CN104618898A - Method and system for encrypting/ decrypting IP (Internet Protocol) short messages based on SMS (Short Messaging Service) over IMS (IP Multimedia Subsystem) - Google Patents

Method and system for encrypting/ decrypting IP (Internet Protocol) short messages based on SMS (Short Messaging Service) over IMS (IP Multimedia Subsystem) Download PDF

Info

Publication number
CN104618898A
CN104618898A CN201510044746.7A CN201510044746A CN104618898A CN 104618898 A CN104618898 A CN 104618898A CN 201510044746 A CN201510044746 A CN 201510044746A CN 104618898 A CN104618898 A CN 104618898A
Authority
CN
China
Prior art keywords
short message
encryption
user
module
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510044746.7A
Other languages
Chinese (zh)
Other versions
CN104618898B (en
Inventor
薛家颐
季立明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eastern Communication Co Ltd
Original Assignee
Eastern Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eastern Communication Co Ltd filed Critical Eastern Communication Co Ltd
Priority to CN201510044746.7A priority Critical patent/CN104618898B/en
Publication of CN104618898A publication Critical patent/CN104618898A/en
Application granted granted Critical
Publication of CN104618898B publication Critical patent/CN104618898B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Abstract

The invention provides a method for encrypting/ decrypting IP short messages based on SMS over IMS; the method comprises the steps: when LTE (Long Term Evolution) users send and receive IP short messages in the IMS region in an SMS over IMS manner, the short messages are encrypted short messages, the content parts of which are ciphertexts; an IP short message encrypting and decrypting centre of the users finishes the encryption and decryption at the network side and then returns the IMS core network to finish the follow-up route at the end of the encryption and decryption. The corresponding technical solution is provided by analyzing the technical feature of the SMS over IMS and deeply analyzing key problems; the coordination of user registration management and user's secret key in the registration process is realized by the iFC (Initial Filter Criteria) triggering mechanism of the IMS and the encrypting and decryption functions of the short message contents in the IP short messaging service process are realized; the coordination of the terminal side to the encrypted and decrypted secret key is realized and the function of the short message content from encryption/decryption to representation on user's interface is realized by developing new terminal application software; the scheme can be implemented without modifying the present network equipment and the cost of operation and maintenance is lower.

