CN103249039A - Method, device and system for sending security information of public alarm system - Google Patents
Method, device and system for sending security information of public alarm system Download PDFInfo
- Publication number
- CN103249039A CN103249039A CN2012100271837A CN201210027183A CN103249039A CN 103249039 A CN103249039 A CN 103249039A CN 2012100271837 A CN2012100271837 A CN 2012100271837A CN 201210027183 A CN201210027183 A CN 201210027183A CN 103249039 A CN103249039 A CN 103249039A
- Authority
- CN
- China
- Prior art keywords
- security information
- message
- network node
- information parameter
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method, device and system for sending security information of a public alarm system. The method comprises the following steps: a network node receives messages carrying security information parameters from a signature entity; and the network node sends the security information parameters to a terminal. According to the invention, the network node receives messages from the signature entity, the messages carry the security information parameters inside, and the network node sends the security information parameters to the terminal, so that the terminal can sign conveniently according to the verification of the terminal, therefore, the security and accuracy of alarm messages can be guaranteed.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of public warning system security information sending method, Apparatus and system.
Background technology
In order to make the user can receive alarm, warning and key message about disaster and other emergency timely and accurately, third generation partner program (3rd Generation Partnership Project, abbreviate 3GPP as) defined public warning system (Public Warning System abbreviates PWS as) business.When meeting with disaster such as for example earthquake, tsunami, hurricane and outdoor fire disaster, this business can be so that the public can take suitable action protecting oneself and household and do not sustain a severe injury or dead, or suffers the heavy losses of property.
The different communication network of 3GPP definition, as global system for mobile communications (Global System of Mobile communication, abbreviate GSM as), universal mobile telecommunications system (Universal Mobile Telecommunications System, abbreviate UMTS as) and Long Term Evolution (Long Term Evolution, abbreviate LTE as) all support the PWS business, and the professional cell broadcaste service (Cell Broadcast Service abbreviates CBS as) that adopts of regulation PWS carries transmission.Its framework as shown in Figure 1, the function of each network element is as follows:
Cell Broadcast Entity (Cell Broadcast Entity abbreviates CBE as) does not belong to the communication network that 3GPP defines.CBE is responsible for CBS is formatd, and comprises CBS message is divided into the different pages.
CBC (Cell Broadcast Center abbreviates CBC as) belongs to the part of core network, can link to each other with a plurality of CBE.CBC is responsible for the management of CBS message, comprising: determine the time that CBS message is gone on the air; Determine the time that CBS message is gone off the air, and indicate each base station controller (Base Station Controller abbreviates BSC as)/radio network controller (Radio Network Controller, RNC) the CBS message of going off the air; Determine the time interval that CBS message is repeated to broadcast; Determine the CBCH of broadcasting CBS message etc.For the GSM network, CBC links to each other with the BSC that is positioned at Radio Access Network; For the UMTS system, CBC links to each other with the RNC that is positioned at Radio Access Network by the Iu interface; For the LTE system, the Mobility Management Entity of CBC and core net (Mobility Management Entity abbreviates MME as) links to each other.After CBC receives the warning information of CBE transmission, be configured and encapsulate, send to BSC (gsm system), RNC (UMTS system), the MME (LTE system) of involved area, BSC/RNC/MME is transmitted to it base station (gsm system is that BTS, UMTS system are NB, and the LTE system is eNB) again and is broadcast to the user.
The CBS business of definition all sends at broadcast channel at present.And broadcast channel does not have any safeguard protection at present.The assailant can distort alert message, perhaps receive alert message after, resetting at areal or different regions At All Other Times, thereby in the public, causing unnecessary panic and chaotic.In order to prevent the appearance of this situation, 3GPP determines PWS is carried out safeguard protection, namely by using the method for digital signature field and timestamp, introduces signature algorithm and key managing project.After terminal is received the alert message of broadcasting, can at first authenticate this message, only work as authentication success and pass through, be sure of that just it is an effective alert message.
For any certificate scheme based on signature, authentication need obtain key and the signature algorithm thereof of signer, and this key is a PKI usually, and need guarantee that this key is effective.Namely for subscriber equipment (User Equipment abbreviates UE as), then need the key that obtains to sign.In current 3GPP standard, the security information relevant to PWS except key and sign thereof, also comprises signature algorithm identifier, signature entity identification etc.
But in the correlation technique, for issuing of information such as signature algorithm identifier and signature entity identification, also not definition is particularly the issuing between entity and the core network element of signing.
Summary of the invention
The invention provides a kind of public warning system security information sending method, Apparatus and system, to solve at least in the correlation technique, do not define the problem that signature algorithm identifier in the PWS service security information and signature entity identification issue.
According to an aspect of the present invention, provide a kind of public warning system security information sending method, having comprised: network node receives the message that carries the security information parameter from the signature entity; Network node sends the security information parameter to terminal.
Preferably, in initial procedure, the security information parameter comprises signature algorithm identifier and signature entity identification.
