CN101471768A - Synchronization control method and apparatus for implementing transparent mode data encipher - Google Patents
Synchronization control method and apparatus for implementing transparent mode data encipher Download PDFInfo
- Publication number
- CN101471768A CN101471768A CNA2007103041855A CN200710304185A CN101471768A CN 101471768 A CN101471768 A CN 101471768A CN A2007103041855 A CNA2007103041855 A CN A2007103041855A CN 200710304185 A CN200710304185 A CN 200710304185A CN 101471768 A CN101471768 A CN 101471768A
- Authority
- CN
- China
- Prior art keywords
- encryption parameter
- encryption
- time point
- activation time
- new
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a synchronization control method for realizing transparent mode data encryption, which comprises the steps as follows: when data encryption transmission starts up, transparent mode radio borne configuration information sent by a network side is received, and the configuration information carries encrypting parameters and the information of configuration activation time points; the encrypting parameters are saved at the configuration activation time points, and an encryption process starts up through the encrypting parameters; and when the data encryption transmission is finished, the encrypting parameters are cleared, and the encryption process is ended. The invention further provides a synchronization control device for realizing transparent mode data encryption. The method and the device realize the synchronization control of data encryption and data decryption through adopting different encrypting parameters in different stages by utilizing the terminal states in different stages of the data encryption transmission, and realize safe and reliable data information transmission.
Description
Technical field
The present invention relates to the mobile communication technology field, relate in particular to a kind of synchronisation control means and device of realizing transparent mode data encipher.
Background technology
In the information security field of 3-G (Generation Three mobile communication system); portable terminal (UE; UserEquipment) and Radio Access Network (UTRAN; Universal Terrestrial Radio AccessNetwork) encryption method between in order to protect the information of the middle wireless transmission of eating dishes without rice or wine, is the End to End Encryption between UE and the UTRAN normally.As shown in Figure 1, the information security transmission course of mobile communication system is under the prior art condition:
When (1) calling party UE (A) initiated business, the information of at first transmitting was encrypted at calling party UE (A), is decrypted among the UTRAN under this UE then;
(2) when by core net (CN, Core Network) transmission, then the safety measure by core net guarantees; If core net requires to implement to encrypt then adopts the cryptographic algorithm of core net to carry out encryption and decryption, do not require encryption as if core net, then information plaintext transmission in core net;
(3) when the UTRAN of message transmission under the callee UE (B), encrypt in this UTRAN, information transmitted is maintained secrecy in having guaranteed to eat dishes without rice or wine, and after the callee UE reception information, deciphers accordingly again.
In mobile communication system,, normally information source is carried out encryption and decryption, as the information after speech analog-to-digital conversion, the data compression is carried out encryption and decryption if carry out encryption and decryption between UE and the UTRAN.Correspondingly, for example in TD-SCDMA and WCDMA mobile communication system, encrypt, in the hierarchy of Radio interface protocols, can on some layer, realize the function that safety is relevant in order to realize the data between UE and the UTRAN to different mode.As shown in Figure 2, for example, the data encryption of transparent mode realizes at medium access control (MAC, Media Access Control) layer, the data encryption of non-transparent mode (comprising affirmation mode and Unacknowledged Mode) realizes at Radio Link control (RLC, Radio Link Control) layer.
And in the existing mobile communication system end to end cryptographic algorithm adopt stream cipher arithmetic usually, the advantage of stream cipher arithmetic is that realization speed is fast, the diffusion that can not make a mistake, promptly a certain bit encryption mistake or decryption error can not exert an influence to other bit; But its shortcoming also clearly, and promptly requiring has precise synchronization, in case misplace sometime, then can cause follow-up normally not encrypt or to decipher, and therefore, encryption synchronisation is controlled in the stream cipher arithmetic application most important.