Description

The method of the IP short message encryption and decryption of a kind of SMS-Based overIMS and IP short message encrypting and deciphering system
Technical field
The present invention relates to method and the system thereof of the IP short message encryption and decryption of a kind of SMS-Based overIMS, belong to communication technical field.
Background technology
After U.S.'s " prism plan " is produced in Snowdon in 2012, network security causes the unprecedented concern of people, and the outburst of " the privacy door " of apple, cause the attention of people to information security again.
The potential safety hazard that current mobile communication exists is mainly on three points:
1), network interception, in transmitting procedure by intercepting and capturing signaling message;
2), eavesdropping of eating dishes without rice or wine, intercept and capture wireless signal, PN Code acquisition, know the channel scrambling code of targeted customer, interception signaling and voice channel;
3), terminal steals, and wooden horse as implanted in terminal, steals the information such as short message.
So along with the development of mobile communication and mobile phone operating system, the fail safe how effectively solving smart mobile phone short message becomes the hot issue of people's growing interest.Data show in portion is to the survey of demands of large enterprise's high levels such as government's part and finance: worrying that mobile phone is divulged a secret account for 60%, is ready to be encrypted communication to account for 53.3%.
But realized by hardware encipher, increase cost undoubtedly, and along with the development of smart mobile phone, the encryption of the information of end can pass through software simulating, and the information of oneself is not stolen by the people had ulterior motives.Simultaneously along with the development of the communication technology, the 4G communication technology based on LTE carries out commercialization on a large scale, and the communication at present based on LTE is more still applied in surfing flow aspect.
Summary of the invention
The present invention's technical problem first to be solved is to provide the method for the IP short message encryption and decryption of a kind of SMS-Based overIMS, its run and maintenance cost lower.For this reason, the present invention is by the following technical solutions:
A method for the IP short message encryption and decryption of SMS-Based overIMS, is characterized in that:
LTE user by the mode of SMSoverIMS, when sending under IMS domain and receive IP short message, the encrypting short message services of IP short message to be content part be ciphertext;
Communicating terminal needs register the secret key obtaining encryption and decryption;
Application module communicating terminal being received and dispatched short message calls enciphering and deciphering algorithm when sending described encrypting short message services and is encrypted, and calls enciphering and deciphering algorithm be decrypted when receiving described encrypting short message services;
By the mode of SMSoverIMS, when receiving and dispatching IP short message under IMS domain, the signaling of IP short message is triggered to the IP short message encryption and decryption center of user attaching;
4), the IP short message encryption and decryption center of user attaching completes the encryption and decryption of network side:
4-1), to the short message received from user side, carry out the deciphering of content of short message part;
4-2), to the short message that will send to user, carry out the encryption of content of short message part;
After completing encryption and decryption, return to IMS core network and complete follow-up route.
Further, the described secret key obtaining encryption and decryption of registering has following characteristics:
Carry out the parameter item of the iFC trigger condition of third-party registration to IP short message encryption and decryption center when current LTE user is configured with registration in the customer parameter information table of IMS domain;
Current LTE user passes through the mode of SMSoverIMS when IMS domain initiates initial registration registration or periodic registration registration, and IMS conversation control function node can carry out third-party registration according to the iFC mechanism of IMS domain to IP short message encryption and decryption center;
The negotiation flow process of the secret key of encryption and decryption between LTE user is initiated at IP short message encryption and decryption center.
Further, the application module described communicating terminal being received and dispatched short message calls enciphering and deciphering algorithm when sending described encrypting short message services and is encrypted, and calling enciphering and deciphering algorithm and being decrypted, having following characteristics when receiving described encrypting short message services:
For the business sending described encrypting short message services, sending and receiving short messages application module on communicating terminal enters encryption flow, call cryptographic algorithm, transfer the secret key pair content of short message consulted to be encrypted, and in the signaling message of the described encrypting short message services sent, identify current short message be encrypting short message services; Encryption flow is not entered to when being and sending common short message service;
For the process business of the described encrypting short message services received, the parameter that first sending and receiving short messages application module on communicating terminal is carried by short message message identifies whether as described encrypting short message services business, if identify it is described encrypting short message services business, enter deciphering flow process, call decipherment algorithm, transfer the secret key pair content of short message consulted to be decrypted, present afterwards and user; If be identified as common short message service, then do not enter deciphering flow process.
Further, the described mode by SMSoverIMS, when receiving and dispatching IP short message under IMS domain, the signaling of IP short message is triggered to the IP short message encryption and decryption center of user attaching, has following characteristics:
1), current LTE user is configured with the parameter item when the iFC trigger condition for the signaling of short message service being triggered to during described encrypting short message services business IP short message encryption and decryption center in the customer parameter information table of IMS domain;
2), when the signaling of the IP short message service of encryption is through IMS conversation control function node, the trigger condition according to iFC is triggered to IP short message encryption and decryption center by current signaling.
Further, after the IP short message encryption and decryption center of user attaching completes the encryption and decryption of network side, return to IMS core network and complete follow-up route, there is following characteristics: process receives short message message and need divide MO short message service flow process and MT short message service flow process two kinds:
