CN106534044A - Method and device for encrypting voice call - Google Patents
Method and device for encrypting voice call Download PDFInfo
- Publication number
- CN106534044A CN106534044A CN201510572139.8A CN201510572139A CN106534044A CN 106534044 A CN106534044 A CN 106534044A CN 201510572139 A CN201510572139 A CN 201510572139A CN 106534044 A CN106534044 A CN 106534044A
- Authority
- CN
- China
- Prior art keywords
- key information
- calling
- call
- called
- voice call
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
The embodiment of the invention discloses a method for encrypting a voice call. The method includes the following steps: calling UE sends a call request message, and Session Description Protocol (SDP) of the call request message proposal signaling of the call request message carries at least one group of secret key information supported by the calling UE; a call answer message is received; under the circumstance that SDP answer signaling of the call answer message carries a group of secret key information selected by called UE from the at least one group of secret key information, first voice call data encrypted using the selected group of secret key information are sent; and in addition, after encrypted second voice call data is received, the selected group of secret key information is used to decrypt the encrypted second voice call data. The embodiment of the invention discloses a device for encrypting a voice call.
Description
Technical field
The present invention relates to voice on Long Term Evolution (LTE, Long Term Evolution) network (VoLTE,
Voice over LTE) technology, more particularly to a kind of encryption method of voice call and device.
Background technology
Vo LTE technologies are real based on IP Multimedia System (IMS, IP Multimedia Subsystem)
It is existing, although IMS itself provides a set of complicated and safer certification, authentication mechanism, but with evil
Meaning monitors more and more universal, and the existing security mechanisms of Vo LTE can not meet demand.
The medium surface encryption technology of IMS, is session border usually in terminal and IMS access side devices at present
Encryption is set up between controller (SBC, Session Border Controller), and is not between network side
Encryption, so it is easy to maliciously be monitored.Especially consider follow-up Vo LTE technologies as the main flow of voice
Technique Popularizing, and Vo LTE itself are based on the such a fact of IP technologies, Vo LTE voices are by hostile country
The problem that family's malice is monitored can even rise to the aspect of national security.
The content of the invention
In view of this, the embodiment of the present invention is expected to provide a kind of encryption method of voice call and device, can be with
Improve the safety of call.
For reaching above-mentioned purpose, the technical scheme is that what is be achieved in that:
A kind of encryption method of voice call, methods described include:
Calling subscriber equipment UE sends call request message, the Session Description Protocol of the call request message
SDP carries the least one set key information that the calling UE is supported in proposing signaling;
The calling UE receives call answering message;
Called UE is carried in the SDP response signalings of the call answering message close from the least one set
In the case of the group key information selected in key information, the calling UE sends using the selection
The first voice call data after group key information encryption;Also, the calling UE is after encryption is received
The second voice call data after, using a group key information of the selection to the second language after the encryption
Sound communicating data is decrypted.
In such scheme, key information is not carried in the SDP response signalings of the call answering message
In the case of, the calling UE sends the first voice call data, and receives the second voice call data.
In such scheme, call encryption indication information in the call request message, is also carried;Exhale described
Carry in being response message in the case of not using call encryption indication information, the calling UE sends the
One voice call data, and receive the second voice call data.
In such scheme, the SDP of the call request message also carries first key information in proposing signaling,
First key information is carried also in the SDP response signalings of the call answering message;
The group key information selected described in the calling UE application is carried out once to the first voice call data
Encryption, the first voice call data after reapplying the first key information to once encrypting carry out secondary adding
After close, the SBC of calling UE side is sent to;
Also, the calling UE receives the second voice after the secondary encryption that the SBC of calling UE side sends
The second voice call data after secondary encryption are carried out once by communicating data using the first key information
Decryption, the second voice call data after reapplying a group key information of selection to once decrypting carry out secondary
Decryption.
A kind of encryption method of voice call, methods described include:
Called subscriber equipment UE receives call request message, the Session Description Protocol of the call request message
SDP carries the least one set key information that the calling UE is supported in proposing signaling;
In the case where speech scrambling is supported, called UE selects one from the least one set key information
Group key information, sends call answering message;Wherein, in the SDP response signalings of the call answering message
Carry the group key information that called UE is selected from the least one set key information;
The called UE sends the second voice call number after the group key information encryption using the selection
According to;Also, after the first voice call data of the called UE after encryption is received, using the choosing
The group key information selected is decrypted to the first voice call data after the encryption.
In such scheme, methods described also includes:
The calling UE carried in not supporting SDP described in speech scrambling or None- identified to propose signaling
In the case of the least one set key information held, call answering message is sent, wherein, the call answering disappears
Key information is not carried in the SDP response signalings of breath;
The called UE sends the second voice call data;And receive the first voice call data.
In such scheme, call encryption indication information in the call request message, is also carried;
In the case where speech scrambling is not supported, call answering message is sent, wherein, the call answering disappears
Carry in breath and do not use call encryption indication information;
The called UE sends the second voice call data;And receive the first voice call data.
In such scheme, in the SDP response signalings of the call request message, the second key information is also carried,
Second key information is carried also in the SDP response signalings of the call answering message;
The group key information selected described in the called UE application is carried out once to the second voice call data
Encryption, the second voice call data after reapplying second key information to once encrypting carry out secondary adding
After close, the SBC of called UE side is sent to;
Also, the called UE after the secondary encryption that the SBC for receiving called UE side sends first
After voice call data, the first voice call data after secondary encryption are entered using second key information
Row is once decrypted, and the group key information for reapplying selection enters to the first voice call data after once decryption
The secondary decryption of row.
A kind of encryption method of voice call, methods described include:
The Session Border Controller SBC of calling subscriber equipment UE sides receives call request message, the calling
The Session Description Protocol SDP of request message carries the least one set key of calling UE support in proposing signaling
Information;
The SBC of calling UE side forwards the call request message;
The SBC of calling UE side receives call answering message, and the call answering message is transmitted to described
Calling UE;Wherein, called UE is carried in the SDP response signalings of the call answering message from described
The group key information selected in least one set key information.
In such scheme, the SDP of the call request message also carries first key information in proposing signaling,
The SBC of the calling UE side forwards the call request message to include:
The call request message after the first key information is deleted in the SBC forwardings of the calling UE side;
It is described the call answering message is transmitted to into the calling UE to include:
Institute is transmitted to after the first key information is carried in the SDP response signalings of the call answering message
State calling UE;
After the call answering message is transmitted to the calling UE, methods described also includes:
The SBC of the calling UE side receives the first voice call data after secondary encryption, using described the
After one key information is once decrypted to the first voice call data after secondary encryption, forwarding is once decrypted
The first voice call data afterwards;
The SBC of the calling UE side receives the second voice call data after once decrypting, using described the
One key information carries out, after secondary encryption, being sent to calling UE to the second voice call data after once decryption.
A kind of encryption method of voice call, methods described include:
The Session Border Controller SBC of called subscriber equipment UE sides receives call request message, and will be described
Call request message is transmitted to the called UE, and the Session Description Protocol SDP of the call request message is carried
The least one set key information that the calling UE is supported is carried in view signaling;
The SBC of called UE side is received and forwarded call response message;Wherein, the call answering message
The group key letter that called UE is selected from the least one set key information is carried in SDP response signalings
Breath.
In such scheme, the call request message is transmitted to the called UE by the SBC of called UE side
Including:
The SBC of called UE side carries the second key letter in the SDP of the call request message proposes signaling
After breath, the called UE is transmitted to;
The SBC of the called UE side is received and forwarded call response message includes:
The SBC receptions of the called UE side carry the calling of the second key information in SDP response signalings should
Message is answered, and forwards the call answering message after deleting second key information;
After the SBC forwarded call response messages of called UE side, methods described also includes:
The SBC of the called UE side receives the first voice call data after once decrypting, using described the
Two key informations carry out, after secondary encryption, being sent to called UE to the first voice call data after once decryption;
The SBC of the called UE side receives the second voice call data after secondary encryption, using described the
After two key informations are once decrypted to the second voice call data after secondary encryption, forwarding is once decrypted
The second voice call data afterwards.
A kind of calling subscriber equipment UE, the calling UE include:
First transmitting element, for sending call request message, the conversation description association of the call request message
View SDP carries the least one set key information that the calling UE is supported in proposing signaling;
First receiving unit, for receiving call answering message;
First transmitting element, the call answering message for being additionally operable to receive in first receiving unit
The group key letter that called UE is selected from the least one set key information is carried in SDP response signalings
In the case of breath, the first voice call data after the group key information encryption using the selection are sent;
First receiving unit, is additionally operable to carry in the SDP response signalings of the call answering message
In the case of the group key information that called UE is selected from the least one set key information, encryption is received
The second voice call data afterwards, using a group key information of the selection to the second language after the encryption
Sound communicating data is decrypted.