Transparent mode (TM, Transparent Mode) data encryption control procedure between UE and the UTRAN is closely bound up with its system's characteristics in 3G mobile communication system such as TD-SCDMA and WCDMA at present, often needs to consider multiple situation, as:
(1) certain core net (CN, Core Network) previous unencryption in territory, the radio bearer of newly-built TM (RB, Radio Bear) needs encryption enabled;
(2) before encrypted in certain CN territory, and the RB of newly-built again TM and network are not indicated a new cover encryption configuration parameter;
(3) encrypt in certain CN territory, and some the TM RB (for example physical channel reprovision, RB reprovision etc.) under Network reconfiguration or newly-increased this territory has indicated the new encryption configuration of a cover simultaneously again;
(4) has encrypted and the new encryption configuration un-activation still of a cover in certain CN territory, and network was reshuffled or increased newly some the TM RB under this territory again and indicated the new encryption configuration parameter of a cover this moment;
(5) has encrypted and the new encryption configuration un-activation still of a cover in certain CN territory, and network was reshuffled or increased newly some the TM RB under this territory again and indicated and return back to nearest old encryption configuration parameter of a cover or the like this moment;
These situations are very loaded down with trivial details and complicated, still can't ensure the precise synchronization of encryption and decryption process with present synchronous control technique, also can't ensure information safety, transmit reliably.
Summary of the invention
In view of this, the problem that the present invention solves provides a kind of synchronisation control means and device of realizing transparent mode data encipher, to ensure the precise synchronization of encryption and decryption process between terminal and the network side, realizes safe and reliable data information transfer.
For addressing the above problem, technical scheme provided by the invention is as follows:
A kind of synchronisation control means of realizing transparent mode data encipher comprises:
When data encryption transmission, receive the configuration information of the transparent mode radio bearer of network side transmission, described configuration information carries encryption parameter and allocation activation time point information;
At the allocation activation time point, start ciphering process with described encryption parameter preservation and with this encryption parameter;
When the data encryption end of transmission, empty encryption parameter and finish ciphering process.
Accordingly, this method further comprises:
In data encryption process, if receive the new radio bearer configuration information of carrying the allocation activation time point of network side transmitted, then, carry out the ciphering process of this new radio bearer with the encryption parameter of current other radio bearers of using from the allocation activation time point of this new radio bearer.
Accordingly, this method further comprises:
In the data encryption transmission course, receive the change configuration information that network side sends, described change configuration information carries new encryption parameter, new allocation activation time point information and ciphering activation time point information;
At new allocation activation time point, preserve new encryption parameter and still carry out encryption simultaneously with former encryption parameter, and with former encryption parameter backup;
At the ciphering activation time point, encrypt and this new encryption parameter is backed up with new encryption parameter.
Accordingly, this method further comprises:
Before described ciphering activation time point, if receive the encryption parameter of the renewal of network side transmitted, the encryption parameter of then preserving this renewal covers the new encryption parameter of having preserved, and still carry out simultaneously and encrypt with former encryption parameter, and with former encryption parameter backup.
Accordingly, this method further comprises:
In ciphering process, be released if know all transparent mode radio bearers, then finish ciphering process, empty all encryption parameters.
Accordingly, this method further comprises:
Definition structure body array in the MAC layer entity;
Store the encryption parameter of work at present at the 0th element of this array, the encryption parameter of the 1st element storage backup, the 2nd the new encryption parameter of element storage.
Connection Frame Number when accordingly, described allocation activation time point can issue configuration information by network side adds that first deviant calculates.
Accordingly, the Connection Frame Number when described ciphering activation time point can issue configuration information by network side adds that second deviant calculates, and described ciphering activation time point is after described allocation activation time point.
Accordingly, in data transmission procedure, high 20 bits by high 20 the bit assignment of Hyper Frame Number being given described encryption parameter, the least-significant byte bit assignment of Connection Frame Number give the least-significant byte bit of described encryption parameter keep encryption parameter in the Transmission Time Interval synchronously; Wherein each described Connection Frame Number is counted the back Hyper Frame Number again and is added up 1.
A kind of sync control device of realizing transparent mode data encipher, this device comprises: receiving element, ciphering unit and empty the unit; Wherein
Described receiving element is used for when data encryption transmission, receives the configuration information of the transparent mode radio bearer that carries encryption parameter and allocation activation time point of network side transmission;
Described ciphering unit is used for beginning to preserve described encryption parameter at the allocation activation time point, and starts ciphering process with this encryption parameter;
The described unit that empties is used for emptying encryption parameter when the data encryption end of transmission, receive ciphering process.