1), sending from user terminal the short message service come up is MO short message service, when MO short message service flow process, originating user and content of short message are extracted in IP short message encryption and decryption center from MO short message service demand signalling message, the secret key of deciphering of this user is found according to originating user, be decrypted by deciphering secret key pair content of short message, afterwards the content of short message after deciphering is replaced the content of short message part in this MO short message service demand signalling message, afterwards this MO short message service demand signalling message is gone back to IMS conversation control function node; IMS conversation control function node completes follow-up route.
2) short message service of, issuing user terminal is MT short message service, when MT short message service flow process, destination user and content of short message are extracted in IP short message encryption and decryption center from MT short message service demand signalling message, the secret key of encryption of this user is found according to destination user, be encrypted by encryption secret key pair content of short message, afterwards the content of short message after encryption is replaced the content of short message part in this MT short message service demand signalling message, afterwards this MT short message service demand signalling message is gone back to IMS conversation control function node; IMS conversation control function node completes follow-up route.
Another technical problem to be solved by this invention is to provide a kind of IP short message encrypting and deciphering system realizing said method.For this reason, the present invention is by the following technical solutions:
Described system comprises the SIP signalling module of system side platform, user's registration management module, secret key administration module, subscription and unsubscription module, the IP sending and receiving short messages module of sending and receiving short messages and encryption/decryption module, operating maintenance module, database module and end side, IMS network service condition administration module and SIP signalling module;
System side Platform deployment in the ims network, is communicated mutually by the ISC interface of IMS network with IMS conversation control function node, adopts Session Initiation Protocol; The modules of platform interior can carry out data interaction;
1), SIP signalling module is responsible for the parsing of Session Initiation Protocol and the management of SIP affairs and provides traffic scheduling interface to other modules, carries out data interaction with IMS conversation control function node by Session Initiation Protocol;
2), user's registration management module, be responsible for receiving the customer registration affair submitted up from SIP signalling module, the service condition of maintenance management user, the mailing address of recording user, and to the application of secret key administration module for registered user distributes secret key, interaction flow consulted by the secret key of assisting secret key administration module to complete between user;
3), secret key administration module, for registered user distributes secret key when the registered user being responsible for receiving user registration management module distributes the request of secret key, in the term of validity that user registers, manage the secret key of distribution; Be responsible for the secret key request receiving short message encryption module, the user profile according to carrying in request is searched and returns the secret key of this user within this waiting period;
4), subscription and unsubscription module, be responsible for receiving the opening an account of user, cancellation request, and generate corresponding relation simultaneously and be kept at database;
5), sending and receiving short messages and encryption/decryption module, be responsible for the message receiving short message service, search the secret key of user when determining that short message is described encrypting short message services to user's registration management and secret key administration module, and call and consult the enciphering and deciphering algorithm of specifying encryption and decryption operation is carried out to content of short message;
6), operational administrative module, provide and comprise the management of user's man-machine interface, be responsible for plant maintenance, alarm and statistic gathering in interior work;
7), database module, for user's registration management module, secret key administration module and subscription and unsubscription module three module service, the data of medium mode are provided to preserve, the data of preserving comprise number of users of opening an account, the encryption parameter of user, the current effective secret key of user, and user's active registration duration, user register the time started;
End side IP sending and receiving short messages module, IMS network service condition administration module and SIP signalling module, be in communicating terminal by as application:
1), there is the IP sending and receiving short messages module of encryption and decryption function, the described IP sending and receiving short messages module with encryption and decryption function has transmission encryption to described encrypting short message services and receiving and deciphering function, and when performing encryption and decryption and calculating, it reads the secret key of encryption and decryption from the memory space of specifying;
2), there is the IMS network service condition administration module of encryption function, the described IMS network service condition administration module with encryption function completes the assignment negotiation responsible management to secret key afterwards alternately of secret key in registration process, the secret key obtained is write the memory space of specifying simultaneously;
3), SIP signalling module, be responsible for the parsing of Session Initiation Protocol and the management of SIP affairs and provide traffic scheduling interface to the IP sending and receiving short messages module with encryption and decryption function and the IMS network service condition administration module with encryption function.
Owing to adopting technical scheme of the present invention, the present invention is by analyzing the technical characterstic of SMSoverIMS, depth profiling is carried out for critical problem, and corresponding technical solution is proposed: the negotiation registering management and the secret key of user by the iFC trigger mechanism user realized in register flow path of IMS, realizes the encryption and decryption functions of the content of short message in IP short message service flow process; By exploitation new terminal application software, coordinate and realize the negotiation of end side to the secret key of encryption and decryption and the function presented from encryption and decryption to user interface to content of short message; The enforcement of this programme can not need to change existing network equipment, and run and maintenance cost lower.
Below the present invention's noun used or english abbreviation are explained as follows respectively:
LTE: Long Term Evolution (Long Term Evolution)
IMS:IP IP multimedia subsystem, IMS (IP Multimedia Subsystem)
VoLTE: based on the speech business (Voice over LTE) of LTE
SMSoverIMS: based on the short message service (SMS over IMS) of IMS
SMS: short message service (Short Messaging Service)
IFC: initial filter criteria (Initial Filter Criteria)
SIP: initial session protocol (Session Initiation Protocol)
HSS: home subscriber server (Home Subscriber Server)
