operation 1130, which may comprise utilising a common key to decrypt the information part.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 1130.
  • the method may proceed to operation 1140.
  • Operation 1140 may comprise checking one or more of a group identifier (ID) or a D2D transmitter ID that may be included in the D2D discovery signal, such as in a header portion of the signal.
  • ID group identifier
  • D2D transmitter ID may be included in the D2D discovery signal, such as in a header portion of the signal.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 1140.
  • Operation 1150 may comprise using the group ID and/or D2D transmitter ID to determine if the terminal has already obtained (e.g., has a pre-stored) a private security key that is usable to decrypt the information part.
  • operation 1150 may comprise determining whether the terminal has previously obtained a private security key associated with the group ID and/or with the D2D transmitter ID.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 1150.
  • Operation 1160 may comprise utilising the private key for decrypting the information part.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 1160.
  • Operation 1170 may comprise requesting the private security key from the network (e.g. from the network apparatus 102). The request may, for example, reference the group ID and/or D2D transmitter ID so that the network apparatus 102 may determine the appropriate private security key.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 1170.
  • Operation 1180 may comprise authentication of the terminal.
  • authentication of the terminal may enable the network apparatus 102 to verify that the terminal is permitted to receive the requested private security key.
  • operation 1190 may comprise receiving the requested security key.
  • the processing circuitry 310, processor 312, memory 314, communication interface 318, and/or D2D discovery controller 320 may, for example, provide means for performing operation 1190.
  • the method may proceed to operation 1160 in which the received security key may be used to decrypt the information part.
  • FIG. 12 illustrates a flowchart according to an example method for facilitating secure D2D discovery according to some example embodiments.
  • FIG. 12 illustrates operations that may be performed at a network apparatus 202.
  • the operations illustrated in and described with respect to FIG. 12 may, for example, be performed by, with the assistance of, and/or under the control of one or more of the processing circuitry 210, processor 212, memory 214, communication interface 218, key management controller 218, or D2D registration controller 220.
  • Operation 1200 may comprise determining that a terminal that has associated with a network has been authenticated to be permitted to receive a security key usable for one or more of decrypting or encrypting at least a portion of a D2D discovery signal.
  • the processing circuitry 210, processor 212, memory 214, communication interface 218, key management controller 218, and/or D2D registration controller 220 may, for example, provide means for performing operation 1200. Operation 1210 may comprise, responsive to the determination, causing the security key to be distributed to the terminal.
  • the processing circuitry 210, processor 212, memory 214, communication interface 218, key management controller 218, and/or D2D registration controller 220 may, for example, provide means for performing operation 1210.
  • FIG. 13 illustrates a flowchart according to an example method for distributing a common security key according to some example embodiments.
  • FIG. 13 illustrates operations that may be performed at a network apparatus 202.
  • the operations illustrated in and described with respect to FIG. 13 may, for example, be performed by, with the assistance of, and/or under the control of one or more of the processing circuitry 210, processor 212, memory 214, communication interface 218, key management controller 218, or D2D registration controller 220.
  • Operation 1300 may comprise generating a common security key.
  • the processing circuitry 210, processor 212, memory 214, communication interface 218, and/or key management controller 218 may, for example, provide means for performing operation 1300.
  • Operation 1310 may comprise causing distribution of the common security key to an authenticated terminal.
  • An authenticated terminal may, for example, comprise a terminal that has successfully authenticated itself to the network and associated with the network.
  • the processing circuitry 210, processor 212, memory 214, communication interface 218, key management controller 218, and/or D2D registration controller 220 may, for example, provide means for performing operation 1310.
  • the method may optionally further comprise operation 1320, which may comprise regenerating the common security key at predefined intervals and notifying the terminal that the previously distributed security key has been replaced with an updated security key.
  • operation 1320 may be performed in instances in which a higher degree of security is desired whereby security keys are periodically replaced.
  • the processing circuitry 210, processor 212, memory 214, communication interface 218, key management controller 218, and/or D2D registration controller 220 may, for example, provide means for performing operation 1320.
  • FIG. 14 illustrates a flowchart according to an example method for distributing a private security key according to some example embodiments. In this regard, FIG. 14 illustrates operations that may be performed at a network apparatus 202. The operations illustrated in and described with respect to FIG.
  • Operation 14 may, for example, be performed by, with the assistance of, and/or under the control of one or more of the processing circuitry 210, processor 212, memory 214, communication interface 218, key management controller 218, or D2D registration controller 220.
  • Operation 1400 may comprise generating a unique private security key for a D2D group.