In such scheme, first transmitting element is additionally operable in exhaling that first receiving unit is received
In the case of key information is not carried in the SDP response signalings for being response message, the first voice call is sent
Data;
First receiving unit, is additionally operable to not carry in the SDP response signalings of call answering message close
In the case of key information, the second voice call data are received.
In such scheme, call encryption indication information in the call request message, is also carried;
First transmitting element, is additionally operable in the call answering message that first receiving unit is received
Carrying in the case of do not use call encryption indication information, sending the first voice call data;
First receiving unit, is additionally operable to carry in the call answering message for receiving and do not use call
In the case of encryption indication information, the second voice call data are received.
In such scheme, the SDP of the call request message also carries first key information in proposing signaling,
First key information is carried also in the SDP response signalings of the call answering message;
First transmitting element, is additionally operable to using a group key information of the selection to the first voice call
Data are once encrypted, the first voice call number after reapplying the first key information to once encrypting
According to carrying out, after secondary encryption, being sent to the SBC of calling UE side;
First receiving unit, be additionally operable to receive after the secondary encryption that the SBC of calling UE side sends the
The second voice call data after secondary encryption are entered by two voice call data using the first key information
Row is once decrypted, and the group key information for reapplying selection enters to the second voice call data after once decryption
The secondary decryption of row.
A kind of called subscriber equipment UE, the called UE include:
Second receiving unit, for receiving call request message, the conversation description association of the call request message
View SDP carries the least one set key information that the calling UE is supported in proposing signaling;
Second transmitting element, in the case where speech scrambling is supported, receiving from second receiving unit
To the least one set key information in select a group key information, send call answering message;Wherein,
Called UE is carried in the SDP response signalings of the call answering message from the least one set key information
One group key information of middle selection;
Second receiving unit, is additionally operable to the first voice call data after receiving encryption, using the choosing
The group key information selected is decrypted to the first voice call data after the encryption;
Second transmitting element, the be additionally operable to after sending the group key information encryption using the selection
Two voice call data.
In such scheme, second transmitting element is additionally operable to do not supporting speech scrambling or None- identified institute
In the case of stating the least one set key information that the calling UE carried during SDP proposes signaling is supported, send out
Call answering message is sent, wherein, key letter in the SDP response signalings of the call answering message, is not carried
Breath;
Second transmitting element, is additionally operable to send the second voice call data;
Second receiving unit, is additionally operable to receive the first voice call data.
In such scheme, call encryption indication information in the call request message, is also carried;
Second transmitting element, is additionally operable to, in the case where speech scrambling is not supported, send call answering and disappear
Breath, wherein, carries in the call answering message and do not use call encryption indication information;
Second transmitting element, is additionally operable to send the second voice call data;
Second receiving unit, is additionally operable to receive the first voice call data.
In such scheme, the SDP of the call request message also carries the second key information in proposing signaling;
Second key information is carried also in the SDP response signalings of the call answering message;
Second transmitting element, for the group key information using the selection to the second voice call number
The second voice call data according to once being encrypted, after reapplying second key information to once encrypting
After carrying out secondary encryption, the SBC of called UE side is sent to;
Second receiving unit, be additionally operable to receive after the secondary encryption that the SBC of called UE side sends the
The first voice call data after secondary encryption are entered by one voice call data using second key information
Row is once decrypted, and the group key information for reapplying selection enters to the first voice call data after once decryption
The secondary decryption of row.
A kind of Session Border Controller SBC of calling subscriber equipment UE sides, the SBC of the calling UE side
Including:
3rd receiving unit, for receiving call request message, the conversation description association of the call request message
View SDP carries the least one set key information of calling UE support in proposing signaling;
3rd transmitting element, for the call request message for forwarding the 3rd receiving unit to receive;
3rd receiving unit, is additionally operable to receive call answering message, wherein, the call answering message
SDP response signalings in carry the group key that called UE is selected from the least one set key information
Information;
3rd transmitting element, is also turned with the call answering message for receiving the 3rd receiving unit
Issue the calling UE.
In such scheme, the SDP of the call request message also carries first key information in proposing signaling;
3rd transmitting element, the call request deleted after the first key information specifically for forwarding disappear
Breath;And carry described in the SDP response signalings of the call answering message that the 3rd receiving unit is received
The calling UE is transmitted to after first key information;
3rd receiving unit, the first voice call data after being additionally operable to receive secondary encryption;
3rd transmitting element, is additionally operable to connect the 3rd receiving unit using the first key information
After the first voice call data after the secondary encryption for receiving once are decrypted, forwarding once decrypt after the
One voice call data;
3rd receiving unit, is additionally operable to the second voice call data after receiving once decryption;
3rd transmitting element, is additionally operable to using the first key information to the second language after once decryption
After sound communicating data carries out secondary encryption, calling UE is sent to.
In such scheme, the SBC of the called UE side includes:
4th receiving unit, for receiving call request message, the SDP of the call request message proposes letter
The least one set key information that the calling UE is supported is carried in order;
4th transmitting element, it is described for the call request message that the 4th receiving unit is received is transmitted to
Called UE;
4th receiving unit, is additionally operable to receive call answering message, wherein, the call answering message
SDP response signalings in carry the group key that called UE is selected from the least one set key information
Information;
4th transmitting element, is additionally operable to forwarded call response message.
In such scheme, the 4th transmitting element, specifically for exhaling of receiving the 4th receiving unit
After making the SDP of request message the second key information is carried in proposing signaling, be transmitted to the called UE;
4th receiving unit, is additionally operable to reception and carries exhaling for the second key information in SDP response signalings
It is response message;
4th transmitting element, the call answering deleted after second key information specifically for forwarding disappear
Breath;
4th receiving unit, is additionally operable to the first voice call data after receiving once decryption;
4th transmitting element, is additionally operable to what is the 4th receiving unit received using second key information
After the first voice call data after once decrypting carry out secondary encryption, called UE is sent to;
4th receiving unit, the second voice call data after being additionally operable to receive secondary encryption;
4th transmitting element, is additionally operable to connect the 4th receiving unit using second key information
After the second voice call data after the secondary encryption received once are decrypted, second after once decrypting is forwarded
Voice call data.
Embodiments provide a kind of encryption method of voice call and device, calling UE and called UE
The key adopted when going out and transmit voice call data between calling UE and called UE using SDP signaling negotiations
The group key information that information is selected, then using a group key information of the selection, calling UE and quilt
Either one for crying in UE is encrypted to the voice call data for needing transmission, then by the voice after encryption
By each device transmission in transmission link to the opposing party, the opposing party receives the voice after encryption and leads to communicating data
After words data, a group key information of the good selection of application negotiation is decrypted, and so obtains voice
Communicating data, the embodiment of the present invention realize the End to End Encryption of voice call, make voice call data whole
All in encrypted state in individual transmitting procedure, the safety of voice call is improve.In addition, UE and UE
Transmission voice call data between the SBC of side can realize secondary encryption, thus more improve call
Safety;And scheme provided in an embodiment of the present invention has been also compatible with leading to when called UE does not support speech scrambling
Words method, the various possible situation occurred in realizing communication process.
Description of the drawings
Fig. 1 is a kind of encryption method schematic flow sheet of voice call that the embodiment of the present invention 1 is provided;
Fig. 2 is a kind of encryption side of voice call for being applied to calling UE side that the embodiment of the present invention 1 is provided
Method schematic flow sheet;
Fig. 3 is a kind of encryption side of voice call for being applied to called UE side that the embodiment of the present invention 1 is provided
Method schematic flow sheet;
Fig. 4 is a kind of voice call of SBC sides for being applied to calling UE side that the embodiment of the present invention 1 is provided
Encryption method schematic flow sheet;
Fig. 5 is a kind of voice call of SBC sides for being applied to called UE side that the embodiment of the present invention 1 is provided
Encryption method schematic flow sheet;
Fig. 6 is a kind of encryption method schematic flow sheet of voice call that the embodiment of the present invention 2 is provided;
Fig. 7 is the encryption method schematic flow sheet of another kind of voice call that the embodiment of the present invention 2 is provided;
Fig. 8 is the encryption method schematic flow sheet of another kind of voice call that the embodiment of the present invention 2 is provided;
Fig. 9 is a kind of structured flowchart of calling UE that the embodiment of the present invention 3 is provided;
Figure 10 is a kind of structured flowchart of called UE that the embodiment of the present invention 3 is provided;
Figure 11 is a kind of structured flowchart of the SBC of calling UE side that the embodiment of the present invention 3 is provided;
Figure 12 is a kind of structured flowchart of the SBC of called UE side that the embodiment of the present invention 3 is provided.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly
Chu, it is fully described by.
The embodiment of the present invention is applied to Vo LTE call scenes, and the call scene is based on the communication system shown in Fig. 1
System, the communication system include calling UE, the SBC (SBC1 shown in Fig. 1) of calling UE side,
IMS, the SBC (SBC2 shown in Fig. 1) of called UE side, called UE.Calling UE with it is called
When UE is conversed, calling UE needs first to send call request message, and the call request message leads to successively
Called UE is sent to after crossing the SBC of calling UE side, IMS, the SBC of called UE side;Called UE connects
Can send call answering message after receiving the call request message, the call answering message pass sequentially through by
Calling UE is sent to after being the SBC of UE sides, IMS, the SBC of calling UE side.So calling UE and
Called UE can be carried out voice call, the voice call data between the calling UE and called UE
It is that SBC through the SBC of called UE side, IMS, calling UE side is transmitted.