CSCF: CSCF (Call Session Control Function)
MO: terminal initiates (Mobile Originate)
MT: terminal cut-off (Mobile Terminated)
Ki: KI (Key identifier)
GSM: global system for mobile communications (Global System for Mobile Communications);
CDMA: code division multiple access (Code Division Multiple Access)
TD-SCDMA: TD SDMA (Time Division-Synchronous Code Division Multiple Access)
DCN net: data communication network (Data Communication Network)
BOSS: business operation support system (Business & Operation Support System)
USIM: Global Subscriber identification card (Universal Subscriber Identity Module).
Accompanying drawing explanation
Fig. 1 is the IP short message encrypting and deciphering system schematic diagram realizing SMSoverIMS of the present invention.
Fig. 2 is for realizing terminal module block diagram representation of the present invention.
Fig. 3 realizes secret key schematic flow sheet of registering acquisition encryption and decryption of the present invention.
Fig. 4 is for realizing transmission MO IP short message service schematic flow sheet of the present invention.
Fig. 5 is for realizing reception MT IP short message service schematic flow sheet of the present invention.
Embodiment
For convenience of description, " the IP short message encrypting and deciphering system of SMSoverIMS " hereinafter will be collectively referred to as " native system ".
As shown in Figure 1, native system has user to register and secret key management server, IP short message service server, database server, operational administrative server and subscription and unsubscription server etc., and the relation of each system unit is as follows:
1), SIP signalling module, user's registration management module, secret key administration module are arranged on user's registration with secret key management server; User's register command of delivering to of IMS network is by the reception of SIP signalling module and be submitted to user's registration management module after carrying out parsing and parameter extraction, and user's registration management returns the response instruction of succeeding in registration by the loopback of SIP signalling module to IMS network from database after the success of authentication user information.Simultaneously to the distribution of the secret key of secret key administration module application, after obtaining secret key, initiate secret key by SIP signalling module to the user registered and consult flow process, after successful result response consulted by the secret key obtaining user, user's registration information, the secret key information of user are submitted to the preservation that database module carries out static data in the lump.
2), SIP signalling module and sending and receiving short messages and encryption/decryption module are arranged in IP short message service server; Sending and receiving short messages and encryption/decryption module is submitted to after carrying out parsing and parameter extraction by the reception of SIP signalling module from the signaling message of the IP short message delivered to of IMS network, to the secret key of encryption and decryption of secret key administration module application user when sending and receiving short messages and encryption/decryption module are judged as needing encryption and decryption computing, after completing encryption and decryption computing, again send the message processed back to IMS network by SIP signalling module.
3), database module is arranged in database server.Database service module be responsible in a database leading subscriber data and and user's registration management module, secret key administration module, subscription and unsubscription module mutual;
4), operating maintenance module is arranged in Operation and Maintenance server, is responsible for local Operation and Maintenance, provided the management function of remote equipment by metropolitan area network;
5), subscription and unsubscription module installation is in subscription and unsubscription server, subscription and unsubscription module is connected with BOSS system by the DCN network of operator, receive the opening an account of user, cancellation request, pass on to user's registration management module, and generate corresponding relation simultaneously and be kept at database; Subscription and unsubscription module realizes the interface protocol between BOSS.
The operation of system does not have special soft and hardware requirement, and operation platform can be the operating system of present main flow.
Modules carries out data interaction by interprocess communication modes such as TCP/IP network communication mode or operating system message queues.
As shown in Figure 2, in communicating terminal, setting has the IP sending and receiving short messages module of encryption and decryption function, the IMS network service condition administration module with encryption function and SIP signalling module three modules.
1), there is the IP sending and receiving short messages module of encryption and decryption function, replace the IP sending and receiving short messages module that communicating terminal is original, it retains outside the function of original communicating terminal IP sending and receiving short messages module, newly increased the transmission encryption to encryption mode short message and receiving and deciphering function, when performing encryption and decryption and calculating, it reads the secret key of encryption and decryption from the memory space of specifying;
It is receiving the IP short message received submitted from SIP signalling module, and is decrypted rear Using Call Library Function interface presents to user to calling corresponding decipherment algorithm when being judged as YES described encrypting short message services; Its to receive from the short message of user interface send request require time, described encrypting short message services then carries out the cryptographic calculation of content of short message in this way, sends IP short message by SIP signalling module;
2), there is the IMS network service condition administration module of encryption function, replace the IMS network service condition administration module that communicating terminal is original, it retains outside the function of original terminal IMS network service condition administration module, newly increase the process to encryption mode ability, complete the assignment negotiation responsible management to secret key afterwards alternately of secret key in registration process, the secret key obtained is write the memory space of specifying simultaneously.
It is when initial registration and periodic registration, initiates register command and completes register flow path, complete simultaneously and consult flow process with the secret key of encryption and decryption at IMS network IP short message encryption and decryption center, preserve the secret key of encryption and decryption by SIP signalling module;
3), SIP signalling module, managing SIP affairs, be responsible for the parsing of sip message, calling interface be provided.
Application operation support current main flow as IOS, Android and Windows Mobile terminal operating system.
As shown in Figure 3, the secret key schematic flow sheet obtaining encryption and decryption is registered.
1), the IMS network service condition administration module of the terminal Register signaling of initiating SIP registers, and delivers to the conversation control function node of IMS network;
2), the conversation control function node of IMS network is to HSS download user information;