Accordingly, described receiving element is further used for receiving the new radio bearer configuration information of carrying the allocation activation time point of network side transmitted in data encryption process;
Described ciphering unit is further used for the allocation activation time point from this new radio bearer, carries out the ciphering process of this new radio bearer with the encryption parameter of current other radio bearers of using.
Accordingly, this device further comprises memory cell: wherein,
Described receiving element is further used in the data encryption transmission course, and what receive that network side sends carries new encryption parameter, new allocation activation time point information and the change configuration information of ciphering activation time point information;
Described memory cell is used for preserving new encryption parameter at new allocation activation time point;
Described ciphering unit is further used for carrying out encryption with former encryption parameter and former encryption parameter is backed up before described ciphering activation time point, and encrypts with new encryption parameter after the ciphering activation time point and this new encryption parameter is backed up.
Accordingly, described receiving element is further used for receiving the encryption parameter of the renewal of network side transmitted before described ciphering activation time point;
The encryption parameter that described memory cell is further used for preserving this renewal covers the new encryption parameter of having preserved.
Accordingly, this device further comprises judging unit: wherein,
Described judging unit is used for judging at ciphering process whether all transparent mode radio bearers are released, if then notify the described unit that empties;
The described unit that empties is further used for emptying all encryption parameters according to the indication of the judging unit that receives, and finishes ciphering process.
As can be seen, adopt method and apparatus of the present invention, utilize the state of terminal,, realize safe and reliable data information transfer by adopting different encryption parameters to realize the Synchronization Control of data encrypting and deciphering in different phase in the different phase of data encryption transmission.
Description of drawings
Fig. 1 is the information security transmission course schematic diagram of mobile communication system under the prior art condition;
Fig. 2 is the hierarchy schematic diagram of Radio interface protocols in the prior art;
Fig. 3 is the method flow schematic diagram of the embodiment of the invention 1;
Fig. 4 is the encrypted state conversion schematic diagram in the embodiment of the invention 1;
Fig. 5 is the encrypted state conversion schematic diagram in the embodiment of the invention 2;
Fig. 6 is the storage organization schematic diagram of the encryption parameter in the embodiment of the invention;
Fig. 7 is the schematic block diagram of the device in the embodiment of the invention 3.
Embodiment
Basic thought of the present invention is to utilize a status mechanism to define the encryption and decryption mechanism in each stage, by the enforcement at the ciphering process between terminal and the network side under each state, and the conversion between state realizes the Synchronization Control for the transparent mode data encipher process under the various situations.
In order to make those skilled in the art better understand the present invention, methods, devices and systems of the present invention are elaborated below in conjunction with the drawings and specific embodiments.
As shown in Figure 3, a kind of synchronisation control means of realizing transparent mode data encipher that the embodiment of the invention 1 provides, this method comprises:
Step 401: when data encryption transmission, receive the configuration information of the transparent mode radio bearer of network side transmission, described configuration information carries encryption parameter and allocation activation time point information;
Step 402:, start ciphering process with described encryption parameter preservation and with this encryption parameter at the allocation activation time point;
Step 403: when the data encryption end of transmission, empty encryption parameter and finish ciphering process.
Concrete, be example with the transparent mode scrambler phone business of TD-SCDMA and WCDMA mobile communication system, its typical embodiment is as follows:
At first, utilize state machine mechanism, defined 3 kinds of basic status: unactivated state (MAC_UEA_UNCONFIG), state of activation (MAC_UEA_ACTIVE) and suspended state (MAC_UEA_PENDING) at the various possibility situations of encrypting control procedure.