In the prior art, in order to ensure that the data transfer between the SBC of safety, UE and the UE sides is
Set up encryption;Example, in voice call process, calling UE can be by after voice call data encryption
The SBC of calling UE side is sent to, after the SBC decryption of calling UE side, then voice call data is passed through
IMS is sent to the SBC of called UE side;The SBC of called UE side will can be sent out after voice call data encryption
Called UE is given, after called UE decryption, voice call data, the use of such called UE side can be played
The voice that calling UE is sended over can just be heard in family.Called UE sends voice call data to calling UE
Process and calling UE it is identical to the process that called UE sends voice call data, specifically refer to the above
Description.
From the foregoing, it will be observed that in the prior art, when transmitting voice call data between called UE and calling UE,
Voice call data the SBC of called UE side, IMS, calling UE side SBC these network equipments
Between transmission be not through encryption, be so easy to maliciously be monitored, security performance is bad.
In embodiments of the present invention, when transmitting voice call data between calling UE and called UE, voice
Communicating data is between the SBC of called UE side, IMS, SBC these network equipments of calling UE side
Transmission be all through encryption, can thus improve the safety of call.
A kind of encryption method of voice call is embodiments provided, as shown in figure 1, the present embodiment side
The handling process of method is comprised the following steps:
Step 101, calling UE send call request message, and the SBC of calling UE side receives call request
Message.
Wherein, the SDP of the call request message carries the calling UE and supports extremely in proposing signaling
A few group key information.
When carrying out Vo LTE and conversing, calling UE needs first to send call request message to called UE,
During this, calling UE needs call request message is first sent to the equipment of network side, then by network
The device forwards of side are to called UE.In the present embodiment method, the call request message is sent to by calling UE
The SBC of calling UE side.
The form that key information is carried in signaling is illustrated to be proposed to SDP here:The call request disappears
The SDP of breath is that SDP proposes (offer) signaling, and key information can be (right as concrete Media Stream in SDP
Answer a specific m row) attribute description exist, be specifically denoted as a rows.Such as:The prototype definition of a rows
A=crypto:<tag><crypto-suite><key-params>[<session-params>];Each field in a rows
Implication is as follows:
Tag (label) is used for uniquely determining a crypto in m rows;
Crypto-suite (encrypted combination) includes Security Real Time Protocol (SRTP, Secure Real-time
Transport Protocol) AES and message authentication algorithm;
Key-params (key parameter) includes master key, main salt adding (Salt) value and its time-to-live;
Session-params (session parameter) includes session key derivation rate, SRTP payload encryption marks
The information such as will, SRTP certification protective emblems, SRTP playback lists length.
Step 102, the SBC of calling UE side forward the call request message, the SBC of called UE side
Receive the call request message.
After the SBC of calling UE side receives the call request message, the call request is forwarded to IMS.
After the IMS receives the call request message, the call request is forwarded to the SBC of called UE side,
The SBC of called UE side receives the call request message.
The call request message is transmitted to the called UE, quilt by step 103, the SBC of called UE side
UE is made to receive call request message..
Step 104, support speech scrambling in the case of, called UE is from the least one set key information
A group key information is selected, call answering message is sent, the SBC of called UE side receives call answering and disappears
Breath.
Wherein, called UE is carried from described at least one in the SDP response signalings of the call answering message
The group key information selected in group key information.
Here it should be noted that the call answering message can be 200OK message, or
183 message, depending on concrete application scene.
Step 105, the SBC of called UE side forward the call answering message, the SBC of calling UE side
Receive call answering message.
The SBC of called UE side forwards the call answering message to arrive after receiving the call answering message
The call answering message is forwarded to the SBC of calling UE side, calling UE side again for IMS, the IMS
SBC receive call answering message.
The call answering message is transmitted to the calling UE, institute by step 106, the SBC of calling UE side
State calling UE and receive call answering message.
Now, called UE is carried from described at least one in the SDP response signalings of the call answering message
The group key information selected in group key information.Between so described calling UE and the called UE just
A group key information of the i.e. described selection of key information adopted during transmission voice call data is consulted.
In the present embodiment method, between calling UE and called UE, during arranging key information, SDP is used
In Offer/Answer models, Offer side be calling UE send call request message in carry SDP
Propose signaling, the SDP proposes some each crypto attribute items defined in signaling, illustrates calling UE institute energy
(group key information is by encrypted combination, key parameter, session parameter to the least one set key information of support
Etc. a group information of information composition);Answer side is that called UE selects an encrypted set that oneself can be supported
It is a group key information to close crypto attribute items, issues Offer side i.e. in being attached to SDP Answer signalings
Calling UE, consults to complete.
The group key information of step 107, calling UE and called UE using the selection, to transmitting procedure
In voice call data be encrypted.
Called UE is carried in the SDP response signalings of the call answering message close from the least one set
In the case of the group key information selected in key information, the calling UE sends using the selection
The first voice call data after group key information encryption;The first voice call data after encryption
After sequentially passing through the SBC of calling UE side, IMS, the transparent transmission of the SBC of called UE side, send to called
UE;After the first voice call data of the called UE after encryption is received, using the one of the selection
Group key information is decrypted to the first voice call data after the encryption.
In the same manner, the called UE sends the second voice after the group key information encryption using the selection
Communicating data;The second voice call data after encryption sequentially pass through called UE side SBC,
After IMS, the transparent transmission of the SBC of calling UE side, send to calling UE;The calling UE receiving plus
After the second voice call data after close, using a group key information of the selection to the encryption after
Two voice call data are decrypted.
So, calling UE and called UE both sides when voice call is carried out, voice call data are in caller
Transmission between UE and called UE is all through encryption, that is, to realize and encrypt end to end, thus can be with
Improve the safety of call.
The present embodiment method, calling UE and called UE application SDP signaling negotiations go out calling UE and called
The group key information that the key information adopted when transmitting voice call data between UE is selected, then adopts
One group key information of the selection, either one in calling UE and called UE lead to the voice for needing transmission
Words data are encrypted, then by the voice call data after encryption by each device transmission in transmission link
To the opposing party, after the opposing party receives the voice call data after encryption, the one of the good selection of application negotiation
Group key information is decrypted, and so obtains voice call data, and the present embodiment method realizes voice and leads to
The End to End Encryption of words, makes voice call data in whole transmitting procedure all in encrypted state, improves
The safety of voice call.
Individually below from calling UE, called UE, the SBC of calling UE side, SBC pair of called UE side
Method in above-mentioned Fig. 1 is described, and detailed process refers to the description above.
The embodiment of the present invention additionally provides a kind of encryption method of voice call, is applied to calling UE side,
As shown in Fig. 2 the handling process of the present embodiment method is comprised the following steps:
Step 201, calling UE send call request message, the Session Description Protocol of the call request message
SDP carries the least one set key information that the calling UE is supported in proposing signaling.
Step 202, the calling UE receive call answering message.
Step 203, called UE is carried in the SDP response signalings of the call answering message from described
In the case of the group key information selected in least one set key information, the calling UE sends and applies institute
State the first voice call data after the group key information encryption of selection;Also, the calling UE is connecing
After receiving the second voice call data after encryption, using a group key information of the selection to the encryption
The second voice call data afterwards are decrypted.
The embodiment of the present invention additionally provides a kind of encryption method of voice call, is applied to called UE side, such as
Shown in Fig. 3, the handling process of the present embodiment method is comprised the following steps:
Step 301, called UE receive call request message, the Session Description Protocol of the call request message
SDP carries the least one set key information that the calling UE is supported in proposing signaling.
Step 302, support speech scrambling in the case of, called UE is from the least one set key information
A group key information is selected, call answering message is sent.
Wherein, called UE is carried from described at least one in the SDP response signalings of the call answering message
The group key information selected in group key information;
Step 303, the called UE send the second language after the group key information encryption using the selection
Sound communicating data;Also, after the first voice call data of the called UE after encryption is received, should
The first voice call data after the encryption are decrypted with a group key information of the selection.
The embodiment of the present invention additionally provides a kind of encryption method of voice call, is applied to the SBC of calling UE side,
As shown in figure 4, the handling process of the present embodiment method is comprised the following steps:
Step 401, the SBC of calling UE side receive call request message, the meeting of the call request message
Words description agreement SDP carries the least one set key information of calling UE support in proposing signaling.
Step 402, the SBC of calling UE side forward the call request message.
Step 403, the SBC of calling UE side receive call answering message, and by the call answering message
It is transmitted to the calling UE;Wherein, carry in the SDP response signalings of the call answering message called
The group key information that UE is selected from the least one set key information.
