cellular unicast link establishment for vehicle-to-vehicle (v2v) communication

专利摘要:
Aspects of the disclosure relate to a system, method and device for establishing a secure link for vehicle-to-vehicle (V2V) communication. A device may send a service announcement message to at least one other device via sidelink signaling. The service announcement message indicates the device's ability to perform a service and includes at least one device security certificate. The device establishes a secure deposit with at least one other device corresponding to the service by establishing a device key between the device and the at least one other device. The device then communicates service data for the service between the device and the at least one other device over the secure link based on the established device key. Other aspects, modalities and features are also claimed and described.
公开号:BR112020014058A2
申请号:R112020014058-9
申请日:2018-11-30
公开日:2020-12-01
发明作者:Michaela Vanderveen；Hong Cheng；Adrian Edward Escott
申请人:Qualcomm Incorporated；
IPC主号:

专利说明:

[0001] [0001] This application claims priority and benefit from Non-Provisional Application Serial No. 16/204,665 filed with the United States Patent and Trademark Office on November 29, 2018 and Interim Application Serial No. 62/617,281 filed with the U.S. Patent and Trademark Office Patent and Trademark Office on January 14, 2018, the entire contents of which are incorporated herein by reference, as if fully set forth below in full and for all applicable purposes. TECHNICAL FIELD
[0002] [0002] The technology discussed below generally refers to wireless communication systems and more particularly to establishing a secure link for vehicle-to-vehicle (V2V) communication. INTRODUCTION
[0003] [0003] Cellular vehicle-to-everything (V2X) is a vehicular communication system that allows communications from a vehicle to any entity that may affect the vehicle and vice versa. V2X can incorporate other, more specific types of communication, for example vehicle-to-infrastructure (V2I), vehicle-to-vehicle (V2V), vehicle-to-pedestrian (V2P), vehicle-to-device (V2D) and vehicle-to-grid (V2G).
[0004] [0004] In 3GPP Version 14, LTE-based communication was defined for a direct interface (eg PC5 interface) as well as a network interface (eg Uu interface). Currently, V2V communication via PC5 interface is broadcast. However, for later versions of 3GPP (eg version 16 and later), it is necessary to establish unicast links between vehicles for advanced use cases. A use case for 1-to-1 or 1-to-many V2V link scenarios might involve on-demand sharing of sensor data that cannot be broadcast supported. Another use case might involve a transparent camera feed, such as when a first vehicle wants to see in front of a second vehicle ahead of the first vehicle using the second vehicle's camera.
[0005] [0005] As the demand for unicast links between vehicles increases, solutions will be needed to, for example, find out if another vehicle supports a unicast link service, initiate the establishment of a unicast/multicast link, and establish a long key. term as a basis for link security bootstrap. BRIEF SUMMARY OF SOME EXAMPLES
[0006] [0006] The following is a simplified summary of one or more aspects of the present disclosure in order to provide a basic understanding of such aspects. This summary is not a comprehensive overview of all features contemplated in the disclosure, and is not intended to identify key or critical elements of all aspects of the disclosure or to outline the scope of any or all aspects of the disclosure. Its sole purpose is to present some concepts of one or more aspects of disclosure in a simplified form as a prelude to the more detailed description that will be presented later.
[0007] [0007] Aspects of disclosure refer to systems, methods and devices for establishing a secure link for vehicle-to-vehicle (V2V) communication.
[0008] [0008] In one example, a method operable on a device for establishing a secure link for vehicle-to-vehicle (V2V) communication is disclosed. The method includes sending a service announcement message to at least one other device via PC5 layer signaling, the service announcement message indicating the device's ability to perform a service and including at least one device security certificate. The method also includes establishing a secure link with at least one other device corresponding to the service, wherein establishing the secure link includes establishing a long-term key between the device and the at least one other device. The method further includes communicating service data between the device and the at least one other device over the secure link based on the established long-term key. The method also includes terminating service data communication based on at least one of the devices failing to receive a direct communication persistent (keepalive) message from at least one other device, the device detecting that the other device is not closer, or the device receiving a request from at least one other device to terminate service data communication.
[0009] [0009] In another example, a device for establishing a secure link for vehicle-to-vehicle communication
[0010] [0010] In a further example, a device for establishing a secure link for vehicle-to-vehicle (V2V) communication is disclosed. The device includes means for sending a service advertisement message to at least one other device via PC5 layer signaling, the service advertisement message indicating an ability of the device to perform a service and including at least one security certificate of the device . The device also includes means for establishing a secure link with at least one other device corresponding to the service, wherein the means for establishing the secure link includes means for establishing a long-term key between the device and the at least one other device. The device further includes means for communicating service data between the device and the at least one other device over the secure link based on the established long-term key. The device also includes means for terminating service data communication based on at least one failing to receive a persistent direct communication message from at least one other device, the device detecting that at least one other device is no longer in proximity, or the device receiving a request from at least one other device to terminate service data communication.
[0011] [0011] In another example, a computer readable medium storing computer executable code to establish a secure link in a device for vehicle-to-vehicle (V2V) communication is disclosed. The computer readable medium includes code for causing a computer to send a service announcement message to at least one other device via PC5 layer signaling, the service announcement message indicating the device's ability to perform a service and including at least one device security certificate. The code also causes the computer to establish a secure link with at least one other device corresponding to the service, where establishing the secure link includes establishing a long-term key between the device and the at least one other device. The code additionally causes the computer to communicate service data between the device and at least one other device via the secure link based on the established long-term key. The code also causes the computer to terminate service data communication based on at least one of the devices failing to receive a persistent direct communication message from at least one other device, the device detecting that at least one other device is no longer in proximity, or the device receiving a request from at least one other device to terminate service data communication.
[0012] [0012] In one example, a method operable on a device for establishing a secure link for vehicle-to-vehicle (V2V) communication is disclosed. The method includes receiving a service announcement message from a second device via sidelink signaling, the service announcement message indicating the ability of the second device to perform a service and including at least a security certificate from the second device. The method also includes establishing a secure link with the second device corresponding to the service,
[0013] [0013] In another example, a device for establishing a secure link for vehicle-to-vehicle (V2V) communication is disclosed. The device includes at least one processor, a transceiver communicatively coupled to the at least one processor, and a memory communicatively coupled to the at least one processor. The at least one processor is configured to receive a service advertisement message from a second device via sidelink signaling, the service advertisement message indicating the ability of the second device to perform a service and including at least one certificate of second device security. The at least one processor is also configured to establish a secure link with the second device corresponding to the service, wherein establishing the secure link includes establishing a device key between the device and the second device. The at least one processor is further configured to communicate service data for the service between the device and the second device over the secure link based on the established device key. The at least one processor is also configured to terminate service data communication based on at least one of the devices failing to send a persistent direct communication message to the second device, the device which is not in proximity to the second device, the device sending a request to the second device to terminate service data communication.
[0014] [0014] In a further example, a device for establishing a secure link for vehicle-to-vehicle (V2V) communication is disclosed. The device includes means for receiving a service announcement message from a second device via sidelink signaling, the service announcement message indicating the ability of the second device to perform a service and including at least a security certificate of the second device. The device also includes means for establishing a secure link with the second device corresponding to the service, wherein the means for establishing the secure link includes means for establishing a device key between the device and the second device. The device further includes means for communicating service data for the service between the device and the second device over the secure link based on the established device key. The device also includes means for terminating service data communication based on at least one of the devices failing to send a persistent direct communication message to the second device, the device is no longer in proximity to the second device, the device sending a request to the second device to terminate service data communication.
[0015] [0015] In another example, a computer-readable medium that stores computer-executable code to establish a secure link in a device for vehicle-to-vehicle (V2V) communication is disclosed. The computer readable medium includes code for causing a computer to receive a service announcement message from a second device via sidelink signaling, the service announcement message indicating the ability of the second device to perform a service and including at least one security certificate from the second device. The code also causes the computer to establish a secure link with the second device corresponding to the service, where establishing the secure link includes establishing a device key between the device and the second device. The code causes the computer to communicate service data for the service between the device and the second device via the secure link based on the established device key. The code also causes the computer to terminate service data communication based on at least one of the devices failing to send a persistent direct communication message to the second device, the device is no longer in proximity to the second device, the device by sending a request to the second device to end the service data communication.
[0016] [0016] These and other aspects of the invention will become more fully understood upon a review of the detailed description below. Other aspects, features and embodiments of the present invention will become apparent to those skilled in the art upon review of the following description of specific exemplary embodiments of the present invention in conjunction with the accompanying figures. While features of the present invention may be discussed with respect to certain embodiments and figures below, all embodiments of the present invention may include one or more of the advantageous features discussed herein. In other words, while one or more embodiments may be discussed as having certain advantageous features, one or more of those features may also be used in accordance with the various embodiments of the invention discussed herein. Similarly, while exemplary embodiments may be discussed below as device, system, or method embodiments, it should be understood that such exemplary embodiments may be implemented in various devices, systems, and methods. BRIEF DESCRIPTION OF THE DRAWINGS
[0017] [0017] Figure 1 is a schematic illustration of a wireless communication system.
[0018] [0018] Figure 2 is a conceptual illustration of an example of a radio access network.
[0019] [0019] Figure 3 is a schematic illustration of an organization of wireless resources on an air interface using orthogonal frequency division multiplexing (OFDM).
[0020] [0020] Figure 4 illustrates a protocol layer stack that represents the adaptation of communication standards to provide vehicle data protection for vehicle-to-vehicle (V2V)/vehicle-to-pedestrian (V2P) links.
[0021] [0021] Figure 5 illustrates a flow diagram representing the PC5 layer signaling for unicast secure link establishment.
[0022] [0022] Figure 6 illustrates an overview flowchart to establish a secure link between UEs.
