Secure communication link establishment for ue-to-ue relay

By receiving security information in the wireless communication network and using this information to establish a connection with the UE-to-UE relay device, the problem of insufficient security in the UE-to-UE communication link is solved, and a secure and reliable communication link is established.

CN116195351BActive Publication Date: 2026-07-03QUALCOMM INC

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
QUALCOMM INC
Filing Date
2021-10-01
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

In existing wireless communication networks, the security management and key negotiation mechanisms are insufficient during the establishment of direct communication links between UEs, making it difficult to guarantee the security of the communication links.

Method used

By receiving security information in the wireless communication network, including discovery parameters and relay security information, and using this information to establish a connection between the UE and the UE relay device, a secure communication link is achieved by establishing a secure connection between two remote UEs through the relay device.

Benefits of technology

It improves the security and reliability of UE-to-UE relay communication, ensuring the security and privacy protection of the communication link.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116195351B_ABST
    Figure CN116195351B_ABST
Patent Text Reader

Abstract

This involves user equipment (UE) to user equipment (UE-to-UE) relays in a communication system. At least two remote UEs and the UE-to-UE relay receive supplied security information from the wireless communication network, which includes discovery parameters and relay security information. The security information supplied by the wireless communication network can be used to establish a connection between the two UEs and the UE-to-UE relay, including the discovery of the UE-to-UE relay by the remote UEs. Furthermore, the supplied security information is used to establish a secure connection between the two remote UEs via the UE-to-UE relay.
Need to check novelty before this filing date? Find Prior Art

Description

[0001] Cross-references to related applications

[0002] This application claims priority and interest in non-provisional application S / N.17 / 491,371 filed with the U.S. Patent and Trademark Office on September 30, 2021, and provisional application No. 63 / 086,560 filed with the U.S. Patent and Trademark Office on October 1, 2020, the entire contents of which are incorporated herein by reference as fully set forth herein and for all applicable purposes. Technical Field

[0003] The technologies discussed below generally relate to wireless communication networks, and in particular to solutions for establishing secure communication links for UE-to-UE relays. Background Technology

[0004] Wireless communication between devices can be facilitated through various network configurations. In one configuration, a wireless network enables wireless communication devices (e.g., User Equipment (UE)) to communicate directly with each other via sidelinks (such as PC5 interfaces). For such sidelink connections, Proximity-Based Service Key Management (ProSe) and Direct Discovery Name Management (DDNMF) functions are employed.

[0005] A brief overview of some examples

[0006] The following provides an overview of one or more aspects of this disclosure to provide a basic understanding of these aspects. This overview is not an exhaustive summary of all the features conceived in this disclosure, and is neither intended to identify key or decisive elements of all aspects of this disclosure, nor to define the scope of any or all aspects of this disclosure. Its sole purpose is to provide some concepts of one or more aspects of this disclosure in one form as a prelude to the more detailed description that follows.

[0007] In one aspect, a method for conducting wireless communication at a user equipment (UE) in a wireless communication network is disclosed. The method includes receiving security information from the wireless communication network, wherein the security information includes discovery parameters and relay security information. Furthermore, the method includes using the received security information to establish a connection with a UE-to-UE (UE-to-UE) relay device, and using the received security information to establish a secure connection with at least a second UE via the UE-to-UE relay device.

[0008] According to other aspects, a user equipment (UE) in a wireless communication system is disclosed, the UE including a wireless transceiver, a memory, and a processor communicatively coupled to the wireless transceiver and the memory. The processor and the memory are configured to: receive security information from a wireless communication network, wherein the security information includes discovery parameters and relay security information; use the received security information to establish a connection with a user equipment-to-user equipment (UE-to-UE) relay device; and use the received security information to establish a secure connection with at least a second UE via the UE-to-UE relay device.

[0009] In several other aspects, a method for performing wireless communication in a user equipment (UE) to UE (UE to UE) relay within a wireless communication network is disclosed. The method includes receiving security information from the wireless communication network, wherein the security information includes discovery parameters and relay security information. Furthermore, the method includes establishing a secure communication link with at least a first user equipment (UE) and a second UE based on the received security information.

[0010] In a further aspect, a UE-to-UE relay in a wireless communication system is disclosed, comprising a wireless transceiver, a memory, and a processor communicatively coupled to the wireless transceiver and the memory. The processor and the memory are configured to: receive security information from a wireless communication network, wherein the security information includes discovery parameters and relay security information; and use the received security information to establish a secure communication link with at least a first user equipment (UE) and a second UE.

[0011] These and other aspects will be more fully understood after reading the following detailed description. Other aspects, features, and embodiments will become apparent to those skilled in the art after reading the following description of specific exemplary embodiments in conjunction with the accompanying drawings. Although features may be discussed below with respect to certain embodiments and drawings, all embodiments may include one or more of the advantageous features discussed herein. In other words, although one or more embodiments may be discussed having certain advantageous features, one or more such features may also be used according to the various embodiments discussed herein. Similarly, although exemplary embodiments may be discussed below as embodiments of devices, systems, or methods, such exemplary embodiments may be implemented in various devices, systems, and methods. Brief description of the attached diagram

[0013] Figure 1 It is based on the explanation of some aspects of wireless communication systems.

[0014] Figure 2 This is an explanation based on examples of radio access networks.

[0015] Figure 3This is a diagram illustrating an example of a frame structure for use in radio access networks, based on several aspects.

[0016] Figure 4 An example network architecture based on several aspects, including the 5G core network (5GC), is explained.

[0017] Figure 5 The call flow diagram illustrates an example process for implementing UE-to-UE communication via UE-to-UE relay, based on several aspects.

[0018] Figure 6 It is a block diagram illustrating an example of the hardware implementation of a network node or entity in a processing system based on some aspects.

[0019] Figure 7 It is a flowchart of a method for realizing UE-UE communication via network nodes, based on some aspects of network nodes.

[0020] Figure 8 This is a block diagram illustrating an example of the hardware implementation of a relay device in a processing system based on some aspects.

[0021] Figure 9 It is a flowchart of a method for realizing UE-UE communication via network nodes, based on some aspects.

[0022] Figure 10 This is another flowchart based on some aspects of a method for achieving UE-to-UE communication over a network.

[0023] Detailed description

[0024] The detailed description that follows, taken in conjunction with the accompanying drawings, is intended as a description of various configurations and is not intended to represent only the configurations in which the concepts described herein can be practiced. This detailed description includes specific details to provide a thorough understanding of the various concepts. However, it will be apparent to those skilled in the art that these concepts can be practiced without these specific details. In some instances, well-known structures and components are shown in block diagram form to avoid obscuring such concepts.

[0025] The electromagnetic spectrum is typically subdivided into various classes, bands, channels, etc., based on frequency / wavelength. In 5G NR, two initial operating bands have been designated as frequency ranges FR1 (410MHz–7.125GHz) and FR2 (24.25GHz–52.6GHz). It should be understood that although a portion of FR1 is greater than 6GHz, FR1 is generally (interchangeably) referred to as the “sub-6GHz” band in various documents and articles. Similar naming issues sometimes arise with FR2; although different from the Very High Frequency (EHF) band (30GHz–300GHz) designated as the “millimeter wave” band by the International Telecommunication Union (ITU), FR2 is generally (interchangeably) referred to as the “millimeter wave” band in various documents and articles.

[0026] The frequencies between FR1 and FR2 are generally referred to as intermediate frequency (IF) bands. Recent 5G NR studies have designated the operating bands of these IF bands as the frequency range designation FR3 (7.125 GHz – 24.25 GHz). Bands falling within FR3 can inherit FR1 and / or FR2 characteristics, thus effectively extending the features of FR1 and / or FR2 into the IF band. Additionally, higher frequency bands are currently being explored to extend 5G NR operation above 52.6 GHz. For example, three higher operating frequency bands have been designated as the frequency range designations FR4-a or FR4-1 (52.6 GHz – 71 GHz), FR4 (52.6 GHz – 114.25 GHz), and FR5 (114.25 GHz – 300 GHz). Each of these higher frequency bands falls within the EHF band.

[0027] In light of the foregoing, unless otherwise stated, it should be understood that, as used herein, the term "sub-6GHz" and the like can broadly refer to frequencies less than 6GHz, within FR1, or including intermediate frequency band frequencies. Furthermore, unless otherwise stated, it should be understood that, as used herein, the term "millimeter wave" and the like can broadly refer to frequencies that can include intermediate frequency band frequencies, within FR2, FR4, FR4-a or FR4-1 and / or FR5, or within the EHF band.

[0028] Various aspects of this disclosure relate to user equipment (UE) to user equipment (UE-to-UE) relay in a communication system. In some aspects, this disclosure relates to at least two remote UEs and a UE-to-UE relay receiving supplied security information from a wireless communication network, wherein the security information includes discovery parameters and relay security information. The security information supplied by the wireless communication network can be used to establish a connection between the two UEs and the UE-to-UE relay, including discovery of the UE-to-UE relay by the remote UEs. Furthermore, the supplied security information can be used to establish a secure connection between the two remote UEs via the UE-to-UE relay.

[0029] The various concepts presented throughout this disclosure can be implemented across a wide range of telecommunications systems, network architectures, and communication standards. Figure 1 Various aspects of a schematic diagram of a wireless communication system 100 have been explained. The wireless communication system 100 includes three interaction domains: a core network 102, a radio access network (RAN) 104, and a user equipment (UE) 106. The wireless communication system 100 enables the UE 106 to perform data communication with an external data network 110 (such as, but not limited to, the Internet).

[0030] RAN 104 can implement any suitable one or more wireless communication technologies to provide radio access to UE 106. As an example, RAN 104 can operate according to the 3rd Generation Partnership Project (3GPP) New Radio (NR) specification. As another example, such as in non-self-reliant (NSA) systems (including EN-DC systems), RAN 104 can operate in a hybrid of 5G NR and the Evolved Universal Terrestrial Radio Access Network (eUTRAN) standard (commonly referred to as LTE). 3GPP also refers to this hybrid RAN as a next-generation RAN, or NG-RAN. Additionally, many other examples can be utilized within the scope of this disclosure.

[0031] like Figure 1 As explained herein, RAN 104 includes multiple base stations 108. In different technologies, standards, or contexts, base station 108 may be referred to by those skilled in the art as a base transceiver station (BTS), radio base station, radio transceiver, transceiver function, basic service set (BSS), extended service set (ESS), access point (AP), B-node (NB), evolved B-node (eNB), next-generation B-node (gNB), transmit-receive point (TRP), or some other suitable term. In some examples, a base station may include two or more co-located or non-co-located TRPs. Each TRP may communicate on the same or different carrier frequencies within the same or different frequency bands.

[0032] RAN 104 is further explained as supporting wireless communication for multiple mobile devices. In 3GPP standards, a mobile device may be referred to as User Equipment (UE), but may also be referred to by those skilled in the art as a Mobile Station (MS), Subscriber Station, Mobile Unit, Subscriber Unit, Radio Unit, Remote Unit, Mobile Equipment, Radio Equipment, Wireless Communication Equipment, Remote Equipment, Mobile Subscriber Station, Access Terminal (AT), Mobile Terminal, Radio Terminal, Remote Terminal, Handheld Device, Terminal, User Agent, Mobile Client, Client, or any other suitable term. A UE may be a device (e.g., a mobile device) that provides users with access to network services.