Then, the behavior of agreement MAC under each state:
(1) unactivated state (MAC_UEA_UNCONFIG)
The MAC layer entity did not dispose encryption under this state, need not to carry out the relevant operation of encryption yet;
(2) state of activation (MAC_UEA_ACTIVE)
The MAC layer entity has disposed encryption under this state, that is normal operating conditions; This moment, the MAC layer entity needed 2 cover encryption parameters: wherein, a cover is the encryption parameter g_mac_ciphinfo_st[CN in the work] .cipher_algorithm_info_st[0]; Another set of is the encryption parameter g_mac_ciphinfo_st[C N of backup] .cipher_algorithm_info_st[1], this encryption parameter is to transfer encryption parameter in the work at present that the extension phase backs up during state in state of activation;
(3) suspended state (MAC_UEA_PENDING)
Under suspended state, the MAC layer entity under CN territory, place (CS or PS territory), need 3 the cover encryption parameters: encryption parameter g_mac_ciphinfo_st[CN just at work] .cipher_algorithm_info_st[0], the backup encryption parameter g_mac_ciphinfo_st[CN] .cipher_algorithm_info_st[1] and the hang-up encryption parameter g_mac_ciphinfo_st[CN] .cipher_algorithm_info_st[2];
As shown in Figure 4, before not starting the transparent mode scrambler phone, the MAC layer entity of terminal and network side all is in the encryption unactivated state; When starting the transparent mode scrambler phone, network side can send the configuration information of transparent mode (TM) radio bearer (RB) that carries encryption parameter and allocation activation time point information to terminal; Wherein, network side is according to the current Connection Frame Number (CFN that issues when configuration, ConnectionFrame Number) adds that certain deviant A calculates above-mentioned allocation activation time point, to guarantee that network side and end side upgrade simultaneously the parameter of radio bearer synchronously at this allocation activation time point, preserve corresponding encryption parameter; At the allocation activation time point of configuration information, the MAC layer entity of terminal and network side goes to state of activation (referring to the ID_1 Fig. 4) from unactivated state; The MAC layer entity is preserved the encryption parameter in the configuration information, and network side and end side all forward state of activation to and start ciphering process immediately at this activationary time point, and this encryption parameter is the encryption parameter of current encrypted work;
After the transparent mode scrambler phone continues for some time, when scrambler phone finishes, network will discharge all TM RB, and ciphering process finishes thereupon, MAC encrypts and goes to unactivated state (referring to the lD_2 among Fig. 4) by state of activation, and empties all relevant parameters of encryption.
In addition, in the foregoing description 1, under state of activation, arrive if there is the RB of the new TM pattern of not carrying encryption parameter to dispose, so new TM RB also will adopt the current identical encryption parameter of implementing of other TM RB, the encryption that network side and end side are enabled this RB simultaneously at new TM RB allocation activation time point; At this moment, state still remains on state of activation (referring to the ID_3 among Fig. 4);
It should be noted that, network side and end side itself are to keep the synchronous of Radio Link by CFN, therefore network side adds that according to current Connection Frame Number CFN when issuing configuration certain deviant A calculates above-mentioned allocation activation time point, to guarantee that network side and end side are simultaneously at this activationary time point activation encryption parameter and start ciphering process synchronously;
After this, network side and end side are by Hyper Frame Number (HFN, Hyper Frame Number) keeps each Transmission Time Interval (TTI, Transmit Time Interval) encryption parameter COUNT-C's is synchronous, wherein to be calculated by HFN and CFN (be the high 20 bit assignment of high 20 bits of COUNT-C by HFN to parameters C OUNT-C, the least-significant byte of COUNT-C is by the CFN assignment), and the HFN initial value calculates according to the initial value start_value in the encryption parameter, take turns CFN (0~255) counting through each, HFN adds up 1;
In addition, as shown in Figure 5, the embodiment of the invention 2 proposes a kind of synchronisation control means of realizing transparent mode data encipher again, is example with the transparent mode scrambler phone also; Concrete,
Before not starting the transparent mode scrambler phone, the MAC layer entity of terminal and network side all is in the encryption unactivated state, and the MAC layer entity is not preserved any available encryption parameter; When starting the transparent mode scrambler phone, network side can send the configuration information of the radio bearer (RB) of the transparent mode (TM) that carries encryption parameter to terminal, has also carried allocation activation time point information and ciphering activation time point information in this information; Allocation activation time point at configuration information, the MAC layer entity of terminal and network side goes to state of activation (referring to the ID_1 Fig. 5) from unactivated state, the MAC layer entity is preserved the encryption parameter in the configuration information, and network side and end side all forward state of activation to and start ciphering process immediately at this activationary time point;