The embodiment of the present invention additionally provides a kind of encryption method of voice call, is applied to the SBC of called UE side,
As shown in figure 5, the handling process of the present embodiment method is comprised the following steps:
Step 501, the SBC of called UE side receive call request message, and by the call request message
The called UE is transmitted to, the Session Description Protocol SDP of the call request message is carried in proposing signaling
The least one set key information for having the calling UE to support.
Step 502, the SBC of called UE side are received and forwarded call response message;Wherein, the calling
Carry what called UE was selected from the least one set key information in the SDP response signalings of response message
One group key information.
In the present embodiment, the method and step of each equipment side described in Fig. 2-Fig. 5 specifically may be referred to Fig. 1 institutes
Description in the method flow stated, is no longer described in detail one by one.
Embodiment 2
SBCs of the SBC1 shown in the present embodiment Fig. 6-Fig. 8 for calling UE side, SBC2 is called UE
The SBC of side.
In method described in embodiment 1, called UE supports speech scrambling, such calling UE and called UE
Between voice call can just encrypt and carry out;However, called UE is also possible to not support speech scrambling, this
In the case of kind, the embodiment of the present invention additionally provides a kind of encryption method of voice call, as shown in fig. 6, this
The handling process of embodiment method is comprised the following steps:
Step 601, calling UE send call request message, and the SBC of calling UE side receives call request
Message.
Wherein, the SDP of the call request message carries the calling UE and supports extremely in proposing signaling
A few group key information.
When carrying out Vo LTE and conversing, calling UE needs first to send call request message to called UE,
During this, calling UE needs call request message is first sent to the equipment of network side, then by network
Call request message first can be sent by the device forwards of side to called UE, the in the present embodiment calling UE
To the SBC of the calling UE side;The SBC of calling UE side receives call request message.
Step 602, the SBC of calling UE side forward the call request message, the SBC of called UE side
Receive the call request message.
After the SBC of calling UE side receives the call request message, the call request is forwarded to IMS.
After the IMS receives the call request message, the call request is forwarded to the SBC of called UE side,
The SBC of called UE side receives the call request message.
The call request message is transmitted to the called UE, quilt by step 603, the SBC of called UE side
UE is made to receive call request message.
Step 604, called UE are taken in not supporting SDP described in speech scrambling or None- identified to propose signaling
In the case of the least one set key information that the calling UE of band is supported, call answering message is sent;Quilt
The SBC of UE sides is made to receive call answering message.
Wherein, key information is not carried in the SDP response signalings of the call answering message.
Step 605, the SBC forwarded call response messages of called UE side, the SBC of calling UE side are received
Call answering message.
The SBC of called UE side forwards the call answering message to arrive after receiving the call answering message
The call answering message is forwarded to the SBC of calling UE side, calling UE side again for IMS, the IMS
SBC receive call answering message.
The call answering message is transmitted to the calling UE, institute by step 606, the SBC of calling UE side
State calling UE and receive call answering message.
Now, key information is not carried in the SDP response signalings of the call answering message, i.e., described master
UE and the called UE is made to consult the key information failure adopted during transmission voice call data, it is described
Calling UE and the called UE will carry out unencrypted call i.e. unencryped word.
Step 607, calling UE and called UE carry out non-encrypted voice call.
Calling UE and called UE carry out non-encrypted voice call with voice call process phase of the prior art
Together, the calling UE sends the first voice call data, and the first voice call data sequentially pass through master
After being the SBC of UE sides, IMS, the transparent transmission of the SBC of called UE side, send to called UE;The quilt
UE is made to receive the first voice call data.The called UE sends the second voice call data, and described the
Two voice call data sequentially pass through the SBC of called UE side, IMS, the transparent transmission of the SBC of calling UE side
Afterwards, send to calling UE;The calling UE receives the second voice call data.
Method described in Fig. 6 cannot be distinguished by called UE be not encrypted call be do not support speech scrambling or
The least one set key information that the calling UE that SDP described in None- identified is carried in proposing signaling is supported,
Therefore the embodiment of the present invention additionally provides a kind of encryption method of voice call, as shown in fig. 7, the present embodiment side
The handling process of method is comprised the following steps:
Step 701, calling UE send call request message, and the SBC of calling UE side receives call request
Message.
Wherein, the SDP of the call request message carries the calling UE and supports extremely in proposing signaling
A few group key information, also carries call encryption indication information in the call request message.
Example, the call request message can be sip message, and the call encryption indication information can be with
Carry the head in sip message.
When carrying out Vo LTE and conversing, calling UE needs first to send call request message to called UE,
During this, calling UE needs call request message is first sent to the equipment of network side, then by network
Call request message first can be sent by the device forwards of side to called UE, the in the present embodiment calling UE
To the SBC of the calling UE side, the SBC of calling UE side receives call request message.
Step 702, the SBC of calling UE side forward the call request message, the SBC of called UE side
Receive the call request message.
After the SBC of calling UE side receives the call request message, the call request is forwarded to IMS.
After the IMS receives the call request message, the call request is forwarded to the SBC of called UE side,
The SBC of called UE side receives the call request message.
The call request message is transmitted to the called UE, quilt by step 703, the SBC of called UE side
UE is made to receive call request message.
Step 704, called UE send call answering message in the case where speech scrambling is not supported, called
The SBC of UE sides receives call answering message.
Wherein, carry in the call answering message and do not use call encryption indication information.
After called UE receives call request message, if not supporting to use speech scrambling, called UE meeting
Carry in call answering message and do not use call encryption indication information, to inform that calling UE oneself is not propped up
Hold and use speech scrambling.Called UE is by the SBC for making response message be sent to called UE side, called
The SBC of UE sides receives call answering message.
Step 705, the SBC forwarded call response messages of called UE side, the SBC of calling UE side are received
Call answering message.
The SBC of called UE side forwards the call answering message to arrive after receiving the call answering message
The call answering message is forwarded to the SBC of calling UE side, calling UE side again for IMS, the IMS
SBC receive call answering message.
The call answering message is transmitted to the calling UE, institute by step 706, the SBC of calling UE side
State calling UE and receive call answering message.
Now, key information is not carried in the SDP response signalings of the call answering message, i.e., described master
UE and the called UE is made to consult the key information failure adopted during transmission voice call data, it is described
Calling UE and the called UE will carry out unencrypted call i.e. unencryped word.
Step 707, calling UE and called UE carry out non-encrypted voice call.
Calling UE and called UE carry out non-encrypted voice call with voice call process phase of the prior art
Together, the calling UE sends the first voice call data, and the first voice call data sequentially pass through master
After being the SBC of UE sides, IMS, the transparent transmission of the SBC of called UE side, send to called UE;The quilt
UE is made to receive the first voice call data.The called UE sends the second voice call data, and described the
Two voice call data sequentially pass through the SBC of called UE side, IMS, the transparent transmission of the SBC of calling UE side
Afterwards, send to calling UE;The calling UE receives the second voice call data.
In the actual deployment of IMS, the encryption for accessing side between UE and the SBC of its side, is generally there are,
The End to End Encryption described in Fig. 1 is added it to, secondary encryption is now there is, therefore the embodiment of the present invention is also
There is provided a kind of encryption method of voice call, as shown in figure 8, the handling process of the present embodiment method includes
Following steps:
Step 801, calling UE send call request message, and the SBC of calling UE side receives call request
Message.
Wherein, the SDP of the call request message carries the calling UE and supports extremely in proposing signaling
A few group key information, the SDP of the call request message also carry first key information in proposing signaling,
The communication encryption that the first key information is used between the calling UE and the SBC of calling UE side.
Because being related to secondary encryption, two kinds of key informations are needed in calling UE side, then two kinds of key informations:
The least one set key information and the first key information that calling UE is supported is needed in SDP proposes signaling
To propose in signaling two in same Media Stream (m rows) for example as SDP as two independent sectors
The independent attribute of group is present.
When carrying out Vo LTE and conversing, calling UE needs first to send call request message to called UE,
During this, calling UE needs call request message is first sent to the SBC of calling UE side, then leads to
Cross each network equipment and be sent to called UE.
Calling after step 802, the SBC forwarding deletions first key information of the calling UE side please
The SBC of message, called UE side is asked to receive the call request message.
After the SBC of calling UE side receives the call request message, need first to store the call request
First key information in message, then deletes first in the SDP proposal signalings of the call request message
Key information, and the call request message after deleting the first key information is forwarded to IMS, the IMS
After receiving the call request message after the deletion first key information, the call request is forwarded to disappear
The SBC of called UE side is ceased, the SBC of called UE side receives the call request message.
Step 803, the SBC of called UE side are carried in the SDP of the call request message proposes signaling
After second key information, the called UE is transmitted to;Called UE receives call request message.
The SDP of the call request message that the SBC of the called UE side is received is carried in proposing signaling
State the least one set key information of calling UE support;The SBC of the called UE side can propose to believe in SDP
Add the second key information in order, then will be forwarded to the called UE, the calling that the called UE is received
The least one set key information and the second key information is carried in request message.