  • the processing circuitry 210, processor 212, memory 214, communication interface 218, and/or key management controller 218 may, for example, provide means for performing operation 1400.
  • Operation 1410 may comprise associating the private security group with an identifier for the group and/or with identifiers for members of the group (e.g. transmitter IDs for members of the group).
  • a group identifier may be associated with the private security group along with identifiers for members of the group
  • the group identifier may facilitate decoding information encrypted using the private security key even if a single transmitter is a member of multiple private groups such that an identifier associated with the terminal may not be usable to uniquely identify the private security key.
  • the processing circuitry 210, processor 212, memory 214, communication interface 218, key management controller 218, and/or D2D registration controller 220 may, for example, provide means for performing operation 1410. Operation 1420 may comprise causing distribution of the private security key to an authenticated terminal.
  • An authenticated terminal may, for example, comprise a terminal that has registered to the D2D group associated with the private security key and been successfully authenticated as a member of the group.
  • the processing circuitry 210, processor 212, memory 214, communication interface 218, key management controller 218, and/or D2D registration controller 220 may, for example, provide means for performing operation 1420.
  • the method may optionally further include operation 1430, which may comprise maintaining a mapping of the private security key with the D2D group ID for the D2D group and/or D2D transmitter IDs associated with members of the D2D group. In this regard, the maintained mapping may be later used to facilitate key regeneration.
  • the processing circuitry 210, processor 212, memory 214, communication interface 218, key management controller 218, and/or D2D registration controller 220 may, for example, provide means for performing operation 1430.
  • the method may optionally additionally include operation 1440, which may comprise regenerating the private security key at predefined configured intervals and notifying the terminal that the previously distributed security key has been replaced with an updated security key.
  • operation 1440 may be performed in instances in which a higher degree of security is desired whereby security keys are periodically replaced.
  • the processing circuitry 210, processor 212, memory 214, communication interface 218, key management controller 218, and/or D2D registration controller 220 may, for example, provide means for performing operation 1440.
  • FIGS. 6 to 14 are flowcharts of operation of a system, method and program product according to example embodiments of the invention. It will be understood that each block of the flowcharts, and combinations of blocks in the flowcharts, may be implemented by various means, such as hardware, firmware, processor, circuitry and/or other device associated with execution of software including one or more computer program instructions. For example, one or more of the procedures described above may be embodied by computer program instructions. In this regard, the computer program instructions which embody the procedures described above may be stored by a memory device of an apparatus employing an embodiment of the present invention and executed by a processor in the apparatus.
  • any such computer program instructions may be loaded onto a computer or other programmable apparatus (e.g., hardware) to produce a machine, such that the resulting computer or other programmable apparatus provides for implementation of the functions specified in the flowcharts block(s).
  • These computer program instructions may also be stored in a non-transitory computer-readable storage memory that may direct a computer or other programmable apparatus to function in a particular manner, such that the instructions stored in the computer-readable storage memory produce an article of manufacture the execution of which implements the function specified in the flowcharts block(s).
  • the computer program instructions may also be loaded onto a computer or other programmable apparatus to cause a series of operations to be performed on the computer or other programmable apparatus to produce a computer-implemented process such that the instructions which execute on the computer or other programmable apparatus provide operations for implementing the functions specified in the flowcharts block(s).
  • blocks of the flowcharts support combinations of means for performing the specified functions and combinations of operations for performing the specified functions. It will also be understood that one or more blocks of the flowcharts, and combinations of blocks in the flowcharts, can be implemented by special purpose hardware-based computer systems which perform the specified functions, or combinations of special purpose hardware and computer instructions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé pour faciliter une découverte de dispositif à dispositif sécurisée. Le procédé peut comprendre la réception, dans un terminal (104), d'un signal de découverte de dispositif à dispositif (D2D). Le signal de découverte D2D peut comprendre des informations de découverte D2D et une indication d'un niveau de sécurité appliqué aux informations de découverte D2D incluses dans le signal de découverte D2D. Le procédé peut comprendre la détermination, sur la base au moins en partie de l'indication, du niveau de sécurité appliqué aux informations de découverte D2D. L'invention concerne également un appareil et un produit-programme d'ordinateur correspondants.
PCT/IB2013/051060 2012-02-10 2013-02-08 Procédé, appareil et programme d'ordinateur pour faciliter des informations de découverte d2d sécurisée Ceased WO2013118096A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1202376.8A GB2499247B (en) 2012-02-10 2012-02-10 Method, apparatus and computer program for facilitating secure D2D discovery information
GB1202376.8 2012-02-10