[0033] Wireless communication between RAN 104 and UE 106 can be described as utilizing an air interface. Transmissions over the air interface from a base station (e.g., base station 108) to a UE (e.g., UE 106) can be referred to as downlink (DL) transmissions. According to certain aspects of this disclosure, the term downlink can refer to point-to-multipoint transmissions originating at a scheduling entity (further described below; e.g., base station 108). Another way to describe this scheme is to use the term broadcast channel multiplexing. Transmissions from a UE (e.g., UE 106) to a base station (e.g., base station 108) can be referred to as uplink (UL) transmissions. According to a further aspect of this disclosure, the term uplink can refer to point-to-point transmissions originating at a UE (e.g., UE 106).

[0034] In some examples, access to the air interface can be scheduled, where a scheduling entity (e.g., base station 108) allocates resources for communication among some or all of the equipment and devices within its service area or cell. Within this disclosure, as further discussed below, the scheduling entity may be responsible for scheduling, assigning, reconfiguring, and releasing resources for one or more scheduled entities. That is, for scheduled communication, UE 106 (which may be a scheduled entity) may utilize resources allocated by scheduling entity 108.

[0035] like Figure 1As explained, the base station or scheduling entity 108 may broadcast downlink traffic 112 to one or more UEs (e.g., UE 106). Broadly speaking, the base station or scheduling entity 108 may be configured as a node or device responsible for scheduling traffic (including downlink traffic 112 and, in some examples, uplink traffic 116 from UE 106 to scheduling entity 108) in a wireless communication network. UE 106 may also be configured as a node or device to receive downlink control information 114 (including, but not limited to, scheduling information (e.g., permission), synchronization or timing information), or other control information) from another entity in the wireless communication network (such as scheduling entity 108). Furthermore, UE 106 may send uplink control information 118 to base station 108, which includes, but is not limited to, scheduling information (e.g., permission), synchronization or timing information, or other control information.

[0036] Generally, base station 108 may include a backhaul interface for communicating with the backhaul section 120 of a wireless communication system. Backhaul 120 provides a link between base station 108 and core network 102. Furthermore, in some examples, the backhaul interface provides interconnection between respective base stations 108. Various types of backhaul interfaces can be employed, such as a direct physical connection using any suitable transport network, a virtual network, etc.

[0037] Core network 102 may be part of wireless communication system 100 and may be independent of the radio access technology used in RAN 104. In some examples, core network 102 may be configured according to 5G standards (e.g., 5GC). In other examples, core network 102 may be configured according to 4G evolved packet core (EPC) or any other suitable standard or configuration.

[0038] In some examples, access to the air interface can be scheduled, where a scheduling entity (e.g., base station 108) allocates resources for communication among some or all of the equipment and devices within its service area or cell. Within this disclosure, as further discussed below, the scheduling entity may be responsible for scheduling, assigning, reconfiguring, and releasing resources for one or more scheduled entities. That is, for scheduled communication, UE 106 (which may be a scheduled entity) may utilize resources allocated by the base station or scheduling entity 108.

[0039] Now refer to Figure 2The RAN 200 is provided as an example, not a limitation. RAN 200 can implement any one or more suitable wireless communication technologies to provide radio access. As an example, RAN 200 can operate according to the 3rd Generation Partnership Project (3GPP) New Radio (NR) specification (commonly referred to as 5G). As another example, RAN 200 can operate in a hybrid of 5G NR and the Evolved Universal Terrestrial Radio Access Network (eUTRAN) standard (commonly referred to as LTE). 3GPP refers to this hybrid RAN as Next Generation RAN, or NG-RAN. Of course, many other examples can be utilized within the scope of this disclosure.

[0040] The geographical area covered by the radio access network 200 can be divided into several cellular areas (cells), which can be uniquely identified by the user equipment (UE) based on an identifier broadcast in the geographical area from an access point or base station. Figure 2 Cells 202, 204, 206, and 208 are described, each of which may include one or more sectors (not shown). A sector is a sub-area of ​​a cell. All sectors within a cell are served by the same base station. Radio links within a sector may be identified by a single logical identifier belonging to that sector. In a cell divided into sectors, multiple sectors within the cell may be formed by an antenna array, where each antenna is responsible for communication with UEs in a portion of the cell.

[0041] Generally, each base station (BS) serves its respective cell. In a broader sense, a base station is a network element in a radio access network responsible for radio transmissions to and from a UE in one or more cells. A BS may also be referred to by those skilled in the art as a base transceiver station (BTS), radio base station, radio transceiver, transceiver function, basic service set (BSS), extended service set (ESS), access point (AP), B node (NB), evolved B node (eNB), g B node (gNB), transmit / receive point (TRP), or any other suitable term. In some examples, a base station may include two or more co-located or non-co-located TRPs. Each TRP may communicate on the same or different carrier frequencies within the same or different frequency bands. In an example where RAN200 operates according to both LTE and 5G NR standards, one of these base stations may be an LTE base station, while the other may be a 5G NR base station.

[0042] It can be deployed using various base stations. For example, in Figure 2In the illustration, two base stations 210 and 212 are shown in cells 202 and 204; and a third base station 214 is shown as a remote radio head (RRH) 216 controlling cell 206. That is, the base stations may have integrated antennas, or may be connected to the antenna or RRH via feed cables. In the illustrated example, cells 202, 204, and 206 may be referred to as macrocells because base stations 210, 212, and 214 support cells with large sizes. Furthermore, base station 218 is shown in cell 208, where cell 108 may overlap with one or more macrocells. In this example, cell 208 may be referred to as a small cell (e.g., microcell, picocell, femtocell, home base station, home B-node, home evolved B-node, etc.) because base station 218 supports cells with relatively small sizes. Cell size settings can be determined based on system design and component constraints.

[0043] It will be understood that the radio access network 200 may include any number of radio base stations and cells. Furthermore, relay nodes may be deployed to extend the size or coverage area of ​​a given cell. Base stations 210, 212, 214, and 218 provide radio access points to the core network for any number of mobile devices.

[0044] Figure 2 This further includes an unmanned aerial vehicle (UAV) 220, which may be a drone or a quadcopter. The UAV 220 can be configured to function as a base station, or more specifically as a mobile base station. That is, in some examples, the cell may not be stationary, and the geographical area of ​​the cell may move depending on the location of the mobile base station (such as the UAV 220).

[0045] Generally, a base station may include a backhaul interface for communicating with the backhaul portion (not shown) of the network. The backhaul provides a link between the base station and the core network (not shown), and in some examples, the backhaul provides interconnection between respective base stations. The core network may be part of a wireless communication system and may be independent of the radio access technology used in the radio access network. Various types of backhaul interfaces may be employed, such as a direct physical connection using any suitable transport network, a virtual network, etc.

[0046] RAN 200 is defined as supporting wireless communication for multiple mobile devices. Mobile devices are typically referred to as User Equipment (UE) in standards and specifications issued by the 3rd Generation Partnership Project (3GPP), but may also be referred to by those skilled in the art as Mobile Station (MS), Subscriber Station, Mobile Unit, Subscriber Unit, Radio Unit, Remote Unit, Mobile Equipment, Radio Equipment, Wireless Communication Equipment, Remote Equipment, Mobile Subscriber Station, Access Terminal (AT), Mobile Terminal, Radio Terminal, Remote Terminal, Handheld Device, Terminal, User Agent, Mobile Client, Client, or any other suitable term. A UE can be a device that provides users with access to network services.

[0047] For the purposes of this application, a "mobile" device does not necessarily need to be mobile and may be stationary. The term mobile device or mobile equipment refers to a wide variety of devices and technologies. For example, some non-limiting examples of mobile devices include mobile devices, cellular phones, smartphones, Session Initiation Protocol (SIP) phones, laptops, personal computers (PCs), laptops, netbooks, smartbooks, tablets, personal digital assistants (PDAs), and a wide variety of embedded systems, such as those corresponding to the "Internet of Things" (IoT). Additionally, a mobile device may be an automobile or other means of transportation, a remote sensor or actuator, a robot or robotic device, a satellite radio, a Global Positioning System (GPS) device, an object tracking device, a drone, a multi-rotor aircraft, a quadcopter, a remote control device, consumer and / or wearable devices (such as glasses), wearable cameras, virtual reality devices, smartwatches, health or fitness trackers, digital audio players (e.g., MP3 players), cameras, game consoles, etc. Mobile devices can also be digital or smart home devices, such as home audio, video and / or multimedia equipment, appliances, vending machines, smart lighting equipment, home security systems, smart meters, etc. Additionally, mobile devices can be smart energy devices, security devices, solar panels or solar arrays, municipal infrastructure equipment controlling electricity, lighting, water, etc. (e.g., smart grids), industrial automation and enterprise equipment, logistics controllers, agricultural equipment, etc. Furthermore, mobile devices can provide networked healthcare or telemedicine support, i.e., remote health care. Remote health care devices can include remote health monitoring devices and remote health supervision devices, whose communications can be given priority over other types of information, for example, through prioritized access to critical service data transmission and / or relevant QoS for critical service data transmission.

[0048] Within RAN 200, a cell may include UEs capable of communicating with one or more sectors of each cell. For example, UEs 222 and 224 may communicate with base station 210; UEs 226 and 228 may communicate with base station 212; UEs 230 and 232 may communicate with base station 216 via RRH 214; UE 234 may communicate with base station 218; and UE 236 may communicate with mobile base station 220. Here, each base station 210, 212, 214, 218, and 220 may be configured as an access point provided to the core network (not shown) for all UEs in the respective cell. In some examples, UAV 220 (e.g., a quadcopter) may be a mobile network node and may be configured to function as a UE. For example, UAV 220 may operate within cell 202 by communicating with base station 210.

[0049] Wireless communication between RAN 200 and UE (e.g., UE 222 or 224) can be described as utilizing an air interface. Transmissions over the air interface from a base station (e.g., base station 210) to one or more UEs (e.g., UEs 222 and 224) can be referred to as downlink (DL) transmissions. According to certain aspects of this disclosure, the term downlink can refer to point-to-multipoint transmissions originating at a scheduling entity (further described below; e.g., base station 210). Another way to describe this scheme is to use the term broadcast channel multiplexing. Transmissions from a UE (e.g., UE 222) to a base station (e.g., base station 210) can be referred to as uplink (UL) transmissions. According to a further aspect of this disclosure, the term uplink can refer to point-to-point transmissions originating at a scheduled entity (further described below; e.g., UE 222).

[0050] For example, DL transmission may include unicast or broadcast transmission of control information and / or traffic information (e.g., user data traffic) from a base station (e.g., base station 210) to one or more UEs (e.g., UEs 222 and 224), while UL transmission may include transmission of control information and / or traffic information originating at a UE (e.g., UE 222). Additionally, uplink and / or downlink control information and / or traffic information may be temporally divided into frames, subframes, time slots, and / or symbols. As used herein, a symbol may refer to a time unit carrying one resource element (RE) per subcarrier in an orthogonal frequency division multiplexing (OFDM) waveform. A time slot may carry 7 or 14 OFDM symbols. A subframe may refer to a duration of 1 ms. Multiple subframes or time slots may be grouped together to form a single frame or radio frame. Within this disclosure, a frame may refer to a predetermined duration (e.g., 10 ms) for wireless transmission, wherein each frame comprises, for example, 10 subframes, each 1 ms in length. Of course, these definitions are not required, and any suitable scheme can be used to organize the waveform, and the various time divisions of the waveform can have any suitable duration.