Preferably, before network node sent the security information parameter to terminal, said method also comprised: the corresponding relation of network node stores security information parameter and signature entity identification and key; Network node sends response message to the signature entity.
Preferably, in renewal process, the security information parameter comprises signature algorithm identifier.
Preferably, before network node sent the security information parameter to terminal, said method also comprised: network node stores security information parameter; Network node sends response message to the signature entity.
Preferably, the message that carries the security information parameter that network node receives from the signature entity comprises: if the signature entity is CBC, network node receives the message that carries the security information parameter from CBC; If the signature entity is CBE, network node receives the message that carries the security information parameter that CBE sends by CBC.
Preferably, network node comprises one of following: service universal packet wireless business affair support node (Serving General packet radio service Support Node abbreviates SGSN as), MME, RNC, BSC.
Preferably, network node sends the security information parameter to terminal and comprises: be under the situation of MME or SGSN at network node, network node sends the security information parameter by layer three message and/or alarm information to terminal; Be under the situation of BSC or RNC at network node, network node sends the security information parameter by writing alternate message and/or newly-increased message to terminal.
Preferably, layer three message comprise one of following: adhere to acceptance response message, tracing section updating response message, Routing Area Update response message.
Preferably, after terminal sent the security information parameter, said method also comprised at network node: terminal is upgraded local signature algorithm identifier of preserving according to the signature algorithm identifier that receives; Terminal is according to the signature algorithm identifier corresponding algorithm certifying signature that upgrades and/or according to the key authentication signing messages of signature entity identification correspondence.
According to a further aspect in the invention, provide a kind of public warning system security information sending method, having comprised: the signature entity generates the message that carries the security information parameter in initial procedure and/or renewal process; The signature entity sends the message that carries the security information parameter to network node.
Preferably, the signature entity sends the message that carries the security information parameter to network node and comprises: in initial procedure, the signature entity sends the message that carries the security information parameter to network node, and wherein, the security information parameter comprises signature algorithm identifier and signature entity identification;
Preferably, the signature entity sends the message that carries the security information parameter to network node and comprises: in renewal process, the signature entity sends the message that carries the security information parameter to network node, and wherein, the security information parameter comprises signature algorithm identifier.
Preferably, the signature entity sends the message that carries the security information parameter to network node and comprises: if the signature entity is CBC, CBC sends the message that carries the security information parameter to network node; If the signature entity is CBE, CBE sends the message that carries the security information parameter by CBC to network node.
According to an aspect of the present invention, provide a kind of public warning system security information dispensing device, be applied to network node, having comprised: receiver module is used for receiving the message that carries the security information parameter from the signature entity; First sending module is used for sending the security information parameter to terminal.
Preferably, in initial procedure, the security information parameter comprises signature algorithm identifier and signature entity identification.
Preferably, said apparatus also comprises: first memory module is used for the storage security information parameter and the corresponding relation of sign entity identification and key; Second sending module is used for sending response message to the signature entity.
Preferably, in renewal process, the security information parameter comprises signature algorithm identifier.
Preferably, said apparatus also comprises: second memory module is used for the storage security information parameter; The 3rd sending module is used for sending response message to the signature entity.
Preferably, receiver module comprises: first receives submodule, and being used at the signature entity is under the situation of CBC, receives the message that carries the security information parameter from CBC; Second receives submodule, and being used at the signature entity is under the situation of CBE, receives the message that carries the security information parameter that CBE sends by CBC.
Preferably, network node comprises one of following: SGSN, MME, RNC, BSC.
Preferably, be under the situation of MME or SGSN at network node, first sending module comprises: first sends submodule, is used for sending the security information parameter by layer three message and/or alarm information to terminal; Be under the situation of BSC or RNC at network node, first sending module comprises: second sends submodule, is used for sending the security information parameter by writing alternate message and/or newly-increased message to terminal.
Preferably, above-mentioned layer three message comprise one of following: adhere to acceptance response message, tracing section updating response message, Routing Area Update response message.
According to a further aspect in the invention, provide a kind of public warning system security information dispensing device, be applied to the entity of signing, having comprised: generation module is used for generating the message that carries the security information parameter in initial procedure and/or renewal process; Sending module is used for sending the message that carries the security information parameter to network node.
Preferably, sending module comprises: first sends submodule, is used in initial procedure, and the signature entity sends the message that carries the security information parameter to network node, and wherein, the security information parameter comprises signature algorithm identifier and signature entity identification.
Preferably, sending module comprises: second sends submodule, is used in renewal process, and the signature entity sends the message that carries the security information parameter to network node, and wherein, the security information parameter comprises signature algorithm identifier.
Preferably, sending module comprises: the 3rd sends submodule, and being used at the signature entity is under the situation of CBC, sends the message that carries the security information parameter to network node; The 4th sends submodule, and being used at the signature entity is under the situation of CBE, sends the message that carries the security information parameter to network node by CBC.