[0023] [0023] Figure 7 illustrates a first example of a unicast secure session establishment message flow.
[0024] [0024] Figure 8 illustrates a second example of a unicast secure session establishment message flow.
[0025] [0025] Figure 9 illustrates an example of a multicast secure session establishment message flow.
[0026] [0026] Figure 10 illustrates a table 1002 representing the content of a service advertisement message.
[0027] [0027] Figure 11 is a conceptual diagram illustrating an example hardware implementation for an exemplary programmed entity employing a processing system.
[0028] [0028] Figure 12 is a flowchart illustrating an exemplary process for establishing a secure link for vehicle-to-vehicle (V2V) communication in accordance with some aspects of the present disclosure.
[0029] [0029] Figure 13 is a flowchart illustrating another exemplary process for establishing a secure link for vehicle-to-vehicle (V2V) communication in accordance with some aspects of the present disclosure. DETAILED DESCRIPTION
[0030] [0030] The detailed description set forth below in connection with the accompanying drawings is intended to be a description of various configurations and is not intended to represent the only configurations in which the concepts described herein may be practiced. The detailed description includes specific details in order to provide a complete understanding of various concepts. However, it will be apparent to those skilled in the art that these concepts can be practiced without these specific details. In some cases, known structures and components are shown in block diagram form to avoid obscuring these concepts.
[0031] [0031] Although aspects and modalities are described in this application by illustrating a few examples, those skilled in the art will understand that additional implementations and use cases may occur in many different arrangements and scenarios. The innovations described here can be implemented on many different types of platforms, devices, systems, shapes, sizes, packaging arrangements. For example, modalities and/or uses may arise through integrated chip modalities and other devices based on non-modular components (e.g. end-user devices, vehicles, communication devices, computing devices,
[0032] [0032] The cellular vehicle-to-everything (V2X) is a vehicular communication system that allows communication from a vehicle to any entity that can affect the vehicle and vice versa. V2X can incorporate other, more specific types of communication, such as vehicle-to-vehicle (V2V) communications. V2V communications are based on device-to-device (D2D) communications (which may be called ProSe communications or sidelink communications). In addition, V2V communications utilize a D2D interface designated as the PC5 interface (also known as a sidelink interface on a physical layer), which has been enhanced for vehicle use cases, specifically addressing high-speed, high-density (large number of we). Aspects of the present disclosure pertain to the use of security certificates linked to a vehicle-to-everything (V2X) service to establish keys for a unicast/groupcast link associated with those services. It may also be possible to link back to periodic security messages or basic security messages (BSMs), even though the security certificates used may be different. Other aspects related to service advertisement and security certificate information in a new PC5 signaling message. Other aspects are related to adapting a ProSe D2D/sidelink security procedure to support key derivation and different uses, based on the security certificate for V2X communication.
[0033] [0033] The various concepts presented throughout this disclosure can be implemented in a wide variety of telecommunications systems, network architectures, and communication standards. Referring now to Figure 1, as an illustrative example without limitation, various aspects of the present disclosure are illustrated with reference to a wireless communication system 100. The wireless communication system 100 includes three interaction domains: a core network 102, a radio access network (RAN) 104, and a user equipment (UE) 106. By virtue of the wireless communication system 100, the UE 106 can be enabled to perform data communication with an external data network 110, such as (but not limited to) the Internet.
[0034] [0034] The RAN 104 can implement any suitable wireless communication technology or technologies to provide radio access to the UE 106. As an example, the RAN 104 can operate in accordance with the New Radio (NR) specifications of the 3rd Project of 3rd Generation Partnership (3GPP), often referred to as 5G. As another example, RAN 104 can operate under a hybrid of 5G NR and Evolved Universal Terrestrial Radio Access Network (eUTRAN) standards, commonly referred to as LTE. 3GPP refers to this hybrid RAN as a next-generation RAN, or NG-RAN. Of course, many other examples can be used within the scope of the present disclosure.
[0035] [0035] As illustrated, the RAN 104 includes a plurality of base stations 108. In general terms, a base station is a network element in a radio access network responsible for transmitting and receiving radio in one or more cells of or for an EU. In different technologies, standards or contexts, a base station may be referred to variously by those skilled in the art as a base transceiver station (BTS), a radio base station, a radio transceiver, a transceiver function, a set of basic services ( BSS), an extended service set (ESS), an access point
[0036] [0036] Radio access network 104 is further illustrated supporting wireless communication for various mobile devices. A mobile device may be referred to as a user equipment (UE) in 3GPP standards, but may also be referred to by those skilled in the art as a mobile station (MS), subscriber station, mobile unit, subscriber unit, wireless unit, a remote unit, a mobile device, a wireless device, a wireless communication device, a remote device, a mobile subscriber station, an access terminal (AT), a mobile terminal, a mobile terminal, a wireless terminal, a remote terminal, a telephone set, a terminal, a user agent, a mobile client, a client, or some other suitable terminology. A UE may be a device that provides the user with access to network services.
[0037] [0037] In the present document, a "mobile" apparatus need not necessarily have the ability to move and may be stationary. The term mobile device or mobile device broadly refers to a diverse array of devices and technologies. UEs can include various structural hardware components sized, modeled, and laid out to aid communication; these components may include antennas, antenna arrays, RF chains, amplifiers, one or more processors, etc. electrically coupled to each other. For example, some non-limiting examples of a mobile device include a mobile phone, a cell phone
[0038] [0038] Wireless communication between a RAN 104 and a UE 106 can be described as using an air interface. Transmissions over the air interface from a base station (e.g., base station 108) to one or more UEs (e.g., UE 106) may be referred to as downlink (DL) transmission. In accordance with certain aspects of the present disclosure, the term downlink may refer to a point-to-multipoint transmission originating at a scheduling entity (described further below; e.g., base station 108). Another way of describing this scheme might be to use the term broadcast channel multiplexing. Transmissions from a UE (e.g. UE 106) to a base station (e.g. base station 108) may be called uplink (UL) transmissions. In accordance with other aspects of the present disclosure, the term uplink may refer to a point-to-point transmission originating from a scheduled entity (described further below; eg, UE 106).
[0039] [0039] In some examples, air interface access may be scheduled, where a scheduling entity (e.g., a base station 108) allocates resources for communication between some or all of the devices and equipment within its area or cell. service. In the present disclosure, as discussed further below, the scheduling entity may be responsible for scheduling, assigning, reconfiguring, and releasing resources for one or more scheduled entities. That is, for scheduled communication, UEs 106, which may be scheduled entities, may use resources allocated by the scheduling entity 108.
[0040] [0040] Base stations 108 are not the only entities that can function as programming entities. That is, in some examples, a UE can function as a programming entity, programming resources for one or more programmed entities (eg, one or more other UEs).
[0041] [0041] As illustrated in Figure 1, a scheduling entity 108 may broadcast downlink traffic 112 to one or more scheduled entities 106. In general terms, the scheduling entity 108 is a node or device responsible for scheduling traffic on a network. of wireless communication, including downlink traffic 112 and, in some examples, uplink traffic 116 from one or more scheduled entities 106 to scheduling entity 108. On the other hand, scheduled entity 106 is a node or device that receives downlink control information 114, including but not limited to scheduling information (for example, a lease), synchronization or timing information, or other control information from another entity on the wireless communication network, such as the entity of programming
[0042] [0042] In general, base stations 108 may include a backhaul interface for communicating with a backhaul portion 120 of the wireless communication system. Backhaul 120 may provide a link between a base station 108 and the core network 102. Furthermore, in some examples, a backhaul network may provide interconnection between respective base stations 108. Various types of backhaul interfaces may be employed, such as a direct physical connection, virtual connection, a virtual network, or the like using any suitable transport network.
[0043] [0043] Core network 102 may be part of wireless communication system 100 and may be independent of the radio access technology used in RAN 104. In some examples, core network 102 may be configured according to 5G standards ( e.g. 5GC). In other examples, the network core 102 may be configured according to a 4G Evolved Packet Core (EPC), or any other suitable standard or configuration.
[0044] [0044] Referring now to Figure 2, by way of example and without limitation, a schematic illustration of a RAN 200 is provided. In some examples, the RAN 200 may be the same as the RAN 104 described above and illustrated in Figure 1 The geographic area covered by the RAN 200 can be divided into cellular regions (cells) that can be uniquely identified by a user equipment (UE) based on an identification transmitted from an access point or base station. Figure 2 illustrates macro cells 202, 204 and 206 and a small cell 208, each of which may include one or more sectors (not shown). A sector is a subarea of a cell. All sectors in a cell are serviced by the same base station. A radio link within a sector can be identified by a unique logical identification belonging to that sector. In a cell that is divided into sectors, the multiple sectors within a cell can be formed by groups of antennas with each antenna responsible for communicating with the UEs in a portion of the cell.
[0045] [0045] In Figure 2, two base stations 210 and 212 are shown in cells 202 and 204; and a third base station 214 is shown controlling a remote radio head (RRH) 216 in cell 206. That is, a base station may have an integrated antenna or may be connected to an antenna or RRH by feeder cables. In the illustrated example, cells 202, 204, and 206 may be referred to as macrocells, as base stations 210, 212, and 214 support cells of a large size. In addition, a base station 218 is shown in the small cell 208 (e.g., a microcell, picocell, femtocell, home base station, home Node B, and home Node B, etc.) that may overlap with one or more macrocells. In this example, cell 208 may be referred to as a small cell, as base station 218 supports a cell having a relatively small size. Cell sizing can be done according to system design as well as component constraints.
[0046] [0046] It should be understood that the radio access network 200 may include any number of base stations and wireless cells. Additionally, a relay node can be deployed to extend the size or coverage area of a given cell. Base stations 210, 212, 214, 218 provide wireless access points to a core network for any number of mobile devices. In some examples, base stations 210, 212, 214 and/or 218 may be the same as base station/scheduling entity 108 described above and illustrated in Figure 1.
[0047] [0047] Figure 2 additionally includes a quadcopter or drone 220, which can be configured to function as a base station. That is, in some examples, a cell may not necessarily be stationary and the geographic area of the cell may move according to the location of a mobile base station, such as quadcopter 220.
[0048] [0048] Within the RAN 200, cells may include UEs that may be in communication with one or more sectors of each cell. In addition, each base station 210, 212, 214, 218 and 220 can be configured to provide an access point to a core network 102 (see Figure 1) for all UEs in the respective cells. For example, UEs 222 and 224 may be in communication with base station 210; UEs 226 and 228 may be in communication with base station 212; UEs 230 and 232 may be in communication with base station 214 via RRH 216; UE 234 may be in communication with base station 218; and UE 236 may be in communication with mobile base station 220. In some examples, UEs 222, 224, 226, 228, 230, 232, 234, 236, 238, 240 and/or 242 may be the same as the UE /programmed entity 106 described above and illustrated in Figure 1.
[0049] [0049] In some examples, a mobile network node