[0051] In some examples, access to the air interface can be scheduled, where a scheduling entity (e.g., a base station) allocates resources (e.g., time-frequency resources) for communication among some or all of its equipment and apparatus within its service area or cell. Within this disclosure, as further discussed below, the scheduling entity may be responsible for scheduling, assigning, reconfiguring, and releasing resources for one or more scheduled entities. That is, for scheduled communication, the UE or the scheduled entity utilizes resources allocated by the scheduling entity.

[0052] A base station is not the only entity that can be used as a scheduling entity. That is, in some examples, a UE can act as a scheduling entity to schedule resources for one or more scheduled entities (e.g., one or more other UEs). For example, two or more UEs (e.g., UEs 238, 240, and 242) can communicate with each other using sidelink signal 237 without relaying the communication through a base station. In some examples, UEs 238, 240, and 242 can each act as a scheduling entity or a transmitting sidelink device and / or a scheduled entity or a receiving sidelink device to schedule resources and relay sidelink signal 237 therebetween without relying on scheduling or control information from a base station. In other examples, two or more UEs (e.g., UEs 226 and 228) within the coverage area of ​​a base station (e.g., base station 212) can also relay sidelink signal 227 on a direct link (sidelink) without relaying the communication through base station 212. In this example, base station 212 can allocate resources to UEs 226 and 228 for sidelink communication. In either case, such sidelink signaling 227 and 237 can be implemented in peer-to-peer (P2P) networks, device-to-device (D2D) networks, vehicle-to-vehicle (V2V) networks, vehicle-to-everything (V2X) networks, mesh networks, or other suitable direct link networks.

[0053] In some examples, a D2D relay framework may be included within the cellular network to facilitate the relay of communications to / from base station 212 via a D2D link (e.g., side link 227 or 237). For example, one or more UEs (e.g., UE 228) within the coverage area of ​​base station 212 may operate as relay UEs to extend the coverage of base station 212, improve transmission reliability for one or more UEs (e.g., UE 226), and / or allow the base station to recover from failed UE links due to, for example, congestion or fading.

[0054] Two main technologies that can be used by V2X networks include Dedicated Short Range Communication (DSRC) based on the IEEE 802.11p standard and cellular V2X based on LTE and / or 5G (New Radio) standards. Various aspects of this disclosure may relate to New Radio (NR) cellular V2X networks, which, for simplicity, are referred to herein as V2X networks. However, it should be understood that the concepts disclosed herein are not limited to specific V2X standards, or may refer to sidelink networks other than V2X networks.

[0055] In another example of sidelink communication, cell 250 includes a base station, gNB, or RRH 252. Additionally, UE 254 and UE 256 can be configured to communicate via a UE-to-UE relay device 258 that radioly links UE 254 and 256. In one example, UE-to-UE relay device 258 can be a UE or a similar mobile device. The UE-to-UE relay 258 radio link is established via sidelink signaling 260 and 262 (which can be a PC5 link or a similar link).

[0056] To achieve a low block error rate (BLER) while still maintaining a very high data rate over the air interface, channel decoding can be used. That is, wireless communication typically utilizes appropriate error-correcting block codes. In a typical block code, an information message or sequence is broken down into code blocks (CBs), and an encoder (e.g., a CODEC) at the transmitting device then mathematically adds redundancy to the information message. Utilizing this redundancy in the encoded information message improves message reliability, thereby enabling the correction of any bit errors that may occur due to noise.

[0057] Data decoding can be implemented in several ways. In earlier 5G NR specifications, user data was decoded using quasi-cyclic low-density parity-check (LDPC) with two different basemaps: one basemap was used for large code blocks and / or high code rates, while the other basemap was used for other cases. Polarity decoding is used based on nested sequences to decode control information and the Physical Broadcast Channel (PBCH). For these channels, puncturing, shortening, and repetition are used for rate matching.

[0058] Various aspects of this disclosure can be implemented using any suitable channel code. Various implementations of the base station and UE may include suitable hardware and capabilities (e.g., encoders, decoders, and / or CODECs) to utilize one or more of these channel codes for wireless communication.

[0059] In RAN 200, the ability of a UE to communicate independently of its location while on the move is referred to as mobility. The various physical channels between the UE and the RAN are generally established, maintained, and released under the control of the Access and Mobility Management Function (AMF). In some scenarios, the AMF may include a Security Context Management Function (SCMF) and a Security Anchor Function (SEAF) that performs authentication. The SCMF can manage the security context of both the control plane and user plane functionalities, either entirely or partially.

[0060] In some examples, RAN 200 enables mobility and handover (i.e., the UE's connection is transferred from one radio channel to another). For example, during a call with a scheduling entity, or at any other time, the UE can monitor various parameters of the signal from its serving cell and various parameters of neighboring cells. Depending on the quality of these parameters, the UE can maintain communication with one or more neighboring cells. During this time, if the UE moves from one cell to another, or if the signal quality from a neighboring cell exceeds the signal quality from the serving cell for a given amount of time, the UE can perform a handover or handover from the serving cell to a neighboring (target) cell. For example, UE 224 can move from a geographic area corresponding to its serving cell 202 to a geographic area corresponding to a neighboring cell 206. When the signal strength or quality from the neighboring cell 206 exceeds the signal strength or quality from its serving cell 202 for a given amount of time, UE 224 can transmit a report message indicating this condition to its serving base station 210. In response, UE 224 can receive a handover command, and the UE can undergo a handover to cell 206.

[0061] In various implementations, the air interface in RAN 200 can utilize licensed spectrum, unlicensed spectrum, or shared spectrum. Licensed spectrum typically provides exclusive use of a portion of the spectrum by a mobile network operator purchasing a license from a government regulatory body. Unlicensed spectrum provides shared use of a portion of the spectrum without a government-granted license. While some technical rules generally still apply to accessing unlicensed spectrum, access is available to any operator or device. Shared spectrum falls between licensed and unlicensed spectrum, where technical rules or restrictions may be required for spectrum access, but the spectrum may still be shared by multiple operators and / or multiple RATs. For example, a licensee of a portion of licensed spectrum can provide Licensed Shared Access (LSA) to share that spectrum with other parties, for example, by utilizing conditions determined by the appropriate licensee.

[0062] The air interface in RAN 200 can utilize one or more multiplexing and multiple access algorithms to enable simultaneous communication between individual devices. For example, the 5G NR specification provides multiple access for UL or reverse link transmissions from UEs 222 and 224 to base station 210, and utilizes Orthogonal Frequency Division Multiplexing (OFDM) with a Cyclic Prefix (CP) to provide multiplexing for DL ​​or forward link transmissions from base station 210 to UEs 222 and 224. Additionally, for UL transmissions, the 5G NR specification provides support for Discrete Fourier Transform Extended OFDM (DFT-s-OFDM) with CP (also known as Single-Carrier FDMA (SC-FDMA)). However, within the scope of this disclosure, multiplexing and multiple access are not limited to the above schemes and can be provided using Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), Frequency Division Multiple Access (FDMA), Sparse Code Multiple Access (SCMA), Resource Extended Multiple Access (RSMA), or other suitable multiple access schemes. In addition, multiplexing of DL transmissions from base station 210 to UEs 222 and 224 can be provided using time division multiplexing (TDM), code division multiplexing (CDM), frequency division multiplexing (FDM), orthogonal frequency division multiplexing (OFDM), sparse code multiplexing (SCM) or other suitable multiplexing schemes.

[0063] Furthermore, the air interface in RAN 100 can utilize one or more duplex algorithms. Duplex refers to a point-to-point communication link where both endpoints can communicate with each other in both directions. Full-duplex means that both endpoints can communicate with each other simultaneously. Half-duplex means that only one endpoint can send information to the other endpoint at a time. Half-duplex simulation is typically implemented for wireless links using Time Division Duplex (TDD). In TDD, transmissions in different directions on a given channel are separated using time division multiplexing. That is, at some times, the channel is dedicated to transmissions in one direction, and at other times, it is dedicated to transmissions in the other direction, where the direction can change very rapidly, for example, several times per time slot. In wireless links, full-duplex channels generally rely on physical isolation between the transmitter and receiver, and appropriate interference cancellation techniques. Full-duplex simulation is typically implemented for wireless links using Frequency Division Duplex (FDD) or Space Division Duplex (SDD). In FDD, transmissions in different directions can operate at different carrier frequencies (e.g., within paired spectrum). In SDD, transmissions in different directions on a given channel are separated from each other using spatial division multiplexing (SDM). In other examples, full-duplex communication can be implemented within unpaired spectrum (e.g., within a single carrier bandwidth), where transmissions in different directions occur within different subbands of the carrier bandwidth. This type of full-duplex communication may be referred to herein as Subband Full-Duplex (SBFD), also known as flexible duplex.

[0064] Reference Figure 3The OFDM waveforms illustrated herein are used to describe various aspects of this disclosure. Those skilled in the art will understand that various aspects of this disclosure can be applied to SC-FDMA waveforms in substantially the same manner as described below. That is, while some examples of this disclosure may focus on OFDM links for clarity, it should be understood that the same principles can also be applied to SC-FDMA waveforms.

[0065] Now refer to Figure 3 An expanded view of exemplary DL subframe 302, showing the OFDM resource grid, is illustrated. However, as those skilled in the art will readily appreciate, the PHY transport architecture for any particular application can vary from the example described herein depending on any number of factors. Here, time is in the horizontal direction in units of OFDM symbols; while frequency is in the vertical direction in units of subcarriers.

[0066] Resource grid 304 can be used to schematically represent time-frequency resources for a given antenna port. That is, in a multiple-input multiple-output (MIMO) implementation with multiple antenna ports available, there can be corresponding multiple resource grids 304 available for communication. Resource grid 304 is divided into multiple resource elements (REs) 306. An RE (which is 1 subcarrier × 1 symbol) is the smallest discrete part of the time-frequency grid and contains a single complex number representing data from a physical channel or signal. Depending on the modulation used in a particular implementation, each RE may represent one or more information bits. In some examples, an RE block may be referred to as a physical resource block (PRB) or more simply as a resource block (RB) 308, which contains any suitable number of coherent subcarriers in the frequency domain. In one example, an RB may include 12 subcarriers, the number of which is independent of the parameter design used. In some examples, depending on the parameter design, an RB may include any suitable number of coherent OFDM symbols in the time domain. Within this disclosure, it is assumed that a single RB (such as RB 308) corresponds exactly to a single communication direction (transmission or reception for a given device).

[0067] A set of contiguous or discontinuous resource blocks may be referred to herein as a resource block group (RBG), subband, or bandwidth portion (BWP). A set of subbands or BWPs can span the entire bandwidth. Scheduling of a scheduled entity (e.g., a UE) for downlink, uplink, or sidelink transmissions typically involves scheduling one or more resource elements 306 within one or more subbands or bandwidth portions (BWPs). Thus, the UE generally utilizes only a subset of the resource grid 304. In some examples, an RB may be the smallest unit of resource that can be allocated to the UE. Therefore, the more RBs scheduled for the UE and the higher the modulation scheme selected for the air interface, the higher the UE's data rate. RBs can be scheduled by base stations (e.g., gNB, eNB, etc.) or can be self-scheduled by the UE implementing D2D sidelink communication.