When in the scrambler phone time-continuing process, (those skilled in the art understand certainly can also have other reasons to make network side resend configuration information because of reason such as switch in the terminal moving process, do not repeat them here), network side sends the reconfiguration information of the TM RB that carries the new encryption parameter of a cover again to terminal, carried new allocation activation time point information and new ciphering activation time point information in this information; At the allocation activation time point, the MAC layer entity of terminal and network changes suspended state (referring to the ID_4 among Fig. 5) over to by state of activation simultaneously, preserve the encryption parameter that newly carries in the configuration change message simultaneously, but still carry out cryptographic operation, and the encryption parameter in the work at present is backuped with former encryption parameter;
Before the ciphering activation time under suspended state (cipher activation time) arrives, network side and end side all use former encryption parameter to carry out encryption and decryption, still continue to use simultaneously the initial value (startvalue) of old configuration and safeguard Hyper Frame Number (HFN, Hyper Frame Number) and corresponding count value COUNT-C, and to the initial value of the former encryption parameter of backup and the new encryption parameter in the new configuration information and Hyper Frame Number HFN and count value COUNT-C thereof upgrade synchronously;
The ciphering activation time under suspended state (cipher activation time) is when arriving, network side and end side change state of activation (referring to the ID_5 among Fig. 5) over to, new encryption parameter in the new configuration information is covered former encryption parameter, continue to implement ciphering process under the new argument with new encryption parameter as current running parameter then, simultaneously this new encryption parameter is duplicated and cover the former encryption parameter of backup, this new encryption parameter is backed up;
After scrambler phone continued a period of time, when scrambler phone finished, network discharged all TM RB, and ciphering process finishes thereupon, and the MAC layer entity is encrypted and gone to unactivated state (referring to the ID_2 among Fig. 5) by state of activation, and emptied all relevant parameters of encryption;
It should be noted that, described new allocation activation time point in the foregoing description is to add that according to the current Connection Frame Number CFN that issues when configuration certain deviant A calculates by described network side, upgrades the parameter and the encryption parameter of radio bearer simultaneously synchronously at this new allocation activation time point to guarantee network side and end side; Network side adds that according to the current Connection Frame Number CFN that issues when configuration certain deviant B calculates above-mentioned ciphering activation time point, and deviant B must guarantee the ciphering activation time point appear at the allocation activation time point after (be B+255-A〉0, wherein 256 is the maximum of Connection Frame Number CFN), network side and end side can guarantee that using new encryption parameter to start at this ciphering activation time point simultaneously encrypts thus;
After this, network side and end side are by Hyper Frame Number (HFN, Hyper Frame Number) keeps each Transmission Time Interval (TTI, Transmit Time lnterval) encryption parameter COUNT-C's is synchronous, wherein to be calculated by HFN and CFN (be the high 20 bit assignment of high 20 bits of COUNT-C by HFN to parameters C OUNT-C, the least-significant byte of COUNT-C is by the CFN assignment), and the HFN initial value calculates according to the initial value start_value in the encryption parameter, take turns CFN (0~255) counting through each, HFN adds up 1;
It should be noted that, in the foregoing description 2, under state of activation, arrive if there is the RB of the new TM pattern of not carrying encryption parameter to dispose, so new TM RB also will adopt the current identical encryption parameter of implementing of other TMRB, the encryption that network side and end side are enabled this RB simultaneously at new TM RB allocation activation time point; At this moment, state still remains on state of activation (referring to the ID_3 among Fig. 4).
In addition, in the foregoing description 2, before the ciphering activation time under suspended state (cipher activationtime) arrives, if network side has issued the encryption configuration parameter that a cover upgrades again, preserve the encryption configuration parameter of this renewal so and cover aforementioned new encryption parameter, the use and the backup configuration of former encryption parameter are constant simultaneously, and former encryption parameter is still as the encryption parameter in the work at present; At this moment, state still remains on suspended state (referring to the I D_6 among Fig. 5).
In addition, if know that all TM RB are released, then ciphering process finishes under suspended state, and the MAC layer entity is encrypted and gone to unactivated state (referring to the ID_7 among Fig. 5) by suspended state, and empties all relevant parameters of encryption.