According to a further aspect of the invention, a kind of public warning system security information transmitting system is provided, has comprised signature entity and network node, wherein, the signature entity comprises: generation module is used for generating the message that carries the security information parameter in initial procedure and/or renewal process; First sending module is used for sending the message that carries the security information parameter to network node; Network node comprises: receiver module is used for receiving the message that carries the security information parameter from the signature entity; Second sending module is used for sending the security information parameter to terminal.
Among the present invention, network node receives the message from the signature entity, carry security information parameter (signature algorithm identifier, signature entity identification) in this message, network node security information parameter is issued terminal, so that terminal is according to its certifying signature, thereby the assurance alert message is safe, accurate.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used for explaining the present invention, do not constitute improper restriction of the present invention.In the accompanying drawings:
Fig. 1 is the network architecture schematic diagram of PWS in the 3GPP network according to correlation technique;
Fig. 2 is the flow chart one according to the public warning system security information sending method of the embodiment of the invention;
Fig. 3 is the flowchart 2 according to the public warning system security information sending method of the embodiment of the invention;
Fig. 4 is the flow chart that sends signature algorithm identifier according to the signature entity of the preferred embodiment of the present invention one to network node;
Fig. 5 is the flow chart that sends signature algorithm identifier according to the network node of the preferred embodiment of the present invention two to terminal;
Fig. 6 is the flow chart that sends the signature entity identification according to the signature entity of the preferred embodiment of the present invention three to network node;
Fig. 7 is the flow chart that sends security information according to the LTE network of the preferred embodiment of the present invention four to terminal;
Fig. 8 is the flow chart that sends security information according to the UMTS network of the preferred embodiment of the present invention five to terminal;
Fig. 9 is the structured flowchart one according to the public warning system security information dispensing device of the embodiment of the invention;
Figure 10 is the concrete structure block diagram one of public warning system security information dispensing device according to the preferred embodiment of the invention;
Figure 11 is the concrete structure block diagram two of public warning system security information dispensing device according to the preferred embodiment of the invention;
Figure 12 is the concrete structure block diagram three of public warning system security information dispensing device according to the preferred embodiment of the invention;
Figure 13 is the structured flowchart two according to the public warning system security information dispensing device of the embodiment of the invention;
Figure 14 is the concrete structure block diagram one of public warning system security information dispensing device shown in Figure 13 according to the preferred embodiment of the invention;
Figure 15 is the concrete structure block diagram two of public warning system security information dispensing device shown in Figure 13 according to the preferred embodiment of the invention;
Figure 16 is the structured flowchart according to the public warning system security information transmitting system of the embodiment of the invention.
Embodiment
Need to prove that under the situation of not conflicting, embodiment and the feature among the embodiment among the application can make up mutually.Describe the present invention below with reference to the accompanying drawings and in conjunction with the embodiments in detail.
The embodiment of the invention provides a kind of public warning system security information sending method, and Fig. 2 is the flow chart one according to the public warning system security information sending method of the embodiment of the invention, as shown in Figure 2, comprises that following step S202 is to step S204.
Step S202, network node receives the message that carries the security information parameter from the signature entity.
Step S204, network node sends the security information parameter to terminal.
In the correlation technique, do not define issuing of signature algorithm identifier in the PWS service security information and signature entity identification.In the embodiment of the invention, network node receives the message from the signature entity, carries the security information parameter in this message, and network node security information parameter is issued terminal, so that terminal is according to its certifying signature, thereby guarantees the safe, accurate of alert message.
It should be noted that signature algorithm identifier can issue in initial procedure, also can issue at any time in follow-up renewal process; The signature entity identification is general only to issue in initial procedure.So in initial procedure, above-mentioned security information parameter comprises signature algorithm identifier and signature entity identification, in renewal process, above-mentioned security information parameter comprises signature algorithm identifier.
The signature entity can be CBC, also can be CBE, the process difference of the two issuing message, specific as follows: the message that carries the security information parameter that network node receives from the signature entity comprises: if the signature entity is CBC, network node receives the message that carries the security information parameter from CBC; If the signature entity is CBE, network node receives the message that carries the security information parameter that CBE sends by CBC.
It is one of following that above-mentioned network node comprises: SGSN, MME, RNC, BSC.
For different networks, its network node difference, the mode that sends the security information parameter to terminal is also different, particularly, above-mentioned steps S204 comprises: be under the situation of MME or SGSN at network node, network node sends the security information parameter by layer three message and/or alarm information to terminal; Be under the situation of BSC or RNC at network node, network node sends the security information parameter by writing alternate message and/or newly-increased message to terminal.
Preferably, above-mentioned layer three message comprise one of following: adhere to acceptance response message, tracing section updating response message, Routing Area Update response message.Between network node and terminal, adopt the point to point system of layer three message to issue, the layer three message can be adhere to, tracing section updating (TrackingAreaUpdate abbreviates TAU as)/Routing Area Update (RoutingAreaUpdate abbreviates RAU as)/LAU, SMC etc.