[0068] In this explanation, RB 308 is shown to occupy less than the entire bandwidth of subframe 302, where some subcarriers above and below RB 308 are explained. In a given implementation, subframe 302 may have bandwidth corresponding to any number of one or more RB 308s. Furthermore, in this explanation, RB 308 is shown to occupy less than the entire duration of subframe 302, but this is merely one possible example.

[0069] Each 1ms subframe 302 may include one or more adjacent time slots. As an illustrative example, in... Figure 3 In the example shown, a subframe 302 includes four time slots 310. In some examples, time slots may be defined based on a specified number of OFDM symbols with a given cyclic prefix (CP) length. For example, a time slot may include 7 or 14 OFDM symbols with a nominal CP. Additional examples may include mini-time slots with shorter durations (e.g., one or two OFDM symbols). In some cases, these mini-time slots, or shortened transmission time intervals (TTIs), may occupy resources scheduled for ongoing time slot transmissions for the same or different UEs. Any number of resource blocks may be utilized within a subframe or time slot.

[0070] An expanded view of time slot 310 illustrates time slot 310 including control region 312 and data region 314. Generally, control region 312 may carry control channels, while data region 314 may carry data channels. Of course, a time slot may contain all DL, all UL, or at least one DL portion and at least one UL portion. Figure 3 The structure described herein is merely exemplary in nature and may utilize different time-slot structures, and may include one or more for each of the control region and data region.

[0071] Although not in Figure 3The explanation is as follows: However, each RE 306 within RB 308 can be scheduled to carry one or more physical channels, including control channels, shared channels, data channels, etc. Other REs 306 within RB 308 can also carry pilot or reference signals. These pilot or reference signals can be used by the receiver equipment to perform channel estimation for the corresponding channels, which enables coherent demodulation / detection of the control and / or data channels within RB 308.

[0072] In some examples, time slot 310 can be used for broadcast, multicast, groupcast, or unicast communications. For example, broadcast, multicast, or groupcast communications can refer to point-to-multipoint transmissions from one device (e.g., a base station, UE, or other similar device) to other devices. Here, broadcast communications are delivered to all devices, while multicast or groupcast communications are delivered to multiple target receiving devices. Unicast communications can refer to point-to-point transmissions from one device to a single other device.

[0073] In an example of cellular communication over a cellular carrier via the Uu interface, for DL ​​transmission, a scheduling entity (e.g., a base station) may allocate one or more REs 306 (e.g., within control area 312) to carry DL control information, including one or more DL control channels (such as the Physical Downlink Control Channel (PDCCH)), destined for one or more scheduled entities (e.g., UEs). The PDCCH carries downlink control information (DCI), including but not limited to power control commands for DL ​​and UL transmissions (e.g., one or more open-loop power control parameters and / or one or more closed-loop power control parameters), scheduling information, grants, and / or RE assignments. The PDCCH may further carry HARQ feedback transmissions, such as acknowledgment (ACK) or negative acknowledgment (NACK). HARQ is a technique well known to those skilled in the art, where, for accuracy, any suitable integrity verification mechanism (such as a checksum or cyclic redundancy check (CRC)) may be used to verify the integrity of packet transmissions at the receiving side. If the integrity of the transmission is acknowledged, an ACK may be transmitted, and if not, a NACK may be transmitted. In response to NACK, the transmitting device can send a HARQ retransmission, which enables catch-up retransmission, incremental redundancy, and so on.

[0074] The base station may further allocate one or more REs 306 (e.g., in control area 312 or data area 314) to carry other DL signals, such as demodulation reference signals (DMRS); phase tracking reference signals (PT-RS); channel state information (CSI) reference signals (CSI-RS); and synchronization signal blocks (SSBs). SSBs may be broadcast at regular intervals based on periodicity (e.g., 5, 10, 20, 40, 80, or 160 milliseconds). SSBs include the primary synchronization signal (PSS), secondary synchronization signal (SSS), and physical broadcast control channel (PBCH). The UE may utilize the PSS and SSS to achieve radio frame, subframe, time slot, and symbol synchronization in the time domain, identify the center of the channel (system) bandwidth in the frequency domain, and identify the physical cell identity (PCI) of the cell.

[0075] The PBCH in the SSB may further include: a Master Information Block (MIB), which includes various system information and parameters for decoding the System Information Block (SIB). The SIB may be, for example, System Information Type 1 (SIB1), which may include various additional system information. Together, the MIB and SIB1 provide the minimum system information (SI) for initial access. Examples of system information transmitted in the MIB may include, but are not limited to: subcarrier spacing (e.g., default downlink parameter design), system frame number, configuration of the PDCCH control resource set (CORESET) (e.g., PDCCH CORESET0), cell prohibition indicator, cell reselection indicator, raster offset, and search space for SIB1. Examples of residual minimum system information (RMSI) transmitted in SIB1 may include, but are not limited to, random access search space, paging search space, downlink configuration information, and uplink configuration information. The base station may also transmit other system information (OSI).

[0076] In UL transmissions, the scheduled entity (e.g., the UE) may use one or more RE 306s to carry UL control information (UCI) to the scheduling entity. This UL control information includes one or more UL control channels, such as the Physical Uplink Control Channel (PUCCH). The UCI may include various packet types and categories, including pilots, reference signals, and information configured to enable or assist in decoding uplink data transmissions. Examples of uplink reference signals may include probe reference signals (SRS) and uplink DMRS. In some examples, the UCI may include a scheduling request (SR), i.e., a request for the scheduling entity to schedule uplink transmissions. Here, in response to an SR transmitted on the UCI, the scheduling entity may transmit downlink control information (DCI), which can schedule resources for uplink packet transmissions. The UCI may also include HARQ feedback, channel state feedback (CSF) (such as CSI reports), or any other suitable UCI.

[0077] In addition to control information, one or more REs 306 (e.g., within data area 314) may also be allocated for data traffic. Such data traffic may be carried on one or more traffic channels, such as the Physical Downlink Shared Channel (PDSCH) for DL ​​transmissions, or the Physical Uplink Shared Channel (PUSCH) for UL transmissions. In some examples, one or more REs 306 within data area 314 may be configured to carry other signals, such as one or more SIBs and DMRS.

[0078] In an example of sidelink communication on a sidelink carrier via the Proximity Service (ProSe) PC5 interface, the control area 312 of time slot 310 may include a Physical Sidelink Control Channel (PSCCH) comprising sidelink control information (SCI) transmitted by an initiating (transmitting) sidelink device (e.g., a Tx V2X device or other Tx UE) to a set of one or more other receiving sidelink devices (e.g., Rx V2X devices or other Rx UEs). The data area 314 of time slot 312 may include a Physical Sidelink Shared Channel (PSSCH) comprising sidelink data traffic transmitted by the initiating (transmitting) sidelink device within resources reserved on the sidelink carrier by the transmitting sidelink device via the SCI. Further information may be transmitted on the respective REs 306 within time slot 310. For example, HARQ feedback information may be transmitted from the receiving sidelink device to the transmitting sidelink device in the Physical Sidelink Feedback Channel (PSFCH) within time slot 310. In addition, one or more reference signals, such as sidelink SSB, sidelink CSI-RS, sidelink SRS and / or sidelink positioning reference signal (PRS), can be transmitted in time slot 310.

[0079] These physical channels are typically multiplexed and mapped to transport channels for processing by the Media Access Control (MAC) layer. The transport channel carries blocks of information, called transport blocks (TBs). The transport block size (TBS) (which may correspond to the number of information bits) can be a controlled parameter based on the modulation and coding scheme (MCS) and the number of redundancies (RBs) in a given transmission.

[0080] Referenced above Figure 1-3 The channels or carriers described are not necessarily all the channels or carriers available between the scheduling entity and the scheduled entity, and those skilled in the art will recognize that other channels or carriers, such as other traffic, control, and feedback channels, may be available in addition to those described.

[0081] Figure 4 An example network architecture including the network control plane 400 of the 5G core network (5GC) 402 is described. As described, the 5GC 402 may include the 5G Direct Discovery Name Management Function (5G DDNMF) 404, Access and Mobility Management Function (AMF) 406, User Data Repository (UDR) 408, Session Management Function (SMF) 410, Network Development Function (NEF) 412, Policy Control Function (PCF) 414, User Plane Function (UPF) 416, and Unified Data Management (UDM) 418.

[0082] In some aspects, the AMF 406 supports termination of Non-Access Stratum (NAS) signaling, NAS encryption and integrity protection, registration management, connection management, mobility management, access authentication and authorization, and security context management. The SMF 410 supports session management (e.g., session establishment, modification, and release), UE IP address allocation and management, Dynamic Host Configuration Protocol (DHCP) functionality, termination of NAS signaling related to session management, DL data notification, and traffic bootstrapping configuration for the UPF 416 for proper traffic routing. Furthermore, the UPF 416 supports packet routing and forwarding, packet inspection, QoS handling, acts as an external PDU session point interconnected to the Data Network (DN) 420, and serves as an anchor point for intra- and inter-RAT mobility.

[0083] UDM 418 can be configured to generate authentication and key negotiation credentials, handle user identity, grant access authorization, and manage subscriptions. Furthermore, as an example, NEF 412 supports the opening of capabilities and events, the secure provisioning of information from external applications, and the conversion of internal / external information.

[0084] exist Figure 4In the example, the Next Generation Radio Access Network (NG-RAN) 422 (which includes one or more devices, such as gNBs) is functionally in communication with UPF 416 and AMF 406 and wirelessly communicates with individual UE devices via the Uu radio interface. In some examples, UE 1 424 can wirelessly link to NG-RAN 422 and can be used as a UE-to-network (U2N) relay for other remote UEs (such as UE 2 426) via a side link or PC5 interface. In such a scenario, the remote UE and the UE-to-network (U2N) relay UE receive discovery parameters and ProSe Key Management Function (PKMF) addresses from the 5G ProSe function or 5G DDNMF, while discovery security materials are received from the PKMF of the U2N relay node. To establish a U2N link, the remote UE sends a ProSe Remote User Key (PRUK) request message to the PKMF of the U2N relay. The PKMF then verifies that the remote UE is authorized to receive UE-to-network relay services. If the remote UE is authorized to receive the service, the PKMF sends the PRUK and PRUK ID to the remote UE. Discovery parameters and discovery security materials are used to perform a discovery procedure between the remote UE and the U2N relay.

[0085] Upon discovery, the remote UE can send a direct communication request, which includes the PRUKID, the relay service code (RSC) for the U2N relay service, and K. NRP Freshness parameter 1. The U2N relay then sends a message to the PKMF containing the PRUK ID, RSC, and K. NRP A key request message with a freshness parameter of 1. In response, PKMF generates a key. NRP Freshness parameter 2 uses PRUK and K identified by PRUKID. NRP Freshness parameters 1 and K NRP Freshness parameter 2 is used to derive K NRP And send a message containing K to the U2N relay. NRP Freshness parameters 1 and K NRP The key response message for freshness parameter 2.