[0050] [0050] In another aspect of the RAN 200, sidelink signals can be used between UEs without necessarily relying on programming or control information from a base station. For example, two or more UEs (e.g., UEs 226 and 228) can communicate using point-to-point (P2P) or sidelink 227 signals without relaying that communication through a base station (e.g., base station 212). In a further example, UE 238 is illustrated communicating with UEs 240 and 242. Here, UE 238 may function as a scheduling entity or a primary sidelink device, and UEs 240 and 242 may function as a scheduled entity. or a non-primary (eg secondary) sidelink device. In yet another example, a UE may function as a scheduling entity in a device-to-device (D2D), point-to-point (P2P), or vehicle-to-vehicle (V2V) network and/or a mesh network. In an example mesh network, UEs 240 and 242 may optionally communicate directly with each other in addition to communicating with the scheduling entity 238. Thus, in a wireless communication system with scheduled access to frequency resources and with a cellular configuration, a P2P configuration, or a mesh configuration, a scheduling entity and one or more scheduled entities can communicate using the scheduled resources.
[0051] [0051] In some examples, programmed entities,
[0052] [0052] Various aspects of the present disclosure will be described with reference to an OFDM waveform, schematically illustrated in Figure 3. It should be understood by those skilled in the art that the various aspects of the present disclosure can be applied to a DFT-s waveform. -OFDMA in substantially the same manner as described here below. That is, while some examples in the present disclosure may focus on an OFDM link for clarity, it should be understood that the same principles can be applied to DFT-s-OFDMA waveforms as well.
[0053] [0053] Within the present disclosure, a frame refers to a duration of 10 ms for wireless transmissions, with each frame consisting of 10 subframes of 1 ms each. On a given carrier, there may be one frameset on the UL and another frameset on the DL. Referring now to Figure 3, an exploded view of an exemplary DL subframe 302 is illustrated, showing a grid of OFDM features 304. However, as those skilled in the art will readily appreciate, the PHY transmission structure for any particular application may vary. of the example described here, depending on any number of factors. Here, time is in the horizontal direction with OFDM symbol units; and the frequency is in the vertical direction with units of subcarriers or tones.
[0054] [0054] Resource grid 304 can be used to schematically represent time frequency resources for a given antenna port. That is, in a MIMO implementation with multiple antenna ports available, a corresponding multiple number of 304 resource grids may be available for communication. The resource grid 304 is divided into several resource elements (REs) 306. An RE, which is 1 subcarrier x 1 symbol, is the smallest discrete part of the time frequency grid and contains a single complex value that represents data from a physical channel or signal. Depending on the modulation used in a specific implementation, each RE can represent one or more bits of information. In some examples, a block of REs may be referred to as a block of physical resources.
[0055] [0055] A UE generally uses only a subset of the 304 resource grid. An RB may be the smallest unit of resources that can be allocated to a UE. Thus, the more RBs programmed for a UE, and the higher the modulation scheme chosen for the air interface, the higher the data rate for the UE.
[0056] [0056] In this illustration, the RB 308 is shown as taking up less than the entire bandwidth of the subframe 302, with some subcarriers illustrated above and below the RB 308. In a given implementation, the subframe 302 may have a bandwidth corresponding to any number of one or more RBs 308. Also, in this illustration, RB 308 is shown as taking up less than the entire duration of subframe 302, although this is just one possible example.
[0057] [0057] Each 1 ms 302 subframe may consist of one or more adjacent partitions. In the example shown in Figure 3, a subframe 302 includes four partitions 310, as an illustrative example. In some examples, a partition can be defined according to a specified number of OFDM symbols with a given cyclic prefix (CP) length. For example, a partition may include 7 or 14 OFDM symbols with a nominal CP. Additional examples may include shorter duration mini-partitions (eg one or two OFDM symbols). These mini-partitions may in some cases be broadcast occupying resources scheduled for ongoing partition broadcasts to the same or different UEs.
[0058] [0058] An expanded view of one of the partitions 310 illustrates the partition 310 including a control region 312 and a data region 314. In general, control region 312 may carry control channels (e.g. PDCCH) and region 314 may carry data channels (e.g., PDSCH or PUSCH). Obviously, a partition can contain all DL, all UL, or at least a portion of DL and at least a portion of UL. The simple structure illustrated in Figure 3 is merely exemplary in nature, and different partition structures may be used that may include one or more of each of the control region(s) and data region(s).
[0059] [0059] Although not illustrated in Figure 3, the various REs 306 within an RB 308 can be programmed to carry one or more physical channels, including control channels, shared channels, data channels, etc. Other REs 306 within the RB 308 may also carry pilot or reference signals, including but not limited to a demodulation reference signal (DMRS), a control reference signal (CRS), or an audible reference signal (SRS). These pilot or reference signals may provide a receiving device to perform channel estimation of the corresponding channel, which may allow coherent demodulation/detection of the control and/or data channels within the RB 308.
[0060] [0060] In a DL transmission, the transmitting device (e.g., scheduling entity 108) may allocate one or more REs 306 (e.g., within a control region 312) to carry DL control information 114 including a or more DL control channels that generally carry information originating from higher layers, such as a physical broadcast channel (PBCH), a physical downlink control channel (PDCCH), etc., to one or more programmed entities 106. In addition, DL REs can be allocated to carry physical DL signals that generally do not carry information from higher layers. These physical DL signals may include a primary synchronization signal (PSS); a secondary synchronization signal (SSS); demodulation reference signals (DM-RS); phase tracking reference signals (PT-RS); channel state information reference signals (CSI-RS); etc.
[0061] [0061] The PSS and SSS sync signals (collectively referred to as the SS) and, in some examples, the PBCH, can be transmitted in an SS block that includes 4 consecutive OFDM symbols, numbered by a time index in ascending order of 0 a 3. In the frequency domain, the SS block can span more than 240 contiguous subcarriers, with the subcarriers being numbered by a frequency index in ascending order of
[0062] [0062] The PDCCH may carry downlink control information (DCI) to one or more UEs in a cell, including but not limited to power control commands, scheduling information, a grant and/or an assignment of REs for transmissions DL and UL.
[0063] [0063] In a UL transmission, the transmitting device (e.g., programmed entity 106) may utilize one or more 306 REs to carry UL 118 control information originating from higher layers through one or more UL control channels , such as a physical uplink control channel (PUCCH), a physical random access channel (PRACH), etc., to the scheduling entity 108. In addition, UL REs can transmit physical UL signals that do not generally carry information originating from higher layers, such as demodulation reference signals (DM-RS), phase tracking reference signals (PT-RS), audible reference signals (SRS), etc. In some examples, control information 118 may include a scheduling request (SR), i.e., a request for scheduling entity 108 to schedule uplink transmissions. Here, in response to SR transmitted on control channel 118, scheduling entity 108 may transmit downlink control information 114 which may schedule resources for uplink packet transmissions. UL control information may also include hybrid auto-repeat request (HARQ) return, such as an acknowledgment (ACK) or negative acknowledgment (NACK), channel state information (CSI), or any other UL control information. proper. HARQ is a technique well known to those skilled in the art, whereby the integrity of packet transmissions can be verified on the receiving side for accuracy, for example, using any suitable integrity checking mechanism, such as a checksum or an integrity check. cyclic redundancy (CRC). If the integrity of the transmission is confirmed, an ACK can be transmitted, while, if not confirmed, a NACK can be transmitted. In response to a NACK, the transmitting device may send a HARQ retransmission, which may implement chase combination, incremental redundancy, etc.
[0064] [0064] In addition to the control information, one or more REs 306 (eg, within the data region 314) may be allocated for user data or traffic data. This traffic can be ported over one or more traffic channels, such as, for a DL transmission, a physical downlink shared channel (PDSCH); or for a UL transmission, a physical uplink shared channel (PUSCH).
[0065] [0065] In order for a UE to obtain initial access to a cell, the RAN can provide system information (SI) that characterizes the cell. This system information can be provided using minimal system information (MSI) and other system information (OSI). The MSI may be transmitted periodically by the cell to provide the most basic information required for initial access to the cell and to acquire any OSI that can be transmitted periodically or sent on demand. In some examples, the MSI can be provided on two different downlink channels. For example, the PBCH can carry a Master Information Block (MIB) and the PDSCH can carry a Type 1 System Information Block (SIB1). In the art, S1B1 may be referred to as the minimum remaining system information (RMSI).
[0066] [0066] OSI can include any SI that is not transmitted in the MSI. In some examples, the PDSCH may carry a plurality of SIBs, not limited to SIB1, discussed above. Here, OSI can be provided on these SIBs, eg S1B2 and above.
[0067] [0067] The channels or carriers described above and illustrated in Figures 1 and 3 are not necessarily all channels or carriers that may be used between a scheduling entity 108 and programmed entities 106, and those skilled in the art will recognize that other channels or carriers can be used in addition to those illustrated, such as other traffic, control and return channels.
[0068] [0068] These physical channels described above are usually multiplexed and mapped to port channels for handling in the medium access control (MAC) layer. Transport channels carry blocks of information called transport blocks (TB). The transport block size (TBS), which can correspond to a number of bits of information, can be a controlled parameter, based on the modulation and encoding scheme (MCS) and the number of RBs in a given transmission.
[0069] [0069] Aspects of this disclosure pertain to the application of encryption and/or integrity protection to vehicle-to-vehicle (V2V) communications. The type of protection and which layer to apply the protection to will be discussed. In certain respects, encryption protection may not be required, integrity protection may be required to prevent replays, and physical layer jamming (PHY) attacks may not be mitigated.
[0070] [0070] When encryption protection is applied using modern block encryption, encryption can cause small changes with large negative effects. A disadvantage of modern block ciphering is that, if encrypted, even a bit error in a received image can render the image useless after decryption. For example, when there are errors undetected by a cyclic redundancy check (CRC) on a frame, if only encryption is applied, a packet data convergence protocol (PDCP) layer will decrypt a protocol data unit (PDU) ) and send it to an application. The application may say that the frame was corrupted. A higher layer is not able to distinguish between an uncorrected channel error and malicious traffic injection.
[0071] [0071] When encryption protection is applied using modern stream encryption, encryption can cause minor changes to remain contained. With stream ciphers, an attacker who knows only the structure of a message can modify an encrypted message and adjust the CRC so that his modification is not detected. Therefore, stream encryption does not detect data breach by attackers. Stream ciphers may not even be one of the PDCP algorithms and may not be able to detect replay due to PDCP Seq.NR which is stream encrypted. As such, integrity protection can be more valuable than encryption protection in V2V communications.
[0072] [0072] When integrity protection is applied using message authorization codes, corrupted data blocks are detected by MAC failure. MAC failure will result in the PDCP PDU being discarded. As an upper layer may not provide integrity protection, bearer-level integrity protection is provided.
[0073] [0073] Figure 4 illustrates a protocol layer stack 400 representing the adaptation of communication standards to provide vehicle data protection for vehicle-to-vehicle (V2V)/vehicle-to-pedestrian (V2P) links. Data protection can apply to both IP (Internet Protocol) and non-IP applications.
[0074] [0074] In one aspect, for IP applications (e.g. non-security applications), data protection can be applied at an open systems interconnect (OSI) layer, such as a security log layer layer. transport (TLS). Data protection may use IPv6 protocol and may be partially covered in Internet Engineering Task Force (IETF) IP wireless access protocols vehicular environment protocols (IP-WAVE).