In addition as shown in Figure 6, at above-mentioned several embodiment, the present invention proposes again to have defined g_mac_ciphinfo_st[CN at the MAC layer entity] .cipher_algorithm_info_st[3] the structure array, and the 0th element that will array only stored current encryption parameter just at work, that is MAC only carries out encryption and decryption with the first cover encryption parameter, the encryption parameter of the 1st element storage backup is for the encryption parameter rollback, and the 2nd element stored the encryption parameter of suspended state.
Thus, encryption behavior according to the MAC layer entity of each state lower network side of above-mentioned state definition clear-cut and end side can realize the Synchronization Control of the MAC layer entity of various situation lower network sides and end side for the transparent mode data encipher process by state exchange.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to finish by the relevant hardware of program command, and described procedure stores is in the particular memory medium.
As can be seen, adopt method and apparatus of the present invention, can solve reasonable, the effective encryption synchronisation control problem under the various complex situations in the ciphering process, ensure the precise synchronization of encryption and decryption, realize safe and reliable data information transfer.
Based on above-mentioned thought, as shown in Figure 7, the embodiment of the invention 3 provides a kind of sync control device of realizing transparent mode data encipher again, and this device comprises: receiving element 701, ciphering unit 702 and empty unit 703; Wherein
Described receiving element 701 is used for when data encryption transmission, receives the configuration information of the transparent mode radio bearer that carries encryption parameter and allocation activation time point of network side transmission; Described ciphering unit 702 is used for beginning to preserve described encryption parameter at the allocation activation time point, and starts ciphering process with this encryption parameter; The described unit 703 that empties is used for emptying encryption parameter when the data encryption end of transmission, receive ciphering process.
In addition, described receiving element 701 is further used for receiving the new radio bearer configuration information of carrying the allocation activation time point of network side transmitted in data encryption process; Described ciphering unit 702 is further used for the allocation activation time point from this new radio bearer, carries out the ciphering process of this new radio bearer with the encryption parameter of current other radio bearers of using.
It should be noted that, the device of present embodiment further also can comprise memory cell: wherein, described receiving element is further used in the data encryption transmission course, and what receive that network side sends carries new encryption parameter, new allocation activation time point information and the change configuration information of ciphering activation time point information; Described memory cell is used for preserving new encryption parameter at new allocation activation time point; Described ciphering unit is further used for carrying out encryption with former encryption parameter and former encryption parameter is backed up before described ciphering activation time point, and encrypts with new encryption parameter after the ciphering activation time point and this new encryption parameter is backed up.
In addition, described receiving element is further used for receiving the encryption parameter of the renewal of network side transmitted before described ciphering activation time point; The encryption parameter that described memory cell is further used for preserving this renewal covers the new encryption parameter of having preserved.
In addition, the device of the embodiment of the invention also can comprise judging unit on the basis of the above: wherein, described judging unit is used for judging at ciphering process whether all transparent mode radio bearers are released, if then notify the described unit that empties; The described unit that empties is further used for emptying all encryption parameters according to the indication of the judging unit that receives, and finishes ciphering process.
According to described disclosed embodiment, can be so that those skilled in the art can realize or use the present invention.To those skilled in the art, the various modifications of these embodiment are conspicuous, and the general principles of definition here also can be applied to other embodiment on the basis that does not depart from the scope of the present invention with purport.Above-described embodiment only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included in protection scope of the present invention it.
Claims (14)
1, a kind of synchronisation control means of realizing transparent mode data encipher is characterized in that, comprising:
When data encryption transmission, receive the configuration information of the transparent mode radio bearer of network side transmission, described configuration information carries encryption parameter and allocation activation time point information;
At the allocation activation time point, start ciphering process with described encryption parameter preservation and with this encryption parameter;
When the data encryption end of transmission, empty encryption parameter and finish ciphering process.
2, method according to claim 1 is characterized in that, this method further comprises:
In data encryption process, if receive the new radio bearer configuration information of carrying the allocation activation time point of network side transmitted, then, carry out the ciphering process of this new radio bearer with the encryption parameter of current other radio bearers of using from the allocation activation time point of this new radio bearer.