[0086] In addition, the U2N relay sends a Direct Security Mode command message to the remote UE, which contains K NRP Freshness parameter 2 and based on K NRP Exported session key (K) NRP-会话 To protect the remote UE from its PRUK, RSC, K NRP Freshness parameter 1 and received K NRP Freshness parameter 2 exported K NRP Furthermore, the remote UE exports the session key (K) in the same manner as the U2N relay. NRP-会话The remote UE then responds to the network trunk with a direct secure mode completion message. Finally, the remote UE and the U2N trunk continue the remainder of the trunk service procedure on the secure PC5 link, depending on the UE-to-network trunk type (i.e., L2 or L3 trunk).

[0087] It's also important to note that, from an architectural perspective, 5G DDNMF 404 has similar functionality to the DDNMF portion of the ProSe function as defined in 3GPP TS 23.303. Furthermore, the UE will use NAS messages to obtain discovery parameters for open or constrained discovery.

[0088] In other respects, a UE or similar device can be used as a UE-to-UE (U2U) relay between two other UE devices via a PC5 link. As an example, UE 2 246 can be used as a U2U relay between a first remote UE 1 424 and another remote UE 3 430. It is important to note that in end-to-end communication (e.g., UE-to-UE communication via a U2U relay), protecting the information security between peer UEs or remote UEs (where the peer UE and remote UE can be considered the same type of UE device) via a U2U relay is crucial. Specifically, protecting the integrity and confidentiality of information exchanged between peer UEs via a U2U relay (which may be an untrusted network node) protects against various attacks, such as unauthorized disclosure and modification of information.

[0089] Figure 5 Call flow diagram 500 illustrates an example method for establishing a UE-to-UE (U2U) trunk connection, including protecting the integrity and confidentiality of information exchanged between at least two remote UEs via a U2U trunk. As shown, signaling occurs at remote UE 1 502, UE-to-UE trunk 504 (e.g., UE device, such as...), and other locations. Figure 4 Between UE 426, remote UE 2 506, 5GDDNMF 508, and U2U trunk 510 ProSe key management function (PKMF).

[0090] Before establishing a link via UE to UE relay 504, the network (e.g., Figure 4Box 402 is configured to supply discovery parameters and relay security information to both remote UEs 502 and 506, as well as the UE-to-UE relay 504, as shown in box 512. In a specific aspect, discovery parameters and ProSe Key Management Function (PKMF) addresses are supplied from the 5G DDNMF 508 to remote UEs 502 and 506 and the UE-to-UE (U2U) relay 504, and relay security material is supplied by the PKMF 510. Furthermore, security material for end-to-end security establishment is supplied to remote UEs 502 and 506 by the PKMF 510. In one example, the security material for end-to-end security establishment may include a ProSe Service Code (PSC) (or an identifier associated with the end-to-end connectivity service via U2U relay) and an associated key. The PSC can be used as a key ID when authentication is using an Internet Key Exchange Version 2 (IKEv2) pre-shared key (PSK). On the other hand, when using IKEv2 certificate authentication, the PSC can be configured to subsequently indicate which certificate(s) should be used for authentication. For example, a PSC can be associated with one or more trusted Certificate Authority (CA) certificates. The PSC-CA relationship can be provided as part of the UE provisioning for ProSe services in box 512.

[0091] Following the provisioning in box 512 (which can be performed during initialization or pre-defined during system configuration), when a UE-to-UE trunk link (e.g., a PC5 unicast link) needs to be established, discovery and link procedure 514 can be initiated. Note that both remote UE 502 and remote UE 506 will each perform procedure 514 with UE-to-UE trunk 504 (for UE 506, this is shown as 514', which represents the same procedure as 514, but using UE 506 instead of UE 502). For brevity and to avoid repetition, procedure 514 is shown in detail only for UE 502. Note that procedures 514 and 514' can be performed in parallel or sequentially.

[0092] Process 514 may include discovery procedure 516, in which a remote UE (e.g., 502) performs discovery of U2U relay 504. This discovery may be performed at least in part based on the discovery parameters supplied in process 512. Once the remote UE (e.g., 502) discovers U2U relay 504, the remote UE sends a direct communication request as shown at signaling 518, which may include a relay service code (RSC) (or an identifier associated with a U2U relay service) and a Nonce1 (one-time random number 1) value.

[0093] In some respects, it should be noted that the authentication and key negotiation process 520 can be performed between the remote UE (e.g., 502) and the U2U relay 504, but this process can be optional. In one respect, as a result of successful authentication, the key K can be derived similarly to the U2N process discussed earlier. NRP In other respects, the key K NRP This may already be known to the remote UE. For example, the key K can be supplied by the PKMF at the remote UE (e.g., 502 or 506) in block 512. NRP .

[0094] In response to the direct communication request 518, the U2U relay 504 can generate a Nonce2 (one-time random number 2) value, and then use K NRP The key K is derived from the Nonce1 and Nonce2 values. NRP-会话 The U2U relay 504 then sends a Direct Secure Mode command 522 containing a one-time random number 2 value to the remote UE (e.g., 502). The Direct Secure Mode command 522 is based on K... NRP-会话 The value is protected by integrity. In response to command 522, the remote UE can subsequently use K. NRP The key K is derived from the Nonce1 and Nonce2 values. NRP-会话 The integrity of the Direct Secure Mode command 522 is verified based on this. If the verification is successful, the remote UE (e.g., 502) sends a Direct Secure Mode completion signal 524 to the U2U relay 504. After the procedures and signaling in blocks 514 (and 514') are completed, a PC5 link is established between each remote UE 502 and 506 and the U2U relay 504.

[0095] When a PC5 link is established, remote UE 502 and remote UE 506 can subsequently establish an end-to-end IPsec connection via U2U trunk 504, as shown in box 526. To establish this end-to-end IPsec connection, each of remote UEs 502 and 506 can perform IKEv2 authentication. For example, remote UEs 502 and 506 can run IKEv2 PSK authentication, where the ProSe Service Code (PSC) and key provided at box 512 are used for this IKEv2 PSK authentication. As another example, remote UEs 502 and 506 can run IKEv2 certificate authentication, where the issuing CA certificate and / or a list of trusted CAs can be provided by PKMF 510 at the procedure in box 512.

[0096] Figure 6 This is a block diagram illustrating an example of the hardware implementation of a network node 600 using a processing system 614. For example, network node 600 could be in... Figure 1 , 2Any UE described in any one or more of 4 or 5 (e.g., remote UE 502 or 506).

[0097] Network node 600 can be implemented using a processing system 614 including one or more processors 604. Examples of processors 604 include microprocessors, microcontrollers, digital signal processors (DSPs), field-programmable gate arrays (FPGAs), programmable logic devices (PLDs), state machines, gated logic, discrete hardware circuits, and other suitable hardware configured to perform the various functionalities described throughout this disclosure. In various examples, network node 600 can be configured to perform any or more of the functions described herein. That is, the processor 604 utilized in network node 600 can be used to implement any or more of the processes described herein. In some instances, processor 604 can be implemented via a baseband or modem chip, while in other implementations, processor 604 itself may include several devices that are different from and distinct from the baseband or modem chip (e.g., in such scenarios they may work together to achieve the aspects discussed herein). And as mentioned above, various hardware arrangements and components other than baseband modem processors can be used in the implementation, including RF chains, power amplifiers, modulators, buffers, interleavers, adders / summers, etc.

[0098] In this example, the processing system 614 can be implemented using a bus architecture generally represented by bus 602. Depending on the specific application and overall design constraints of the processing system 614, bus 602 may include any number of interconnect buses and bridges. Bus 602 communicatively couples together various circuits including one or more processors (generally represented by processor 604) and computer-readable media (generally represented by computer-readable storage media 606). Bus 602 may also link various other circuits, such as timing sources, peripheral devices, voltage regulators, and power management circuits, which are well known in the art and therefore will not be described further. Bus interface 608 provides an interface between bus 602 and transceiver 610. Transceiver 610 provides means for communicating with various other devices via a transmission medium (e.g., an air interface). User interface 612 (e.g., keypad, display, speaker, microphone, etc.) may also be provided.

[0099] Processor 604 is responsible for managing bus 602 and general processing, including the execution of software stored on computer-readable storage medium 606. When executed by processor 604, the software causes processing system 614 to perform the various functions described herein for any particular device. Computer-readable storage medium 606 can also be used to store data manipulated by processor 604 during software execution.

[0100] One or more processors 604 in the processing system can execute software. Software should be broadly interpreted as instructions, instruction sets, code, code segments, program code, programs, subroutines, software modules, applications, software applications, software packages, routines, subroutines, objects, executables, threads of execution, procedures, functions, etc., whether referred to as software, firmware, middleware, microcode, hardware description languages, or other terms. Software may reside on computer-readable storage medium 606.

[0101] Computer-readable storage medium 606 may be a non-transitory computer-readable medium. As examples, non-transitory computer-readable media include magnetic storage devices (e.g., hard disks, floppy disks, magnetic tapes), optical disks (e.g., compact discs (CDs) or digital multi-purpose discs (DVDs)), smart cards, flash memory devices (e.g., cards, sticks, or key-type drives), random access memory (RAM), read-only memory (ROM), programmable ROM (PROM), erasable PROM (EPROM), electrically erasable PROM (EEPROM), registers, removable disks, and any other suitable medium for storing software and / or instructions accessible and readable by a computer. Computer-readable storage medium 606 may reside in processing system 614, be external to processing system 614, or be distributed across multiple entities including processing system 614. Computer-readable storage medium 606 may be implemented in a computer program product. As an example, a computer program product may include a computer-readable medium within packaging material. Those skilled in the art will recognize how the functionality described throughout this disclosure is best implemented depending on the specific application and the overall design constraints imposed on the system as a whole.

[0102] In some aspects of this disclosure, processor 604 may include circuitry configured for various functions. For example, processor 604 may include a UE-to-UE relay establishment circuitry 640 configured to establish a secure connection with a user equipment-to-user equipment (UE-to-UE) relay device using received security information (including discovery information). In certain aspects, for example, circuitry 640 may (in cooperation with communication circuitry 644 discussed below) discover UE-to-UE relay devices and establish a PC5 link with the UE-to-UE relay using direct secure mode requests and commands, such as with... Figure 5 The process 514 is discussed in conjunction with this. In other respects, the UE-to-UE relay setup circuitry 640 may be further configured to execute UE-to-UE relay setup instructions 650 stored in the computer-readable storage medium 606 to implement any or more of the functions described herein, particularly those relating to... Figure 4 , 5 The functionality described in conjunction with 7.

[0103] In a further aspect, it should be noted that the UE-to-UE relay establishment circuitry 640 can be configured as a means for establishing a secure connection with a UE-to-UE relay device. As an example, such a means may be a circuitry used to implement the various processes illustrated as an example in block 514. In other aspects, such a means may be implemented by including other processing circuitry to achieve this functionality.

[0104] In some further aspects of this disclosure, processor 604 may include a UE-to-UE (U2U) authentication and communication circuitry system 642. In one aspect, as an example, U2U authentication and communication circuitry system 624 is configured to establish a secure UE-to-UE communication link via a U2U relay device using security information received from or supplied by a wireless network (such as network 402). In other aspects, for example, U2U authentication and communication circuitry system 642 may be configured to perform various authentications for establishing IKEv2 and end-to-end IPSec communication links, such as with... Figure 5 The U2U authentication and communication circuitry 642 is discussed in conjunction with box 526. The U2U authentication and communication circuitry 642 may be further configured to execute U2U authentication and communication instructions 652 stored in computer-readable storage medium 606 to implement any or more of the functions described herein, particularly those relating to... Figure 4 , 5 The functionality described in conjunction with 7.