Publications (1)

Publication Number Publication Date
WO2013118096A1 true WO2013118096A1 (fr) 2013-08-15

Family

ID=45929972

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2013/051060 Ceased WO2013118096A1 (fr) 2012-02-10 2013-02-08 Procédé, appareil et programme d'ordinateur pour faciliter des informations de découverte d2d sécurisée

Country Status (2)

Country Link
GB (1) GB2499247B (fr)
WO (1) WO2013118096A1 (fr)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104469951A (zh) * 2013-09-25 2015-03-25 华为技术有限公司 一种资源分配的方法、装置及系统
WO2015063991A1 (fr) * 2013-10-30 2015-05-07 Nec Corporation Appareil, système et procédé de communication directe sécurisée dans des services reposant sur la proximité
WO2015065063A1 (fr) * 2013-10-30 2015-05-07 Samsung Electronics Co., Ltd. Procédé et appareil de confirmation d'identité à l'aide de clés asymétriques dans un réseau de communications directes sans fil
CN104618089A (zh) * 2013-11-04 2015-05-13 华为技术有限公司 安全算法的协商处理方法、控制网元和系统
WO2015112499A1 (fr) * 2014-01-22 2015-07-30 Futurewei Technologies, Inc. Groupe ad hoc sécurisé dans un réseau centré sur l'information
US20160242021A1 (en) * 2013-09-27 2016-08-18 Alcatel Lucent Method and device for discovery detection in device-to-device communication
CN106717095A (zh) * 2014-08-07 2017-05-24 阿尔卡特朗讯 无线通信网络控制节点和方法
WO2017105154A1 (fr) * 2015-12-17 2017-06-22 엘지전자 주식회사 Procédé et dispositif au moyen desquels un terminal de nan exécute une opération de télémétrie dans un système de communication sans fil
TWI625977B (zh) * 2016-11-15 2018-06-01 艾瑞得科技股份有限公司 用以認證通訊裝置下階群組之方法
JP2018517327A (ja) * 2015-04-10 2018-06-28 クゥアルコム・インコーポレイテッドQualcomm Incorporated 制限付き発見のための構成された近接サービスコードをセキュアにするための方法および装置
CN112235772A (zh) * 2020-10-23 2021-01-15 深圳市中诺通讯有限公司 一种基于5g d2d技术的实现终端隐藏功能的方法
WO2023142095A1 (fr) * 2022-01-29 2023-08-03 北京小米移动软件有限公司 Appareils et procédés de protection de message de découverte d'ue, ainsi que dispositif de communication et support de stockage
US20230396999A1 (en) * 2022-06-01 2023-12-07 Qualcomm Incorporated Methods for secure sidelink positioning