[0075] [0075] In an additional aspect, for non-IP applications (eg security applications), data protection can be applied at a message/transport layer of Intelligent Transport Systems (ITS). This is similar to Basic Security Message Protection (BSM), labeled "app layer" in 3GPP. Notably, IEEE 1609.2 may not provide an integrity protection-only mode, only encryption protection.
[0076] [0076] Data protection can also be applied on a 3GPP PDCP layer similar to a ProSe/D2D communication system. Data protection is applicable to PC5 transport. This is more efficient/robust for vehicular communication, supports all types of traffic and does not prohibit security at the upper layers. Details for establishing long-term keys will be described below.
[0077] [0077] Aspects of this disclosure pertain to the security of unicast link establishment based on PC5 signaling. In some respects, security certificates linked to a vehicle-to-everything (V2X) service can be used to establish keys for a unicast/groupcast link associated with those services. It may also be possible to relink to periodic security messages or basic security messages (BSMs), even though the security certificates used may be different. Other aspects are related to the announcement of service information and security certificate in a new PC5 signaling message. Other aspects are related to adapting a ProSe D2D/sidelink security procedure to support key derivation and different uses, based on the security certificate for V2X communication. Additional aspects related to impact on 3GPP standard specifications. For example, a definition of a new PC5 message for V2X communication potentially as part of the V2X (CT1) or MAC CE (RAN2) message headers is provided. In addition, a definition of a new information element (Info Element) and a modification of a security and key management procedure in SA3 is provided.
[0078] [0078] Figure 5 illustrates a flow diagram 500 representing PC5 layer signaling for secure unicast link establishment. In general, a high-level message flow might be as follows. First, a UE can advertise that it supports a sensor streaming service (e.g. camera feed service). The announcement can be sent via a New Service Announcement message on a PC5 interface. No vehicle information is included in the listing. The advertisement can be linked to a basic safety message (BSM) based on the vehicle ID or L21D of origin, as long as the BSM contains vehicle information to decide on the use of the unicast link. The advertisement may include a certificate/signature for service advertisements. The certificate can be different from a BSM certificate. Notably, IEEE 1609.2 certificates include both PSID and SSP. Therefore, it is possible that BSM certificates only have the PSID of safety messages and another certificate is required for vehicles wishing to provide a service. After the advertisement is sent, a credential can be established. For example, a session key encrypted with the recipient's public key can be sent. Subsequently, a three-way handshake can be performed based on ProSe Version 13 3GSP one-to-one communication.
[0079] [0079] In one aspect, UEs can be assumed to have certificates that are known to other UEs through signed messages. With reference to Figure 5, if a link is to be established between a first UE 502 (UE A) and a second UE 504 (UE B) (unicast case), the first UE 502 (UE A) or the second UE 504 (UE B) can choose a key. However, if a link is to be established between the first UE 502 (UE A) and a group of other UEs (multicast case), the first UE 502 (UE A) can choose a group key.
[0080] [0080] As shown in Figure 5 , the first UE 502 (UE A) may send an advertisement 506 indicating that the first UE 502 supports a sensor streaming service. Announcement 506 may be a New Service Announcement message sent via PC5 signaling. Advertisement message 506 may include higher layer parameters (e.g. 1P/UDP port numbers) and is signed with the first UE key 502. Advertisement message 506 may also include an identification (set) of current keys for a group of UEs in case a link is configured between the first UE 502 (UE A) and the group of UEs (multicast use case).
[0081] [0081] Thereafter, a secure link can be configured by means of a 508 handheld operation. In one aspect, the link is configured by adapting a one-to-one ProSe communication operation. For example,
[0082] [0082] When the link is configured, the traffic in the user plane between the first UE 502 (UE A) and the second UE 504 (UE B) (unicast use case) or between the first UE 502 (UE A) and a group of UEs (multicast use case), is 510 protected by PDCP layer security. In one aspect, an integrity protection-only mode can be provided for using V2X.
[0083] [0083] Figure 6 illustrates an overview flowchart 600 for establishing a secure link between UEs. A security system can leverage the credentials present, for example, temporary certificates for signing BSMs or a certificate for a service provider. In one aspect, the security system may adapt a one-to-one communications protocol ProSe 3GPP (TS 33.303, clause 6.5), such as a three-way handshake protocol with authentication/key establishment.
[0084] [0084] Referring to Figure 6, a first UE 602 (UE_1) may send a direct communication request/direct recall request message 606 to a second UE 604 (UE_2). Thereafter, the first UE 602 (UE_1) and the second UE 604 (UE_2) can optionally perform direct authentication and key establishment
[0085] [0085] In one aspect, the first UE 602 (UE_1) and the second UE 604 (UE_2) may not perform the 608 direct authentication and key establishment procedure. Figure 6 (eg steps 606, 610 and 612).
[0086] [0086] In another aspect, when the direct authentication and key establishment procedure 608 is performed, the first UE 602 (UE 1) and the second UE 604 (UE 2) can exchange messages to establish a long-term key. These messages can be transmitted on top of PC5 signaling. The protocols used may include well-known protocols such as EAP-TLS or other EAP exchanges,
[0087] [0087] In a further aspect, when the direct authentication and key establishment procedure 608 is performed, the long-term key can be sent via a new PC5 signaling message sent by the first UE 602 (UE 1) or the according to UE 604 (EU-2). The new PC5 signaling message can be called, for example, Key Exchange, which can contain a long-term device key (Ko) encrypted with another UE public key.
[0088] [0088] Figure 7 illustrates a first example of a unicast secure session establishment message flow 700. A first UE 702 (UE A) may send a service advertisement 706 indicating that the first UE 702 (UE A) supports a sensor streaming service. For example, service announcement 706 may be a New Service Announcement Message sent via PC5 signaling. Thereafter, a second UE 704 (UE B) may send a direct communication request 708 to the first UE 702 (UE A). The direct communication request 708 may include user information, such as the second UE 704 (UE B) certificate formatted in accordance with IEEE 1609.2, for example. Direct communication request message 708 may also include other parameters as defined above and defined below.
[0089] [0089] The first UE 702 (UE A) may send a first Key Exchange message 710 to the second UE 704 (UE B). The first Key Exchange message 710 may include user information which may optionally be set to the certificate of the first UE 702 (of UE A), a user key which may be set to a device key KD selected by the first UE 702 (UE A) and encrypted with the public key of the second UE 704 (from UE B), and the KD ID selected by the first UE 702 (UE A). Alternatively, the second UE 704 (UE B) may send a second Key Exchange message 712 to the first UE 702 (UE A). The second Key Exchange message 712 may include user information which may optionally be set to the certificate of the second UE 704 (UE B), a user key which may be set to a device key KD selected by the second UE 704 ( UE B) and encrypted with the public key of the first UE 702 (from UE A), and the KD ID selected by the second UE 704 (UE B). In one aspect, the first UE 702 (UE A) and the second UE 704 (UE B) may send their respective Exchange Key messages 710, 712 if each of the first UE 702 (UE A) and second UE 704 (UE B) send half of the KD.
[0090] [0090] Upon communication of the Key Exchange message(s), the first UE 702 (UE A) sends a direct security mode command message 714 to the second UE 704 (UE B). The direct security mode command message 714 is MACed and can include user information that is optionally configured for the certificate of the first UE 702 (UE A). Direct Safe Mode Command message 714 can also include other parameters as defined above and defined below.
[0091] [0091] Thereafter, the second UE 704 (UE B) sends a direct security mode complete message 716 to the first UE 702 (UE A). The full Direct Security Mode 716 message is encrypted and MACed, and may include the least significant byte (LSB) of the KD ID.
[0092] [0092] Finally, the first UE 702 (UE A) sends a direct communication acceptance message 718 to the second UE 704 (UE B). Upon sending the direct communication acceptance message 718, the data exchanged between the first UE 702 (UE A) and the second UE 704 (UE B) is securely encrypted and/or integrity protected.
[0093] [0093] Figure 8 illustrates a second example of a unicast secure session establishment message flow 800. A first UE 802 (UE A) may send a service advertisement 806 indicating that the first UE 802 supports a streaming service sensor. For example, service announcement 806 may be a New Service Announcement message sent via PC5 signaling. Thereafter, a second UE 804 (UE B) may send a direct communication request 808 to the first UE 802 (UE A). The 808 direct communication request may include user information, such as the second UE 804 (UE B) certificate formatted in accordance with IEEE 1609.2, for example.
[0094] [0094] In one aspect, direct 808 request message communication may also include other parameters, such as an IP address configuration, a Nonce_1 parameter, UE security capabilities, and the most significant byte (MSB) of an ID of KD session. The IP address configuration can be set to a link-local IPv6 address. The Nonce_1 parameter can be a "K D renewal" parameter and can be chosen randomly. The security capabilities of UEs can be a list of algorithms supported in the second UE 804 (UE B). The KD Session ID MSB can be a randomly chosen 8-bit parameter.
[0095] [0095] After receiving the direct communication request message 808, the first UE 802 (UE A) sends a direct security mode command message 810 to the second UE 804 (UE B). The 810 direct security mode command message is MACed and can include user information that is optionally configured for the certificate of the first UE 802 (UE A). The direct security mode 810 command message may also include other parameters, such as a user key, a Nonce_2 parameter, the least significant byte (LSB) of the KD session ID, UE security capabilities, and a chosen algorithm. The user key can be defined as the KD encrypted with the public key of the second UE 804 (from UE B) formatted according to the IEEE 1609.2 standard, for example. The Nonce_2 parameter can be a "KD renewal" parameter and can be chosen randomly. Session ID D can be a randomly chosen 8-bit parameter. The security capabilities of UEs can be configured to be the same as the list of algorithms included in the direct communication request message 808. The algorithm can be an algorithm selected from the list of algorithms in the UE security capabilities.
[0096] [0096] Thereafter, the second UE 804 (UE B) sends a complete message 812 in direct secure mode to the first UE 802 (UE A). The full Direct Security Mode 812 message is encrypted and MACed, and may include the least significant byte (LSB) of the KD ID.
[0097] [0097] Finally, the first UE 802 (UE A) sends a direct communication acceptance message 814 to the second UE 804 (UE B). Upon sending the direct communication acceptance message 814, the data exchanged between the first UE 802 (UE A) and the second UE 804 (UE B) is securely encrypted and/or integrity protected.
[0098] [0098] In an alternative aspect, the 808 direct communication request message includes user information, such as the second UE 804 (UE B) certificate, formatted in accordance with IEEE 1609.2, for example, and other parameters, such as a user key, an IP address setting, a Nonce_1 parameter, UE security capabilities, and the most significant byte (MSB) of a KD session ID. The user key can be defined as the KD encrypted with the certificate of the first UE 802 (from UE A) from service advertisement, formatted according to the IEEE 1609.2 standard, for example. The IP address configuration can be set to a link-local IPv6 address. The Nonce_1 parameter can be a “KD renewal” parameter and can be chosen randomly. The security capabilities of UEs can be a list of algorithms supported in the second UE 804 (UE B). The KD Session ID MSB can be a randomly chosen 8-bit parameter.
[0099] [0099] After receiving the direct communication request message 808, the first UE 802 (UE A) sends a direct security mode command message 810 to the second UE 804 (UE B). The direct security mode command message 810 is MACed and can include parameters such as a Nonce_2 parameter, the least significant byte (LSB) of the KD session ID, UE security capabilities, and a chosen algorithm. The Nonce_2 parameter can be a "K D renewal" parameter and can be chosen randomly. The KD Session ID LSB can be a randomly chosen 8-bit parameter. The security capabilities of the UE can be configured to be the same as the list of algorithms included in the direct communication request message 808. The chosen algorithm can be an algorithm selected from the list of algorithms in the security capabilities of the UE.