[0105] In a further aspect, it should be noted that the U2U authentication and communication circuitry system 642 can be configured as a means for establishing a secure connection (e.g., end-to-end communication) with at least a second UE via a U2U relay device using received security information provided or supplied by the network. In other aspects, such a means can be implemented by including additional processing circuitry to achieve this functionality.

[0106] In some further aspects, processor 604 may include communication circuitry 644 configured to enable at least UE-to-UE transmission and reception with a second UE via a U2U relay device. Additionally, as an example, communication circuitry 644 may be configured to receive security information from the network and store that information in memory 605. In other aspects, communication circuitry 644 may cooperate with circuitry 640 and 642 and transceiver 610 to enable U2U relay setup and U2U authentication and setup. In a further aspect, circuitry 644 may be further configured to execute communication instructions 654 stored in computer-readable storage medium 606 to perform any or more of the functions described herein, particularly those relating to... Figure 4 , 5 The functionality described in conjunction with 7.

[0107] In a further aspect, the communication circuit system 644 can be configured as a means for receiving security information from a wireless communication network, wherein the security information includes discovery parameters and relay security information. In some aspects, such a means can be configured to implement previous... Figure 5 The various parts of process 512 are discussed in conjunction with examples. In other respects, such a device can be implemented by including other processing circuitry systems to achieve this functionality.

[0108] Figure 7 This is a flowchart of a method 700 for performing wireless communication in a user equipment (UE) within a wireless communication network, based on several aspects. In some examples, method 700 may be as described above and in... Figure 6 The network node or UE 600 described in the middle, by the processor or processing system, Figure 5 The remote UE 502 or 506 in the system, or performed by any suitable means for performing the described functions.

[0109] like Figure 7 As shown, method 700 includes receiving security information from a wireless communication network in a first UE, wherein the security information includes discovery parameters and relay security information, as shown in block 702. Note that the process in block 702 may include... Figure 5 The process in box 512 is taken as an example and may further include receiving discovery parameters and relay security information from 5G DDNMF (e.g., 5G DDNMF 508) and PKMF (e.g., PKMF 510), respectively. In one respect, the above is consistent with... Figure 6 The transceiver 610 and / or communication circuitry 644 or their equivalents shown and described in combination may provide means for receiving security information from a wireless communication network in a first UE, wherein the security information includes discovery parameters and relay security information.

[0110] Furthermore, method 700 may also include using the received security information to establish a connection with a user equipment-to-user equipment (UE-to-UE) relay device, as shown in box 704. By way of example only, the process in box 704 may include... Figure 5 The example is process 514. This connection or communication link includes a PC5 link in some examples, and can also be a secure connection, such as with... Figure 5 This is explained in combination. On the one hand, the above and... Figure 6 The transceiver 610 and / or U2U relay establishment circuit system 640 or its equivalent shown and described in combination can provide means for establishing a connection with a user equipment to user equipment (UE to UE) relay device using received security information.

[0111] After a secure connection to the UE-to-UE relay is established in box 704, the UE may subsequently use the received security information to establish a secure connection with at least a second UE via the UE-to-UE relay device, as shown in box 706. According to some aspects, and by way of example only, the process in box 706 may include, as shown in box 706. Figure 5 The process shown is 526. As discussed previously, the secure connection or communication link can be an IPSec end-to-end link using IKEv2. In one respect, the above is related to... Figure 6 The transceiver 610 and / or U2U authentication and communication circuitry 642 or their equivalents shown and described in combination may provide means for establishing a secure connection with at least a second UE via a UE-to-UE relay device using received security information.

[0112] In a further aspect, method 700 may include: discovery parameters obtained from a 5G Direct Discovery Name Management Function (DDNMF) implemented by a wireless communication network. Additionally, relay security information may be derived from a Proximity-Based Service (ProSe) Key Management Function (PKMF) implemented in the wireless communication network. In a further aspect, the relay security information includes at least one of the following: one or more service identifiers, one or more keys associated with each service identifier, or one or more certificates. Additionally, the one or more service identifiers include at least one of the following: a ProSe Service Code (PSC), or an identifier associated with a second UE. In some other aspects, the identifier associated with the second UE may be a Fully Qualified Domain Name (FQDN) used for end-to-end security between a remote UE and another remote UE via U2U relay. In yet another aspect, the service identifier is a Relay Service Code (RSC) used for PC5 security with U2U relay. Method 700 may also include: the one or more service identifiers including a Relay Service Code (RSC). Furthermore, the one or more certificates may be Certificate Authority (CA) certificates. The UE uses the PSC as a key identifier (ID) to establish end-to-end communication using the Internet Key Exchange (IKE) version 2 (IKEv2) pre-shared key (PSK) authentication process.

[0113] According to a further aspect, method 700 may include: the UE using a PSC to identify the one or more certificates to verify the certificate of the second UE. Additionally, method 700 may include: receiving an association between the one or more certificates and the PSC from a wireless communication network, and subsequently establishing end-to-end communication based on the one or more certificates associated with the PSC using an IKEv2 certificate authentication process.

[0114] As discussed earlier, it's important to note that the UE-to-UE relay device can be a third user equipment (UE) configured to act as a relay. Furthermore, it's important to note that end-to-end communication utilizes a PC5 link; that is, a PC5 link between each UE and the UE-to-UE relay, such as... Figure 4 As explained in the text.

[0115] In some further aspects, method 700 may include: the UE using discovery parameters to discover the UE to the UE relay device, as previously communicated with... Figure 5 The process 516 is discussed in conjunction with this. Furthermore, method 700 may include: sending a direct communication request to the UE-to-UE relay device based on the discovery of the UE-to-UE relay device (e.g., Figure 5 (518 in the text), receiving direct secure mode commands from the UE to the UE relay device (e.g., Figure 5 (522 in the text), and in response to the direct secure mode command, establish direct secure mode communication with the UE-to-UE relay device (e.g., Figure 5 In some further aspects, method 700 may include: performing an authentication and key negotiation process between the UE and the UE-to-UE relay device prior to establishing direct secure mode communication (e.g., 524 in the original text, more generally 514 in the original text). Figure 5 (520 in the middle).

[0116] Figure 8 This is a block diagram illustrating an example of a hardware implementation of a relay node 800 configured to function as an end-to-end or UE-to-UE (U2U) relay device operable in a wireless communication system. In a particular aspect, the relay node 800 may be a UE configured to perform U2U relay between two other remote UEs, such as those provided by [unclear - likely a UE]. Figure 5 The relay node 800 is explained in section 504. According to some aspects, the relay node 800 employs a processing system 814. Additionally, the relay node 800 may correspond to, for example, the one described above in... Figure 1 , 2 Any UE shown and described in any one or more of 4 or 5.

[0117] According to various aspects of this disclosure, an element, or any part thereof, or any combination thereof, can be implemented using a processing system 814 comprising one or more processors 804. The processing system 814 can be coupled with... Figure 6 The processing system 614 described above is essentially the same, including a bus interface 808, a bus 802, a processor 804, and a computer-readable storage medium 806. Furthermore, the relay node 800 may include components similar to those described above. Figure 6The user interfaces 812 and 810 described herein are substantially similar to those of the transceivers. That is, the processor 804, as utilized in UE 800, can be used to implement any one or more of the processes described herein.

[0118] In some aspects of this disclosure, processor 804 may include circuitry configured for various functions. For example, processor 804 may include a UE-to-UE (U2U) relay establishment circuitry 840 for performing functions of establishing U2U relays with two or more remote UEs. In a particular aspect, circuitry 840 may use direct security mode requests and commands to establish PC5 links with remote UEs, such as with, for example... Figure 5 The process 514 is discussed in conjunction with this. In other respects, the UE-to-UE relay setup circuitry 840 may be further configured to execute UE-to-UE relay setup instructions 850 stored in the computer-readable storage medium 806 to implement any or more of the functions described herein, particularly those relating to the functions described herein. Figure 4 , 5 The functionality described in conjunction with 9.

[0119] Furthermore, it should be noted that the UE-to-UE relay establishment circuitry 840 (and the communication circuitry 844 discussed below) can be configured as means for receiving security information from a wireless communication network, wherein the security information includes discovery parameters and relay security information. As an example, such means could be used to implement, for example, […]. Figure 5 The circuitry systems for various processes are shown in blocks 512 and 514. In other aspects, such devices can be implemented by including additional processing circuitry systems to achieve this functionality. Note that while the UE-to-UE relay 800 may be supplied with such security information, the relay 800 does not necessarily utilize or store all of this information to ensure secure communication between remote UEs using the UE-to-UE relay for end-to-end communication.

[0120] In other aspects, processor 804 may include authentication circuitry 842 for performing functions to provide authentication to a remote UE. In a particular aspect, circuitry 842 may use direct security mode requests and commands to assist in establishing a PC5 link with a remote UE, such as with, for example... Figure 5 The process 520 is discussed in conjunction with this. In other respects, the authentication circuit system 842 may be further configured to execute authentication instructions 852 stored in the computer-readable storage medium 806 to implement any or more of the functions described herein, particularly those relating to... Figure 4 , 5 The functionality described in conjunction with 9.

[0121] In some further aspects, processor 804 may include communication circuitry 844 configured to implement at least UE-to-UE transmission and reception relay between at least two remote UEs via a U2U relay device. In other aspects, communication circuitry 844 may cooperate with circuitry 840 and 842 and transceiver 810 to implement U2U relay setup and U2U relay. In a further aspect, circuitry 844 may be further configured to execute communication instructions 854 stored in computer-readable storage medium 806 to implement any or more of the functions described herein, particularly those relating to... Figure 4 , 5 Functionality described in combination with and / or 9.

[0122] In some further aspects, the communication circuit system 844 may also implement means for establishing a secure communication link with at least a first user equipment (UE) and a second UE based on received security information. Specifically, such means may be implemented to facilitate or enable end-to-end communication between two remote UEs (e.g., Figure 5 (Link process 526 in the middle). In other aspects, such a device can be implemented by including other processing circuitry systems to achieve this functionality.

[0123] Figure 9 This is a flowchart of a method 900 for wireless communication in a U2U relay device within a wireless communication network, based on several aspects. In some examples, method 900 may be as described above and in... Figure 8 The explanation provided refers to the UE to UE relay node 800, and the UE (such as...) Figure 4 UE 426 in Figure 5 The relay 504 in the middle is performed by a processor or processing system, or by any suitable means for performing the described function.

[0124] In block 902, method 900 includes: receiving security information from a wireless communication network, wherein the security information includes discovery parameters and relay security information. Furthermore, method 900 includes: establishing a secure communication link between at least a first user equipment (UE) and a second UE based on the received security information using UE-to-UE relay. It should be noted that although UE-to-UE relay does not have authentication capabilities to receive / decode signaling occurring between the relayed first and second UEs, however, for example... Figure 5 The processes in boxes 512 and 514 include the relay being supplied with discovery and security information to enable the first and second UEs to establish a PC5 link with it, thereby enabling the establishment of an end-to-end IPSec communication link between the first and second UEs, such as with Figure 5 The process described in conjunction with 514 is described in the middle.