3), the conversation control function node of IMS network returns to the success response of terminal Register register command 200 OK;
4), the conversation control function node of IMS network extracts iFC parameter from user profile, judges to need to initiate third-party registration, the destination address registered as native system, so initiate third-party registration Register signaling to native system;
5), the user of native system registration receives this third-party Register register command with secret key administration module, and after judging that user profile is legal, the current contact address of extraction user returns the success response of third party Register register command 200 OK;
6), the user of native system registers and the secret key of secret key administration module as this user's stochastic generation encryption and decryption, by the secret key of this encryption and decryption by certain encapsulation, carried the IMS network service management block of state giving terminal by the Message message of Session Initiation Protocol.Carry out an initial encryption to the initial secret key that the encapsulation of this secret key can be had an agreement, the Ki information of the user that this initial secret key can be provided by BOSS when opening an account is derived, and the algorithm of initial encryption can adopt the close algorithm of state or other are as MD5, SHA scheduling algorithm.Concrete initial algorithm is carried together by Message message.
7), the IMS network service management block of state of terminal receives this Message message, the encapsulation of the secret key of encryption is extracted from Message message, the algorithm determined from Message message, Ki is extracted from terminal usim card, then decode the secret key of encryption, secret for encryption key is stored in designated space and preserves.Return 200 OK success responses of Message message simultaneously.
As shown in Figure 4, MO IP short message service schematic flow sheet is sent.
1), the IP sending and receiving short messages module of terminal initiates encryption IP short message, the conversation control function node delivering to IMS network is carried by Message message, carry encryption identification, the algorithm of encryption and the content of short message after encrypting in Message message, identify this for MO short message service simultaneously;
2), the conversation control function node of IMS network is judged as MO short message service process, take originating number as Subscriber Number, the user profile of this user is found out from memory database, and therefrom extract iFC parameter, judge to need this Message message trigger to certain applied business platform, this certain applied business platform is native system, so initiate this Message message to native system stamp Route header field parameter in current Message message after, the address parameter in this Route header field is the contact address of the conversation control function node of this IMS network;
3), the sending and receiving short messages of native system and encryption/decryption module receive this Message message, it is resolved and parameter extraction, after being judged as MO short message service process, take originating number as the authentication that Subscriber Number carries out user profile, authentication successfully obtains the secret key of encryption and decryption.According to the cryptographic algorithm of carrying in Message message, this module calls corresponding decipherment algorithm with the secret key of encryption and decryption obtained and short message ciphertext for input, obtains decoded short message expressly;
The sending and receiving short messages of native system and encryption/decryption module Reseal Message message, the ciphertext of encryption is replaced with the plaintext after deciphering, the Message of this new encapsulation is delivered on the contact address of the address parameter indication of the Route header field arrived in Message message, both sent back to IMS conversation control function node;
4), IMS conversation control function node recognition go out current Message message be iFC mechanism trigger return message, give short message service center in being through searching of follow-up route;
5), short message service center accepts the IP short message of this MO flow process, returns the successful respond of 200 OK of Message message, returns to the IP sending and receiving short messages module of terminal one by one by the path of passing on of Message message.
As shown in Figure 5, MT IP short message service schematic flow sheet is received.
1), short message service center initiates MT short message service process, carried the conversation control function node delivering to IMS network by Message message;
2), the conversation control function node of IMS network is judged as MT short message service process, take destination Mobile Station International ISDN Number as Subscriber Number, the user profile of this user is found out from memory database, and therefrom extract iFC parameter, judge to need by this Message message trigger to certain applied business platform, this certain applied business platform is native system.So initiate this Message message to native system stamp Route header field parameter in current Message message after, the address parameter in this Route header field is the contact address of the conversation control function node of this IMS network;
3), the sending and receiving short messages of native system and encryption/decryption module receive this Message message, it is resolved and parameter extraction, after being judged as MT short message service process, take destination Mobile Station International ISDN Number as the authentication that Subscriber Number carries out user profile, authentication successfully obtains the secret key of encryption and decryption.This model choice cryptographic algorithm, is encrypted computing according to encryption and decryption secret key pair content of short message part, obtains the ciphertext after encryption;
The sending and receiving short messages of native system and encryption/decryption module Reseal Message message, replace expressly with the plaintext after encryption, carry the algorithm of encryption identification, encryption simultaneously, the Message of this new encapsulation is delivered on the contact address of the address parameter indication of the Route header field arrived in Message message, both sent back to IMS conversation control function node;
4), IMS conversation control function node recognition go out current Message message be iFC mechanism trigger return message, give user terminal in being through searching of follow-up route;
5), the IP sending and receiving short messages module of user terminal receives this Message message, it is resolved and parameter extraction, after being judged as encrypting short message services flow process, the secret key of encryption and decryption is obtained from designated space, according to the cryptographic algorithm of carrying in Message message, this module calls corresponding decipherment algorithm with the secret key of encryption and decryption obtained and short message ciphertext for input, obtains decoded short message expressly, presents to user by user-machine interface.Return the successful respond of 200 OK of Message message simultaneously, return to by the path of passing on of Message message the short message service center started one by one.