[0100] [0100] Thereafter, the second UE 804 (UE B) sends a direct security mode complete 812 message to the first UE 802 (UE A). The full Direct Security Mode 812 message is encrypted and MACed, and may include the least significant byte (LSB) of the KD ID.
[0101] [0101] Finally, the first UE 802 (UE A) sends a direct communication acceptance message 814 to the second UE 804 (UE B). Upon sending the direct communication acceptance message 814, the data exchanged between the first UE 802 (UE A) and the second UE 804 (UE B) is securely encrypted and/or integrity protected.
[0102] [0102] Figure 9 illustrates an example of a multicast secure session establishment message flow
[0103] [0103] Each 912 direct communication request message may also include other parameters, such as an IP address configuration and UE security capabilities. The IP address configuration can be set to a link-local IPv6 address. The security capabilities of UEs can be a list of algorithms supported by the sending UE.
[0104] [0104] After receiving the direct communication request messages 912, the first UE 902 (UE A) sends a direct security mode command message 914 to the group of UEs. Direct Security Mode Command message 914 is MACed and sent to a Layer 2 (L2) multicast destination address or an IPv6 multicast address. The direct security mode 912 command message includes user information defined for the first UE 902 (UE A) certificate, formatted according to IEEE 1609.2, for example. Direct security mode command message 912 also includes other parameters, such as information elements related to a user key, a Nonce_2 parameter, a KD session ID, UE security capabilities, and a chosen algorithm. The information elements related to the user key may include information elements defined as KD encrypted with the public keys of the UE group, respectively, for example, an information element defined for the KD encrypted with the public key of the second UE 904 ( of UE B), an information element defined for the KD encrypted with the public key of the third UE 906 (of the UE C), and an information element defined for the KD encrypted with the public key of the fourth UE 908 (of the UE D ). The Nonce_2 parameter can be a "KD renewal" parameter and can be chosen randomly. The KD Session ID can be defined as a randomly chosen 16-bit parameter. UE security capabilities can be configured to join the list of algorithms included in received 912 direct communication messages. The chosen algorithm may be an algorithm selected from the union of the list of algorithms in the UE security capabilities.
[0105] [0105] Thereafter, the second UE 904 (UE B), the third UE 906 (UE C) and the fourth UE 908 (UE D) can send a full security mode direct 916 message to the first UE 902 (UE A ). Each full Direct Security Mode 916 message is encrypted and MACed, and may include the least significant byte (LSB) of the KD ID.
[0106] [0106] Finally, the first UE 902 (UE A) sends a direct communication acceptance message 918 to the group of UEs. After the direct communication acceptance message 918 is sent, the data exchanged between the first 902 (UE A) and the group of UEs is securely encrypted and/or integrity protected.
[0107] [0107] In one aspect of disclosure, there are several options for deriving a key. In one option, a ProSe one-to-one communication operation can be closely followed. So the key can be derived based on KD. For KD, a key generated by the first UE 902 (or the second UE 904 (UE B)) can be used and sent in a new user key parameter, which can be given by higher layers. The key is encrypted with the recipient's public key. Then an algorithm (eg the algorithm in Annex A.9 of TS33.303) can be used to input two Nonces and the KD to obtain a KD-sess for a session.
[0108] [0108] In another option, ProSe one-to-one communication operation can be simplified. Instead of sending KD , KD-sess can be sent in the user key parameter. This makes fast rekey not possible. Also, Nonces is not required and can be set to zero. The algorithm for deriving KD is not applied.
[0109] [0109] Regardless of the above, the step of deriving a ProSe encryption key (PEK) and a ProSe integrity key (PIK) from KD-sess still applies. Only the PIK is used for data.
[0110] [0110] Figure 10 illustrates a table 1000 representing the content of a service advertisement message. The service announcement message can be sent in a new PC5 signaling protocol message. For security, the service advertisement message has a higher layer security similar to BSMs: IEEE 1609.2 security fields (header/trailer) or the PC5 equivalent of these. Integrity is required, and the sender's certificate is also useful so it doesn't have to be sent separately. A header can have a full certificate, not a digest. Alternatively, the service advertisement message can include an annunciator certificate in a PC5 Signaling (PC5-S) field.
[0111] [0111] According to aspects of disclosure, for unicast and multicast links, the service can terminate in various ways. In one example, a recipient may periodically send a persistent direct communication message (eg, every 2 seconds). This message can be defined in TS 24.334. When a service provider does not receive multiple persistent messages, it terminates the service flow.
[0112] [0112] In another example, the service provider may assume that the recipient wants the service while the recipient is close to the service provider. Thus, the service provider can rely on the periodic BSMs heard by the recipient to determine if the recipient is still nearby.
[0113] [0113] In an additional example, the recipient can specifically request termination of service via a direct communication release message. Such a message can be defined in 3GPP TS 24.334 and must be integrity protected.
[0114] [0114] In another example, the recipient can specifically request termination of service through a message similar to the service announcement message. For example, a service termination message may contain some of the parameters of the service advertisement message that the provider sent, for example IP address and port numbers. No lower layer information may be needed.
[0115] [0115] Figure 11 is a conceptual diagram illustrating an example hardware implementation for an exemplary programmed entity 1100 that employs a processing system 1114. In accordance with various aspects of the disclosure, an element, or any part of an element, or any combination of elements may be implemented with a processing system 1114 that includes one or more processors 1104. For example, the programmed entity 1100 may be a user equipment (UE) as illustrated in any one or more of Figures 1 and/or or 2.
[0116] [0116] The programmed entity 1100 may be implemented with a processing system 1114 that includes one or more processors 1104. Examples of processors 1104 include microprocessors, microcontrollers, digital signal processors (DSPs), field programmable gate arrays (FPGAs) , programmable logic devices (PLDs), state machines, gate logic, discrete hardware circuits, and other suitable hardware configured to perform the various functionality described throughout this disclosure. In various examples, programmed entity 1100 may be configured to perform any one or more of the functions described herein. That is, processor 1104, as used in a programmed entity 1100, may be used to implement any one or more of the processes and procedures described below and illustrated in Figures 12 and 13.
[0117] [0117] In this example, the processing system 1114 can be implemented with a bus architecture, represented generally by the bus 1102. The bus 1102 can include any number of buses and interconnecting bridges, depending on the specific application of the processing system 1114 and of general design constraints. Bus 1102 communicatively couples various circuits, including one or more processors (represented generally by processor 1104), a memory 1105, and computer readable media (represented generally by computer readable medium 1106). Bus 1102 can also connect various other circuits, such as timing sources, peripherals, voltage regulators, and power management circuits, which are well known in the art and therefore will not be described further. A bus interface 1108 provides an interface between the bus 1102 and a transceiver 1110. The transceiver 1110 provides a communication interface or means for communicating with various other apparatus over a transmission medium. Depending on the nature of the device, a user interface 1112 (eg keyboard, display, speaker, microphone, joystick) may also be provided. Obviously, this user interface 1112 is optional and may be omitted in some examples, such as a base station.
[0118] [0118] In some aspects of the disclosure, processor 1104 may include service announcement communication circuits 1140 configured for various functions, including, for example, sending/receiving service announcement messages.
[0119] [0119] Processor 1104 is responsible for managing the bus 1102 and general processing, including executing software stored on computer readable medium 1106. Software, when executed by processor 1104, causes processing system 1114 to perform various functions described below for any particular device. Computer readable medium 1106 and memory 1105 may also be used to store data that is handled by processor 1104 when running the software.
[0120] [0120] One or more 1104 processors in the processing system can run software. Software shall be interpreted broadly as instructions, instruction sets, code, code segments, program code, programs, subprograms, software modules, applications, application software, software packages, routines, subroutines, objects, executables, execution tasks, procedures, functions, etc., whether referred to as software, firmware, middleware, microcode, hardware description language, or others. The software may reside on a computer readable medium 1106. The computer readable medium 1106 may be a non-transient computer readable medium. A non-transient computer readable medium includes, by way of example, a magnetic storage device (e.g. hard disk, floppy disk, magnetic tape), an optical disc (e.g. a
[0121] [0121] In one or more examples, the computer readable storage medium 1106 may include service announcement communication instructions 1150 configured for various functions, including, for example, sending/receiving service announcement messages. For example, the service advertisement communicating instructions 1150 may be configured to implement one or more of the functions described below with respect to Figure 12, including, for example, block 1202 and with respect to Figure 13,
[0122] [0122] Figure 12 is a flowchart illustrating an exemplary process 1200 for establishing a secure link for vehicle-to-vehicle (V2V) communication in accordance with some aspects of the present disclosure. As described below, some or all of the illustrated features may be omitted in a specific implementation within the scope of the present disclosure, and some illustrated features may not be necessary for the implementation of all embodiments. In some examples, process 1200 may be performed by a device (e.g., programmed entity 1100 illustrated in Figure 11 ). In some examples, process 1200 may be performed by any suitable apparatus or means to perform the functions or algorithms described below.
[0123] [0123] In block 1202, the device sends a service announcement message to at least one other device via sidelink signaling (eg PC5 layer). The service announcement message indicates the device's ability to perform a service and includes at least one device security certificate.
[0124] [0124] In block 1204, the device establishes a secure link with at least one other device corresponding to the service. Establishing the secure link includes establishing a device key (eg, long-term key) between the device and at least one other device.
[0125] [0125] In block 1206, the device communicates service data for the service between the device and the at least one other device over the secure link based on the established long-term key.
[0126] [0126] In block 1208, the device terminates service data communication based on a condition. For example, the device may terminate service data communication based on at least one of the devices failing to receive a persistent direct communication message from at least one other device, the device detecting that at least one other device does not closer, or the device receiving a request from at least one other device to terminate service data communication.
[0127] [0127] In one aspect, establishing the secure link includes receiving a direct communication request message from at least one other device, the direct communication request message including at least one security certificate from at least one other device , sending a direct safe mode command message to at least one other device, receiving a direct safe mode complete message from at least one other device, and sending a direct communication acceptance message to at least one other device .
[0128] [0128] In one aspect, at least one other device is a second device and the establishment of the long-term key includes generating the long-term key, encrypting the long-term key with a public key of the second device, and sending the key. encrypted long-term message to the second device subsequent to receiving the direct communication request message and before sending the direct safe mode command message.
[0129] [0129] In another aspect, the at least one other device is a second device and the establishment of the long-term key includes receiving the long-term key encrypted with a public key of the device from the second device subsequent to receipt of the message of direct communication request and before sending the direct safe mode command message.