[0125] In a further aspect, method 900 may include: discovery parameters derived from a 5G Direct Discovery Name Management Function (DDNMF) implemented by the wireless communication network. Additionally, relay security information may be obtained from a Proximity-Based Service (ProSe) Key Management Function (PKMF) implemented in the wireless communication network. In yet another further aspect, relay security information may also include a service identifier and an associated key. In one example, the service identifier is either a ProSe Service Code (PSC) or an identifier associated with a service between the first and second UEs (i.e., the service is end-to-end communication between the first and second UEs via U2U relay). In a further aspect, the identifier associated with the service between the first and second UEs may be a Fully Qualified Domain Name (FQDN) under which the U2U relay can assist or help the first and second UEs find each other and also establish end-to-end security.

[0126] In a further aspect, the service identifier can be a relay service code (RSC), used for PC5 link security with each of the remote UEs (i.e., the first and second UEs). It should also be noted that UE-to-UE relay facilitates end-to-end security between remote UEs. UE-to-UE relay can use a PSC or service identifier to connect the first and second remote UEs, but does not know the associated key, thus providing secure communication between the remote UEs.

[0127] In a further aspect, it should be noted that the UE-to-UE relay can be a third user equipment (UE), as previously discussed. Additionally, the secure communication link utilizes the PC5 link between the UE-to-UE relay and the first and second UEs.

[0128] In further examples, method 900 may include: receiving a direct communication request from at least one of the first and second UEs, sending a direct secure mode command to the at least one UE, receiving a direct secure mode completion message from the at least one UE, and subsequently establishing direct secure mode communication with the at least one UE device, as previously discussed in conjunction with process 514. In further examples, the process may include performing authentication and key negotiation procedures between the UE and the UE-UE relay prior to establishing direct secure mode communication.

[0129] Figure 10 This is a flowchart of a method 1000 for conducting wireless communication in a wireless communication network, based on several aspects. In some examples, method 1000 may be provided by a network (for example, such as...). Figure 4 5GC 402 (together with NG-RAN 422), by Figure 5The 5G DDNMF 508 and PKMF 510 in the 5GC, or the processor or processing system in the 5GC, or any suitable means for performing the described functions, shall be used to perform them.

[0130] Method 1000 includes: determining security information in the core network for user equipment-to-user equipment (UE-to-UE) communication links, wherein the security information includes discovery parameters and relay security information, as shown in block 1002. Furthermore, method 1000 includes: sending or supplying the security information to one or more UEs that will link in the UE-to-UE communication link and at least one network relay device configured to perform relaying for the UE-to-UE communication link, as shown in block 1004. In one aspect, blocks 1002 and 1004 may be provided by 5G DDNMF and PKMF (as examples only, such as...). Figure 5 Functions 508 and 510, or Figure 4 This is achieved using 5G DDNMF 404 and ProSe AF 428.

[0131] Furthermore, method 1000 may include: the discovery parameters being determined from a 5G Direct Discovery Name Management Function (DDNMF) implemented by the wireless communication network. In other aspects, relay security information may be determined from a Proximity-Based Service (ProSe) Key Management Function (PKMF) implemented in the wireless communication network. Further, the relay security information may include at least one of the following: one or more service identifiers, one or more keys associated with each service identifier, or one or more certificates. Additionally, the one or more service identifiers may include at least one of the following: a ProSe Service Code (PSC), or an identifier associated with a remote UE.

[0132] In some other aspects, method 1000 may include: the identifier associated with the remote UE is a fully qualified domain name (FQDN). Additionally, the one or more service identifiers may include a relay service code (RSC). In some other aspects, the one or more certificates may be certificate authority (CA) certificates.

[0133] Several aspects of wireless communication networks have been described with reference to one or more exemplary implementations. As will be readily apparent to those skilled in the art, the various aspects described herein can be extended to other telecommunications systems, network architectures, and communication standards.

[0134] The following provides an overview of the various aspects of this disclosure:

[0135] Aspect 1: A method for performing wireless communication at a user equipment (UE) in a wireless communication network, comprising: receiving security information from the wireless communication network, wherein the security information includes discovery parameters and relay security information; using the received security information to establish a connection with a user equipment-to-user equipment (UE-to-UE) relay device; and using the received security information to establish a secure connection with at least a second UE via the UE-to-UE relay device.

[0136] Aspect 2: The method as described in aspect 1, wherein these discovery parameters are obtained from the 5G Direct Discovery Name Management Function (DDNMF) implemented by the wireless communication network.

[0137] Aspect 3: The method as described in either Aspect 1 or 2, wherein the relay security information is derived from a proximity-based service (ProSe) key management function (PKMF) implemented in the wireless communication network.

[0138] Aspect 4: The method as described in any of Aspects 1 to 3, wherein the relay security information further includes at least one of the following: one or more service identifiers, one or more keys associated with each service identifier, or one or more certificates.

[0139] Aspect 5: The method as described in any of Aspects 1 to 4, wherein the one or more service identifiers include at least one of the following: ProSe service code (PSC), or an identifier associated with the second UE.

[0140] Aspect 6: The method as described in aspect 5, wherein the identifier associated with the second UE is a fully qualified domain name (FQDN).

[0141] Aspect 7: The method as described in aspect 5, wherein the UE uses the PSC as a key identifier (ID) to establish the end-to-end communication using the Internet Key Exchange (IKE) version 2 (IKEv2) pre-shared key (PSK) authentication process.

[0142] Aspect 8: The method described in aspect 5, wherein the UE uses the PSC to identify the one or more certificates to verify the certificate of the second UE.

[0143] Aspect 9: The method of any one of Aspects 1 to 8 further includes: receiving from the wireless communication network the association between the one or more certificates and the PSC; and using the IKEv2 certificate authentication process to establish the secure connection between the UE and the second UE based on the one or more certificates associated with the PSC.

[0144] Aspect 10: The method as described in any of Aspects 4 to 9, wherein the one or more service identifiers are relay service codes (RSCs).

[0145] Aspect 11: The method described in any of Aspects 4 to 10, wherein the one or more certificates are Certificate Authority (CA) certificates.

[0146] Aspect 12: The method as described in any of Aspects 1 to 11, wherein the UE-to-UE relay equipment includes a third user equipment (UE).

[0147] Aspect 13: The method as described in any of Aspects 1 to 12, wherein the connection between the UE and the UE-to-UE relay device is a secure connection utilizing a PC5 link.

[0148] Aspect 14: The method of any one of Aspects 1 to 13, wherein the UE uses these discovery parameters to discover the UE to the UE relay device.

[0149] Aspect 15: The method of any one of Aspects 1 to 14 further includes: sending a direct communication request to the UE-to-UE relay device based on the discovery of the UE-to-UE relay device; receiving a direct security mode command from the UE-to-UE relay device; and establishing direct security mode communication with the UE-to-UE relay device in response to the direct security mode command.

[0150] Aspect 16: The method of any one of Aspects 1 to 15 further includes: performing an authentication and key negotiation process between the UE and the UE-to-UE relay device before establishing the direct security mode communication.

[0151] Aspect 17: A user equipment (UE) in a wireless communication system, comprising: a wireless transceiver; a memory; and a processor communicatively coupled to the wireless transceiver and the memory, wherein the memory and the processor are configured to: receive security information from the wireless communication network, wherein the security information includes discovery parameters and relay security information; use the received security information to establish a connection with a user equipment-to-user equipment (UE-to-UE) relay device; and use the received security information to establish a secure connection with at least a second UE via the UE-to-UE relay device.

[0152] Aspect 18: A method for wireless communication in a user equipment (UE) to UE (UE to UE) relay in a wireless communication network, comprising: receiving security information from the wireless communication network, wherein the security information includes discovery parameters and relay security information; and using the received security information to establish a secure communication link with at least a first user equipment (UE) and a second UE.

[0153] Aspect 19: The method as described in aspect 18, wherein the discovery parameters are derived from the 5G Direct Discovery Name Management Function (DDNMF) implemented by the wireless communication network.

[0154] Aspect 20: The method as described in any of Aspects 18 or 19, wherein the relay security information is obtained from a proximity-based service (ProSe) key management function (PKMF) implemented in the wireless communication network.

[0155] Aspect 21: The method as described in any of Aspects 18 to 20, wherein the relay security information further includes a service identifier and an associated key.

[0156] Aspect 22: The method as described in any of Aspects 18 to 21, wherein the service identifier is the next: ProSe service code (PSC), or an identifier associated with a service between the first UE and the second UE.

[0157] Aspect 23: The method as described in aspect 22, wherein the identifier associated with the service between the first UE and the second UE includes a fully qualified domain name (FQDN).

[0158] Aspect 24: The method as described in aspect 22 or aspect 23, wherein the service identifier is a relay device code (RSC).

[0159] Aspect 25: The method as described in any of Aspects 18 to 24, wherein the UE-to-UE relay includes a third user equipment (UE).

[0160] Aspect 26: The method as described in any of Aspects 18 to 25, wherein these secure communication links utilize the PC5 link between the UE-to-UE relay and the first UE and the second UE.

[0161] Aspect 27: The method of any one of aspects 18 to 26 further includes: receiving a direct communication request from at least one of the first UE and the second UE; sending a direct security mode command to the at least one UE; receiving a direct security mode completion message from the at least one UE; and establishing direct security mode communication with the at least one UE device.

[0162] Aspect 28: The method of any of Aspects 18 to 27 further includes: performing an authentication and key negotiation process between the UE and the UE-UE relay prior to establishing the direct security mode communication.

[0163] Aspect 29: A UE-to-UE relay in a wireless communication system, comprising: a wireless transceiver; a memory; and a processor communicatively coupled to the wireless transceiver and the memory, wherein the memory and the processor are configured to: receive security information from a wireless communication network, wherein the security information includes discovery parameters and relay security information; and use the received security information to establish a secure communication link with at least a first user equipment (UE) and a second UE.

[0164] Aspect 30: UE-to-UE relay as described in aspect 29, wherein the processor and the memory are configured to: receive a direct communication request from at least one of a first UE and a second UE; send a direct secure mode command to the at least one UE; receive a direct secure mode completion message from the at least one UE; and establish direct secure mode communication with the at least one UE device.

[0165] Aspect 31: A device configured for wireless communication includes at least one means for performing the method as described in any one of aspects 1 to 16 or aspects 18 to 28.

[0166] Aspect 32: A non-transient computer-readable medium storing computer-executable code, the computer-executable code including code for causing a device to perform the method as described in any one of aspects 1 to 16 or aspects 18 to 28.

[0167] As examples, various aspects can be implemented within other systems defined by 3GPP, such as Long Term Evolution (LTE), Evolved Packet System (EPS), Universal Mobile Telecommunications System (UMTS), and / or Global System for Mobile Communications (GSM). These aspects can also be extended to systems defined by 3GPP2 (3GPP2), such as CDMA2000 and / or Evolved Data Optimized (EV-DO). Other examples can be implemented within systems employing IEEE 802.11 (Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802.20, Ultra Wideband (UWB), Bluetooth, and / or other suitable systems. The actual telecommunications standards, network architecture, and / or communication standards employed will depend on the specific application and the overall design constraints imposed on the system.