Step 804, support speech scrambling in the case of, called UE is from the least one set key information
A group key information is selected, call answering message is sent, the SBC of called UE side is received in SDP responses
The call answering message of the second key information is carried in signaling.
In the case where speech scrambling is supported, called UE can be selected from the least one set key information
One group key information, the called UE are sent to the SDP of the call answering message of the SBC of called UE side
Carry a group key information that called UE selected from the least one set key information in response signaling with
And second key information, the SBC of called UE side receives and carries the second key information in SDP response signalings
Call answering message.So, the SBC of called UE side has just been consulted with called UE and has been passed between the two
Second key information of secondary encryption when defeated.
Because being related to secondary encryption, two kinds of key informations are needed in called UE side, then two kinds of key informations:
The group key information and second key information for selecting is needed as two solely in SDP proposes signaling
Vertical part, proposes the attribute of two groups of independences in signaling in same Media Stream (m rows) for example as SDP
Exist.
Here it should be noted that the call answering message can be 200OK message, or
183 message, depending on concrete application scene.
Call answering after step 805, SBC forwarding deletions second key information of called UE side disappears
Breath;The SBC of calling UE side receives call answering message.
After the SBC of called UE side receives the call answering message, the call answering message can be deleted
SDP response signalings in the second key information, now, the SDP responses of call answering message letter
The group key information that called UE is selected from the least one set key information is carried in order.The quilt
The SBC of UE sides is made to forward the call answering message after deleting second key information to IMS, the IMS
The call answering message deleted after second key information is forwarded to the SBC of calling UE side again,
The SBC of calling UE side receives the call answering message.
Step 806, the SBC of calling UE side are carried in the SDP response signalings of the call answering message
The calling UE is transmitted to after the first key information, and the calling UE receives call answering message.
The call answering message deleted after second key information is forwarded to calling UE by the IMS
The SBC of side, now, carries called UE from described in the SDP response signalings of the call answering message
The group key information selected in least one set key information;The SBC of calling UE side disappears in the call answering
The calling UE is transmitted to after adding the first key information in breath, so, the SBC of calling UE side
The first key information of secondary encryption when just having consulted transmission between the two with calling UE.
Meanwhile, called UE is carried from the least one set in the SDP response signalings of the call answering message
The group key information selected in key information.Just assist between so described calling UE and the called UE
Business has got well a group key information of the i.e. described selection of key information adopted during transmission voice call data.
So by above-mentioned step, transmission between the calling UE and the called UE, has just been consulted
One group key information of the i.e. described selection of the key information adopted during voice call data, calling UE and master
The SBC of UE sides is made also to have consulted the first key information of secondary encryption between the two;Called UE and
The SBC of called UE side has also consulted the second key information of secondary encryption between the two.
The group key information of step 807, calling UE and called UE using the selection, to transmitting procedure
In voice call data carry out End to End Encryption, while adopting first key information and the second key information pair
Voice call data in transmitting procedure carry out accessing the secondary encryption of side.
Called UE is carried in the SDP response signalings of the call answering message close from the least one set
In the case of the group key information selected in key information, calling UE sends the first voice to called UE and leads to
The flow process of words data is as follows:
The group key information selected described in the calling UE application is carried out once to the first voice call data
Encryption, the first voice call data after reapplying the first key information to once encrypting carry out secondary adding
After close, the SBC of calling UE side is sent to;The SBC of the calling UE side receives after secondary encryption the
The first voice call data after secondary encryption are entered by one voice call data using the first key information
After row is once decrypted, the first voice call data after once decrypting are forwarded;The SBC of the calling UE side
Can be by the first voice call data forwarding after once decrypting to IMS, after the IMS once will can be decrypted
SBC of the first voice call data penetration transmission to called UE side, the SBC of the called UE side are received once
The first voice call data after decryption, using second key information to the first voice after once decryption
After communicating data carries out secondary encryption, called UE is sent to;The called UE is receiving called UE side
The secondary encryptions that send of SBC after the first voice call data after, using second key information to two
The first voice call data after secondary encryption are once decrypted, and reapply a group key information of selection to one
The first voice call data after secondary decryption carry out secondary decryption;So described called UE is obtained with institute
State the first voice call data that calling UE is sended over.
In the same manner, called UE is as follows to the flow process that calling UE sends the second voice call data:
The group key information selected described in the called UE application is carried out once to the second voice call data
Encryption, the second voice call data after reapplying second key information to once encrypting carry out secondary adding
After close, the SBC of called UE side is sent to;The SBC of the called UE side receives after secondary encryption the
The second voice call data after secondary encryption are entered by two voice call data using second key information
After row is once decrypted, the second voice call data after once decrypting are forwarded.The SBC of the called UE side
Can be by the second voice call data is activation after once decrypting to IMS, after the IMS once will can be decrypted
SBC of the second voice call data penetration transmission to calling UE side, the SBC of the calling UE side are received once
The second voice call data after decryption, using the first key information to the second voice after once decryption
After communicating data carries out secondary encryption, calling UE is sent to.The calling UE receives the SBC of calling UE side
Send secondary encryption after the second voice call data, using the first key information to secondary encryption after
The second voice call data once decrypted, after reapplying a group key information of selection to once decrypting
The second voice call data carry out secondary decryption.
So, calling UE and called UE both sides when voice call is carried out, voice call data are in caller
Transmission between UE and called UE is all through encryption, that is, to realize and encrypt end to end, meanwhile, it is described
Transmission voice call data between the SBC of UE and UE sides are secondary encryptions, are thus more carried
The safety of high call.
Embodiment 3
A kind of calling UE is embodiments provided, as shown in figure 9, the calling UE includes:First
Transmitting element 901 and the first receiving unit 902, wherein,
First transmitting element 901, for sending call request message, the session of the call request message is retouched
State during agreement SDP proposes signaling and carry the least one set key information that the calling UE is supported;
First receiving unit 902, for receiving call answering message;
First transmitting element 901, the calling for being additionally operable to receive in first receiving unit 902 should
Carry in the SDP response signalings for answering message that called UE is selected from the least one set key information one
In the case of group key information, send the first voice after the group key information encryption using the selection and lead to
Words data;
First receiving unit 902, is additionally operable to take in the SDP response signalings of the call answering message
In the case of the group key information selected from the least one set key information with called UE, receive
The second voice call data after encryption, using a group key information of the selection to the encryption after
Two voice call data are decrypted.
First transmitting element 901, the calling for being additionally operable to receive in first receiving unit 902 should
In the case of key information is not carried in the SDP response signalings for answering message, the first voice call data are sent;
First receiving unit 902, is additionally operable to not carry in the SDP response signalings of call answering message close
In the case of key information, the second voice call data are received.
Call encryption indication information is carried in the call request message also;First transmitting element 901,
It is additionally operable to carry in the call answering message that first receiving unit 902 is received do not use to converse and adds
In the case of close configured information, the first voice call data are sent;First receiving unit 902, also uses
In carry in the call answering message for receiving do not use call encryption indication information in the case of, receive
Second voice call data.
The SDP of the call request message also carries first key information in proposing signaling, the calling should
First key information is carried also in the SDP response signalings for answering message;First transmitting element 901, also
For once being encrypted to the first voice call data using a group key information of the selection, reapply
The first key information carries out, after secondary encryption, being sent to the first voice call data after once encryption
The SBC of calling UE side;First receiving unit 902, the SBC for being additionally operable to receive calling UE side are sent out
The second voice call data after the secondary encryption sent, using the first key information to secondary encryption after
Second voice call data are once decrypted, after reapplying a group key information of selection to once decrypting
Second voice call data carry out secondary decryption.
The embodiment of the present invention additionally provides a kind of called subscriber equipment UE, as shown in Figure 10, the called UE
Including:Second receiving unit 1001 and the second transmitting element 1002, wherein,
Second receiving unit 1001, for receiving call request message, the session of the call request message is retouched
State during agreement SDP proposes signaling and carry the least one set key information that the calling UE is supported;
Second transmitting element 1002, in the case where speech scrambling is supported, from second receiving unit
A group key information is selected in the 1001 least one set key informations for receiving, and is sent call answering and is disappeared
Breath;Wherein, called UE is carried from described at least one in the SDP response signalings of the call answering message
The group key information selected in group key information;
Second receiving unit 1001, is additionally operable to the first voice call data after receiving encryption, using institute
The group key information for stating selection is decrypted to the first voice call data after the encryption;
Second transmitting element 1002, after being additionally operable to send the group key information encryption using the selection
The second voice call data.
Second transmitting element 1002, is additionally operable to do not supporting SDP described in speech scrambling or None- identified
In the case of the least one set key information that the calling UE carried in proposing signaling is supported, calling is sent
Response message, wherein, does not carry key information in the SDP response signalings of the call answering message;Institute
The second transmitting element 1002 is stated, is additionally operable to send the second voice call data;Second receiving unit 1001,
It is additionally operable to receive the first voice call data.