3, method according to claim 1 is characterized in that, this method further comprises:
In the data encryption transmission course, receive the change configuration information that network side sends, described change configuration information carries new encryption parameter, new allocation activation time point information and ciphering activation time point information;
At new allocation activation time point, preserve new encryption parameter and still carry out encryption simultaneously with former encryption parameter, and with former encryption parameter backup;
At the ciphering activation time point, encrypt and this new encryption parameter is backed up with new encryption parameter.
4, method according to claim 3 is characterized in that, this method further comprises:
Before described ciphering activation time point, if receive the encryption parameter of the renewal of network side transmitted, the encryption parameter of then preserving this renewal covers the new encryption parameter of having preserved, and still carry out simultaneously and encrypt with former encryption parameter, and with former encryption parameter backup.
5, method according to claim 3 is characterized in that, this method further comprises:
In ciphering process, be released if know all transparent mode radio bearers, then finish ciphering process, empty all encryption parameters.
6, according to claim 4 or 5 described methods, it is characterized in that this method further comprises:
Definition structure body array in the MAC layer entity;
Store the encryption parameter of work at present at the 0th element of this array, the encryption parameter of the 1st element storage backup, the 2nd the new encryption parameter of element storage.
7, according to any described method of claim 1 to 5, it is characterized in that:
Connection Frame Number when described allocation activation time point can issue configuration information by network side adds that first deviant calculates.
8, according to any described method of claim 3 to 5, it is characterized in that:
Connection Frame Number when described ciphering activation time point can issue configuration information by network side adds that second deviant calculates, and described ciphering activation time point is after described allocation activation time point.
9, according to claim 7 or 8 any described methods, it is characterized in that:
In data transmission procedure, high 20 bits by high 20 the bit assignment of Hyper Frame Number being given described encryption parameter, the least-significant byte bit assignment of Connection Frame Number give the least-significant byte bit of described encryption parameter keep encryption parameter in the Transmission Time Interval synchronously; Wherein each described Connection Frame Number is counted the back Hyper Frame Number again and is added up 1.
10, a kind of sync control device of realizing transparent mode data encipher is characterized in that, this device comprises: receiving element, ciphering unit and empty the unit; Wherein
Described receiving element is used for when data encryption transmission, receives the configuration information of the transparent mode radio bearer that carries encryption parameter and allocation activation time point of network side transmission;
Described ciphering unit is used for beginning to preserve described encryption parameter at the allocation activation time point, and starts ciphering process with this encryption parameter;
The described unit that empties is used for emptying encryption parameter when the data encryption end of transmission, receive ciphering process.
11, device according to claim 10 is characterized in that:
Described receiving element is further used for receiving the new radio bearer configuration information of carrying the allocation activation time point of network side transmitted in data encryption process;
Described ciphering unit is further used for the allocation activation time point from this new radio bearer, carries out the ciphering process of this new radio bearer with the encryption parameter of current other radio bearers of using.
12, device according to claim 10 is characterized in that, this device further comprises memory cell: wherein,
Described receiving element is further used in the data encryption transmission course, and what receive that network side sends carries new encryption parameter, new allocation activation time point information and the change configuration information of ciphering activation time point information;
Described memory cell is used for preserving new encryption parameter at new allocation activation time point;
Described ciphering unit is further used for carrying out encryption with former encryption parameter and former encryption parameter is backed up before described ciphering activation time point, and encrypts with new encryption parameter after the ciphering activation time point and this new encryption parameter is backed up.
13, device according to claim 12 is characterized in that:
Described receiving element is further used for receiving the encryption parameter of the renewal of network side transmitted before described ciphering activation time point;
The encryption parameter that described memory cell is further used for preserving this renewal covers the new encryption parameter of having preserved.
14, device according to claim 12 is characterized in that, this device further comprises judging unit: wherein,
Described judging unit is used for judging at ciphering process whether all transparent mode radio bearers are released, if then notify the described unit that empties;
The described unit that empties is further used for emptying all encryption parameters according to the indication of the judging unit that receives, and finishes ciphering process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007103041855A CN101471768A (en) | 2007-12-25 | 2007-12-25 | Synchronization control method and apparatus for implementing transparent mode data encipher |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007103041855A CN101471768A (en) | 2007-12-25 | 2007-12-25 | Synchronization control method and apparatus for implementing transparent mode data encipher |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101471768A true CN101471768A (en) | 2009-07-01 |
Family
ID=40828910
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007103041855A Pending CN101471768A (en) | 2007-12-25 | 2007-12-25 | Synchronization control method and apparatus for implementing transparent mode data encipher |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101471768A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404729A (en) * | 2010-10-29 | 2012-04-04 | 公安部第一研究所 | End-to-end speech encryption method for low-speed narrowband wireless digital communication |
| WO2012174794A1 (en) * | 2011-06-22 | 2012-12-27 | 中兴通讯股份有限公司 | Method and system for reconfiguring service in circuit switched um rlc mode in mobile communication system |
-
2007
- 2007-12-25 CN CNA2007103041855A patent/CN101471768A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404729A (en) * | 2010-10-29 | 2012-04-04 | 公安部第一研究所 | End-to-end speech encryption method for low-speed narrowband wireless digital communication |
| CN102404729B (en) * | 2010-10-29 | 2014-12-17 | 公安部第一研究所 | End-to-end speech encryption method for low-speed narrowband wireless digital communication |
| WO2012174794A1 (en) * | 2011-06-22 | 2012-12-27 | 中兴通讯股份有限公司 | Method and system for reconfiguring service in circuit switched um rlc mode in mobile communication system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101482696B1 (en) | End-to-end encrypted communication | |
| USRE47200E1 (en) | Preventing shortened lifetimes of security keys in a wireless communications security system | |
| AU2004319170B2 (en) | System and method for generating reproducible session keys | |
| US9246672B2 (en) | Two indices moving in opposite directions for cryptographic bidirectional communications using a shared master key | |
| US7817802B2 (en) | Cryptographic key management in a communication network | |
| CA2767989C (en) | Mobile communication system, mobile station and radio base station using carrier aggregation security process | |
| CN102404721B (en) | Safety protecting method of Un interface, device and base station | |
| CA2161639A1 (en) | Digital radio transceiver with encrypted key storage | |
| JP2000295209A (en) | Method and system for key management and recording medium | |
| CN103209409A (en) | Communications System | |
| CN102137393B (en) | Method and device for encrypting end-to-end | |
| CN101467386A (en) | Method for switching decipher cipher, deciphering device and terminal equipment | |
| TW200820662A (en) | Method and apparatus for handling protocol error in a wireless communications system | |
| CN101281495A (en) | Method for ciphering file using movable storage apparatus | |
| CN101166177B (en) | A method and system for initialization signaling transmission at non access layer | |
| CN102065417B (en) | Method, equipment and system for realizing security context information synchronization | |
| CN101471768A (en) | Synchronization control method and apparatus for implementing transparent mode data encipher | |
| CN101500231A (en) | Mobile terminal, audio data processing method and system | |
| CN105827601A (en) | Data encryption application method and system of mobile device | |
| US7606363B1 (en) | System and method for context switching of a cryptographic engine | |
| CN115967790A (en) | Monitoring system and monitoring data encryption transmission method | |
| EP1428403B1 (en) | Communications methods, systems and terminals | |
| CN114503628A (en) | Managing security keys in a communication system | |
| CN100583743C (en) | Distributing method for transmission key | |
| CN108777695A (en) | NB modules data transmission method, device, NB modules and readable storage medium storing program for executing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| ASS | Succession or assignment of patent right |
Owner name: LIANXIN SCIENCE CO., LTD. Free format text: FORMER OWNER: DATANG MOBILE COMMUNICATION APPARATUS CO., LTD. Effective date: 20090508 |
|
| C06 | Publication | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| PB01 | Publication | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20090508 Address after: Zip code, 4 building, 41 333 Qinjiang Road, Shanghai, China: 200000 Applicant after: Lian core technology Co., Ltd. Co-applicant after: Datang Mobile Communication Equipment Co., Ltd. Co-applicant after: Datang Mobile Communication Equipment Co., Ltd., Shanghai Address before: Zip code 29, Xueyuan Road, Haidian District, Beijing: 100000 Applicant before: Datang Mobile Communications Equipment Co Co-applicant before: Datang Mobile Communication Equipment Co., Ltd., Shanghai |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090701 |