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2013204965B2 (en) 2012-11-12 2016-07-28 C2 Systems Limited A system, method, computer program and data signal for the registration, monitoring and control of machines and devices
KR20150035355A (ko) * 2013-09-27 2015-04-06 삼성전자주식회사 디스커버리 정보를 보안하는 방법 및 그 장치
JP6243192B2 (ja) * 2013-10-31 2017-12-06 株式会社Nttドコモ ユーザ端末及び端末間通信方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6052784A (en) * 1997-10-14 2000-04-18 Intel Corporation Network discovery system and method
US20070195760A1 (en) * 2006-02-23 2007-08-23 Mahfuzur Rahman Light weight service discovery protocol
EP2028795A1 (fr) * 2007-08-24 2009-02-25 Hopling Group B.V. Configuration d'un réseau maillé

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9838365B2 (en) * 2007-07-10 2017-12-05 Qualcomm Incorporated Peer to peer identifiers
US9197616B2 (en) * 2010-03-19 2015-11-24 Cisco Technology, Inc. Out-of-band session key information exchange

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6052784A (en) * 1997-10-14 2000-04-18 Intel Corporation Network discovery system and method
US20070195760A1 (en) * 2006-02-23 2007-08-23 Mahfuzur Rahman Light weight service discovery protocol
EP2028795A1 (fr) * 2007-08-24 2009-02-25 Hopling Group B.V. Configuration d'un réseau maillé

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
BYUNGGOO CHOI ET AL: "Enhanced SEND Protocol for Secure Data Transmission in Mobile IPv6 Environment", COMPUTATIONAL SCIENCES AND ITS APPLICATIONS, 2008. ICCSA '08. INTERNATIONAL CONFERENCE ON, IEEE, PISCATAWAY, NJ, USA, 30 June 2008 (2008-06-30), pages 214 - 220, XP031284160, ISBN: 978-0-7695-3243-1 *
VESA PEHKONEN ET AL: "Secure Universal Plug and Play network", INFORMATION ASSURANCE AND SECURITY (IAS), 2010 SIXTH INTERNATIONAL CONFERENCE ON, IEEE, PISCATAWAY, NJ, USA, 23 August 2010 (2010-08-23), pages 11 - 14, XP031777294, ISBN: 978-1-4244-7407-3 *

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104469951A (zh) * 2013-09-25 2015-03-25 华为技术有限公司 一种资源分配的方法、装置及系统
US20160242021A1 (en) * 2013-09-27 2016-08-18 Alcatel Lucent Method and device for discovery detection in device-to-device communication
WO2015063991A1 (fr) * 2013-10-30 2015-05-07 Nec Corporation Appareil, système et procédé de communication directe sécurisée dans des services reposant sur la proximité
WO2015065063A1 (fr) * 2013-10-30 2015-05-07 Samsung Electronics Co., Ltd. Procédé et appareil de confirmation d'identité à l'aide de clés asymétriques dans un réseau de communications directes sans fil
US10631162B2 (en) 2013-10-30 2020-04-21 Samsung Electronics Co., Ltd. Method and apparatus to perform device to device communication in wireless communication network
CN105706474A (zh) * 2013-10-30 2016-06-22 日本电气株式会社 基于邻近的服务中的安全直接通信所用的设备、系统和方法
JP2016538771A (ja) * 2013-10-30 2016-12-08 日本電気株式会社 端末間直接通信機能でのダイレクト通信のための装置、システムおよび方法
CN111030813A (zh) * 2013-10-30 2020-04-17 日本电气株式会社 移动通信系统、网络节点、用户设备及其方法
CN105706474B (zh) * 2013-10-30 2019-12-13 日本电气株式会社 基于邻近的服务中的安全直接通信所用的设备、系统和方法
US10212597B2 (en) 2013-10-30 2019-02-19 Nec Corporation Apparatus, system and method for secure direct communication in proximity based services
US10028136B2 (en) 2013-11-04 2018-07-17 Huawei Technologies Co., Ltd. Negotiation processing method for security algorithm, control network element, and control system
CN104618089A (zh) * 2013-11-04 2015-05-13 华为技术有限公司 安全算法的协商处理方法、控制网元和系统
US9313030B2 (en) 2014-01-22 2016-04-12 Futurewei Technologies, Inc. Method and apparatus for secure ad hoc group device-to-device communication in information-centric network
WO2015112499A1 (fr) * 2014-01-22 2015-07-30 Futurewei Technologies, Inc. Groupe ad hoc sécurisé dans un réseau centré sur l'information
CN106717095A (zh) * 2014-08-07 2017-05-24 阿尔卡特朗讯 无线通信网络控制节点和方法
JP2018517327A (ja) * 2015-04-10 2018-06-28 クゥアルコム・インコーポレイテッドQualcomm Incorporated 制限付き発見のための構成された近接サービスコードをセキュアにするための方法および装置
WO2017105154A1 (fr) * 2015-12-17 2017-06-22 엘지전자 주식회사 Procédé et dispositif au moyen desquels un terminal de nan exécute une opération de télémétrie dans un système de communication sans fil
TWI625977B (zh) * 2016-11-15 2018-06-01 艾瑞得科技股份有限公司 用以認證通訊裝置下階群組之方法
CN112235772A (zh) * 2020-10-23 2021-01-15 深圳市中诺通讯有限公司 一种基于5g d2d技术的实现终端隐藏功能的方法
WO2023142095A1 (fr) * 2022-01-29 2023-08-03 北京小米移动软件有限公司 Appareils et procédés de protection de message de découverte d'ue, ainsi que dispositif de communication et support de stockage
US20230396999A1 (en) * 2022-06-01 2023-12-07 Qualcomm Incorporated Methods for secure sidelink positioning
US12120507B2 (en) * 2022-06-01 2024-10-15 Qualcomm Incorporated Methods for secure sidelink positioning