Call encryption indication information is carried in the call request message also;Second transmitting element 1002,
It is additionally operable to, in the case where speech scrambling is not supported, send call answering message, wherein, the call answering
Carry in message and do not use call encryption indication information;Second transmitting element 1002, is additionally operable to send
Second voice call data;Second receiving unit 1001, is additionally operable to receive the first voice call data.
The SDP of the call request message also carries the second key information in proposing signaling;The calling should
Second key information is carried also in the SDP response signalings for answering message;Second transmitting element 1002, uses
The second voice call data are once encrypted in the group key information using the selection, reapplied institute
State the second key information to once encrypt after the second voice call data carry out after secondary encryption, be sent to by
It is the SBC of UE sides;Second receiving unit 1001, the SBC for being additionally operable to receive called UE side send
Secondary encryption after the first voice call data, using second key information to secondary encryption after
One voice call data are once decrypted, the after reapplying a group key information of selection to once decrypting
One voice call data carry out secondary decryption.
The embodiment of the present invention additionally provides a kind of SBC of calling UE side, as shown in figure 11, the caller
The SBC of UE sides includes:3rd receiving unit 1101 and the 3rd transmitting element 1102, wherein,
3rd receiving unit 1101, for receiving call request message, the session of the call request message is retouched
State the least one set key information for carrying calling UE support during agreement SDP proposes signaling;
3rd transmitting element 1102, the call request for forwarding the 3rd receiving unit 1101 to receive disappear
Breath;
3rd receiving unit 1101, is additionally operable to receive call answering message, wherein, the call answering
Carry in the SDP response signalings of message that called UE is selected from the least one set key information one group
Key information;3rd transmitting element 1102, also with the calling for receiving the 3rd receiving unit
Response message is transmitted to the calling UE.
The SDP of the call request message also carries first key information in proposing signaling;Described 3rd
Unit 1102 is sent, and the call request message after the first key information is deleted specifically for forwarding;And institute
Described first is carried in the SDP response signalings for stating the call answering message that the 3rd receiving unit 1101 is received
The calling UE is transmitted to after key information;
3rd receiving unit 1101, the first voice call data after being additionally operable to receive secondary encryption;Described
Three transmitting elements 1102, are additionally operable to connect the 3rd receiving unit 1101 using the first key information
After the first voice call data after the secondary encryption for receiving once are decrypted, forwarding once decrypt after the
One voice call data;
3rd receiving unit 1101, is additionally operable to the second voice call data after receiving once decryption;Described
Three transmitting elements 1102, are additionally operable to what is the 3rd receiving unit 1101 received using the first key information
After the second voice call data after once decrypting carry out secondary encryption, calling UE is sent to.
The embodiment of the present invention additionally provides a kind of SBC of called UE side, as shown in figure 12, described called
The SBC of UE sides includes:4th receiving unit 1201 and the 4th transmitting element 1202, wherein,
4th receiving unit 1201, for receiving call request message, the SDP of the call request message
The least one set key information that the calling UE is supported is carried in proposing signaling;
4th transmitting element 1202, for the call request message for receiving the 4th receiving unit 1201
It is transmitted to the called UE;
4th receiving unit 1201, is additionally operable to receive call answering message, wherein, the call answering
Carry in the SDP response signalings of message that called UE is selected from the least one set key information one group
Key information;4th transmitting element 1202, is additionally operable to forwarded call response message.
4th transmitting element 1202, specifically for the calling for receiving the 4th receiving unit 1201
After the SDP of request message carries the second key information in proposing signaling, the called UE is transmitted to;It is described
4th receiving unit 1201, be additionally operable to receive carry in SDP response signalings the second key information calling should
Answer message;4th transmitting element 1202, deletes exhaling after second key information specifically for forwarding
It is response message;
4th receiving unit 1201, is additionally operable to the first voice call data after receiving once decryption;
4th transmitting element 1202, is additionally operable to using second key information to the 4th receiving unit
After the first voice call data after the 1201 once decryption for receiving carry out secondary encryption, called UE is sent to;
4th receiving unit 1201, the second voice call data after being additionally operable to receive secondary encryption;
4th transmitting element 1202, is additionally operable to receive single using second key information to the described 4th
After the second voice call data after the secondary encryption that unit 1202 receives once are decrypted, forwarding is once decrypted
The second voice call data afterwards.
In actual applications, the first transmitting element 901 and the first receiving unit 902 described in the present embodiment
Can be by the central processing unit (CPU) in calling UE, microprocessor (MPU), digital signal processor
Or the device such as field programmable gate array (FPGA) is realized (DSP).Described in the present embodiment second connects
Receiving unit 1001 and the second transmitting element 1002 can be by the central processing unit (CPU) in called UE, micro-
The devices such as processor (MPU), digital signal processor (DSP) or field programmable gate array (FPGA)
Part is realized.The 3rd receiving unit 1101 and the 3rd transmitting element 1102 described in the present embodiment can be by leading
It is central processing unit (CPU) on the SCB of UE sides, microprocessor (MPU), digital signal processor
Or the device such as field programmable gate array (FPGA) is realized (DSP).Described in the present embodiment the 4th connects
Receive unit 1201 and the 4th transmitting element 1202 can be by the central processing unit on the SCB of called UE side
(CPU), microprocessor (MPU), digital signal processor (DSP) or field programmable gate array (FPGA)
Realize Deng device.
Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method, system or meter
Calculation machine program product.Therefore, the present invention can using hardware embodiment, software implementation or combine software and
The form of the embodiment of hardware aspect.And, the present invention can wherein include calculating using at one or more
Computer-usable storage medium (including but not limited to disk memory and the optical storage of machine usable program code
Device etc.) on the form of computer program implemented.
The present invention is with reference to method according to embodiments of the present invention, equipment (system), and computer program
Flow chart and/or block diagram describing.It should be understood that can be by computer program instructions flowchart and/or side
The knot of each flow process and/or square frame and flow chart and/or the flow process in block diagram and/or square frame in block diagram
Close.Can provide these computer program instructions to general purpose computer, special-purpose computer, Embedded Processor or
The processor of other programmable data processing devices is producing a machine so that by computer or other can
The instruction of the computing device of programming data processing equipment is produced for realizing in one flow process or multiple of flow chart
The device of the function of specifying in one square frame of flow process and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in and can guide computer or other programmable data processing devices
In the computer-readable memory for working in a specific way so that be stored in the computer-readable memory
Instruction produces the manufacture for including command device, and the command device is realized in one flow process of flow chart or multiple streams
The function of specifying in one square frame of journey and/or block diagram or multiple square frames.
These computer program instructions can be also loaded in computer or other programmable data processing devices, made
Obtain series of operation steps is performed on computer or other programmable devices to produce computer implemented process,
So as to the instruction performed on computer or other programmable devices is provided for realizing in one flow process of flow chart
Or specify in one square frame of multiple flow processs and/or block diagram or multiple square frames function the step of.
The above, only presently preferred embodiments of the present invention is not intended to limit the protection model of the present invention
Enclose.
Claims (24)
1. a kind of encryption method of voice call, it is characterised in that methods described includes:
Calling subscriber equipment UE sends call request message, the Session Description Protocol of the call request message
SDP carries the least one set key information that the calling UE is supported in proposing signaling;
The calling UE receives call answering message;
Called UE is carried in the SDP response signalings of the call answering message close from the least one set
In the case of the group key information selected in key information, the calling UE sends using the selection
The first voice call data after group key information encryption;Also, the calling UE is after encryption is received
The second voice call data after, using a group key information of the selection to the second language after the encryption
Sound communicating data is decrypted.
2. method according to claim 1, it is characterised in that in the SDP of the call answering message
In the case of key information is not carried in response signaling, the calling UE sends the first voice call data,
And receive the second voice call data.
3. method according to claim 1, it is characterised in that also carry in the call request message
There is call encryption indication information;Carry in the call answering message and do not use call encryption indication information
In the case of, the calling UE sends the first voice call data, and receives the second voice call data.
4. method according to claim 1, it is characterised in that the SDP of the call request message
First key information is also carried in proposing signaling, is also taken in the SDP response signalings of the call answering message
With first key information;
The group key information selected described in the calling UE application is carried out once to the first voice call data
Encryption, the first voice call data after reapplying the first key information to once encrypting carry out secondary adding
After close, the SBC of calling UE side is sent to;
Also, the calling UE receives the second voice after the secondary encryption that the SBC of calling UE side sends
The second voice call data after secondary encryption are carried out once by communicating data using the first key information
Decryption, the second voice call data after reapplying a group key information of selection to once decrypting carry out secondary
Decryption.
