CN102301645A - Method and device for maintaining encryption/decryption parameters of LLC layer - Google Patents
Method and device for maintaining encryption/decryption parameters of LLC layer Download PDFInfo
- Publication number
- CN102301645A CN102301645A CN2011800010008A CN201180001000A CN102301645A CN 102301645 A CN102301645 A CN 102301645A CN 2011800010008 A CN2011800010008 A CN 2011800010008A CN 201180001000 A CN201180001000 A CN 201180001000A CN 102301645 A CN102301645 A CN 102301645A
- Authority
- CN
- China
- Prior art keywords
- encryption
- frame
- decryption parameter
- ciphertext
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The present invention discloses a method and a device maintaining encryption/decryption parameters of an LLC (Logic Link Control) layer. The method comprises the steps of: performing decryption for received UI (Unconfirmed Information) frame ciphertexts by adopting an i-th encryption/decryption parameter, wherein an initial value of the i is 1; when it is failed to adopt the i-th encryption/decryption parameter to decrypt the UI frame ciphertexts, taking the (i+1)-th encryption/decryption parameter as the current i-th encryption/decryption parameter, and returning to execute the operation of performing decryption for the received UI frame ciphertexts by adopting the i-th encryption/decryption parameter until the decryption for the UI frame ciphertexts is succeed. By adopting the technical scheme, the problem that the ciphertexts can not be decrypted can be avoided.
Description
Technical field
The present invention relates to information security field, particularly a kind of method and device of safeguarding LLC layer encryption/decryption parameter.
Background technology
LLC (Logical Link Control, logic link control) layer protocol is used for carrying out between the LLC entity transmission of packet data, and guarantees reliability of data transmission and confidentiality by encrypting.
LLC uses UI (Unconfirmed Information frames, unacknowledged information) frame to carry out transmission of packet data under ADM (Asynchronous Disconnected Mode, asynchronous disconnected pattern) pattern.Transmit leg is the corresponding N (U) (Unconfirmed sequence number, non-affirmation sequence number) that sends when sending the UI frame, wherein, N (U) is the sequence number of the UI frame that next time will send, span is 0 to 511, and after a UI frame successfully sent, N (U) just added 1.
So, in order to guarantee the reliability and the confidentiality of the transmission of UI frame, transmit leg sends to the recipient after the UI frame is encrypted according to the encryption/decryption parameter of both sides' agreement; After the recipient receives UI frame after the encryption, obtain the UI frame according to the encryption/decryption parameter deciphering of both sides' agreement.
Wherein, when the N in the UI frame (U) value was 0 by 511 upsets, transmit leg and recipient upgraded the encryption/decryption parameter of both sides' agreement, and afterwards, transmit leg and recipient adopt the encryption/decryption parameter after the renewal that the UI frame is carried out corresponding encryption and decryption operation.
From the above mentioned, the recipient could upgrade encryption/decryption parameter after must correctly receiving the UI frame of N (U)=511.
So, the recipient can't receive the UI frame of the N (U)=511 that transmit leg sends because of some factors (the UI frame as N (U)=511 is lost) in process of transmitting, be transmit leg after encryption/decryption parameter is upgraded, the recipient does not upgrade accordingly to encryption/decryption parameter.Afterwards, during UI frame after the transmit leg newly received uses encryption/decryption parameter after upgrading to encrypt, the UI frame after using the encryption/decryption parameter that do not upgrade to the encryption that receives is decrypted, deciphering will be failed, and irrecoverable.
Summary of the invention
The embodiment of the invention provides a kind of method and device of the LLC of maintenance layer encryption/decryption parameter, to avoid owing to the recipient does not upgrade the deciphering failure that causes to encryption/decryption parameter.
The embodiment of the invention provides a kind of method of the LLC of maintenance layer encryption/decryption parameter, and described method comprises:
Adopt i encryption/decryption parameter that the unacknowledged information UI frame ciphertext that receives is decrypted, the initial value of i is 1;
When adopting described i encryption/decryption parameter that described UI frame decrypt ciphertext is failed, with i+1 encryption/decryption parameter as i current encryption/decryption parameter, return and carry out the operation that i encryption/decryption parameter of described employing is decrypted the unacknowledged information UI frame ciphertext that receives, up to successful described UI frame decrypt ciphertext;
When to the success of described UI frame decrypt ciphertext, i the encryption/decryption parameter that adopts upgraded.
A kind of device of safeguarding LLC layer encryption/decryption parameter, described device comprises: first deciphering module, second deciphering module and update module;
Described first deciphering module is used to adopt i encryption/decryption parameter that the ciphertext that receives is decrypted, and the initial value of i is 1;
Described second deciphering module, be used for when adopting described i encryption/decryption parameter that the decrypt ciphertext that receives is failed, with i+1 encryption/decryption parameter as i current encryption/decryption parameter, notify described first deciphering module to carry out and adopt i the operation that encryption/decryption parameter is decrypted the ciphertext that receives, up to successful described decrypt ciphertext;
Described update module is used for when to the success of described decrypt ciphertext i the encryption/decryption parameter that adopts being upgraded.