[0130] [0130] In a further aspect, the at least one other device is a second device and establishment of the long-term key includes generating a first portion (e.g., the first half) of the long-term key, encrypting the first portion of the long-term key with a public key from the second device, send the first encrypted portion of the long-term key to the second device subsequent to receipt of the direct communication request message and before sending the direct security mode command message, and receiving a second portion (e.g., second half) of the long-term key encrypted with a device public key from the second device subsequent to receipt of the direct communication request message and prior to sending the mode command message. direct security.
[0131] [0131] In another aspect, the at least one other device is a second device and establishing the long-term key includes generating the long-term key, encrypting the long-term key with a public key of the second device, and sending the key long-term encrypted to the second device via direct safe-mode command message.
[0132] [0132] In a further aspect, the at least one other device is a second device and the establishment of the long-term key includes receiving from the second device via the direct communication request message the encrypted long-term key with the device's security certificate included in the service warning message.
[0133] [0133] In one aspect, the at least one other device is a plurality of devices and establishing the long-term key includes generating the long-term key, encrypting the long-term key with a public key from each of the plurality of devices for generating a plurality of information elements and sending the plurality of information elements to the plurality of devices via the direct safe mode command message.
[0134] [0134] In one embodiment, apparatus 1100 for wireless communication includes means for sending a service announcement message to at least one other device via sidelink signaling (e.g. PC5 layer), the service announcement message indicating the device's ability to perform a service and including at least one device security certificate, means for establishing a secure link with at least one other device corresponding to the service, wherein the means for establishing the secure link includes means for establishing a key (e.g. long-term key) between the device and at least one other device, means for communicating service data between the device and the at least one other device over the secure link based on the established long-term key, and means to terminate the communication of service data.
[0135] [0135] In one aspect, the aforementioned means may be the processor 1104 shown in Figure 11 configured to perform the functions recited by the aforementioned means. In another aspect, the aforementioned means may be a circuit or any apparatus configured to perform the functions recited by the aforementioned means.
[0136] [0136] Obviously, in the above examples, the circuit included in processor 1104 is merely provided as an example, and other means for performing the functions described may be included within various aspects of the present disclosure, including but not limited to instructions stored on the medium. computer readable storage 1106, or any other suitable apparatus or medium described in any of Figures 1 and/or 2, and using, for example, the processes and/or algorithms described herein with respect to Figure 12.
[0137] [0137] Figure 13 is a flowchart illustrating an exemplary process 1300 for establishing a secure link for vehicle-to-vehicle (V2V) communication in accordance with some aspects of the present disclosure. As described below, some or all of the illustrated features may be omitted in a specific implementation within the scope of the present disclosure, and some illustrated features may not be necessary for the implementation of all embodiments. In some examples, the process
[0138] [0138] In block 1302, the device receives a service announcement message from a second device via sidelink signaling (eg PC5 layer). The service announcement message indicates the ability of the second device to perform a service and includes at least one security certificate from the second device.
[0139] [0139] In block 1304, the device establishes a secure link with the second device corresponding to the service. Establishing the secure link includes establishing a device key (eg, long-term key) between the device and the second device.
[0140] [0140] In block 1306, the device communicates service data for the service between the device and the second device over the secure link based on the established long-term key.
[0141] [0141] In block 1308, the device terminates service data communication based on a condition. For example, the device may terminate service data communication based on at least one of the devices failing to send a persistent direct communication message to the second device, the device is no longer in proximity to the second device, or the device sending a request to the second device to terminate service data communication.
[0142] [0142] In one aspect, establishing the secure link includes sending a direct communication request message to the second device, the direct communication request message including at least one device security certificate, receiving a mode command message direct security mode from the second device, send a full security mode message direct to the second device, and receive a direct communication acceptance message from the second device.
[0143] [0143] In one aspect, establishing the long-term key includes generating the long-term key, encrypting the long-term key with a public key from the second device, and sending the encrypted long-term key to the subsequent second device for the sending the direct communication request message and before receiving the direct safe mode command message.
[0144] [0144] In another aspect, the establishment of the long-term key includes receiving the long-term key encrypted with a device public key from the second device subsequent to sending the direct communication request message and before receiving the message from direct safe mode command.
[0145] [0145] In a further aspect, establishing the long-term key includes generating a first portion (e.g., the first half) of the long-term key, encrypting the first portion of the long-term key with a public key of the second device, send the first encrypted portion of the long-term key to the second device subsequent to sending the direct communication request message and before receiving the direct safe-mode command message, and receiving a second portion (e.g., second half) of the long-term key encrypted with a device public key from the second device subsequent to sending the direct communication request message and before receiving the direct security mode command message.
[0146] [0146] In another aspect, establishing the long-term key includes generating the long-term key, encrypting the long-term key with a security certificate from the second device included in the service announcement message, and sending the long-term encrypted key deadline for the second device via the direct communication request message.
[0147] [0147] In a further aspect, the establishment of the long-term key includes receiving the long-term key encrypted with a device public key from the second device via the direct security mode command message.
[0148] [0148] In one embodiment, apparatus 1100 for wireless communication includes means for receiving a service announcement message from a second device via sidelink signaling (e.g. PC5 layer), the service announcement message indicating the ability of the second device to perform a service and including at least one security certificate of the second device, means for establishing a secure link with the second device corresponding to the service, wherein the means for establishing the secure link, including means for establishing a device key (e.g., long-term key) between the device and the second device, means for communicating service data between the device and the second device over the secure link based on the established long-term key, and means for terminating communication of service data.
[0149] [0149] In one aspect, the aforementioned means may be the processor 1104 shown in Figure 11 configured to perform the functions recited by the aforementioned means. In another aspect, the aforementioned means may be a circuit or any apparatus configured to perform the functions recited by the aforementioned means.
[0150] [0150] Obviously, in the above examples, the circuitry included in processor 1104 is merely provided as an example, and other means for performing the functions described may be included within various aspects of the present disclosure, including but not limited to instructions stored on computer-readable storage medium 1106, or any other suitable apparatus or medium described in any of Figures 1 and/or 2, and using, for example, the processes and/or algorithms described herein with respect to Figure 13.
[0151] [0151] Various aspects of a wireless communication network have been presented with reference to an exemplary implementation. As those skilled in the art will readily appreciate, various aspects described throughout this disclosure can be extended to other telecommunications systems, network architectures, and communication standards.
[0152] [0152] As an example, several aspects can be implemented within other systems defined by 3GPP, such as Long Term Evolution (LTE), the Evolved Packet System (EPS), the Universal System for Mobile Telecommunications (UMTS) and /or the Global System for Mobile (GSM). Several aspects can also be extended to systems defined by the 3rd Generation Partnership Project 2 (3GPP2), such as CDMA2000 and/or Optimized Data Evolution (EV-DO). Other examples can be implemented in systems employing IEEE 802.11 (Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802.20, Ultra Wide Band (UWB), Bluetooth and/or other suitable systems. The actual telecommunications standard, network architecture, and/or communication standard employed will depend on the specific application and general design constraints imposed on the system.
[0153] [0153] Within the present disclosure, the word "exemplary" is used to mean "serving as an example, case or illustration". Any implementation or aspect described herein as "exemplary" should not necessarily be construed as preferred or advantageous over other aspects of the disclosure. Likewise, the term "aspects" does not require that all aspects of the disclosure include the feature, advantage, or mode of operation discussed. The term "coupled" is used here to refer to the direct or indirect coupling between two objects. For example, if object A physically touches object B and object B touches object C, objects A and C can still be considered coupled to each other - even if they are not directly touching. For example, a first object can be coupled to a second object, even though the first object is never directly in physical contact with the second object. The terms "circuit" and "circuitry" are widely used and are intended to include hardware implementations of electrical devices and conductors that, when connected and configured, allow the performance of the functions described in this disclosure, without limitation as to the type of electronic circuits. , as well as software implementations of information and instructions that, when executed by a processor, enable the performance of the functions described in this disclosure.
[0154] [0154] One or more of the components, steps, features and/or functions illustrated in Figures 1-13 may be rearranged and/or combined into a single component, step, feature or function or incorporated into multiple components, steps or functions. Additional elements, components, steps and/or functions can also be added without departing from the new features disclosed here. The apparatus, devices, and/or components illustrated in Figures 1-13 can be configured to perform one or more of the methods, features, or steps described here. The new algorithms described here can also be efficiently implemented in software and/or embedded in hardware.
[0155] [0155] It should be understood that the specific order or hierarchy of steps in the disclosed methods is an illustration of exemplary processes. Based on design preferences, it is understood that the specific order or hierarchy of steps in the methods can be rearranged. The accompanying method claims present elements of the various steps in a sample order and are not limited to the specific order or hierarchy presented unless specifically recited in them.
[0156] [0156] The foregoing description is provided to enable anyone skilled in the art to practice the various aspects described herein. Various modifications in these aspects will be readily apparent to those skilled in the art and the general principles defined herein can be applied to other aspects. Thus, the claims are not intended to be limited to the aspects shown here, but should be given the full scope consistent with the language of the claims, where reference to an element in the singular is not intended to mean "one and only one" unless that is specifically indicated, but "one or more". Unless otherwise indicated, the term "some" refers to one or more. A phrase referring to “at least one of” a list of items refers to any combination of those items, including unique members. As an example, "at least one of: a, b, or c" is intended to cover: a; B ; ç; a and b; a and c; b and c; and a, b and c. All structural and functional equivalents to elements of the various aspects described throughout this disclosure that are known or will later become known to those skilled in the art are expressly incorporated herein by reference and are intended to be embraced by the claims. Furthermore, nothing disclosed in this document is intended to be dedicated to the public, regardless of whether such disclosure is explicitly recited in the claims.

权利要求:
Claims (30)
[1]
1. A method operable on a device for establishing a secure link for vehicle-to-vehicle (V2V) communication, the method comprising: sending a service announcement message to at least one other device via sidelink signaling, the announcement message service statement indicating the device's ability to perform a service and including at least one device security certificate; establishing a secure link with at least one other device corresponding to the service, wherein establishing the secure link includes establishing a device key between the device and the at least one other device; and communicating service data for the service between the device and the at least one other device over the secure link based on the established device key.
[2]
2. Method according to claim 1, wherein establishing the secure link comprises: receiving a direct communication request message from at least one other device, the direct communication request message including at least one certificate of security of at least one other device; send a direct safe mode command message to at least one other device; receive a full safe-mode message straight from at least one other device; and sending a direct communication acceptance message to at least one other device.
[3]
The method of claim 2, wherein at least one other device is a second device and establishing the device key comprises: generating the device key; encrypt the device key with a public key of the second device; and sending the encrypted device key to the second device upon receipt of the direct communication request message and before sending the direct security mode command message.
[4]
The method of claim 2, wherein at least one other device is a second device and establishing the device key comprises: receiving the device key encrypted with a device public key from the second device subsequent to the device. receipt of the direct communication request message and before sending the direct safe mode command message.
[5]
The method of claim 2, wherein at least one other device is a second device and establishing the device key comprises: generating a first portion of the device key; encrypting the first portion of the device key with a public key of the second device;
sending the first encrypted portion of the device key to the second device subsequent to receipt of the direct communication request message and prior to sending the direct security mode command message; and receiving a second portion of the device key encrypted with a device public key from the second device subsequent to receipt of the direct communication request message and prior to sending the direct security mode command message.
[6]
The method of claim 2, wherein at least one other device is a second device and establishing the device key comprises: generating the device key; encrypt the device key with a public key of the second device; and send the encrypted device key to the second device via direct safe mode command message.
[7]
A method according to claim 2, wherein at least one other device is a second device and establishing the device key comprises: receiving, from the second device via the direct communication request message, the encrypted device key with the device's security certificate included in the service announcement message.
[8]
The method of claim 2, wherein at least one other device is a plurality of devices and establishing the device key comprises: generating the device key; encrypting the device key with a public key from each of the plurality of devices to generate a plurality of information elements; and sending the plurality of information elements to the plurality of devices via the direct safe mode command message.
[9]
A method as claimed in claim 1, further comprising terminating service data communication based on at least one of: the device fails to receive a persistent direct communication message from at least one other device; the device detects that at least one other device is no longer in the vicinity; or the device receives a request from at least one other device to terminate service data communication.
[10]
10. Device for establishing a secure link for vehicle-to-vehicle (V2V) communication, comprising: means for sending a service announcement message to at least one other device via sidelink signaling, the service announcement message indicating an ability of the device to perform a service and including at least one device security certificate;
means for establishing a secure link with at least one other device corresponding to the service, wherein the means for establishing the secure link includes means for establishing a device key between the device and the at least one other device; and means for communicating service data for the service between the device and the at least one other device over the secure link based on the established device key.
[11]
11. Device according to claim 10, wherein the means for establishing the secure link is configured to: receive a direct communication request message from at least one other device, the direct communication request message including at least at least one security certificate from at least one other device; send a direct safe mode command message to at least one other device; receive a full safe-mode message straight from at least one other device; and sending a direct communication acceptance message to at least one other device.
[12]
The device of claim 11, wherein at least one other device is a second device and the means for establishing the device key is configured to: generate the device key; encrypt the device key with a public key of the second device; and sending the encrypted device key to the second device upon receipt of the direct communication request message and before sending the direct security mode command message.
[13]
A device according to claim 11, wherein at least one other device is a second device and the means for establishing the device key is configured to: receive the device key encrypted with a public key of the device from the device; second device subsequent to receiving the direct communication request message and before sending the direct safe mode command message.
[14]
The device of claim 11, wherein at least one other device is a second device and the means for establishing the device key is configured to: generate a first portion of the device key; encrypting the first portion of the device key with a public key of the second device; sending the first encrypted portion of the device key to the second device subsequent to receipt of the direct communication request message and prior to sending the direct security mode command message; and receiving a second portion of the device key encrypted with a device public key from the second device subsequent to receipt of the direct communication request message and prior to sending the direct security mode command message.
[15]
The device of claim 11, wherein at least one other device is a second device and the means for establishing the device key is configured to: generate the device key; encrypt the device key with a public key of the second device; and send the encrypted device key to the second device via direct safe mode command message.
[16]
Device according to claim 11, wherein at least one other device is a second device and the means for establishing the device key is configured to: receive, from the second device via the direct communication request message, the device key encrypted with the device's security certificate included in the service announcement message.
[17]
17. A method operable on a device for establishing a secure link for vehicle-to-vehicle (V2V) communication, the method comprising: receiving a service announcement message from a second device via sidelink signaling, the announcement message of service indicating the ability of the second device to perform a service and including at least one security certificate of the second device;
establishing a secure link with the second device corresponding to the service, wherein establishing the secure link includes establishing a device key between the device and the second device; and communicating service data for the service between the device and the second device over the secure link based on the established device key.
[18]
The method of claim 17, wherein establishing the secure link comprises: sending a direct communication request message to the second device, the direct communication request message including at least one device security certificate; receive a direct safe mode command message from the second device; send a full safe mode message straight to the second device; and receiving a direct communication acceptance message from the second device.
[19]
The method of claim 18, wherein establishing the device key comprises: generating the device key; encrypt the device key with a public key of the second device; and sending the encrypted device key to the second device after sending the direct communication request message and before receiving the direct security mode command message.
[20]
The method of claim 18, wherein establishing the device key comprises: receiving the device key encrypted with a device public key from the second device subsequent to sending the direct communication request message and before upon receipt of the direct safe mode command message.
[21]
The method of claim 18, wherein establishing the device key comprises: generating a first portion of the device key; encrypting the first portion of the device key with a public key of the second device; sending the first encrypted portion of the device key to the second device subsequent to sending the direct communication request message and before receiving the direct security mode command message; and receiving a second portion of the device key encrypted with a device public key from the second device subsequent to sending the direct communication request message and prior to receiving the direct security mode command message.
[22]
The method of claim 18, wherein establishing the device key comprises: generating the device key; encrypt the device key with a security certificate of the second device included in the service announcement message; and sending the encrypted device key to the second device via the direct communication request message.
[23]
The method of claim 18, wherein establishing the device key comprises: receiving the device key encrypted with a device public key from the second device via the direct security mode command message.
[24]
A method as claimed in claim 17, further comprising terminating service data communication based on at least one of: the device fails to send a direct communication persistent message to the second device; the device is no longer in proximity to the second device; or the device sends a request to the second device to terminate service data communication.
[25]
25. Device for establishing a secure link for vehicle-to-vehicle (V2V) communication, comprising: means for receiving a service announcement message from a second device via sidelink signaling, the service announcement message indicating the ability of the second device to perform a service and including at least one security certificate of the second device; means for establishing a secure link with the second device corresponding to the service, wherein the means for establishing the secure link, including means for establishing a device key between the device and the second device; and means for communicating service data for the service between the device and the second device over the secure link based on the established device key.
[26]
26. Device according to claim 25, wherein the means for establishing the secure link is configured to: send a direct communication request message to the second device, the direct communication request message including at least one certificate of device security; receive a direct safe mode command message from the second device; send a full safe mode message straight to the second device; and receiving a direct communication acceptance message from the second device.
[27]
The device of claim 26, wherein the means for establishing the device key is configured to: generate the device key; encrypt the device key with a public key of the second device; and sending the encrypted device key to the second device after sending the direct communication request message and before receiving the direct security mode command message.
[28]
Device according to claim 26, wherein the means for establishing the device key is configured to: receive the device key encrypted with a device public key from the second device subsequent to sending the request message direct communication and before receipt of direct safe mode command message; or receive the device key encrypted with the device's public key from the second device via the direct security mode command message.
[29]
The device of claim 26, wherein the means for establishing the device key is configured to: generate a first portion of the device key; encrypting the first portion of the device key with a public key of the second device; sending the first encrypted portion of the device key to the second device after sending the direct communication request message and before receiving the direct security mode command message; and receiving a second portion of the device key encrypted with a device public key from the second device subsequent to sending the direct communication request message and prior to receiving the direct security mode command message.
[30]
The device of claim 26, wherein the means for establishing the device key is configured to: generate the device key; encrypt the device key with a security certificate of the second device included in the service notice message; and sending the encrypted device key to the second device via the direct communication request message.