Claims (6)

1. a method for the IP short message encryption and decryption of SMS-Based overIMS, is characterized in that:
LTE user by the mode of SMSoverIMS, when sending under IMS domain and receive IP short message, the encrypting short message services of IP short message to be content part be ciphertext;
Communicating terminal needs register the secret key obtaining encryption and decryption;
Application module communicating terminal being received and dispatched short message calls enciphering and deciphering algorithm when sending described encrypting short message services and is encrypted, and calls enciphering and deciphering algorithm be decrypted when receiving described encrypting short message services;
By the mode of SMSoverIMS, when receiving and dispatching IP short message under IMS domain, the signaling of IP short message is triggered to the IP short message encryption and decryption center of user attaching;
4), the IP short message encryption and decryption center of user attaching completes the encryption and decryption of network side:
4-1), to the short message received from user side, carry out the deciphering of content of short message part;
4-2), to the short message that will send to user, carry out the encryption of content of short message part;
After completing encryption and decryption, return to IMS core network and complete follow-up route.
2. the method for the IP short message encryption and decryption of a kind of SMS-Based overIMS as claimed in claim 1, is characterized in that the described secret key obtaining encryption and decryption of registering has following characteristics:
Carry out the parameter item of the iFC trigger condition of third-party registration to IP short message encryption and decryption center when current LTE user is configured with registration in the customer parameter information table of IMS domain;
Current LTE user passes through the mode of SMSoverIMS when IMS domain initiates initial registration registration or periodic registration registration, and IMS conversation control function node can carry out third-party registration according to the iFC mechanism of IMS domain to IP short message encryption and decryption center;
The negotiation flow process of the secret key of encryption and decryption between LTE user is initiated at IP short message encryption and decryption center.
3. the method for the IP short message encryption and decryption of a kind of SMS-Based overIMS as claimed in claim 1, the application module that it is characterized in that described communicating terminal is received and dispatched short message calls enciphering and deciphering algorithm when sending described encrypting short message services and is encrypted, call enciphering and deciphering algorithm when receiving described encrypting short message services to be decrypted, there is following characteristics:
For the business sending described encrypting short message services, sending and receiving short messages application module on communicating terminal enters encryption flow, call cryptographic algorithm, transfer the secret key pair content of short message consulted to be encrypted, and in the signaling message of the described encrypting short message services sent, identify current short message be encrypting short message services; Encryption flow is not entered to when being and sending common short message service;
For the process business of the described encrypting short message services received, the parameter that first sending and receiving short messages application module on communicating terminal is carried by short message message identifies whether as described encrypting short message services business, if identify it is described encrypting short message services business, enter deciphering flow process, call decipherment algorithm, transfer the secret key pair content of short message consulted to be decrypted, present afterwards and user; If be identified as common short message service, then do not enter deciphering flow process.
4. the method for the IP short message encryption and decryption of a kind of SMS-Based overIMS as claimed in claim 1, it is characterized in that the described mode by SMSoverIMS, when receiving and dispatching IP short message under IMS domain, the signaling of IP short message is triggered to the IP short message encryption and decryption center of user attaching, has following characteristics:
1), current LTE user is configured with the parameter item when the iFC trigger condition for the signaling of short message service being triggered to during described encrypting short message services business IP short message encryption and decryption center in the customer parameter information table of IMS domain;
2), when the signaling of the IP short message service of encryption is through IMS conversation control function node, the trigger condition according to iFC is triggered to IP short message encryption and decryption center by current signaling.
5. the method for the IP short message encryption and decryption of a kind of SMS-Based overIMS as claimed in claim 1, it is characterized in that: after the IP short message encryption and decryption center of user attaching completes the encryption and decryption of network side, return to IMS core network and complete follow-up route, there is following characteristics: process receives short message message and need divide MO short message service flow process and MT short message service flow process two kinds:
1), sending from user terminal the short message service come up is MO short message service, when MO short message service flow process, originating user and content of short message are extracted in IP short message encryption and decryption center from MO short message service demand signalling message, the secret key of deciphering of this user is found according to originating user, be decrypted by deciphering secret key pair content of short message, afterwards the content of short message after deciphering is replaced the content of short message part in this MO short message service demand signalling message, afterwards this MO short message service demand signalling message is gone back to IMS conversation control function node; IMS conversation control function node completes follow-up route;