The embodiment of the invention is decrypted operation with i+1 encryption/decryption parameter as i current encryption/decryption parameter when adopting i encryption/decryption parameter that the decrypt ciphertext that receives is failed, avoided the problem that can't decipher the UI frame ciphertext that receives.
Description of drawings
In order to be illustrated more clearly in the technical scheme in the embodiment of the invention, the accompanying drawing of required use is done to introduce simply in will describing embodiment below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the method flow diagram of a kind of LLC of maintenance layer encryption/decryption parameter of providing in the embodiment of the invention 1;
Fig. 2 is the method flow diagram of a kind of LLC of maintenance layer encryption/decryption parameter of providing in the embodiment of the invention 2;
Fig. 3 is the method flow diagram of a kind of LLC of maintenance layer encryption/decryption parameter of providing in the embodiment of the invention 3;
Fig. 4 is the device block diagram of a kind of LLC of maintenance layer encryption/decryption parameter of providing in the embodiment of the invention 4.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
Embodiment 1
Referring to Fig. 1, a kind of method of safeguarding LLC layer encryption/decryption parameter, the executive agent of this method includes but not limited to MS (Mobile station, mobile device) and SGSN (Serving General packet Radio Service Support Node, the packet wireless business serving GPRS support node) equipment such as, concrete steps are as follows:
Step 101: adopt i encryption/decryption parameter that the unacknowledged information UI frame ciphertext that receives is decrypted, the initial value of i is 1;
Step 102: when adopting i encryption/decryption parameter that UI frame decrypt ciphertext is failed, with i+1 encryption/decryption parameter as i current encryption/decryption parameter, return to carry out and adopt i the operation that encryption/decryption parameter is decrypted the unacknowledged information UI frame ciphertext that receives, up to successful UI frame decrypt ciphertext;
Wherein, i+1 encryption/decryption parameter adds 512 by i encryption/decryption parameter and obtains.
Need to prove, when adopting i encryption/decryption parameter that UI frame decrypt ciphertext is failed, with i+1 encryption/decryption parameter as i current encryption/decryption parameter, return to carry out and adopt i the operation that encryption/decryption parameter is decrypted the unacknowledged information UI frame ciphertext that receives, after to the success of UI frame decrypt ciphertext, this method can also comprise: i the encryption/decryption parameter that adopts upgraded.
Particularly, when to UI frame decrypt ciphertext when success, i the encryption/decryption parameter that adopts upgraded comprise:
I encryption/decryption parameter added i encryption/decryption parameter after obtaining upgrading behind the 512*j, and j equals i-1.
In addition, this method also comprises: when adopting i encryption/decryption parameter to the UI frame decrypt ciphertext success that receives, judge whether the non-affirmation sequence number of deciphering the UI frame that obtains is 511, if then the value with i encryption/decryption parameter adds 512.
By the realization of the technical scheme that the embodiment of the invention provided, avoided the problem that to decipher the UI frame ciphertext that receives.
Embodiment 2
Referring to Fig. 2, encryption/decryption parameter of the local preservation of recipient in the embodiment of the invention, so, consistent in order to guarantee the encryption/decryption parameter that the recipient safeguards with the encryption/decryption parameter of transmit leg, and make that the ciphertext that self can decipher the UI frame is successful, the embodiment of the invention provides a kind of recipient to safeguard the method for LLC layer encryption/decryption parameter, wherein, recipient and transmit leg include but not limited to MS (Mobile station, mobile device) or SGSN (Serving General packet Radio Service Support Node, the packet wireless business serving GPRS support node) equipment such as, concrete steps are as follows:
Step 201: transmit leg adopts the encryption/decryption parameter OC of current storage that the UI frame that will send is encrypted, and the UI frame ciphertext that encryption obtains is sent to the recipient;
Particularly, transmit leg sends a N (U) (Unconfirmed sequence number with correspondence when sending the UI frame, non-affirmation sequence number), N (U) is the sequence number of the UI frame that next time will send, and span is 0 to 511, after a UI frame successfully sends, N (U) just adds 1, after the value of N (U) reaches 511, will be once more since 0 value, i.e. N (U) value that between 0 to 511, circulates.And whenever the value of N (U) becomes at 0 o'clock from 511, transmit leg will upgrade the local OC that is safeguarded, particularly, the OC of the just local storage of transmit leg adds 512 OC after obtaining upgrading; Afterwards, transmit leg adopts the OC after upgrading that the UI frame that will send is encrypted;
Now illustrate said process: the initial value of the local OC that stores of transmit leg is a, then, the transmit leg adopted value is that the OC of a is respectively that 0 to 511 UI frame is encrypted with first round N (U) value, and each ciphertext that encryption obtains sent to the recipient respectively, when transmit leg is that 511 UI frame adopted value is after the OC of a encrypts with N (U) value, the value of OC is updated to a+512; Afterwards, the transmit leg adopted value is that to take turns N (U) value with second respectively be that 0 to 511 UI frame is encrypted to the OC of a+512, and each ciphertext that encryption obtains sent to the recipient, and take turns middle N (U) value when transmit leg with second is that 511 UI frame adopted value is after the OC of a+512 encrypts, and the value of OC is updated to a+512+512; Afterwards, the transmit leg adopted value is that the OC of a+512+512 is that 0 to 511 UI frame is encrypted to the third round value respectively, and the like.