类似技术:

---

公开号 | 公开日 | 专利标题

---

US10939288B2|2021-03-02|Cellular unicast link establishment for vehicle-to-vehicle | communication

---

JP6827537B2|2021-02-10|Downlink control information piggyback on physical downlink shared channel

---

JP6565040B2|2019-08-28|Physical downlink control channel | allocation procedure

---

JP2020530246A|2020-10-15|Uplink transmission methods, terminal devices, and network devices

---

KR20200053507A|2020-05-18|Header formats in wireless communication

---

ES2836292T3|2021-06-24|Procedure and apparatus for re-establishing radio communication links due to radio link failure

---

BR112020004707A2|2020-09-08|system and method for selecting resources to transmit beam failure recovery request

---

BR112019010982A2|2019-10-15|crc bits for joint decoding and verification of control information using polar codes

---

US10757754B2|2020-08-25|Techniques for securing PDCP control PDU

---

EP3403386A2|2018-11-21|Key establishment for communications within a group

---

CN109076086B|2021-04-27|Secure signaling before performing authentication and key agreement

---

KR20170080588A|2017-07-10|Authenticating messages in a wireless communication

---

US20190215693A1|2019-07-11|Service-based access stratum | security configuration

---

BR112019022026A2|2020-05-12|TRANSMISSION OF UPLINK CONTROL INFORMATION |

---

BR112020000198A2|2020-07-07|uplink hop pattern modes for hybrid auto-repeat request | transmissions

---

BR112019015528A2|2020-03-17|PROJECTS OF VARIOUS GRAPHICS LOW DENSITY PARITY CHECK BASE

---

BR112020009678A2|2020-11-10|methods and devices for determining transport block size in wireless communication

---

US10230502B2|2019-03-12|Hybrid automatic repeat request buffer configuration

---

US11212321B2|2021-12-28|Group communication service enabler security

---

JP6651613B2|2020-02-19|Wireless communication

---

WO2019157721A1|2019-08-22|Method, device and system for configuring transmission parameters

---

US20210297853A1|2021-09-23|Secure communication of broadcast information related to cell access

---

US20210337381A1|2021-10-28|Peer-to-peer link security setup for relay connection to mobile network

---

US20210378042A1|2021-12-02|TCI Change Enhancement

---

EP3949323A1|2022-02-09|Methods and apparatus for secure access control in wireless communications

同族专利:

---

公开号 | 公开日

---

EP3738332A1|2020-11-18|

---

US20190223008A1|2019-07-18|

---

JP2021510959A|2021-04-30|

---

CN111567075A|2020-08-21|

---

KR20200108842A|2020-09-21|

---

WO2019139689A1|2019-07-18|

---

AU2018400748A1|2020-07-09|

---

US10939288B2|2021-03-02|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

---

US8515350B2|2011-04-11|2013-08-20|Qualcomm Innovation Center, Inc.|Resolving an application service change in a system using bluetooth|

---

US9717004B2|2015-03-17|2017-07-25|Qualcomm Incorporated|Apparatus and method for sponsored connectivity to wireless networks using application-specific network access credentials|

---

US10728249B2|2016-04-26|2020-07-28|Garrett Transporation I Inc.|Approach for securing a vehicle access port|

---

US10390221B2|2016-07-25|2019-08-20|Ford Global Technologies, Llc|Private vehicle-to-vehicle communication|US11121871B2|2018-10-22|2021-09-14|International Business Machines Corporation|Secured key exchange for wireless local area networkzero configuration|

---

EP3651533B1|2018-11-09|2022-02-23|ASUSTek Computer Inc.|Method and apparatus of improving connection for sidelink communication in a wireless communication system|

---

US10764029B1|2019-04-02|2020-09-01|Carey Patrick Atkins|Asymmetric Encryption Algorithm|

---

CN112351431A|2019-08-09|2021-02-09|华为技术有限公司|Method and device for determining safety protection mode|

---

CN112449323A|2019-08-14|2021-03-05|华为技术有限公司|Communication method, device and system|

---

WO2021026851A1|2019-08-15|2021-02-18|Zte Corporation|Sidelink capability information transmission and security between peer terminals|

---

US20210051473A1|2019-08-16|2021-02-18|Qualcomm Incorporated|Providing Secure Communications Between Computing Devices|

---

US11019670B1|2019-11-26|2021-05-25|Asustek Computer Inc.|Method and apparatus for sidelink signaling radio bearerestablishment in a wireless communication system|

---

US20210185521A1|2019-12-16|2021-06-17|Qualcomm Incorporated|Sidelink paired and unpaired states|

---

CN112640502A|2020-03-13|2021-04-09|华为技术有限公司|Communication method, device and system|

---

WO2021201358A1|2020-03-31|2021-10-07|엘지전자 주식회사|Method and terminal for processing security policy for v2x|

法律状态:
2021-12-07| B350| Update of information on the portal [chapter 15.35 patent gazette]|

优先权:

---

申请号 | 申请日 | 专利标题

---

US201862617281P| true| 2018-01-14|2018-01-14|

---

US62/617,281|2018-01-14|

---

US16/204,665|US10939288B2|2018-01-14|2018-11-29|Cellular unicast link establishment for vehicle-to-vehiclecommunication|

---

US16/204,665|2018-11-29|

---

PCT/US2018/063442|WO2019139689A1|2018-01-14|2018-11-30|Cellular unicast link establishment for vehicle-to-vehiclecommunication|

---