Also Published As

Publication number Publication date
GB201202376D0 (en) 2012-03-28
GB2499247A (en) 2013-08-14
GB2499247B (en) 2014-04-16

Similar Documents

Publication Publication Date Title
WO2013118096A1 (fr) Procédé, appareil et programme d'ordinateur pour faciliter des informations de découverte d2d sécurisée
US11178125B2 (en) Wireless network connection method, wireless access point, server, and system
US10601594B2 (en) End-to-end service layer authentication
KR102398221B1 (ko) 무선 직접통신 네트워크에서 비대칭 키를 사용하여 아이덴티티를 검증하기 위한 방법 및 장치
US9717004B2 (en) Apparatus and method for sponsored connectivity to wireless networks using application-specific network access credentials
CN107409133B (zh) 一种具有完全前向保密的认证与密钥协商的方法以及设备
CN109314861B (zh) 获取密钥的方法、设备和通信系统
CN109413645B (zh) 接入认证的方法和装置
TWI812678B (zh) 終端訊息的傳遞方法及相關產品
EP2903322B1 (fr) Procédé et appareil de gestion de sécurité pour communication de groupe dans un système de communication mobile
US20160135041A1 (en) Wi-fi privacy in a wireless station using media access control address randomization
US20200228977A1 (en) Parameter Protection Method And Device, And System
US10271208B2 (en) Security support method and system for discovering service and group communication in mobile communication system
EP2815623B1 (fr) Sécurisation de la communication entre dispositifs au moyen d'une clé naf
KR102094216B1 (ko) 이동 통신 시스템 환경에서 프락시미티 기반 서비스 단말 간 발견 및 통신을 지원하기 위한 보안 방안 및 시스템
CN108990048B (zh) 确定终端设备的标识的方法和装置
TW201644292A (zh) 用於使用特定於應用的網路存取身份碼來進行到無線網路的受贊助連接的設備和方法(二)
KR101625037B1 (ko) Lte 망 초기 접속 구간에서 ue 식별 파라미터의 암호화 방법
EP3952374B1 (fr) Procédé et appareil de communication
AU2022230636B2 (en) Method and system for wlan multi-link tdls key derivation
US20240380730A1 (en) Enabling distributed non-access stratum terminations
US11330428B2 (en) Privacy key in a wireless communication system
CN120238860A (zh) 通信方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13713979

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13713979

Country of ref document: EP

Kind code of ref document: A1