2) short message service of, issuing user terminal is MT short message service, when MT short message service flow process, destination user and content of short message are extracted in IP short message encryption and decryption center from MT short message service demand signalling message, the secret key of encryption of this user is found according to destination user, be encrypted by encryption secret key pair content of short message, afterwards the content of short message after encryption is replaced the content of short message part in this MT short message service demand signalling message, afterwards this MT short message service demand signalling message is gone back to IMS conversation control function node; IMS conversation control function node completes follow-up route.
6. a kind of IP short message encrypting and deciphering system realizing method described in claim 1 as claimed in claim 1, is characterized in that described system comprises the SIP signalling module of system side platform, user's registration management module, secret key administration module, subscription and unsubscription module, the IP sending and receiving short messages module of sending and receiving short messages and encryption/decryption module, operating maintenance module, database module and end side, IMS network service condition administration module and SIP signalling module;
System side Platform deployment in the ims network, is communicated mutually by the ISC interface of IMS network with IMS conversation control function node, adopts Session Initiation Protocol; The modules of platform interior can carry out data interaction;
1), SIP signalling module is responsible for the parsing of Session Initiation Protocol and the management of SIP affairs and provides traffic scheduling interface to other modules, carries out data interaction with IMS conversation control function node by Session Initiation Protocol;
2), user's registration management module, be responsible for receiving the customer registration affair submitted up from SIP signalling module, the service condition of maintenance management user, the mailing address of recording user, and to the application of secret key administration module for registered user distributes secret key, interaction flow consulted by the secret key of assisting secret key administration module to complete between user;
3), secret key administration module, for registered user distributes secret key when the registered user being responsible for receiving user registration management module distributes the request of secret key, in the term of validity that user registers, manage the secret key of distribution; Be responsible for the secret key request receiving short message encryption module, the user profile according to carrying in request is searched and returns the secret key of this user within this waiting period;
4), subscription and unsubscription module, be responsible for receiving the opening an account of user, cancellation request, and generate corresponding relation simultaneously and be kept at database;
5), sending and receiving short messages and encryption/decryption module, be responsible for the message receiving short message service, search the secret key of user when determining that short message is described encrypting short message services to user's registration management and secret key administration module, and call and consult the enciphering and deciphering algorithm of specifying encryption and decryption operation is carried out to content of short message;
6), operational administrative module, provide and comprise the management of user's man-machine interface, be responsible for plant maintenance, alarm and statistic gathering in interior work;
7), database module, for user's registration management module, secret key administration module and subscription and unsubscription module three module service, the data of medium mode are provided to preserve, the data of preserving comprise number of users of opening an account, the encryption parameter of user, the current effective secret key of user, and user's active registration duration, user register the time started;
End side IP sending and receiving short messages module, IMS network service condition administration module and SIP signalling module, be in communicating terminal by as application:
1), there is the IP sending and receiving short messages module of encryption and decryption function, the described IP sending and receiving short messages module with encryption and decryption function has transmission encryption to described encrypting short message services and receiving and deciphering function, and when performing encryption and decryption and calculating, it reads the secret key of encryption and decryption from the memory space of specifying;
2), there is the IMS network service condition administration module of encryption function, the described IMS network service condition administration module with encryption function completes the assignment negotiation responsible management to secret key afterwards alternately of secret key in registration process, the secret key obtained is write the memory space of specifying simultaneously;
3), SIP signalling module, be responsible for the parsing of Session Initiation Protocol and the management of SIP affairs and provide traffic scheduling interface to the IP sending and receiving short messages module with encryption and decryption function and the IMS network service condition administration module with encryption function.
CN201510044746.7A 2015-01-29 2015-01-29 A kind of method of the IP short message encryption and decryption of based on SMS overIMS and IP short message encrypting and deciphering systems Active CN104618898B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510044746.7A CN104618898B (en) 2015-01-29 2015-01-29 A kind of method of the IP short message encryption and decryption of based on SMS overIMS and IP short message encrypting and deciphering systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510044746.7A CN104618898B (en) 2015-01-29 2015-01-29 A kind of method of the IP short message encryption and decryption of based on SMS overIMS and IP short message encrypting and deciphering systems