5. a kind of encryption method of voice call, it is characterised in that methods described includes:
Called subscriber equipment UE receives call request message, the Session Description Protocol of the call request message
SDP carries the least one set key information that the calling UE is supported in proposing signaling;
In the case where speech scrambling is supported, called UE selects one from the least one set key information
Group key information, sends call answering message;Wherein, in the SDP response signalings of the call answering message
Carry the group key information that called UE is selected from the least one set key information;
The called UE sends the second voice call number after the group key information encryption using the selection
According to;Also, after the first voice call data of the called UE after encryption is received, using the choosing
The group key information selected is decrypted to the first voice call data after the encryption.
6. method according to claim 5, it is characterised in that methods described also includes:
The calling UE carried in not supporting SDP described in speech scrambling or None- identified to propose signaling
In the case of the least one set key information held, call answering message is sent, wherein, the call answering disappears
Key information is not carried in the SDP response signalings of breath;
The called UE sends the second voice call data;And receive the first voice call data.
7. method according to claim 5, it is characterised in that also carry in the call request message
There is call encryption indication information;
In the case where speech scrambling is not supported, call answering message is sent, wherein, the call answering disappears
Carry in breath and do not use call encryption indication information;
The called UE sends the second voice call data;And receive the first voice call data.
8. method according to claim 5, it is characterised in that the SDP of the call request message
The second key information is also carried in response signaling, is also taken in the SDP response signalings of the call answering message
With the second key information;
The group key information selected described in the called UE application is carried out once to the second voice call data
Encryption, the second voice call data after reapplying second key information to once encrypting carry out secondary adding
After close, the SBC of called UE side is sent to;
Also, the called UE after the secondary encryption that the SBC for receiving called UE side sends first
After voice call data, the first voice call data after secondary encryption are entered using second key information
Row is once decrypted, and the group key information for reapplying selection enters to the first voice call data after once decryption
The secondary decryption of row.
9. a kind of encryption method of voice call, it is characterised in that methods described includes:
The Session Border Controller SBC of calling subscriber equipment UE sides receives call request message, the calling
The Session Description Protocol SDP of request message carries the least one set key of calling UE support in proposing signaling
Information;
The SBC of calling UE side forwards the call request message;
The SBC of calling UE side receives call answering message, and the call answering message is transmitted to described
Calling UE;Wherein, called UE is carried in the SDP response signalings of the call answering message from described
The group key information selected in least one set key information.
10. method according to claim 9, it is characterised in that the SDP of the call request message
First key information is carried in proposing signaling also, the SBC of the calling UE side forwards the call request
Message includes:
The call request message after the first key information is deleted in the SBC forwardings of the calling UE side;
It is described the call answering message is transmitted to into the calling UE to include:
Institute is transmitted to after the first key information is carried in the SDP response signalings of the call answering message
State calling UE;
After the call answering message is transmitted to the calling UE, methods described also includes:
The SBC of the calling UE side receives the first voice call data after secondary encryption, using described the
After one key information is once decrypted to the first voice call data after secondary encryption, forwarding is once decrypted
The first voice call data afterwards;
The SBC of the calling UE side receives the second voice call data after once decrypting, using described the
One key information carries out, after secondary encryption, being sent to calling UE to the second voice call data after once decryption.
11. a kind of encryption methods of voice call, it is characterised in that methods described includes:
The Session Border Controller SBC of called subscriber equipment UE sides receives call request message, and will be described
Call request message is transmitted to the called UE, and the Session Description Protocol SDP of the call request message is carried
The least one set key information that the calling UE is supported is carried in view signaling;
The SBC of called UE side is received and forwarded call response message;Wherein, the call answering message
The group key letter that called UE is selected from the least one set key information is carried in SDP response signalings
Breath.
12. methods according to claim 11, it is characterised in that the SBC of called UE side is by institute
Stating call request message and being transmitted to the called UE includes:
The SBC of called UE side carries the second key letter in the SDP of the call request message proposes signaling
After breath, the called UE is transmitted to;
The SBC of the called UE side is received and forwarded call response message includes:
The SBC receptions of the called UE side carry the calling of the second key information in SDP response signalings should
Message is answered, and forwards the call answering message after deleting second key information;
After the SBC forwarded call response messages of called UE side, methods described also includes:
The SBC of the called UE side receives the first voice call data after once decrypting, using described the
Two key informations carry out, after secondary encryption, being sent to called UE to the first voice call data after once decryption;
The SBC of the called UE side receives the second voice call data after secondary encryption, using described the
After two key informations are once decrypted to the second voice call data after secondary encryption, forwarding is once decrypted
The second voice call data afterwards.
13. a kind of calling subscriber equipment UE, it is characterised in that the calling UE includes:
First transmitting element, for sending call request message, the conversation description association of the call request message
View SDP carries the least one set key information that the calling UE is supported in proposing signaling;
First receiving unit, for receiving call answering message;
First transmitting element, the call answering message for being additionally operable to receive in first receiving unit
The group key letter that called UE is selected from the least one set key information is carried in SDP response signalings
In the case of breath, the first voice call data after the group key information encryption using the selection are sent;
First receiving unit, is additionally operable to carry in the SDP response signalings of the call answering message
In the case of the group key information that called UE is selected from the least one set key information, encryption is received
The second voice call data afterwards, using a group key information of the selection to the second language after the encryption
Sound communicating data is decrypted.
14. calling UEs according to claim 13, it is characterised in that
First transmitting element, the call answering message for being additionally operable to receive in first receiving unit
In the case of key information is not carried in SDP response signalings, the first voice call data are sent;
First receiving unit, is additionally operable to not carry in the SDP response signalings of call answering message close
In the case of key information, the second voice call data are received.
15. calling UEs according to claim 13, it is characterised in that in the call request message
Call encryption indication information is carried also;
First transmitting element, is additionally operable in the call answering message that first receiving unit is received
Carrying in the case of do not use call encryption indication information, sending the first voice call data;
First receiving unit, is additionally operable to carry in the call answering message for receiving and do not use call
In the case of encryption indication information, the second voice call data are received.
16. calling UEs according to claim 13, it is characterised in that the call request message
SDP also carries first key information in proposing signaling, in the SDP response signalings of the call answering message
First key information is carried also;
First transmitting element, is additionally operable to using a group key information of the selection to the first voice call
Data are once encrypted, the first voice call number after reapplying the first key information to once encrypting
According to carrying out, after secondary encryption, being sent to the SBC of calling UE side;
First receiving unit, be additionally operable to receive after the secondary encryption that the SBC of calling UE side sends the
The second voice call data after secondary encryption are entered by two voice call data using the first key information
Row is once decrypted, and the group key information for reapplying selection enters to the second voice call data after once decryption
The secondary decryption of row.
17. a kind of called subscriber equipment UE, it is characterised in that the called UE includes:
Second receiving unit, for receiving call request message, the conversation description association of the call request message
View SDP carries the least one set key information that the calling UE is supported in proposing signaling;
Second transmitting element, in the case where speech scrambling is supported, receiving from second receiving unit
To the least one set key information in select a group key information, send call answering message;Wherein,
Called UE is carried in the SDP response signalings of the call answering message from the least one set key information
One group key information of middle selection;
Second receiving unit, is additionally operable to the first voice call data after receiving encryption, using the choosing
The group key information selected is decrypted to the first voice call data after the encryption;
Second transmitting element, the be additionally operable to after sending the group key information encryption using the selection
Two voice call data.
18. called UEs according to claim 17, it is characterised in that
Second transmitting element, is additionally operable to do not supporting SDP described in speech scrambling or None- identified to propose letter
In the case of the least one set key information that the calling UE carried in order is supported, send call answering and disappear
Breath, wherein, does not carry key information in the SDP response signalings of the call answering message;
Second transmitting element, is additionally operable to send the second voice call data;
Second receiving unit, is additionally operable to receive the first voice call data.
19. called UEs according to claim 17, it is characterised in that in the call request message
Call encryption indication information is carried also;
Second transmitting element, is additionally operable to, in the case where speech scrambling is not supported, send call answering and disappear
Breath, wherein, carries in the call answering message and do not use call encryption indication information;
Second transmitting element, is additionally operable to send the second voice call data;
Second receiving unit, is additionally operable to receive the first voice call data.
20. called UEs according to claim 17, it is characterised in that the call request message
SDP also carries the second key information in proposing signaling;In the SDP response signalings of the call answering message
Second key information is carried also;
Second transmitting element, for the group key information using the selection to the second voice call number
The second voice call data according to once being encrypted, after reapplying second key information to once encrypting
After carrying out secondary encryption, the SBC of called UE side is sent to;
Second receiving unit, be additionally operable to receive after the secondary encryption that the SBC of called UE side sends the
The first voice call data after secondary encryption are entered by one voice call data using second key information
Row is once decrypted, and the group key information for reapplying selection enters to the first voice call data after once decryption
The secondary decryption of row.
21. a kind of Session Border Controller SBC of calling subscriber equipment UE sides, it is characterised in that described
The SBC of calling UE side includes:
3rd receiving unit, for receiving call request message, the conversation description association of the call request message
View SDP carries the least one set key information of calling UE support in proposing signaling;
3rd transmitting element, for the call request message for forwarding the 3rd receiving unit to receive;
3rd receiving unit, is additionally operable to receive call answering message, wherein, the call answering message
SDP response signalings in carry the group key that called UE is selected from the least one set key information
Information;
3rd transmitting element, is also turned with the call answering message for receiving the 3rd receiving unit
Issue the calling UE.
The SBC of 22. calling UE sides according to claim 21, it is characterised in that the calling please
The SDP of message is asked also to carry first key information in proposing signaling;
3rd transmitting element, the call request deleted after the first key information specifically for forwarding disappear
Breath;And carry described in the SDP response signalings of the call answering message that the 3rd receiving unit is received
The calling UE is transmitted to after first key information;
3rd receiving unit, the first voice call data after being additionally operable to receive secondary encryption;
3rd transmitting element, is additionally operable to connect the 3rd receiving unit using the first key information
After the first voice call data after the secondary encryption for receiving once are decrypted, forwarding once decrypt after the
One voice call data;
3rd receiving unit, is additionally operable to the second voice call data after receiving once decryption;
3rd transmitting element, is additionally operable to using the first key information to the second language after once decryption
After sound communicating data carries out secondary encryption, calling UE is sent to.
23. a kind of Session Border Controller SBC of called subscriber equipment UE sides, it is characterised in that described
The SBC of called UE side includes:
4th receiving unit, for receiving call request message, the SDP of the call request message proposes letter
The least one set key information that the calling UE is supported is carried in order;
4th transmitting element, it is described for the call request message that the 4th receiving unit is received is transmitted to
Called UE;
4th receiving unit, is additionally operable to receive call answering message, wherein, the call answering message
SDP response signalings in carry the group key that called UE is selected from the least one set key information
Information;
4th transmitting element, is additionally operable to forwarded call response message.
The SBC of 24. called UE sides according to claim 23, it is characterised in that
4th transmitting element, specifically for the call request message that receives the 4th receiving unit
After SDP carries the second key information in proposing signaling, the called UE is transmitted to;
4th receiving unit, is additionally operable to reception and carries exhaling for the second key information in SDP response signalings
It is response message;
4th transmitting element, the call answering deleted after second key information specifically for forwarding disappear
Breath;
4th receiving unit, is additionally operable to the first voice call data after receiving once decryption;
4th transmitting element, is additionally operable to what is the 4th receiving unit received using second key information
After the first voice call data after once decrypting carry out secondary encryption, called UE is sent to;
4th receiving unit, the second voice call data after being additionally operable to receive secondary encryption;
4th transmitting element, is additionally operable to connect the 4th receiving unit using second key information
After the second voice call data after the secondary encryption received once are decrypted, second after once decrypting is forwarded
Voice call data.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510572139.8A CN106534044A (en) | 2015-09-09 | 2015-09-09 | Method and device for encrypting voice call |
| PCT/CN2016/079600 WO2016180180A1 (en) | 2015-09-09 | 2016-04-18 | Voice call encryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510572139.8A CN106534044A (en) | 2015-09-09 | 2015-09-09 | Method and device for encrypting voice call |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106534044A true CN106534044A (en) | 2017-03-22 |
Family
ID=57247771
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510572139.8A Withdrawn CN106534044A (en) | 2015-09-09 | 2015-09-09 | Method and device for encrypting voice call |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106534044A (en) |
| WO (1) | WO2016180180A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108833943A (en) * | 2018-04-24 | 2018-11-16 | 苏州科达科技股份有限公司 | The encrypted negotiation method, apparatus and conference terminal of code stream |
| CN112953964A (en) * | 2021-03-15 | 2021-06-11 | 北京中联环信科技有限公司 | Voice signaling encryption processing system and encryption processing method |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110621016B (en) * | 2019-10-18 | 2022-08-12 | 中国联合网络通信集团有限公司 | User identity protection method, user terminal and base station |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222320A (en) * | 2007-01-11 | 2008-07-16 | 华为技术有限公司 | Method, system and device for media stream safety context negotiation |
| WO2012154420A1 (en) * | 2011-05-11 | 2012-11-15 | Alcatel Lucent | Policy routing-based lawful interception in communication system with end-to-end encryption |
| CN204145683U (en) * | 2014-10-24 | 2015-02-04 | 厦门蓝斯通信股份有限公司 | A kind of device of digital handset encryption |
| CN104468634A (en) * | 2014-12-31 | 2015-03-25 | 大唐移动通信设备有限公司 | Call establishment method, terminals and security AS |
| CN104683304A (en) * | 2013-11-29 | 2015-06-03 | 中国移动通信集团公司 | Processing method, equipment and system of secure communication service |
| CN104683098A (en) * | 2013-11-29 | 2015-06-03 | 中国移动通信集团公司 | Implementation method, equipment and system of secure communication service |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101239297B1 (en) * | 2011-07-28 | 2013-03-05 | 한국전자통신연구원 | System for protecting information and method thereof |
| CN103795966B (en) * | 2014-01-15 | 2017-12-26 | 北京明朝万达科技股份有限公司 | A kind of security video call implementing method and system based on digital certificate |
-
2015
- 2015-09-09 CN CN201510572139.8A patent/CN106534044A/en not_active Withdrawn
-
2016
- 2016-04-18 WO PCT/CN2016/079600 patent/WO2016180180A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222320A (en) * | 2007-01-11 | 2008-07-16 | 华为技术有限公司 | Method, system and device for media stream safety context negotiation |
| WO2012154420A1 (en) * | 2011-05-11 | 2012-11-15 | Alcatel Lucent | Policy routing-based lawful interception in communication system with end-to-end encryption |
| CN104683304A (en) * | 2013-11-29 | 2015-06-03 | 中国移动通信集团公司 | Processing method, equipment and system of secure communication service |
| CN104683098A (en) * | 2013-11-29 | 2015-06-03 | 中国移动通信集团公司 | Implementation method, equipment and system of secure communication service |
| CN204145683U (en) * | 2014-10-24 | 2015-02-04 | 厦门蓝斯通信股份有限公司 | A kind of device of digital handset encryption |
| CN104468634A (en) * | 2014-12-31 | 2015-03-25 | 大唐移动通信设备有限公司 | Call establishment method, terminals and security AS |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108833943A (en) * | 2018-04-24 | 2018-11-16 | 苏州科达科技股份有限公司 | The encrypted negotiation method, apparatus and conference terminal of code stream |
| CN112953964A (en) * | 2021-03-15 | 2021-06-11 | 北京中联环信科技有限公司 | Voice signaling encryption processing system and encryption processing method |
| CN112953964B (en) * | 2021-03-15 | 2024-03-08 | 北京中联环信科技有限公司 | Voice signaling encryption processing system and encryption processing method |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016180180A1 (en) | 2016-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11025414B2 (en) | Key exchange method and apparatus | |
| CN104486077B (en) | A kind of end-to-end cryptographic key negotiation method of VoIP real time datas safe transmission | |
| CN104683304B (en) | A kind of processing method of secure traffic, equipment and system | |
| CN105792193B (en) | Mobile terminal sound End to End Encryption method based on iOS operating system | |
| US20090182668A1 (en) | Method and apparatus to enable lawful intercept of encrypted traffic | |
| CN103748908A (en) | Policy routing-based lawful interception in communication system with end-to-end encryption | |
| EP3163835A1 (en) | System and method for efficient and semantically secure symmetric encryption over channels with limited bandwidth | |
| WO2018076742A1 (en) | Data transmission method, relevant device and system | |
| CN104320329B (en) | Security instant communication method and system under open, insincere internet environment | |
| CN106134231A (en) | Key generation method, equipment and system | |
| CN106935242A (en) | A kind of voice communication encryption system and method | |
| CN104683098B (en) | A kind of implementation method of secure traffic, equipment and system | |
| CN106790281A (en) | A kind of end-to-end voice encryption device and encryption method towards intercom system | |
| CN106936788A (en) | A kind of cryptographic key distribution method suitable for VOIP voice encryptions | |
| US9456009B2 (en) | Method and apparatus for securely transmitting lawfully intercepted VOIP data | |
| CN104618387A (en) | Method applying SIP signaling to quantum secure communication system, integrated access quantum gateway and system | |
| CN106534044A (en) | Method and device for encrypting voice call | |
| CN108768920A (en) | A kind of recorded broadcast data processing method and device | |
| JP2008160839A (en) | Computer control method for protecting human-to-human communication over network | |
| CN105049201A (en) | Mobile equipment secret communication system based on quantum cryptography and mobile equipment secret communication method based on quantum cryptography | |
| CN107517184A (en) | Message transmitting method, apparatus and system | |
| CN106878277B (en) | Method and device for realizing voice encryption based on DMR standard | |
| WO2017197968A1 (en) | Data transmission method and device | |
| CN101222324B (en) | Method and apparatus for implementing end-to-end media stream safety | |
| CN102752263B (en) | Method and system for realizing end-to-end safety call forwarding |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20170322 |
|
| WW01 | Invention patent application withdrawn after publication |