[0168] Within this disclosure, the term "exemplary" is used to mean "serving as an example, instance, or illustration." Any implementation or aspect described herein as "exemplary" need not be construed as superior to or better than other aspects of this disclosure. Similarly, the term "aspect" does not require that all aspects of this disclosure include the features, advantages, or modes of operation discussed. The term "coupling" is used herein to refer to direct or indirect coupling between two objects. For example, if object A physically contacts object B, and object B contacts object C, then objects A and C can still be considered coupled to each other—even if they are not in direct physical contact. For example, a first object can be coupled to a second object, even if the first object never directly contacts the second object. The terms "circuit" and "circuit system" are used broadly and are intended to include both hardware implementations of electronic devices and conductors, and software implementations of information and instructions, which, when connected and configured, enable the performance of the functions described in this disclosure, without limitation on the type of electronic circuit, and which, when executed by a processor, enable the performance of the functions described in this disclosure.

[0169] Figure 1-10 One or more of the components, steps, features and / or functions described herein may be rearranged and / or combined into a single component, step, feature or function, or implemented in several components, steps or functions. Additional stages, components, steps, and / or functions may also be added without departing from the novel features disclosed herein. Figure 1-10 The apparatus, devices, and / or components described herein can be configured to perform one or more methods, features, or steps described herein. The novel algorithms described herein can also be efficiently implemented in software and / or embedded in hardware.

[0170] It will be understood that the specific order or hierarchy of the steps in the disclosed methods is an explanation of an exemplary process. Based on design preferences, it will be understood that the specific order or hierarchy of the steps in these methods may be rearranged. The appended method claims present the stages of various steps in a sample order and are not intended to be limited to the specific order or hierarchy presented, unless specifically stated herein.

[0171] The preceding description is provided to enable any person skilled in the art to practice the various aspects described herein. Various modifications to these aspects will readily be understood by those skilled in the art, and the universal principles defined herein may be applied to other aspects. Therefore, the claims are not intended to be limited to the aspects shown herein, but are to be granted the full scope consistent with the language of the claims, wherein references to the singular form of a stage are not intended to indicate one and only one—unless specifically stated otherwise—but are intended to indicate “one or more.” Unless specifically stated otherwise, the term “some / a” refers to one or more. The phrase “at least one of” referring to a list of items refers to any combination of these items, including a single member. As an example, “at least one of a, b, or c” is intended to cover: a; b; c; a and b; a and c; b and c; and a, b, and c. All structural and functional equivalents of the various stages of the aspects described throughout this disclosure that are currently or hereafter known to a person skilled in the art are expressly incorporated herein by reference and are intended to be covered by the claims. Furthermore, nothing disclosed herein is intended to be donated to the public, whether or not such disclosure is expressly stated in the claims.

Claims

1. A method for performing wireless communication at a user equipment (UE) in a wireless communication network, comprising: Security information is received from the wireless communication network, wherein the security information includes discovery parameters and relay security information, wherein the relay security information is derived from the proximity-based service ProSe key management function PKMF implemented in the wireless communication network; Use the received security information to establish a connection with the UE-to-UE relay device; as well as The received security information is used to establish a secure connection with at least a second UE via the UE-to-UE relay device.

2. The method of claim 1, wherein, The discovery parameters are obtained from the 5G Direct Discovery Name Management Function (DDNMF) implemented by the wireless communication network.

3. The method of claim 1, wherein, The relay security information further includes at least one of the following: one or more service identifiers, one or more keys associated with each service identifier, or one or more certificates.

4. The method of claim 3, wherein, The one or more service identifiers include at least one of the following: ProSe service code PSC, or an identifier associated with the second UE.

5. The method of claim 4, wherein, The identifier associated with the second UE is a fully qualified domain name (FQDN).

6. The method of claim 4, wherein, The UE uses the PSC as a key identifier ID to establish end-to-end communication using the Internet Key Exchange IKE version 2 IKEv2 pre-shared key PSK authentication process.

7. The method of claim 4, wherein, The UE uses the PSC to identify the one or more certificates to verify the certificate of the second UE.

8. The method of claim 4, further comprising: Receive the association between the one or more certificates and the PSC from the wireless communication network; as well as The secure connection between the UE and the second UE is established using the IKEv2 certificate authentication process based on one or more certificates associated with the PSC.

9. The method of claim 3, wherein, The one or more service identifiers are relay service codes (RSCs).

10. The method of claim 3, wherein, The one or more certificates mentioned are Certificate Authority (CA) certificates.

11. The method of claim 1, wherein, The UE-to-UE relay equipment includes a third user equipment (UE).

12. The method of claim 1, wherein, The connection between the UE and the UE-to-UE relay device is a secure connection utilizing a PC5 link.

13. The method of claim 1, wherein, The UE uses the discovery parameters to discover the UE to the UE relay device.

14. The method of claim 13, further comprising: Based on the discovery of the UE-to-UE relay device, a direct communication request is sent to the UE-to-UE relay device; Receive direct security mode command from the UE to the UE relay device; as well as In response to the Direct Security Mode command, establish Direct Security Mode communication with the UE-to-UE relay device.

15. The method of claim 14, further comprising: Before establishing the direct secure mode communication, an authentication and key negotiation process is performed between the UE and the UE-to-UE relay device.

16. A user equipment (UE) in a wireless communication system, comprising: Wireless transceiver; Memory; as well as A processor communicatively coupled to the wireless transceiver and the memory, wherein the processor and the memory are configured to: Security information is received from a wireless communication network, wherein the security information includes discovery parameters and relay security information, wherein the relay security information is derived from the Proximity-Based Service ProSe Key Management Function (PKMF) implemented in the wireless communication network; Use the received security information to establish a connection with the UE-to-UE relay device; as well as The received security information is used to establish a secure connection with at least a second UE via the UE-to-UE relay device.

17. The UE as claimed in claim 16, wherein, The discovery parameters are obtained from the 5G Direct Discovery Name Management Function (DDNMF) implemented by the wireless communication network.

18. The UE as claimed in claim 16, wherein, The relay security information further includes at least one of the following: one or more service identifiers, one or more keys associated with each service identifier, or one or more certificates.

19. The UE as claimed in claim 18, wherein, The one or more service identifiers include at least one of the following: ProSe service code PSC, or an identifier associated with the second UE.

20. The UE as claimed in claim 19, wherein, The identifier associated with the second UE is a fully qualified domain name (FQDN).

21. The UE as claimed in claim 19, wherein, The UE uses the PSC as a key identifier ID to establish end-to-end communication using the Internet Key Exchange IKE version 2 IKEv2 pre-shared key PSK authentication process.

22. The UE as claimed in claim 19, wherein, The UE uses the PSC to identify the one or more certificates to verify the certificate of the second UE.

23. The UE of claim 19, wherein the processor and the memory are further configured to: Receive the association between the one or more certificates and the PSC from the wireless communication network; and The secure connection between the UE and the second UE is established using the IKEv2 certificate authentication process based on one or more certificates associated with the PSC.

24. The UE as claimed in claim 18, wherein, The one or more service identifiers are relay service codes (RSCs).

25. The UE as claimed in claim 18, wherein, The one or more certificates mentioned are Certificate Authority (CA) certificates.

26. The UE as claimed in claim 16, wherein, The UE-to-UE relay equipment includes a third user equipment (UE).

27. The UE as claimed in claim 16, wherein, The connection between the UE and the UE-to-UE relay device is a secure connection utilizing a PC5 link.

28. The UE as claimed in claim 16, wherein, The UE uses the discovery parameters to discover the UE to the UE relay device.

29. The UE of claim 28, wherein the processor and the memory are further configured to: Based on the discovery of the UE-to-UE relay device, a direct communication request is sent to the UE-to-UE relay device; Receive direct security mode commands from the UE to the UE relay device; and In response to the Direct Security Mode command, establish Direct Security Mode communication with the UE-to-UE relay device.

30. The UE of claim 29, wherein the processor and the memory are further configured to: Before establishing the direct secure mode communication, an authentication and key negotiation process is performed between the UE and the UE-to-UE relay device.

31. A method for performing wireless communication in a UE-to-UE relay in a wireless communication network, comprising: Security information is received from the wireless communication network, wherein the security information includes discovery parameters and relay security information, wherein the relay security information is derived from the proximity-based service ProSe key management function PKMF implemented in the wireless communication network; as well as Based on the received security information, establish a secure communication link with at least a first user equipment (UE) and a second UE.

32. The method of claim 31, wherein, The discovery parameters are derived from the 5G Direct Discovery Name Management Function (DDNMF) implemented by the wireless communication network.

33. The method of claim 31, wherein, The relay security information further includes a service identifier and an associated key.

34. The method of claim 33, wherein, The service identifier is either the ProSe service code PSC or an identifier associated with a service between the first UE and the second UE.

35. The method of claim 34, wherein, The identifier associated with the service between the first UE and the second UE includes a fully qualified domain name (FQDN).

36. The method of claim 34, wherein, The service identifier is the relay device code RSC.

37. The method of claim 31, wherein, The UE-to-UE relay includes a third user equipment (UE).

38. The method of claim 31, wherein, The secure communication link utilizes the PC5 link between the UE-to-UE relay and the first UE and the second UE.

39. The method of claim 31, further comprising: Receive a direct communication request from at least one of the first UE and the second UE; Send a direct security mode command to the at least one UE; Receive a direct security mode completion message from the at least one UE; as well as Establish direct secure mode communication with the at least one UE device.

40. The method of claim 39, further comprising: Before establishing the direct security mode communication, an authentication and key negotiation process is performed between the UE and the UE-UE relay.

41. A UE-to-UE relay in a wireless communication system, comprising: Wireless transceiver; Memory; as well as A processor communicatively coupled to the wireless transceiver and the memory, wherein the processor and the memory are configured to: Security information is received from a wireless communication network, wherein the security information includes discovery parameters and relay security information, wherein the relay security information is derived from the Proximity-Based Service ProSe Key Management Function (PKMF) implemented in the wireless communication network; as well as Based on the received security information, establish a secure communication link with at least a first user equipment (UE) and a second UE.

42. The UE-to-UE relay of claim 41, wherein the processor and the memory are configured to: Receive a direct communication request from at least one of the first UE and the second UE; Send a direct security mode command to the at least one UE; Receive a direct security mode completion message from the at least one UE; as well as Establish direct secure mode communication with the at least one UE device.

43. The UE-to-UE relay as described in claim 42, wherein, The discovery parameters are derived from the 5G Direct Discovery Name Management Function (DDNMF) implemented by the wireless communication network.

44. The UE-to-UE relay as described in claim 42, wherein, The relay security information further includes a service identifier and an associated key.

45. The UE-to-UE relay as described in claim 44, wherein, The service identifier is either the ProSe service code PSC or an identifier associated with a service between the first UE and the second UE.

46. ​​The UE-to-UE relay as described in claim 45, wherein, The identifier associated with the service between the first UE and the second UE includes a fully qualified domain name (FQDN).

47. The UE-to-UE relay as described in claim 45, wherein, The service identifier is the relay device code RSC.

48. The UE-to-UE relay as described in claim 41, wherein, The UE-to-UE relay includes a third user equipment (UE).

49. The UE-to-UE relay as described in claim 41, wherein, The secure communication link utilizes the PC5 link between the UE-to-UE relay and the first UE and the second UE.

50. The UE-to-UE relay as described in claim 42, wherein the processor and the memory are further configured to: Before establishing the direct security mode communication, an authentication and key negotiation process is performed between the UE and the UE-UE relay.