Publications (2)

Publication Number Publication Date
CN104618898A true CN104618898A (en) 2015-05-13
CN104618898B CN104618898B (en) 2018-06-05

Family

ID=53153132

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510044746.7A Active CN104618898B (en) 2015-01-29 2015-01-29 A kind of method of the IP short message encryption and decryption of based on SMS overIMS and IP short message encrypting and deciphering systems

Country Status (1)

Country Link
CN (1) CN104618898B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106060792A (en) * 2016-08-04 2016-10-26 浪潮集团有限公司 IP short message transceiving method based on TPM (Trusted Platform Module) encryption
CN107277001A (en) * 2017-06-12 2017-10-20 济南浪潮高新科技投资发展有限公司 A kind of IP SMS methods encrypted based on FPGA
CN115226095A (en) * 2022-09-19 2022-10-21 杭州诚智天扬科技有限公司 Privacy number application method and system based on IMS network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043701A (en) * 2006-03-23 2007-09-26 华为技术有限公司 Method for IP multimedia subsystem to provide register and call continuousness for mobile circuit domain user and system thereof
WO2007112650A1 (en) * 2006-03-30 2007-10-11 Huawei Technologies Co., Ltd. System, method and bm-sc for mbms service
CN101175237A (en) * 2007-10-16 2008-05-07 中国移动通信集团福建有限公司 MMS information source tracing method
CN101626567A (en) * 2009-06-29 2010-01-13 深圳华为通信技术有限公司 Short message sending and receiving method, short message sending and receiving device and mobile terminal
CN101720071A (en) * 2009-12-01 2010-06-02 郑州信大捷安信息技术有限公司 Short message two-stage encryption transmission and secure storage method based on safety SIM card

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043701A (en) * 2006-03-23 2007-09-26 华为技术有限公司 Method for IP multimedia subsystem to provide register and call continuousness for mobile circuit domain user and system thereof
WO2007112650A1 (en) * 2006-03-30 2007-10-11 Huawei Technologies Co., Ltd. System, method and bm-sc for mbms service
CN101175237A (en) * 2007-10-16 2008-05-07 中国移动通信集团福建有限公司 MMS information source tracing method
CN101626567A (en) * 2009-06-29 2010-01-13 深圳华为通信技术有限公司 Short message sending and receiving method, short message sending and receiving device and mobile terminal
CN101720071A (en) * 2009-12-01 2010-06-02 郑州信大捷安信息技术有限公司 Short message two-stage encryption transmission and secure storage method based on safety SIM card

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106060792A (en) * 2016-08-04 2016-10-26 浪潮集团有限公司 IP short message transceiving method based on TPM (Trusted Platform Module) encryption
CN107277001A (en) * 2017-06-12 2017-10-20 济南浪潮高新科技投资发展有限公司 A kind of IP SMS methods encrypted based on FPGA
CN115226095A (en) * 2022-09-19 2022-10-21 杭州诚智天扬科技有限公司 Privacy number application method and system based on IMS network
CN115226095B (en) * 2022-09-19 2023-01-06 杭州诚智天扬科技有限公司 Privacy number application method and system based on IMS network

Also Published As

Publication number Publication date
CN104618898B (en) 2018-06-05

Similar Documents

Publication Publication Date Title
US7296156B2 (en) System and method for SMS authentication
CN107026824B (en) A kind of message encryption, decryption method and device
CN109345245B (en) Short message verification method, device, network and storage medium based on block chain
CN103987037A (en) Secret communication implementation method and device
CN106899969A (en) Specific secrecy terminal system implementation method based on iOS system
CN103906052A (en) Mobile terminal authentication method, service access method and equipment
CN103210607A (en) Secure registration to a service provided by a web server
CN105007163B (en) Transmission, acquisition methods and the transmission of wildcard, acquisition device
KR102567737B1 (en) Method providing secure message service and apparatus therefor
CN105657702A (en) Authentication method, authentication system, authentication method of mobile terminal and mobile terminal
CN105407479A (en) Information recognition method, information gateway, SIM card, and system
CN103297940A (en) Short message encryption communication system and method
CN104618898A (en) Method and system for encrypting/ decrypting IP (Internet Protocol) short messages based on SMS (Short Messaging Service) over IMS (IP Multimedia Subsystem)
CN104917718A (en) Method and terminal for fast authentication of mobile terminal user and application server
US20130183934A1 (en) Methods for initializing and/or activating at least one user account for carrying out a transaction, as well as terminal device
US10028141B2 (en) Method and system for determining that a SIM and a SIP client are co-located in the same mobile equipment
CN108235310A (en) Method, server and the system of identification camouflage telephone number
CN110324824A (en) Vice card adding method, user terminal and block chain network system
KR101774845B1 (en) System and method of Safe Message Advising
US20210153011A1 (en) System and method for securing electronic message
CN111988777B (en) Method for processing one number double-terminal service, core network equipment and server
CN114765546A (en) End-to-end hard encryption method, system, encryption equipment and key management server
CN110933670A (en) Security USIM card for realizing main authentication enhancement and main authentication method of terminal
CN105813035B (en) Method, system and network equipment for identifying secret voice service
KR101527053B1 (en) System for supporting the mobile terminal having the protection of private life from wiretapping and hacking into network on communications terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant