CN103139769B - A kind of wireless communications method and network subsystem - Google Patents
A kind of wireless communications method and network subsystem Download PDFInfo
- Publication number
- CN103139769B CN103139769B CN201110391386.XA CN201110391386A CN103139769B CN 103139769 B CN103139769 B CN 103139769B CN 201110391386 A CN201110391386 A CN 201110391386A CN 103139769 B CN103139769 B CN 103139769B
- Authority
- CN
- China
- Prior art keywords
- terminal
- encrypted word
- calling
- calling terminal
- call
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a kind of wireless communications method and network subsystem. The method comprises: receive the call request that calling terminal sends; In the successful situation of paging terminal called, the identification information entrained according to this call request obtains the corresponding log-on message of this calling terminal and terminal called from corresponding customer information control system; According to obtained log-on message, judge respectively whether calling terminal and terminal called enjoy encrypted word authority; In the situation that calling terminal and terminal called are all enjoyed encrypted word authority, be that calling terminal and terminal called are constructed a shared key by key management system, and be distributed to calling terminal and terminal called; To calling terminal feedback call through message, and then open the encrypted word call that utilizes described shared key enciphered data between calling terminal and terminal called. By utilizing this programme, can improve in wireless communication system the security of terminal room encrypted word call.
Description
Technical field
The present invention relates to wireless communication technology field, particularly relate to a kind of wireless communications method and networkSystem.
Background technology
Radio communication (WirelessCommunication) is to utilize the electromagnetic wave signal can be at free skyBetween in characteristic a kind of communication mode of carrying out information exchange of propagating. The radio communication realizing in movementBe commonly referred to as again mobile communication, people are collectively referred to as wireless mobile communications the two. The spy of wireless mobile communicationsPoint is easy access, and not only the user of communication easily accesses, and potential listener-in is easily access also, thereforeThe safety problem of wireless mobile communications is very important subject under discussion of wireless communication field always.
Existing UMTS (UniversalMobileTelecommunicationsSystem, General MobileCommunication system) in, in order to ensure communication safety, there is following characteristics: (1) two-way authentication: base stationCan be to terminal authentication and terminal to base station authentication, prevent that with this pseudo-base station from attacking; (2) access chainThe integrity protection of line signaling data, avoid effractor to manufacture dummy message or distort user and network betweenSignaling message; (3) key length increases to 128bit, has improved key schedule; (4) 3GPPAccess link data encryption extends to RNC (RadioNetworkController, radio network controller)Deng. Owing to thering is above-mentioned each feature, UMTS for communication system in the past, securityBe greatly improved.
But for the encrypted word call of terminal room, terminal to be conversed has different keys,Therefore, enciphered data, must be resolved before arriving object terminal, is then can by re-encryptedBy the enciphered data of object terminal parses, to realize the smooth communication between terminal. But, at UMTSIn, VLR (VisitorLocationRegister, VLR Visitor Location Register)/SGSN (ServingGPRSSUPPORTNODE, serving GPRS support node) and RNC between Iu interface and RNC betweenThe network element interface such as Iur interface between transfer of data be still plaintext transmission, make to be like this resolvedFor enciphered data expressly exists potential security threat in plaintext transmission process, affect whole nothingThe security of line communication.
Summary of the invention
For solving the problems of the technologies described above, the embodiment of the present invention provides a kind of wireless communications method and networkSystem, to improve in wireless communication system, the security of terminal room encrypted word call, technical scheme is as follows:
A kind of wireless communications method, comprising:
Receive the call request that calling terminal sends, mark and the basis of calling terminal carried in described call requestThe mark of terminal called corresponding to inferior calling;
In the successful situation of paging terminal called, the identification information entrained according to described call request,From corresponding customer information control system, obtain the corresponding registration of described calling terminal and terminal calledInformation;
According to obtained log-on message, judge respectively whether calling terminal and terminal called enjoy encrypted word powerLimit;
In the situation that calling terminal and terminal called are all enjoyed encrypted word authority, by key management system beCalling terminal and terminal called are constructed a shared key, and are distributed to calling terminal and terminal called;
To calling terminal feedback call through message, and then open the profit between calling terminal and terminal calledWith the encrypted word call of described shared key enciphered data.
Accordingly, the embodiment of the present invention also provides a kind of network subsystem, comprising: mobile switching centre,Customer information control system, key management system;
Described customer information control system, for managing the registration letter of corresponding mobile switching centre counterpart terminalBreath;
Described key management system is the corresponding key of each terminal constructions for utilizing key schedule;
Described mobile switching centre, the call request sending for receiving calling terminal, described call requestCarry calling terminal identification and this mark of calling out corresponding terminal called;
In the successful situation of paging terminal called, the identification information entrained according to described call request,From corresponding customer information control system, obtain the corresponding registration of described calling terminal and terminal calledInformation;
According to obtained log-on message, judge respectively whether calling terminal and terminal called enjoy encrypted word powerLimit;
In the situation that calling terminal and terminal called are all enjoyed encrypted word authority, by key management system beCalling terminal and terminal called are constructed a shared key, and are distributed to calling terminal and terminal called;
To calling terminal feedback call through message, and then open the profit between calling terminal and terminal calledWith the encrypted word call of described shared key enciphered data.
The technical scheme that the embodiment of the present invention provides, after the call request that receives calling terminal, headFirst judge calling terminal and institute's paging to terminal called whether enjoy encrypted word authority, and enjoy both sides simultaneouslyHave in the situation of encrypted word authority, for both sides distribute same shared key, and call out and connect to calling terminal feedbackLogical message, and then open and utilize the close of this shared key enciphered data between calling terminal and terminal calledWords call. In this programme, by sending with having altogether to calling terminal and the terminal called of enjoying encrypted word authorityEnjoy key, make in follow-up encrypted word communication process, enciphered data can nothing in whole transmitting procedureNeed be resolved as expressly, ensure in the ciphertext transmission between wave point and between core network element,And then improve the security of whole encrypted word call.
Brief description of the drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, below will be to realityThe accompanying drawing of executing required use in example or description of the Prior Art is briefly described, apparently, belowAccompanying drawing in description is only some embodiments of the present invention, for those of ordinary skill in the art,Do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The first flow chart of a kind of wireless communications method that Fig. 1 provides for the embodiment of the present invention;
The second flow chart of a kind of wireless communications method that Fig. 2 provides for the embodiment of the present invention;
The third flow chart of a kind of wireless communications method that Fig. 3 provides for the embodiment of the present invention;
The 4th kind of flow chart of a kind of wireless communications method that Fig. 4 provides for the embodiment of the present invention;
The 5th kind of flow chart of a kind of wireless communications method that Fig. 5 provides for the embodiment of the present invention;
The structural representation of a kind of network subsystem that Fig. 6 provides for the embodiment of the present invention;
In a kind of network subsystem that Fig. 7 provides for the embodiment of the present invention, the structure of mobile switching centre is shownIntention.
Detailed description of the invention
In prior art, for the encrypted word call of terminal room, terminal to be conversed has differentKey, therefore, enciphered data, must be resolved before arriving object terminal, then again addedClose is can be by the enciphered data of object terminal parses, to realize the full communication between terminal. But,In UMTS, the Iur between Iu interface and RNC between VLR/SGSN and RNC connectsTransfer of data between the network element interfaces such as mouth is still plaintext transmission, makes to be like this resolved into expresslyThere is potential security threat in enciphered data, affected whole radio communication in plaintext transmission processSecurity.
In order to improve in radio communication, the security of terminal room encrypted word call, the embodiment of the present invention improvesA kind of wireless communications method and network subsystem.
First a kind of wireless communications method embodiment of the present invention being provided is below introduced.
A kind of wireless communications method, comprising:
Receive the call request that calling terminal sends, mark and the basis of calling terminal carried in described call requestThe mark of terminal called corresponding to inferior calling;
In the successful situation of paging terminal called, the identification information entrained according to described call request,From corresponding customer information control system, obtain the corresponding registration of described calling terminal and terminal calledInformation;
According to obtained log-on message, judge respectively whether calling terminal and terminal called enjoy encrypted word powerLimit;
In the situation that calling terminal and terminal called are all enjoyed encrypted word authority, by key management system beCalling terminal and terminal called are constructed a shared key, and are distributed to calling terminal and terminal called;
To calling terminal feedback call through message, and then open the profit between calling terminal and terminal calledWith the encrypted word call of described shared key enciphered data.
The technical scheme that the embodiment of the present invention provides, after the call request that receives calling terminal, headFirst judge calling terminal and institute's paging to terminal called whether enjoy encrypted word authority, and enjoy both sides simultaneouslyHave in the situation of encrypted word authority, for both sides distribute same shared key, and call out and connect to calling terminal feedbackLogical message, and then open and utilize the close of this shared key enciphered data between calling terminal and terminal calledWords call. In this programme, by sending with having altogether to calling terminal and the terminal called of enjoying encrypted word authorityEnjoy key, make in follow-up encrypted word communication process, enciphered data can nothing in whole transmitting procedureNeed be resolved as expressly, ensure in the ciphertext transmission between wave point and between core network element,And then improve the security of whole encrypted word call.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried outDescribe clearly and completely, obviously, described embodiment is only the present invention's part embodiment, and notWhole embodiment. Based on the embodiment in the present invention, those of ordinary skill in the art are not makingThe every other embodiment obtaining under creative work prerequisite, belongs to the scope of protection of the invention.
It should be noted that, the method is applicable in a network subsystem, and this network subsystem comprises:MSC (MobileSwitchingCenter, mobile switching centre), customer information control system, key pipe(HomeLocationRegister, home location is posted for reason system, VLR Visitor Location Register VLR, HLRStorage) etc. Wherein, MSC is server, and it provides data exchanging function, location register and moreNewly, pass by and switch and the function such as roaming service; Customer information control system is used for managing corresponding mobile switchThe log-on message of each terminal corresponding to center; Key management system is used for utilizing key schedule for terminalConstruct corresponding key.
As shown in Figure 1, a kind of communication, can comprise:
S101, the MSC in network subsystem receives the call request that calling terminal sends;
Need to carry out encrypted word call between terminal time, initiate the calling terminal of encrypted word call demand to netThe MSC of string bag system sends the encrypted word call request about terminal called. Wherein, this call request is carriedThere is the mark of calling terminal to call out corresponding terminal called mark with this. Be understandable that, in realityIn application, described in be designated communication identifier, the namely corresponding SIM number of terminal.
S102, this terminal called of paging, and in the situation that this terminal called is arrived in paging, execution step S103;
S103, according to the mark of the mark of calling terminal and terminal called, manages from respective user informationIn system, obtain the corresponding log-on message of this calling terminal and terminal called;
When paging is when this terminal called, from customer information control system corresponding to MSC, obtain aboutCalling terminal and terminal called are at the log-on message of present networks subsystem, to carry out follow-up judgement.
S104, according to obtained log-on message, judges respectively whether this calling terminal and terminal called are enjoyedEncrypted word authority;
Be understandable that, judge respectively whether this calling terminal and terminal called enjoy the side of encrypted word authorityFormula can be: judge whether calling terminal and terminal called enjoy encrypted word authority simultaneously; Or, first sentenceWhether disconnected calling terminal enjoys encrypted word authority, in the situation that calling terminal is enjoyed encrypted word authority, then carries outWhether terminal called enjoys the judgement of encrypted word authority; Or, first judge whether terminal called enjoys encrypted wordAuthority, in the situation that terminal called is enjoyed encrypted word authority, then carries out calling terminal and whether enjoys encrypted word powerThe judgement of limit. Certainly, for the log-on message of calling terminal and the log-on message of terminal called, canBefore carrying out authority judgement, from corresponding customer information control system, obtain successively.
Wherein, judge whether terminal is enjoyed the process of encrypted word authority and can be:
Whether the log-on message that inquiry terminal is corresponding comprises the successful information of this terminal encrypted word authentication;
In the time of the success of this terminal encrypted word authentication, determine that described terminal enjoys encrypted word authority.
It should be noted that, in order to ensure the security of radio communication, before carrying out encrypted word call, eventuallyEnd should successfully pass through the encrypted word authentication of the MSC of network subsystem, to ensure customer information control system instituteThe log-on message of this terminal of recording is modified as this terminal encrypted word authentication success. In actual applications,Encrypted word authentication can after terminal closedown, restart or terminal under base station or affiliated mobile switching centre becomeWhen change, automatically carry out. Wherein, MSC to the process of terminal encrypted word authentication can be:
The encrypted word authentication request of receiving terminal, this encrypted word authentication request is entered by signaling channel or data channelRow transmission, and this encrypted word authentication request is many group encryptions data that described terminal utilizes unique key to encrypt;
Obtain the key corresponding with terminal unique key, respectively described many group encryptions data be decrypted,If successful decryption, the encrypted word authentication information of changing in the corresponding log-on message of terminal is the success of encrypted word authentication,Otherwise, to the information of terminal transmission encrypted word failed authentication.
Those skilled in the art are understandable that, in order to ensure the accuracy of encrypted word authentication, need to carry out repeatedlyAuthentication, therefore can comprise the many groups of data of utilizing terminal unique key to encrypt in this encrypted word authentication request,Or this encrypted word authentication request comprises at least one group of data of utilizing terminal unique key to encrypt, and at encrypted wordIn authentication process, sending multiple encrypted word authentication request, is all rational. Meanwhile, corresponding intrinsic of terminalKey has the characteristic that is different from other-end, and therefore, the security of whole encrypted word authentication is higher.
S105, in the situation that calling terminal and terminal called are all enjoyed encrypted word authority, by key managementSystem is that calling terminal and terminal called are constructed a shared key, and is distributed to calling terminal and terminal called;
All enjoy in the situation of encrypted word authority when calling terminal and terminal called, show calling terminal and calledBetween terminal, can carry out encrypted word call, now, need to be calling terminal and quilt by key management systemBe terminal constructions and distribute same shared key so that calling terminal and terminal called to utilize this to share closeKey carries out encrypted word.
When understandable, in actual applications, key management system can pass through existing AES,Such as EDA algorithms etc., for calling terminal and terminal called structure shared key, can certainly arrange speciallySome AESs carry out the structure of shared key, and this is all rational.
S106, to calling terminal feedback call through message, and then open calling terminal and terminal called itBetween the encrypted word call that utilizes described shared key enciphered data.
After being calling terminal and terminal called distribution shared key, need to feed back to calling terminalCall through message, utilizes shared key enciphered data to open between calling terminal and terminal calledEncrypted word call.
In this programme, by sending same shared close to calling terminal and the terminal called of enjoying encrypted word authorityKey, makes in follow-up encrypted word communication process, and enciphered data can be without resolved in transmitting procedureFor expressly, ensure the ciphertext transmission between wave point and between core network element, and then improvedThe security of whole encrypted word call.
Converse as example taking the encrypted word between mobile phone A and mobile phone B below, to a kind of nothing provided by the present inventionLine communication means is introduced. Wherein, the call request sending as the mobile phone A of calling terminal is passed throughUSSD (UnstructuredSupplementaryServiceData, unstructured supplementary data traffic) sideFormula transmission, namely, this call request is transmitted by signaling channel. Be understandable that, thisBright provided wireless communications method is not limited to cell phone apparatus, for example, can be applied between notebookRadio communication etc.
As shown in Figures 2 and 3, a kind of wireless communications method, can comprise:
S201, the calling that the MSC reception mobile phone A in network subsystem sends by USSD mode pleaseAsk SIM mark and SIM mark corresponding to mobile phone B that in this call request, carrying mobile phone A is correspondingKnow;
Wherein, this call request sends by USSD mode, and namely, this call request is passed throughSignaling channel transmits.
S202, the SIM mark corresponding according to mobile phone B, carries out paging to mobile phone B, and is successfully seekingExhale in the situation of mobile phone B execution step S203;
S203, the SIM mark corresponding according to mobile phone A obtained this hand from customer information control systemThe log-on message that machine A is corresponding;
S204, utilizes log-on message corresponding to mobile phone A, judges whether mobile phone A enjoys encrypted word authority, asFruit is to perform step S205; Otherwise instruction mobile phone A is conversed unsuccessfully;
If the encrypted word authentication of initiating to MSC before mobile phone A success, corresponding subscriber information management isSystem can change to the corresponding log-on message of mobile phone A the success of encrypted word authentication. Receive mobile phone A at MSCAfter the call request sending, it can judge whether mobile phone A enjoys close according to log-on message corresponding to mobile phone ARight of speech limit. When showing mobile phone A encrypted word authentication when success in obtained log-on message, determine that mobile phone A enjoysThere is encrypted word authority.
S205, the SIM mark corresponding according to mobile phone B obtained this hand from customer information control systemMachine B log-on message;
S206, utilizes log-on message corresponding to mobile phone B, judges whether mobile phone B enjoys encrypted word authority, asFruit is to perform step S207; Otherwise instruction mobile phone A is conversed unsuccessfully;
S207, is that mobile phone A and mobile phone B are constructed a shared key by key management system, and is distributed toMobile phone A and mobile phone B;
S208, to mobile phone A feedback call through message, and then profit between starting hand-set A and mobile phone BWith the encrypted word call of described shared key enciphered data.
In this specific embodiment, in the situation that call request sends by USSD mode, byDistribute same shared key through mobile phone A and the mobile phone B of enjoying encrypted word authority, make at follow-up encrypted word logicalIn words process, enciphered data can, without being resolved as expressly, ensure wave point in transmitting procedureBetween and the transmission of ciphertext between core network element, and then improved the security of whole encrypted word call.
Still converse as example, to one provided by the present invention taking the encrypted word between mobile phone A and mobile phone B belowWireless communications method is introduced. Wherein, the call request sending as the mobile phone A of calling terminal is passed throughIn-band method transmission, namely, this call request is transmitted by data channel. Be understandable that,Wireless communications method provided by the present invention is not limited to cell phone apparatus, for example, can be applied to notebookBetween radio communication etc.
As shown in Figures 4 and 5, a kind of communication, can comprise:
S301, the MSC in network subsystem obtains mobile phone A and sends call request by in-band method;
Wherein, in this call request, carrying mobile phone A is corresponding SIM mark and SIM corresponding to mobile phone BCard mark.
S302, the SIM mark corresponding according to mobile phone B, carries out paging to mobile phone B, and is successfully seekingExhale in the situation of mobile phone B execution step S303;
S303, by analyzing the SIM mark of called mobile phone B, judges whether this calling is that unencryped word is exhaledCry, if so, perform step S304; Otherwise, execution step S305;
S304, connects message to mobile phone A feedback, with the unencryped word call between starting hand-set A and mobile phone B;
S305, the SIM mark corresponding according to mobile phone A obtained this hand from customer information control systemMachine A log-on message;
S306, utilizes log-on message corresponding to mobile phone A, judges whether mobile phone A enjoys encrypted word authority, asFruit is to perform step S307; Otherwise instruction mobile phone A is conversed unsuccessfully;
S307, the SIM mark corresponding according to mobile phone B obtained this hand from customer information control systemMachine B log-on message;
S308, utilizes log-on message corresponding to mobile phone B, judges whether mobile phone B enjoys encrypted word authority, asFruit is to perform step S309; Otherwise instruction mobile phone A is conversed unsuccessfully;
S309, is that mobile phone A and mobile phone B are constructed a shared key by key management system, and is distributed toMobile phone A and mobile phone B;
S310, to mobile phone A feedback call through message, and then profit between starting hand-set A and mobile phone BWith the encrypted word call of described shared key enciphered data.
In this specific embodiment, in the situation that call request sends by in-band method, byEnjoy mobile phone A and the mobile phone B of encrypted word authority and distribute same shared key, make in follow-up encrypted word callIn process, enciphered data can be without being resolved as expressly in transmitting procedure, ensured wave point itBetween and the transmission of ciphertext between core network element, and then improved the security of whole encrypted word call.
By the description of above embodiment of the method, those skilled in the art can be well understood toThe mode that the present invention can add essential general hardware platform by software realizes, can certainly be by hardPart, but in a lot of situation, the former is better embodiment. Based on such understanding, technology of the present inventionThe part that scheme contributes to prior art in essence in other words can reveal with the form body of software productCome, this computer software product is stored in a storage medium, comprises that some instructions are in order to make oneComputer equipment (can be personal computer, server, or the network equipment etc.) the present invention is each in executionThe all or part of step of method described in individual embodiment. And aforesaid storage medium comprises: read-only storage(ROM), random access memory (RAM), magnetic disc or CD etc. are various can be program code storedMedium.
Corresponding to embodiment of the method above, the embodiment of the present invention also provides a kind of network subsystem, as Fig. 6Shown in, can comprise: mobile switching centre 110, customer information control system 120, key management system130;
Customer information control system 120, for managing the registration letter of corresponding mobile switching centre counterpart terminalBreath;
Key management system 130 is the corresponding key of each terminal constructions for utilizing key schedule;
Mobile switching centre 110, the call request sending for receiving calling terminal, described call request is takenWith calling terminal identification and this mark of calling out corresponding terminal called;
In the successful situation of paging terminal called, the identification information entrained according to described call request,From corresponding customer information control system, obtain the corresponding registration of described calling terminal and terminal calledInformation;
According to obtained log-on message, judge respectively whether calling terminal and terminal called enjoy encrypted word powerLimit;
In the situation that calling terminal and terminal called are all enjoyed encrypted word authority, by key management system beCalling terminal and terminal called are constructed a shared key, and are distributed to calling terminal and terminal called;
To calling terminal feedback call through message, and then open the profit between calling terminal and terminal calledWith the encrypted word call of described shared key enciphered data.
Wherein, as shown in Figure 7, mobile switching centre 110 comprises:
Call request receiver module 111, receives the call request that calling terminal sends, and described call request is takenWith calling terminal identification and this mark of calling out corresponding terminal called;
Paging module 112, for paging, this calls out corresponding terminal called, and in the situation of access successUnder, trigger log-on message acquisition module 113;
Log-on message acquisition module 113, for the identification information entrained according to described call request, from phaseAnswer the corresponding log-on message that obtains described calling terminal and terminal called in customer information control system;
Authority judge module 114, for according to obtained log-on message, judges respectively calling terminal and quiltMake terminal whether enjoy encrypted word authority, and all enjoy the situation of encrypted word authority at calling terminal and terminal calledUnder, trigger key distribution module 115;
Key distribution module 115, for all enjoying the situation of encrypted word authority at calling terminal and terminal calledUnder, be that calling terminal and terminal called are constructed a shared key by key management system, and be distributed to masterBe terminal and terminal called;
Connect message feedback module 116, for feeding back call through message to calling terminal, and then open mainCry the encrypted word call that utilizes described shared key enciphered data between terminal and terminal called.
Further, described authority judge module, specifically for:
Whether the log-on message that inquiry terminal is corresponding comprises the successful information of described terminal encrypted word authentication;
In the time of the success of described terminal encrypted word authentication, determine that described terminal enjoys encrypted word authority.
Further, described mobile switching centre also comprises:
Encrypted word authentication module, for
The encrypted word authentication request of receiving terminal, this encrypted word authentication request is entered by signaling channel or data channelRow transmission, and this encrypted word authentication request is many group encryptions data that described terminal utilizes unique key to encrypt;
Obtain the key corresponding with the key of terminal, respectively described many group encryptions data are decrypted, ifSuccessful decryption, changes the encrypted word authentication information in the corresponding log-on message of terminal in registered information managing moduleFor the success of encrypted word authentication, otherwise, to the information of terminal transmission encrypted word failed authentication.
For device or system embodiment, because it is substantially corresponding to embodiment of the method, so relevantPart is referring to the part explanation of embodiment of the method. Device described above or system embodiment are onlyBe schematically, the wherein said unit as separating component explanation can be or can not be also physicsUpper separately the parts that show as unit can be or can not be also physical location, can positionIn a place, or also can be distributed on multiple NEs. Can select according to the actual needsSome or all of module wherein realizes the object of the present embodiment scheme. Those of ordinary skill in the artIn the situation that not paying creative work, be appreciated that and implement.
In several embodiment provided by the present invention, should be understood that, disclosed system, device andMethod, not exceeding in the application's spirit and scope, can realize in other way. CurrentEmbodiment be a kind of exemplary example, should not serve as restriction, given particular content shouldThis restriction the application's object. For example, the division of described unit or subelement, is only a kind of logic meritCan divide, when actual realization, can have other dividing mode, for example multiple unit or multiple subelement knotUnify. In addition, multiple unit can or assembly can in conjunction with or can be integrated into another system,Or some features can ignore, or do not carry out.
In addition, institute's descriptive system, the schematic diagram of apparatus and method and different embodiment, is not exceeding thisIn the scope of application, can with other system, module, technology or method in conjunction with or integrated. Another point,Shown or discussed coupling each other or direct-coupling or communication connection can be to connect by someMouthful, INDIRECT COUPLING or the communication connection of device or unit, can be electrically, machinery or other form.
The above is only the specific embodiment of the present invention, it should be pointed out that general for the artLogical technical staff, under the premise without departing from the principles of the invention, can also make some improvement and profitDecorations, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1. a wireless communications method, is characterized in that, comprising:
Receive the call request that calling terminal sends, mark and the basis of calling terminal carried in described call requestThe mark of terminal called corresponding to inferior calling;
In the successful situation of paging terminal called, the identification information entrained according to described call request,From corresponding customer information control system, obtain the corresponding registration of described calling terminal and terminal calledInformation;
According to obtained log-on message, judge respectively whether calling terminal and terminal called enjoy encrypted word powerLimit;
In the situation that calling terminal and terminal called are all enjoyed encrypted word authority, by key management system beCalling terminal and terminal called are constructed a shared key, and are distributed to calling terminal and terminal called;
To calling terminal feedback call through message, and then open the profit between calling terminal and terminal calledWith the encrypted word call of described shared key enciphered data, ensure between wave point and core network elementBetween ciphertext transmission.
2. method according to claim 1, is characterized in that, judges whether terminal enjoys encrypted word powerLimit, is specially:
Whether the log-on message that inquiry terminal is corresponding comprises the successful information of described terminal encrypted word authentication;
In the time of the success of described terminal encrypted word authentication, determine that described terminal enjoys encrypted word authority.
3. method according to claim 2, is characterized in that, to the process of terminal encrypted word authentication is:
The encrypted word authentication request of receiving terminal, this encrypted word authentication request is entered by signaling channel or data channelRow transmission, and this encrypted word authentication request is many group encryptions data that described terminal utilizes unique key to encrypt;
Obtain the key corresponding with the key of terminal, respectively described many group encryptions data are decrypted, ifSuccessful decryption, the encrypted word authentication information of changing in the corresponding log-on message of terminal is the success of encrypted word authentication, no, send the information of encrypted word failed authentication to terminal.
4. method according to claim 1, is characterized in that, described calling terminal sends to call out and asksThe mode of asking is:
Calling terminal sends the call request relevant to terminal called by signaling channel.
5. method according to claim 1, is characterized in that, described calling terminal sends to call out and asksThe mode of asking is:
Calling terminal sends the call request relevant to terminal called by data channel;
Before judging whether calling terminal and terminal called enjoy encrypted word authority, described method also comprises:
According to the mark of terminal called, judge whether this calling is clear call, if so, directThe call of unlatching unencryped word; Otherwise, carry out calling terminal and terminal called and whether enjoy the judgement of encrypted word authority.
6. according to the method described in claim 1~5 any one, it is characterized in that, described in be designated endHold corresponding communication identifier.
7. a network subsystem, is characterized in that, comprising: mobile switching centre, subscriber information managementSystem, key management system;
Described customer information control system, for managing the registration letter of corresponding mobile switching centre counterpart terminalBreath;
Described key management system is the corresponding key of each terminal constructions for utilizing key schedule;
Described mobile switching centre, the call request sending for receiving calling terminal, described call requestCarry calling terminal identification and this mark of calling out corresponding terminal called;
In the successful situation of paging terminal called, the identification information entrained according to described call request,From corresponding customer information control system, obtain the corresponding registration of described calling terminal and terminal calledInformation;
According to obtained log-on message, judge respectively whether calling terminal and terminal called enjoy encrypted word powerLimit;
In the situation that calling terminal and terminal called are all enjoyed encrypted word authority, by key management system beCalling terminal and terminal called are constructed a shared key, and are distributed to calling terminal and terminal called;
To calling terminal feedback call through message, and then open the profit between calling terminal and terminal calledWith the encrypted word call of described shared key enciphered data, ensure between wave point and core network elementBetween ciphertext transmission.
8. network subsystem according to claim 7, is characterized in that, described mobile switching centreComprise:
Call request receiver module, receives the call request that calling terminal sends, and described call request is carriedCalling terminal identification and this mark of calling out corresponding terminal called;
Paging module, for paging, this calls out corresponding terminal called, and the in the situation that of access success,Trigger log-on message acquisition module;
Log-on message acquisition module, for the identification information entrained according to described call request, from correspondingCustomer information control system in obtain the corresponding log-on message of described calling terminal and terminal called;
Authority judge module, for according to obtained log-on message, judges respectively calling terminal and calledWhether terminal enjoys encrypted word authority, and in the situation that calling terminal and terminal called are all enjoyed encrypted word authority,Trigger key distribution module;
Key distribution module, in the situation that calling terminal and terminal called are all enjoyed encrypted word authority,Be that calling terminal and terminal called are constructed a shared key by key management system, and be distributed to caller eventuallyEnd and terminal called;
Connect message feedback module, for feeding back call through message to calling terminal, and then open callerThe encrypted word call that utilizes described shared key enciphered data between terminal and terminal called.
9. network subsystem according to claim 8, is characterized in that, described authority judge module,Specifically for:
Whether the log-on message that inquiry terminal is corresponding comprises the successful information of described terminal encrypted word authentication;
In the time of the success of described terminal encrypted word authentication, determine that described terminal enjoys encrypted word authority.
10. network subsystem according to claim 8, is characterized in that, in described mobile switchThe heart, also comprises:
Encrypted word authentication module, for
The encrypted word authentication request of receiving terminal, this encrypted word authentication request is entered by signaling channel or data channelRow transmission, and this encrypted word authentication request is many group encryptions data that described terminal utilizes unique key to encrypt;
Obtain the key corresponding with the key of terminal, respectively described many group encryptions data are decrypted, ifSuccessful decryption, changes the encrypted word authentication information in the corresponding log-on message of terminal in registered information managing moduleFor the success of encrypted word authentication, otherwise, to the information of terminal transmission encrypted word failed authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110391386.XA CN103139769B (en) | 2011-11-30 | 2011-11-30 | A kind of wireless communications method and network subsystem |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110391386.XA CN103139769B (en) | 2011-11-30 | 2011-11-30 | A kind of wireless communications method and network subsystem |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103139769A CN103139769A (en) | 2013-06-05 |