The present invention also provides the optimal way of network node stores security information parameter, can supply the follow-up preservation that upgrades in time, guarantee information accurately.In initial procedure, before network node sent the security information parameter to terminal, said method also comprised: the corresponding relation of network node stores security information parameter and signature entity identification and key; Network node sends response message to the signature entity.In renewal process, before network node sends the security information parameter to terminal, also comprise: network node stores security information parameter; Network node sends response message to the signature entity.
In addition, terminal receives after the security information parameter of above-mentioned network node transmission, operates as follows: terminal is upgraded local signature algorithm identifier of preserving according to the signature algorithm identifier that receives; Terminal is according to the signature algorithm identifier corresponding algorithm certifying signature that upgrades and/or according to the key authentication signing messages of signature entity identification correspondence.What this preferred embodiment was described is the process that terminal utilizes the proof of algorithm signature that carries in the security information and/or the entity identification of signing to remove certifying signature.
The embodiment of the invention also provides a kind of public warning system security information sending method, and Fig. 3 is the flowchart 2 according to the public warning system security information sending method of the embodiment of the invention, as shown in Figure 3, comprises that following step S302 is to step S304.
Step S302, the signature entity generates the message that carries the security information parameter in initial procedure and/or renewal process.
Step S304, the signature entity sends the message that carries the security information parameter to network node.
Because signature algorithm identifier can issue in initial procedure, also can issue at any time in follow-up renewal process; The signature entity identification is general only to issue in initial procedure.So correspondingly, step S304 comprises: in initial procedure, the signature entity sends the message that carries the security information parameter to network node, and wherein, the security information parameter comprises signature algorithm identifier and signature entity identification; In renewal process, the signature entity sends the message that carries the security information parameter to network node, and wherein, the security information parameter comprises signature algorithm identifier.
The signature entity can be CBC, also can be CBE, the process difference of the two issuing message, specific as follows: the signature entity sends the message that carries the security information parameter to network node and comprises: if the signature entity is CBC, CBC sends the message that carries the security information parameter to network node; If the signature entity is CBE, CBE sends the message that carries the security information parameter by CBC to network node.
Be described in detail below in conjunction with the implementation procedure of example to the embodiment of the invention.
Preferred embodiment one
Fig. 4 is the flow chart that sends signature algorithm identifier according to the signature entity of the preferred embodiment of the present invention one to network node, as shown in Figure 4, this preferred embodiment shows signature entity (CBC and/or CBE) issues process from the PWS signature algorithm identifier to network node MME/SGSN.This flow process had both comprised and had initially issued process, also comprised follow-up renewal process etc., and issuing of signature algorithm identifier can combine with the process of issuing of key.Comprise that specifically following step S402 is to step S406.
Step S402, CBC (perhaps CBE is through CBC) issues security information message to MME or SGSN, and wherein security information message carries signature algorithm identifier (Sign Arithmetic Identity abbreviates SAI as).
Step S404, MME or SGSN preserve corresponding security information after receiving the security information message that issues, and comprise SAI.
Step S406, MME or SGSN send response message to CBC.
Preferred embodiment two
Fig. 5 sends the flow chart of signature algorithm identifier according to the network node of the preferred embodiment of the present invention two to terminal, and as shown in Figure 5, this preferred embodiment shows network node MME/SGSN issues process from the PWS signature algorithm identifier to terminal.This flow process had both comprised and had initially issued process, also comprised follow-up renewal process etc.No matter which kind of process all is to issue signature algorithm identifier SAI in adhering to message such as acceptance, Routing Area Update response, tracing section updating response normally, can combine with issuing of key.Comprise that specifically following step S502 is to step S506.
Step S502, UE send message such as normal attach request, TAU request, RAU request to MME.
Step S504, MME send corresponding message such as attach accept, TAU response, RAU response to UE, issue corresponding security information to UE in this message.Security information is carried signature algorithm identifier SAI when initially issuing; If follow-up signature algorithm has renewal, the signature algorithm identifier SAI after the subsequent process portability upgrades.
Step S506, UE preserves the security information of receiving, upgrades local signature algorithm identifier SAI.
Preferred embodiment three
Fig. 6 is the flow chart that sends the signature entity identification according to the signature entity of the preferred embodiment of the present invention three to network node, as shown in Figure 6, this preferred embodiment shows signature entity (CBC and/or CBE) issues process from PWS signature entity identification to network node MME/SGSN.This flow process mainly refers to initially issue process, and the process of issuing that needs with key that issues of signature entity identification combines.Comprise that specifically following step S602 is to step S606.
Step S602, CBC (perhaps CBE is through CBC) issues security information message to MME or SGSN, and wherein security information message is carried signature entity identification (Sign Entity Identity abbreviates SEI as).
Step S604, MME or SGSN preserve corresponding security information after receiving the security information message that issues, and comprise SEI, and preserve the corresponding relation of SEI and key.
Step S606, MME or SGSN send response message to CBC.
Preferred embodiment four
Fig. 7 sends the flow chart of security information according to the LTE network of the preferred embodiment of the present invention four to terminal, and as shown in Figure 7, this preferred embodiment shows the LTE network issues process from the PWS alarm information to terminal.This flow process has comprised that not only network can carry signature algorithm identifier SAI when issuing alarm information to UE, also shows and carries signature entity identification SEI in the message.Step S702 under specifically comprising is to step S712.
Step S702, CBC (perhaps CBE is through CBC) issue to write to MME and substitute the alarm request message, carry digital signature information, signature algorithm identifier SAI and/or signature entity identification SEI in the message.It should be noted that if there are a plurality of signature entities in the PWS system, and corresponding different signature key separately, the signature entity identification must be carried in the alarm information so.
After step S704, MME receive this solicited message, write alternative acknowledged alarm message to the CBC/CBE transmission.
Step S706, MME send to write to eNB and substitute the alarm request message, and wherein this message is carried signature algorithm identifier SAI and signature entity identification SEI.
Step S708, eNB sends broadcast message message to UE, carries signature algorithm identifier SAI and signature entity identification SEI in this message.
After UE receives broadcast message message, if carry signature algorithm identifier in the message, upgrade local signature algorithm identifier so and use this signature algorithm identifier corresponding algorithm to come certifying signature; UE comes certifying signature information according to the key of the signature entity identification correspondence in the checking message.
Step S710, eNB send to write to MME and substitute the alarm response message.
Step S712, UE send the alarm indication.
Preferred embodiment five
Fig. 8 sends the flow chart of security information according to the UMTS network of the preferred embodiment of the present invention five to terminal, and as shown in Figure 8, this preferred embodiment shows the UMTS network issues process from the PWS alarm information to terminal.This flow process has comprised that not only network is issuing the carry-on signature algorithm identifier of alarm information to UE, but also has comprised the process that the signature entity identification issues.For the GSM network, its flow process and this preferred embodiment basically identical only need RNC is replaced to base station controller (Base Station Controller abbreviates BSC as), NodeB replaces to base station (Base Transceiver Station abbreviates BTS as) and gets final product.Comprise that specifically following step S802 is to step S810.
Step S802, CBC (perhaps CBE is through CBC) issue to write to RNC and substitute the alarm request message, carry digital signature information in this message, signature algorithm identifier SAI and/or signature entity identification SEI.If there are a plurality of signature entities in the PWS system, and corresponding different signature key separately, the signature entity identification must be carried in the alarm information so.
Step S804, RNC sends broadcast request message to NodeB, and wherein this message is carried signature algorithm identifier SAI and signature entity identification SEI.
Step S806a, NodeB sends broadcast message message to UE.
Step S806b, NodeB sends beep-page message to UE.
Step S806c, NodeB carry signature algorithm identifier SAI and signature entity identification SEI to the main notice message of UE band security information in this message.
After UE receives broadcast message message, if carry signature algorithm identifier in the message, upgrade local signature algorithm identifier so and use this signature algorithm identifier corresponding algorithm to come certifying signature; UE comes certifying signature information according to the key of the signature entity identification correspondence in the checking message.
Step S808, UE send the alarm indication.
Step S810, RNC sends the report success message to CBC/CBE.
Need to prove, can in the computer system such as one group of computer executable instructions, carry out in the step shown in the flow chart of accompanying drawing, and, though there is shown logical order in flow process, but in some cases, can carry out step shown or that describe with the order that is different from herein.
The embodiment of the invention also provides a kind of public warning system security information dispensing device, is applied to network node, and this public warning system security information dispensing device can be used for realizing above-mentioned public warning system security information sending method shown in Figure 2.Fig. 9 is the structured flowchart one according to the public warning system security information dispensing device of the embodiment of the invention, as shown in Figure 9, comprises receiver module 91 and first sending module 92.Below its structure is elaborated.
The signature entity can be CBC, also can be CBE, the process difference of the two issuing message, so as shown in figure 10, above-mentioned receiver module 91 comprises: first receives submodule 912, being used at the signature entity is under the situation of CBC, receives the message that carries the security information parameter from CBC; Second receives submodule 914, and being used at the signature entity is under the situation of CBE, receives the message that carries the security information parameter that CBE sends by CBC.
Be under the situation of MME or SGSN at network node, first sending module comprises: first sends submodule, is used for sending the security information parameter by layer three message and/or alarm information to terminal; Be under the situation of BSC or RNC at network node, first sending module comprises: second sends submodule, is used for sending the security information parameter by writing alternate message and/or newly-increased message to terminal.
As shown in figure 11, in initial procedure, said apparatus also comprises: first memory module 93, be connected to receiver module 91, and be used for the security information parameter of storage receiver module 91 receptions and the corresponding relation of signature entity identification and key; Second sending module 94 is connected to first memory module 93, is used for sending response message to the signature entity.
As shown in figure 12, in renewal process, said apparatus also comprises: second memory module 95, be connected to receiver module 91, and be used for the security information parameter that storage receiver module 91 receives; The 3rd sending module 96 is connected to second memory module 95, is used for sending response message to the signature entity.
The embodiment of the invention also provides a kind of public warning system security information dispensing device, is applied to the entity of signing, and this public warning system security information dispensing device can be used for realizing above-mentioned public warning system security information sending method shown in Figure 3.Figure 13 is the structured flowchart two according to the public warning system security information dispensing device of the embodiment of the invention, as shown in figure 13, comprises generation module 1302 and sending module 1304.Below its structure is elaborated.
As shown in figure 14, sending module 1304 comprises: first sends submodule 13042, be connected to generation module 1302, be used in initial procedure, the signature entity sends the message that carries the security information parameter that generation module 1302 generates to network node, wherein, the security information parameter comprises signature algorithm identifier and signature entity identification; Second sends submodule 13044, is connected to generation module 1302, is used in renewal process, and the signature entity sends the message that carries the security information parameter that generation module 1302 generates to network node, and wherein, the security information parameter comprises signature algorithm identifier.
The signature entity can be CBC, also can be CBE, the process difference of the two issuing message, so, as shown in figure 15, above-mentioned sending module 1304 comprises: the 3rd sends submodule 13046, is connected to generation module 1302, being used at the signature entity is under the situation of CBC, sends the message that carries the security information parameter that generation module 1302 generates to network node; The 4th sends submodule 13048, is connected to generation module 1302, and being used at the signature entity is under the situation of CBE, sends the message that carries the security information parameter that generation module 1302 generates by CBC to network node.
The embodiment of the invention also provides a kind of public warning system security information transmitting system, Figure 16 is the structured flowchart according to the public warning system security information transmitting system of the embodiment of the invention, as shown in figure 16, comprise signature entity 1602 and network node 1604, below its structure is elaborated.
Wherein, signature entity 1602 comprises: generation module 16022 is used for generating the message that carries the security information parameter in initial procedure and/or renewal process; First sending module 16024 is connected to generation module 16022, is used for sending the message that carries the security information parameter that generation module 16022 generates to network node.
Network node 1604 comprises: receiver module 16042, be connected to first sending module 16024, and be used for receiving the message that carries the security information parameter from first sending module, 16024 transmissions of signature entity; Second sending module 16044 is connected to receiver module 16042, is used for the security information parameter that receives to terminal sending/receiving module 16042.
Need to prove that the public warning system security information dispensing device of describing among the device embodiment is corresponding to above-mentioned method embodiment, its concrete implementation procedure had been carried out detailed description in method embodiment, do not repeat them here.
The PWS signature security information that the present invention program is not limited to LTE system, UMTS system and GSM/GERAN system issues and using method, its associative mode can be applied in other wireless communication system.
In sum, according to the abovementioned embodiments of the present invention, a kind of public warning system security information sending method, Apparatus and system are provided.Among the present invention, network node receives the message from the signature entity, carry security information parameter (signature algorithm identifier, signature entity identification) in this message, network node security information parameter is issued terminal, so that terminal is according to its certifying signature, thereby the assurance alert message is safe, accurate.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation elements form, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and be carried out by calculation element, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is the preferred embodiments of the present invention only, is not limited to the present invention.For a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (28)
1. public warning system security information sending method is characterized in that comprising:
Network node receives the message that carries the security information parameter from the signature entity;
Described network node sends described security information parameter to described terminal.
2. method according to claim 1 is characterized in that, in initial procedure, described security information parameter comprises signature algorithm identifier and signature entity identification.
3. method according to claim 2 is characterized in that, before described network node sends described security information parameter to described terminal, also comprises:
The corresponding relation of the described security information parameter of described network node stores and described signature entity identification and key;
Described network node sends response message to described signature entity.
4. method according to claim 1 is characterized in that, in renewal process, described security information parameter comprises signature algorithm identifier.
5. method according to claim 4 is characterized in that, before described network node sends described security information parameter to described terminal, also comprises:
The described security information parameter of described network node stores;
Described network node sends response message to described signature entity.
6. method according to claim 1 is characterized in that, the message that carries the security information parameter that network node receives from the signature entity comprises:
If described signature entity is CBC CBC, described network node receives the described message that carries the security information parameter from described CBC;
If described signature entity is Cell Broadcast Entity CBE, described network node receives the described message that carries the security information parameter that described CBE sends by described CBC.
7. method according to claim 1 is characterized in that, it is one of following that described network node comprises: service universal packet wireless business affair support node SGSN, Mobility Management Entity MME, radio network controller (RNC), base station controller BSC.
8. method according to claim 7 is characterized in that, described network node sends described security information parameter to described terminal and comprises:
Be under the situation of MME or SGSN at described network node, described network node sends described security information parameter by layer three message and/or alarm information to described terminal;
Be under the situation of BSC or RNC at described network node, described network node sends described security information parameter by writing alternate message and/or newly-increased message to described terminal.
9. method according to claim 8 is characterized in that, it is one of following that described layer three message comprise: adhere to acceptance response message, tracing section updating response message, Routing Area Update response message.
10. according to each described method in the claim 1 to 9, it is characterized in that, after described network node sends described security information parameter to described terminal, also comprise:
Described terminal is upgraded local signature algorithm identifier of preserving according to the described signature algorithm identifier that receives;
Described terminal is according to the signature algorithm identifier corresponding algorithm certifying signature of described renewal and/or according to the key authentication signing messages of described signature entity identification correspondence.
11. a public warning system security information sending method is characterized in that comprising:
The signature entity generates the message that carries the security information parameter in initial procedure and/or renewal process;
Described signature entity sends the described message that carries the security information parameter to described network node.
12. method according to claim 11, it is characterized in that, described signature entity sends the described message that carries the security information parameter to described network node and comprises: in initial procedure, described signature entity sends the described message that carries the security information parameter to described network node, wherein, described security information parameter comprises signature algorithm identifier and signature entity identification.
13. method according to claim 11, it is characterized in that, described signature entity sends the described message that carries the security information parameter to described network node and comprises: in renewal process, described signature entity sends the described message that carries the security information parameter to described network node, wherein, described security information parameter comprises signature algorithm identifier.
14., it is characterized in that described signature entity sends the described message that carries the security information parameter to described network node and comprises according to each described method in the claim 11 to 13:
If described signature entity is CBC CBC, described CBC sends the described message that carries the security information parameter to described network node;
If described signature entity is Cell Broadcast Entity CBE, described CBE sends the described message that carries the security information parameter by described CBC to described network node.
15. a public warning system security information dispensing device is applied to network node, it is characterized in that comprising:
Receiver module is used for receiving the message that carries the security information parameter from the signature entity;
First sending module is used for sending described security information parameter to described terminal.
16. device according to claim 15 is characterized in that, in initial procedure, described security information parameter comprises signature algorithm identifier and signature entity identification.
17. device according to claim 16 is characterized in that, described device also comprises:
First memory module is for the corresponding relation of the described security information parameter of storage and described signature entity identification and key;
Second sending module is used for sending response message to described signature entity.
18. device according to claim 15 is characterized in that, in renewal process, described security information parameter comprises signature algorithm identifier.
19. device according to claim 18 is characterized in that, described device also comprises:
Second memory module is used for the described security information parameter of storage;
The 3rd sending module is used for sending response message to described signature entity.
20. device according to claim 15 is characterized in that, described receiver module comprises:
First receives submodule, and being used at described signature entity is under the situation of CBC CBC, receives the described message that carries the security information parameter from described CBC;
Second receives submodule, and being used at described signature entity is under the situation of Cell Broadcast Entity CBE, receives the described message that carries the security information parameter that described CBE sends by described CBC.
21. device according to claim 15 is characterized in that, it is one of following that described network node comprises: service universal packet wireless business affair support node SGSN, Mobility Management Entity MME, radio network controller (RNC), base station controller BSC.
22. device according to claim 21 is characterized in that,
Be under the situation of MME or SGSN at described network node, described first sending module comprises: first sends submodule, is used for sending described security information parameter by layer three message and/or alarm information to described terminal;
Be under the situation of BSC or RNC at described network node, described first sending module comprises: second sends submodule, is used for sending described security information parameter by writing alternate message and/or newly-increased message to described terminal.
23. device according to claim 22 is characterized in that, it is one of following that described layer three message comprise: adhere to acceptance response message, tracing section updating response message, Routing Area Update response message.
24. a public warning system security information dispensing device is applied to the entity of signing, and it is characterized in that comprising:
Generation module is used for generating the message that carries the security information parameter in initial procedure and/or renewal process;
Sending module is used for sending the described message that carries the security information parameter to described network node.
25. device according to claim 24 is characterized in that, described sending module comprises:
First sends submodule, is used in initial procedure, and described signature entity sends the described message that carries the security information parameter to described network node, and wherein, described security information parameter comprises signature algorithm identifier and signature entity identification.
26. device according to claim 24 is characterized in that, described sending module comprises:
Second sends submodule, is used in renewal process, and described signature entity sends the described message that carries the security information parameter to described network node, and wherein, described security information parameter comprises signature algorithm identifier.
27. according to each described device in the claim 24 to 26, it is characterized in that described sending module comprises:
The 3rd sends submodule, and being used at described signature entity is under the situation of CBC CBC, sends the described message that carries the security information parameter to described network node;
The 4th sends submodule, and being used at described signature entity is under the situation of Cell Broadcast Entity CBE, sends the described message that carries the security information parameter by described CBC to described network node.
28. a public warning system security information transmitting system comprises signature entity and network node, it is characterized in that,
Described signature entity comprises:
Generation module is used for generating the message that carries the security information parameter in initial procedure and/or renewal process;
First sending module is used for sending the described message that carries the security information parameter to described network node;
Described network node comprises:
Receiver module is used for receiving the described message that carries the security information parameter from described signature entity;
Second sending module is used for sending described security information parameter to described terminal.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100271837A CN103249039A (en) | 2012-02-08 | 2012-02-08 | Method, device and system for sending security information of public alarm system |
| PCT/CN2012/077602 WO2013117070A1 (en) | 2012-02-08 | 2012-06-27 | Public alarm system security information sending method, device, and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100271837A CN103249039A (en) | 2012-02-08 | 2012-02-08 | Method, device and system for sending security information of public alarm system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103249039A true CN103249039A (en) | 2013-08-14 |
Family
ID=48928205
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012100271837A Pending CN103249039A (en) | 2012-02-08 | 2012-02-08 | Method, device and system for sending security information of public alarm system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103249039A (en) |
| WO (1) | WO2013117070A1 (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101557264A (en) * | 2008-06-23 | 2009-10-14 | 华为技术有限公司 | Broadcast transmission system, device and method of ETWS message |
| CN101938740A (en) * | 2009-07-02 | 2011-01-05 | 中兴通讯股份有限公司 | Information issuing method and system for earthquake tsunami alarm system |
| CN101978710A (en) * | 2008-03-18 | 2011-02-16 | 艾利森电话股份有限公司 | Earthquake and tsunami cellular warning system |
| US7962089B1 (en) * | 2007-07-02 | 2011-06-14 | Rockwell Collins, Inc. | Method and system of supporting policy based operations for narrowband tactical radios |
-
2012
- 2012-02-08 CN CN2012100271837A patent/CN103249039A/en active Pending
- 2012-06-27 WO PCT/CN2012/077602 patent/WO2013117070A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7962089B1 (en) * | 2007-07-02 | 2011-06-14 | Rockwell Collins, Inc. | Method and system of supporting policy based operations for narrowband tactical radios |
| CN101978710A (en) * | 2008-03-18 | 2011-02-16 | 艾利森电话股份有限公司 | Earthquake and tsunami cellular warning system |
| CN101557264A (en) * | 2008-06-23 | 2009-10-14 | 华为技术有限公司 | Broadcast transmission system, device and method of ETWS message |
| CN101938740A (en) * | 2009-07-02 | 2011-01-05 | 中兴通讯股份有限公司 | Information issuing method and system for earthquake tsunami alarm system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2013117070A1 (en) | 2013-08-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2290875B1 (en) | Generating method and system for key identity identifier at the time when user device transfers | |
| CN102611554B (en) | Method and equipment for realizing digital signature | |
| US10142840B2 (en) | Method and apparatus for operating a user client wireless communication device on a wireless wide area network | |
| US10554693B2 (en) | Security configuration method for radio bearer and device | |
| CN104041089A (en) | Management of public keys for verification of public warning messages | |
| US20220279471A1 (en) | Wireless communication method for registration procedure | |
| US20220210859A1 (en) | Data transmission method and apparatus | |
| CN103220667A (en) | Method, device and system for verifying public warning system (PWS) signing information | |
| JP4820448B2 (en) | Notification signal transmission method and mobile station | |
| US20160227403A1 (en) | Method and apparatus for operating a user client wireless communication device on a wireless wide area network | |
| CN102833743B (en) | Transmission, update method and the relevant device of public warning system key updating information | |
| CN104349311A (en) | Key establishment method and system used for small-data transmission of machine-type communication | |
| WO2020249126A1 (en) | Security verification method and device | |
| JP2015535153A (en) | Method and apparatus for updating CA public key, UE and CA | |
| WO2012167637A1 (en) | Method and network entity for sending public warning system secret key message to terminal | |
| CN103079197A (en) | Method and device for updating public warning system (PWS) secret key | |
| CN102843651B (en) | Public warning system and key transmission, acquisition methods, secure connection method for building up | |
| US20130185372A1 (en) | Management of user equipment security status for public warning system | |
| CN113709729B (en) | Data processing method, device, network equipment and terminal | |
| CN103249039A (en) | Method, device and system for sending security information of public alarm system | |
| CN112567780B (en) | Pseudo base station identification method and device | |
| CN102612099B (en) | The reconstruction method of service bearer and device | |
| CN102869011A (en) | PWS (Public Warning System) secret key updating method, network side equipment and terminal in wireless communication system | |
| US20150296375A1 (en) | Methods, devices, and computer program products improving the public warning system for mobile communication | |
| CN102857884A (en) | Methods for sending and processing main notification information of PWS (public warning system), network-side equipment and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130814 |