Step 202: when the recipient receives the ciphertext of UI frame, adopt the encryption/decryption parameter of current storage that the UI frame ciphertext that receives is decrypted;
Particularly, the recipient adopts the encryption/decryption parameter OC1 of local storage that the ciphertext that receives is decrypted and obtains the UI frame, when N (U) value of the UI frame that obtains when deciphering is 511, the recipient upgrades the OC1 of storage, and particularly, the recipient adds 512 with the OC1 of this locality storage, afterwards, the recipient adopts the OC1 after the renewal that the ciphertext that receives is decrypted, and wherein, the initial value of the encryption/decryption parameter of the local storage of recipient is identical with the initial value of the encryption/decryption parameter of the local storage of transmit leg.
Now illustrate said process, the initial value of the OC1 of recipient's storage is the same with the initial value of the OC that transmit leg is stored, be a, then recipient's adopted value is that the OC1 of a is decrypted the ciphertext of first round N (U) the UI frame that receives, when decrypting ciphertext when to obtain N (U) be 511 UI frame, the value of OC1 is updated to a+512; Afterwards, adopted value is that the OC1 of a+512 is decrypted second ciphertext of taking turns the UI frame that receives, and when decrypting ciphertext when to obtain N (U) be 511 UI frame, the value of OC1 is updated to a+515+512; Adopted value is that the OC1 of a+512+512 is decrypted the ciphertext of the third round UI frame that receives afterwards, by that analogy.
Can know by the description of giving an example in step 201 and the step 202: transmit leg respectively adopted value be a, a+512 and a+512+512 OC to the first round, second take turns with third round N (U) value be that 0 to 511 UI frame is encrypted, and ciphertext is sent to the recipient successively; Recipient's adopted value is that the OC1 of a, a+512 and a+512+512 takes turns ciphertext with third round UI frame to the first round, second and is decrypted and obtains corresponding UI frame.Because the value unanimity of the encryption/decryption parameter that both sides adopted, then the recipient will inevitably be to the decrypt ciphertext success that receives.
But, by can know for example in the step 202: when the recipient is that the OC1 of a is when being decrypted the ciphertext of the first round UI frame that receives at adopted value, it is 511 UI frame that final deciphering does not obtain N (U), and then the recipient does not upgrade OC1, and promptly the value of OC1 still is a; The recipient why decipher less than N (U) be the reason of 511 UI frame may be for: recipient because factors such as network link instability do not receive the ciphertext that N (U) in the first round that transmit leg sends is 511 UI frame, so, in this case, the recipient must to decipher less than N in the first round (U) be 511 UI frame; Afterwards, when the recipient takes turns the ciphertext of UI frame in reception second, adopted value is that the OC1 of a is decrypted second ciphertext of taking turns the UI frame, since transmit leg sends be adopted value be a+512 OC to the UI frame encrypt obtain second take turns the ciphertext that N (U) value is 0 to 511 UI frame, then recipient's adopted value is that the OC1 of a is to second must failing when taking turns the decrypt ciphertext of UI frame of receiving; Afterwards, the recipient is that the renewal of 511 the UI frame OC that makes OC1 and transmit leg is no longer synchronous owing to this does not decrypt N (U) value, will cause the recipient all can't successfully decipher the ciphertext of the UI frame that receives later on.
In addition, the recipient is that first round N (U) value that the OC1 of a sends transmit leg is that the ciphertext of 0 to 511 UI frame is decrypted at adopted value, and the N (U) that obtains of final deciphering is 511 UI frame, then OC1 is updated to a+512; Afterwards, adopted value is that the OC1 of a+512 is decrypted receiving second ciphertext of taking turns N (U) UI frame, and successful decryption, but in the epicycle decrypting process deciphering to obtain N (U) value be 511 UI frame, so, OC1 does not do and upgrades processing, promptly the value of OC1 is a+512; When the recipient receive that transmit leg sends with the value be the ciphertext of the OC of the a+512+512 UI frame of encrypting third round N (U) value 0 to 511 that obtains the time, can't decrypting ciphertext; Afterwards, owing to OC1 in second takes turns, do not decrypt N (U) value be 511 UI frame cause OC1 after process in can't be consistent with the OC of transmit leg, thereby cause follow-up decrypting process to end in failure.
Can know by above-mentioned description, transmit leg sent respectively takes turns the ciphertext that N (U) value is 0 to 511 UI frame in case the recipient is in deciphering, and deciphering occurs and wherein one take turns the ciphertext of UI frame and when to can not get N (U) value be 511 UI frame, the OC1 that will cause the recipient to store can't obtain synchronous renewal with the OC of transmit leg, and makes recipient's deciphering failure when follow-up deciphering UI frame ciphertext.
So, for fear of the situation that above-mentioned recipient can't be decrypted the ciphertext that receives, the recipient can carry out as following operation:
Step 203: the recipient judges whether the received UI frame ciphertext of deciphering is successful,
If unsuccessful, execution in step 204;
If success, execution in step 205;
Step 204: the recipient adds 512 afterwards as current new encryption/decryption parameter with the encryption/decryption parameter of current storage, returns execution in step 203, up to the ciphertext success that deciphering receives, execution in step 205;
Now illustrate above-mentioned steps 203 and 204 described processes: the description by step 202 can be known, second ciphertext of taking turns the UI frame of N (U) value from 0 to 511 that is receiving that transmit leg sends as the recipient, the employing currency is that the OC1 of a+512 is decrypted UI frame ciphertext and success, but deciphering is when to obtain N (U) value be 511 UI frame, and the OC1 that is worth for a+512 does not upgrade; So, receive the ciphertext of the UI frame of third round N (U) value from 0 to 511 that transmit leg sends as the recipient, then adopted value is that the OC1 of a+512 deciphers this and takes turns the UI frame ciphertext that receives, deciphering UI frame ciphertext so will fail, and this is because the ciphertext of the UI frame of third round N (U) value from 0 to 511 is that to send out use value be that the OC of a+512+512 encrypts and obtains by sending; The recipient is that the OC1 of a+512 adds 512 to obtain current new value be the OC1 of a+512+512 with currency, adopts current new OC1 that the ciphertext of the third round UI frame that receives this moment is decrypted then decrypting ciphertext success.
Step 205: the recipient judge N (U) number of the UI frame that obtains after the success of deciphering UI frame ciphertext whether be 511,
If then the value with current encryption/decryption parameter adds 512;
If not, do not do any operation;
For example, transmit leg is that the OC of a+512+512 encrypts the UI frame of third round N (U) value from 0 to 511 with adopted value, and after the UI frame that to N (U) is 511 is encrypted, the OC value is updated to a+512+512+512, afterwards, adopted value is that the OC of a+512+512+512 encrypts four-wheel UI frame, so, the recipient is after the OC1 of a+512+512 is decrypted the ciphertext of the third round UI frame that transmit leg sent at adopted value, for guaranteeing can successful decryption in the ciphertext that receives four-wheel N (U) the UI frame that transmit leg sends, the recipient is in deciphering when to obtain N in the third round (U) value be 511 UI frame, the OC1 of current deciphering usefulness is added that 512 upgrade, so that, recipient and transmit leg the OC and the OC1 that safeguard respectively consistent.
Realization by technique scheme, after making that the recipient at the N that does not receive (U) is the ciphertext of 511 UI frame, can make that still the value of the encryption/decryption parameter that local encryption/decryption parameter of being safeguarded and recipient are safeguarded is consistent, and the situation of avoiding the recipient can't decipher UI frame ciphertext occurs.
Embodiment 3
Referring to Fig. 3, N encryption/decryption parameter of the local preservation of recipient in the embodiment of the invention, N is the integer more than or equal to 2, wherein, i+1 encryption/decryption parameter is that i encryption/decryption parameter adds that 512 obtain, i is more than or equal to 1 integer smaller or equal to N, and the initial value of the 1st encryption/decryption parameter is identical with the initial value of the encryption/decryption parameter that transmit leg is safeguarded, this initial value is consulted to obtain by both party in advance.
For example, the initial value of first encryption/decryption parameter OC1 that the recipient preserves is a, and then the value of i encryption/decryption parameter of recipient's preservation is a+512* (i-1);
So, can decipher the ciphertext success of UI frame in order to guarantee encryption/decryption parameter that the recipient safeguards, the embodiment of the invention provides a kind of recipient to safeguard the method for LLC layer encryption/decryption parameter, wherein, recipient and transmit leg include but not limited to MS (Mobile station, mobile device) and SGSN equipment such as (Serving General packet Radio Service Support Node, packet wireless business serving GPRS support nodes), concrete steps are as follows:
Step 301: transmit leg adopts the encryption/decryption parameter OC of local storage that the UI frame that will send is encrypted, and the UI frame ciphertext that encryption obtains is sent to the recipient;
The detailed description of relevant this step sees also the step 201 among the embodiment 2, just repeats no more herein.
Step 302: when the recipient receives the ciphertext of UI frame, adopt i encryption/decryption parameter of current storage that the ciphertext that receives is decrypted;
The detailed description of relevant this step sees also the step 202 among the embodiment 2, just repeats no more herein.
Step 303: the recipient judges whether the received ciphertext of i encryption/decryption parameter deciphering of employing is successful, and the initial value of i is 1,
If unsuccessful, execution in step 304;
If success, execution in step 306;
Step 304: the recipient adopts i+1 encryption/decryption parameter of storage as i current encryption/decryption parameter, returns execution in step 303, up to the success of deciphering UI frame ciphertext, execution in step 305;
Step 305: i the encryption/decryption parameter that the recipient stores this locality upgrades execution in step 306;
Particularly, i encryption/decryption parameter renewal of this locality storage comprised, i encryption/decryption parameter added i encryption/decryption parameter after obtaining upgrading behind the 512*j, wherein, j=i-1;
Step 306: the recipient judge N (U) number of the UI frame that obtains after the decrypting ciphertext success whether be 511,
If a current N encryption/decryption parameter is all added 512 N encryption/decryption parameters after obtaining upgrading;
If not, do not do any operation;
Now illustrate above-mentioned steps 303 to 306 described processes: when the recipient is that the OC of a is when encrypting the ciphertext of the first round UI frame that obtains with the value what receive that transmit leg sends, adopting currency is the 1st encryption/decryption parameter OC1 decrypting ciphertext and the success of a, but to obtain N (U) value be 511 UI frame in deciphering, and then the value of Bao Cuning is that OC1 and the value of a are that i the encryption/decryption parameter of a+512* (i-1) do not upgrade; So, when the recipient receive that transmit leg sends with the value be a+512 encrypt obtain second when taking turns the ciphertext of UI frame, adopted value is first encryption/decryption parameter OC1 deciphering UI frame ciphertext failure of a, then adopted value is second encryption/decryption parameter OC2 deciphering UI frame ciphertext success of a+512, then the OC1 that will be worth for a is updated to a+512, value is that the OCi of a+512* (i-1) is updated to a+512* (i-1)+512*j, j=i-1; Whether the N (U) that judges the UI frame that obtains after the decrypting ciphertext success is 511, if then N the encryption/decryption parameter that obtains after the above-mentioned renewal added 512 N encryption/decryption parameters after obtaining once more upgrading respectively;
Afterwards, the recipient is after the UI frame ciphertext that receives the transmit leg transmission, first encryption/decryption parameter that adopts current renewal to obtain is decrypted the ciphertext that receives, when unsuccessful, the next encryption/decryption parameter that then adopts current renewal to obtain is decrypted the ciphertext that receives, up to successful, and adopt the method for above-mentioned steps 305 to 306 that a current N encryption/decryption parameter is upgraded once more, by that analogy to UI frame decrypt ciphertext.
Preserving two encryption/decryption parameters with the recipient below is that example describes above-mentioned flow process in detail:
The recipient is local to preserve two encryption/decryption parameter OC1 and OC2, and OC1=0, OC2=512;
It is that 0 encryption/decryption parameter OC encrypts the ciphertext that first round N (U) value that obtains is 0 to 511 UI frame that the recipient receives the transmit leg adopted value, and wherein, N (U) is that ciphertext destabilizing factor owing to network link in process of transmitting of 511 UI frame is lost;
The recipient adopts OC1 that the ciphertext of the UI frame that receives is decrypted and successful decryption, because being ciphertext destabilizing factor owing to network link in process of transmitting of 511 UI frame, loses N (U), so the recipient obtains the UI frame of (U)=510 in deciphering after, to obtain N (U) be 511 UI frame in deciphering, at this moment, the value of the OC1 that the recipient preserved still is 0, and the value of OC2 still is 512;
It is that 512 encryption/decryption parameter OC encrypts second ciphertext of taking turns the UI frame that obtains that the recipient receives the transmit leg adopted value, adopted value is that 0 OC1 is decrypted the ciphertext that receives, then deciphering must be failed, so, just adopted value is that 512 encryption/decryption parameter is decrypted, successful decryption then, afterwards, the value of OC1 is updated to 512, and the value of OC2 is updated to 512+512;
The recipient judges whether N (U) value of the UI frame that employing OC2 successful decryption obtains is 511, if, then illustrate the recipient to receive second to take turns value be that the ciphertext of 0 to 511 UI frame all receives and deciphers and finishes, OC1 is updated to 512+512, OC2 is updated to 512+512+512;
Afterwards, it is that the encryption/decryption parameter OC of 512+512 encrypts the ciphertext that third round N (U) value that obtains is 0 to 511 UI frame that the recipient receives adopted value that transmit leg sends, then adopting the value after upgrading is the OC1 deciphering UI frame ciphertext success of 512+512, and when to obtain N (U) be 511 UI frame, once more OC1 and OC2 are added that respectively 512 upgrade in deciphering;
Here why OC2 also being upgraded synchronously, then is when occurring for following situation, makes the recipient still can decipher the success of UI frame ciphertext:
It is the ciphertext that the encryption/decryption parameter OC of 512+512 encrypts the third round UI frame that obtains that the recipient receives adopted value that transmit leg sends, wherein, N (U) is that ciphertext destabilizing factor owing to network link in process of transmitting of 511 UI frame is lost, so the recipient obtains the UI frame of (U)=510 in deciphering after, to obtain N (U) be 511 UI frame in deciphering;
It is that the OC1 of 512+512 is decrypted and success the ciphertext of the third round UI frame that receives that the recipient adopts the value preserved, this moment, to obtain N (U) be 511 UI frame owing to fail deciphering, so the OC1 that is worth for 512+512 fails to obtain to upgrade with the OC2 of value for 512+512+512;
The adopted value that the recipient receives transmit leg once more and sent is that the encryption/decryption parameter OC of 512+512+512 is when encrypting the ciphertext of the four-wheel UI frame that obtains, the value that adopts current renewal to obtain is that the UI frame ciphertext that the OC1 deciphering of 512+512 receives will be failed, then, the value that adopts current renewal to obtain is that the OC2 of 512+512+512 is decrypted, with successful decryption, at this moment, value with OC1 is updated to 512+512+512 once more, the value of OC2 is updated to 512+512+512+512, to guarantee that the recipient when to occur not receiving N (U) value once more be 511 UI frame, still can decipher UI frame ciphertext successfully follow-up.
Need to prove that when the recipient receives ciphertext when failure of UI frame continuously, the recipient uses OC1 and OC2 all can't guarantee after double reception N (U) is the ciphertext failure of 0 to 511 UI frame, to the successful property of the decrypt ciphertext of the follow-up UI frame that receives; Generally, the probability of ciphertext of losing a large amount of UI frames in the LLC layer continuously is extremely low, the recipient by safeguard two encryption/decryption parameters can basic guarantee to the successful property of the decrypt ciphertext that receives.
So, consider the situation that the ciphertext of a large amount of UI frames is lost continuously, the recipient can safeguard that three or more encryption/decryption parameters guarantees receiving the successful property of decrypt ciphertext.
Method when the recipient safeguards two encryption/decryption parameters of method and above-mentioned maintenance of three or more encryption/decryption parameters is identical, below, safeguard that with the recipient situation of three encryption/decryption parameters is that example illustrates concrete maintenance process: three encryption/decryption parameters of the local preservation of recipient, be respectively OC1, OC2 and OC3, wherein, OC1 is the encryption/decryption parameter of current use, OC2=OC1+512, OC3=OC2+512; So, when receiving the ciphertext of UI frame, at first use OC1 to be decrypted, when using OC1 deciphering failure, then use OC2 to be decrypted, when using the OC2 successful decryption, OC1 is updated to OC1=OC2, OC2=OC+512, OC3=OC2+512; When using OC2 deciphering failure, then use OC3 to be decrypted, when using the OC3 successful decryption, OC1 is updated to OC1=OC3, OC2 is adding on the basis of the OC1 after the renewal that 512 OC2 and OC3 after obtaining upgrading are increasing by 512 OC3 after obtaining upgrading on the basis of the OC2 after the renewal;
Correspondingly, when the encryption/decryption parameter of recipient's local maintenance more than three, wherein, any one encryption/decryption parameter in the encryption/decryption parameter of maintenance adds 512 by its previous encryption/decryption parameter and obtains.When then the recipient receives the ciphertext of UI frame at every turn, all at first use first encryption/decryption parameter to attempt deciphering, when using first encryption/decryption parameter failure, use next encryption/decryption parameter to be decrypted, when the ciphertext to the UI frame that receives is decrypted successfully, all encryption/decryption parameters of being safeguarded are upgraded, particularly, i encryption/decryption parameter adds 512*j, i encryption/decryption parameter after obtaining upgrading, j=i-1 when receiving the ciphertext of UI frame afterwards, uses the encryption/decryption parameter after upgrading that the ciphertext that receives is decrypted respectively.
Like this,, make when occurring the UI LOF continuously, also can guarantee UI frame decrypt ciphertext success receiving by safeguarding that two or more encryption/decryption parameters come the UI frame ciphertext that receives is decrypted.
Realization by technique scheme, make that the recipient is under the ciphertext and the continuous situation of losing a large amount of UI frame ciphertexts of 511 UI frame at the N that does not receive (U), can make that still the value of the encryption/decryption parameter that local encryption/decryption parameter of being safeguarded and recipient are safeguarded is consistent, and the situation of avoiding the recipient can't decipher UI frame ciphertext occurs.
Embodiment 4
Referring to Fig. 4, a kind of device of safeguarding LLC layer encryption/decryption parameter, this device is concrete consistent with the executive agent among the method embodiment, comprising: first deciphering module 401 and second deciphering module 402
Wherein, first deciphering module 401 is used to adopt i encryption/decryption parameter that the ciphertext that receives is decrypted, and the initial value of i is 1;
Second deciphering module 402, be used for when adopting i encryption/decryption parameter that the decrypt ciphertext that receives is failed, with i+1 encryption/decryption parameter as i current encryption/decryption parameter, notify first deciphering module to carry out and adopt i the operation that encryption/decryption parameter is decrypted the ciphertext that receives, up to successful decrypt ciphertext;
Wherein, i+1 encryption/decryption parameter adds 512 by i encryption/decryption parameter and obtains.
This device can also comprise: update module is used for when second deciphering module is successful to decrypt ciphertext i the encryption/decryption parameter that adopts being upgraded.
Particularly, update module is used for i encryption/decryption parameter added i encryption/decryption parameter after obtaining upgrading behind the 512*j that j equals i-1.
Device also comprises: Executive Module, be used for when adopting i encryption/decryption parameter the UI frame decrypt ciphertext success that receives, and whether the non-affirmation sequence number that the UI frame that obtains is deciphered in judgement is 511, if then the value with i encryption/decryption parameter adds 512.
Realization by technique scheme, make that the recipient is under the ciphertext and the continuous situation of losing a large amount of UI frame ciphertexts of 511 UI frame at the N that does not receive (U), can make that still the value of the encryption/decryption parameter that local encryption/decryption parameter of being safeguarded and recipient are safeguarded is consistent, and the situation of avoiding the recipient can't decipher UI frame ciphertext occurs.
The all or part of step that one of ordinary skill in the art will appreciate that realization the foregoing description can be finished by hardware, also can instruct relevant hardware to finish by program, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium of mentioning can be a read-only memory, disk or CD etc.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a method of safeguarding LLC layer encryption/decryption parameter is characterized in that, described method comprises:
Adopt i encryption/decryption parameter that the unacknowledged information UI frame ciphertext that receives is decrypted, the initial value of i is 1;
When adopting described i encryption/decryption parameter that described UI frame decrypt ciphertext is failed, with i+1 encryption/decryption parameter as i current encryption/decryption parameter, return and carry out the operation that i encryption/decryption parameter of described employing is decrypted the unacknowledged information UI frame ciphertext that receives, up to successful described UI frame decrypt ciphertext.
2. method according to claim 1 is characterized in that, i+1 encryption/decryption parameter adds 512 by i encryption/decryption parameter and obtain.
3. method according to claim 1, it is characterized in that, described when adopting described i encryption/decryption parameter that described UI frame decrypt ciphertext is failed, with i+1 encryption/decryption parameter as i current encryption/decryption parameter, return and carry out the operation that i encryption/decryption parameter of described employing is decrypted the unacknowledged information UI frame ciphertext that receives, after to described UI frame decrypt ciphertext success, described method also comprises: i the encryption/decryption parameter that adopts upgraded.
4. method according to claim 3 is characterized in that, described i the encryption/decryption parameter that adopts upgraded comprises:
I encryption/decryption parameter added i encryption/decryption parameter after obtaining upgrading behind the 512*j, and j equals i-1.
5. method according to claim 1, it is characterized in that, described method also comprises: when adopting described i encryption/decryption parameter to the UI frame decrypt ciphertext that receives when successful, whether the non-affirmation sequence number of judging the UI frame that deciphering obtains is 511, if then the value with described i encryption/decryption parameter adds 512.
6. a device of safeguarding LLC layer encryption/decryption parameter is characterized in that, described device comprises: first deciphering module and second deciphering module;
Described first deciphering module is used to adopt i encryption/decryption parameter that the ciphertext that receives is decrypted, and the initial value of i is 1;
Described second deciphering module, be used for when adopting described i encryption/decryption parameter that the decrypt ciphertext that receives is failed, with i+1 encryption/decryption parameter as i current encryption/decryption parameter, notify described first deciphering module to carry out and adopt i the operation that encryption/decryption parameter is decrypted the ciphertext that receives, up to successful described decrypt ciphertext.
7. device according to claim 6 is characterized in that, i+1 encryption/decryption parameter adds 512 by i encryption/decryption parameter and obtain.
8. device according to claim 6 is characterized in that, described device also comprises: update module is used for when described second deciphering module is successful to described decrypt ciphertext i the encryption/decryption parameter that adopts being upgraded.
9. device according to claim 8 is characterized in that, described update module specifically is used for i encryption/decryption parameter added i encryption/decryption parameter after obtaining upgrading behind the 512*j, and j equals i-1.
10. device according to claim 6, it is characterized in that, described device also comprises: Executive Module, be used for when adopting described i encryption/decryption parameter to the UI frame decrypt ciphertext that receives when successful, whether the non-affirmation sequence number of judging the UI frame that deciphering obtains is 511, if then the value with described i encryption/decryption parameter adds 512.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2011/076560 WO2012103720A1 (en) | 2011-06-29 | 2011-06-29 | Method and apparatus for maintaining encryption/decryption parameters of logical link control (llc) layer |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102301645A true CN102301645A (en) | 2011-12-28 |
Family
ID=45360532
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011800010008A Pending CN102301645A (en) | 2011-06-29 | 2011-06-29 | Method and device for maintaining encryption/decryption parameters of LLC layer |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102301645A (en) |
| WO (1) | WO2012103720A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116932015A (en) * | 2023-09-18 | 2023-10-24 | 中汽智联技术有限公司 | Remote upgrading method, device and system for vehicle software and electronic equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1723501A (en) * | 2002-12-10 | 2006-01-18 | 英特尔公司 | Public key media key block |
| US20080101595A1 (en) * | 2006-10-26 | 2008-05-01 | Samsung Electronics Co.; Ltd | Error correction system and method for mobile terminal |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2825209A1 (en) * | 2001-05-23 | 2002-11-29 | Thomson Licensing Sa | DEVICES AND METHOD FOR SECURING AND IDENTIFYING MESSAGES |
-
2011
- 2011-06-29 WO PCT/CN2011/076560 patent/WO2012103720A1/en active Application Filing
- 2011-06-29 CN CN2011800010008A patent/CN102301645A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1723501A (en) * | 2002-12-10 | 2006-01-18 | 英特尔公司 | Public key media key block |
| US20080101595A1 (en) * | 2006-10-26 | 2008-05-01 | Samsung Electronics Co.; Ltd | Error correction system and method for mobile terminal |
Non-Patent Citations (1)
| Title |
|---|
| 毕文勇: "GPRS协议LLC层的终端解决方案", 《豆丁网HTTP://WWW.DOCIN.COM/P-117042848.HTML》, 12 January 2011 (2011-01-12), pages 16 - 38 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116932015A (en) * | 2023-09-18 | 2023-10-24 | 中汽智联技术有限公司 | Remote upgrading method, device and system for vehicle software and electronic equipment |
| CN116932015B (en) * | 2023-09-18 | 2023-12-15 | 中汽智联技术有限公司 | Remote upgrading method, device and system for vehicle software and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2012103720A1 (en) | 2012-08-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8045715B2 (en) | Method of handling security key change and related communication device | |
| US8627092B2 (en) | Asymmetric cryptography for wireless systems | |
| US8832449B2 (en) | Security considerations for the LTE of UMTS | |
| CN102804729B (en) | Systems, methods, and apparatuses for ciphering error detection and recovery | |
| KR102460648B1 (en) | Method and apparatus for implementing bearer specific changes as part of connection reconfiguration affecting the security keys used | |
| CN102916808A (en) | Method and arrangement in a telecommunication system | |
| CN101933387B (en) | Communications node and method for executing when communications node | |
| WO2013142007A1 (en) | Method and device for managing encrypted group rekeying in a radio network link layer encryption system | |
| US11388568B2 (en) | MTC key management for sending key from network to UE | |
| WO2008001187A2 (en) | Method for providing improved sequence number handling in networks | |
| CN101406024A (en) | Security considerations for the LTE of UMTS | |
| CN102857356A (en) | Methods and devices for sending data packet, hyper frame number update and maintenance, and data processing | |
| KR102354093B1 (en) | Methods providing security for multiple nas connections using separate counts and related network nodes and wireless terminals | |
| CN103476028A (en) | NAS (Non Access Stratum) message treatment method and device during rollover of NAS COUNT | |
| Whitehurst et al. | Exploring security in ZigBee networks | |
| US7400733B1 (en) | Key refresh at the MAC layer | |
| US20100020973A1 (en) | Transmission device and reception device for ciphering process | |
| CN101953191A (en) | System and method for performing handovers, or key management while performing handovers in a wireless communication system | |
| CN102970277A (en) | Method and system for building multi-source safety relevance | |
| CN114765502A (en) | Message processing method and device, terminal and network side equipment | |
| CN102255723A (en) | Asynchronous key updating method | |
| CN102301645A (en) | Method and device for maintaining encryption/decryption parameters of LLC layer | |
| WO2018137617A1 (en) | Secure small data transmission method and device utilized in mobile network | |
| US6968200B2 (en) | Method of initializing hyper-frame numbers during an establishment of a new radio bearer in a wireless communication system | |
| CN111093193B (en) | MAC layer secure communication method suitable for Lora network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20111228 |