| CN103139769B true CN103139769B (en) | 2016-05-11 |
Family
ID=48498959
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110391386.XA Active CN103139769B (en) | 2011-11-30 | 2011-11-30 | A kind of wireless communications method and network subsystem |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103139769B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468634B (en) * | 2014-12-31 | 2018-11-30 | 大唐移动通信设备有限公司 | A kind of call-establishing method, terminal and safe AS |
| CN104994213B (en) * | 2015-03-19 | 2018-02-27 | 数据通信科学技术研究所 | Realize the method and system of mobile terminal encrypted word business voice message |
| US9990783B2 (en) * | 2016-02-16 | 2018-06-05 | GM Global Technology Operations LLC | Regulating vehicle access using cryptographic methods |
| CN110661922B (en) * | 2018-06-29 | 2021-05-25 | 中国移动通信有限公司研究院 | Call control method, network device and system |
| CN114222290B (en) * | 2020-09-04 | 2023-10-03 | 成都鼎桥通信技术有限公司 | Communication method, device, equipment and storage medium |
| CN114630320A (en) * | 2022-03-24 | 2022-06-14 | 青岛海信电子设备股份有限公司 | Encrypted call calling method, terminal and network equipment |
| CN115022024B (en) * | 2022-05-31 | 2023-09-29 | 中国电信股份有限公司 | Method and device for encrypting call, storage medium and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101232368A (en) * | 2007-01-23 | 2008-07-30 | 华为技术有限公司 | Method for distributing media stream cryptographic key and multimedia subsystem |
| WO2011095039A1 (en) * | 2010-02-03 | 2011-08-11 | 中兴通讯股份有限公司 | Method, system and device for negotiating end-to-end session key |
| CN102202299A (en) * | 2010-03-26 | 2011-09-28 | 谢德育 | Realization method of end-to-end voice encryption system based on 3G/B3G |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101175074A (en) * | 2006-11-01 | 2008-05-07 | 华为技术有限公司 | Method and system for implementing end-to-end media stream cryptographic key negotiation |
| CN101867898B (en) * | 2010-07-02 | 2012-09-12 | 中国电信股份有限公司 | Short message encrypting communication system, method and secret key center |
| CN102123361B (en) * | 2010-12-31 | 2014-01-01 | 华为技术有限公司 | Method and device for realizing encrypted message communication |
-
2011
- 2011-11-30 CN CN201110391386.XA patent/CN103139769B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101232368A (en) * | 2007-01-23 | 2008-07-30 | 华为技术有限公司 | Method for distributing media stream cryptographic key and multimedia subsystem |
| WO2011095039A1 (en) * | 2010-02-03 | 2011-08-11 | 中兴通讯股份有限公司 | Method, system and device for negotiating end-to-end session key |
| CN102202299A (en) * | 2010-03-26 | 2011-09-28 | 谢德育 | Realization method of end-to-end voice encryption system based on 3G/B3G |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103139769A (en) | 2013-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103139769B (en) | A kind of wireless communications method and network subsystem | |
| CN101917711B (en) | A kind of method of mobile communication system and voice call encryption thereof | |
| CN109922474B (en) | Method for triggering network authentication and related equipment | |
| CN104661216A (en) | Method for transmitting non-access stratum (NAS) message in wireless transmit/receive unit (WTRU) and WTRU | |
| US9686722B2 (en) | Method and device for accounting in WiFi roaming based on AC and AP interworking | |
| CN102056077B (en) | Method and device for applying smart card by key | |
| KR20100087023A (en) | End-to-end encrypted communication | |
| KR20160143333A (en) | Method for Double Certification by using Double Channel | |
| CN101309281A (en) | End-to-end speech ciphering method, apparatus and system | |
| CN101128061B (en) | Method and system for mobile management unit, evolving base station and identifying whether UI is encrypted | |
| CN107659999A (en) | WIFI connection methods and equipment | |
| CN102123361B (en) | Method and device for realizing encrypted message communication | |
| CN100413368C (en) | A method for verifying user card validity | |
| CN103607706A (en) | NFC-technology based conversation method, NFC terminal and far-end server | |
| CN101159988A (en) | Method and system of implementing different security level voice encryption | |
| CN103634744A (en) | Cluster group call end-to-end encryption realization method | |
| CN105340353A (en) | Device to device communication security | |
| CN100550729C (en) | A kind of method for authenticating when in code division multiple access system, using for digital clustering operation | |
| CN101094531A (en) | Decision method of not carrying out encryption on customers | |
| CN106211146A (en) | Safety communication record adding method, information communicating method and call method and system | |
| CN102244857A (en) | Wireless local area network roaming subscriber control method, device and network system | |
| CN101431754B (en) | Method for preventing clone terminal access | |
| CN101127596B (en) | A method and system for program stream secret key encryption in broadcast mobile TV service | |
| KR20060112597A (en) | Method and system for resetting memory of mobile terminal and mobile terminal having a memory reset function | |
| CN102014388A (en) | Method and system for determining legal terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |