CN103997405B - A kind of key generation method and device - Google Patents

A kind of key generation method and device Download PDF

Info

Publication number
CN103997405B
CN103997405B CN201410232624.6A CN201410232624A CN103997405B CN 103997405 B CN103997405 B CN 103997405B CN 201410232624 A CN201410232624 A CN 201410232624A CN 103997405 B CN103997405 B CN 103997405B
Authority
CN
China
Prior art keywords
key
initial
transmission
initial key
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410232624.6A
Other languages
Chinese (zh)
Other versions
CN103997405A (en
Inventor
梁兵杰
姚进华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN201410232624.6A priority Critical patent/CN103997405B/en
Publication of CN103997405A publication Critical patent/CN103997405A/en
Application granted granted Critical
Publication of CN103997405B publication Critical patent/CN103997405B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of key generation method and device, and the safety issue existed is applied to solve key in commercial secret signalling.The inventive method includes:Determine the security module mark and user password of user equipment (UE);The corresponding initial key groups of the UE are generated according to the security module of UE mark, initial key for the corresponding transmission keys of the UE to be encrypted is selected from the initial key group according to the user password of the UE, wherein, the transmission key is used to the corresponding session keys of the UE are encrypted.

Description

A kind of key generation method and device
Technical field
The present invention relates to the communications field, more particularly to a kind of key generation method and device.
Background technology
As the large-scale application of 4G networks and the policy of virtual operator are implemented, for high-end business, client provides secrecy Communication is a kind of market potential demand.
According to the ciphersuite negotiation principle between terminal, existing commercial secret signalling can be divided into three kinds:The first It is the end-to-end commercial secret signalling that fixed key is used between terminal;It is for second between terminal using dynamic key association The end-to-end secret signalling of business opportunity;The third is the end-to-end guarantor for terminal dynamically distributes key by KMC Close communication system.These three systems are described below:
The first:The end-to-end commercial secret signalling of fixed key is used between terminal.
Between terminal using end-to-end Principle of Communication schematic diagram in the end-to-end commercial secret signalling of fixed key such as Shown in Fig. 1, in such a system, terminal is realized in communication process using fixed password algorithm and fixed key (sessionKey) The encryption and decryption of the business data flows such as voice flow, short message.
Second:The end-to-end secret signalling of dynamic key negotiation mechanism is used between terminal.
Using end-to-end Principle of Communication signal in the end-to-end secret signalling of dynamic key negotiation mechanism between terminal Figure is as shown in Fig. 2 when needing to carry out secret communication between terminal, on the basis of call routing has built up between the terminals, lead to The end-to-end key agreement mechanisms crossed between terminal, inform opposite end, so as to set up terminal by this communication key each enabled Between encryption and decryption communication port.
The third:By the end-to-end secret signalling that KMC is terminal dynamically distributes key.
It is end-to-end Principle of Communication in the end-to-end secret signalling of terminal dynamically distributes key by KMC Schematic diagram is as shown in figure 3, in such a system, when setting up secret communication between each terminal, key management system (Key Manager System, KMC) to participate in the session key (sessionKey) that the calling and called terminal distribution of secret communication is interim, The interim conversation key that calling and called terminal is distributed according to KMC carries out secret communication.
Above-mentioned three kinds commercial secret signallings, although ensure that the secret communication between terminal will to a certain extent Ask, but still there is following technological deficiency:
Not enough, cause the security of security service reduces the security of key in itself in secret signalling:Terminal it Between using fixed key end-to-end commercial secret signalling in, due between terminal during each secret communication use phase Same key carries out encryption and decryption to voice flow, causes the cryptographic key existence cycle long, is easily cracked by premeditated, there is secret telephony quilt The risk that eavesdropping, private data are stolen.
The security of terminal in itself is low, causes the reduction of secret signalling security:Dynamic key is used between the terminals In the end-to-end secret signalling of negotiation mechanism, although the key dynamic negotiation that terminal is used, once lost terminal key, close Key negotiation mechanism and cryptographic algorithm will be revealed, due to lacking the protection mechanism of cryptosystem, so that whole secrecy can be caused logical Key used is compromised in letter system.
The imperfection of the Secrecy system of secret signalling, causes commercial security service to promote resistance big:Above-mentioned existing Three kinds of commercial secret signallings in, very high for the security requirements of terminal, the security performance of terminal in itself is whole industry The key link that business system is maintained safely;But due to the flexibility and personalization of business terminal, cause the secrecy of terminal will unavoidably Ask and do not reach system secrecy requirement, thus the very big resistance of secure traffic popularization is just become to the high request of terminal user Power.
In summary, there is the security of key in itself not enough in existing commercial secret signalling, cause security service Security reduction;The security of terminal in itself is low, causes the reduction of secret signalling security;The secrecy of secret signalling The imperfection of system, causes commercial security service to promote the defects such as resistance is big.
The content of the invention
The present invention provides a kind of key generation method and device, is deposited to solve key application in commercial secret signalling Safety issue.
The embodiment of the present invention provides a kind of key generation method, and this method includes:
Determine the security module mark and user password of user equipment (UE);
The corresponding initial key groups of the UE are generated according to the security module of UE mark, according to the user password of the UE from first Selected in beginning key group for the corresponding initial keys that are encrypted of transmission key of the UE, wherein, transmission key is used for pair The corresponding session keys of the UE are encrypted.
From the above as can be seen that by determining that the security module of user equipment (UE) is identified and user password;According to guarantor Close module id generates the corresponding initial key groups of the UE, is selected to be used for UE correspondences from initial key group according to user password The initial key that is encrypted of transmission key, and then the guarantor in commercial secret signalling can be carried out using the key of generation Close communication so that key application possesses security and flexibility in commercial secret signalling, improves commercial secret communication system The simple operation of the security service of system, so that efficiently solving key in commercial secret signalling applies the security existed Problem.
It is preferred that this method also includes:
By rear, the corresponding transmission keys of the UE are being generated to UE security module certification, it is corresponding initial using the UE Key transmission key corresponding to the UE is encrypted, and the transmission key after encryption is sent into the UE.
So, Encrypt and Decrypt is carried out to session key so that later use transmits key.
It is preferred that this method also includes:
When the UE initiates session establishment request as calling UE, generate at random between calling UE and called UE The session key that the conversation message transmitted in conversation procedure is encrypted, using the corresponding transmission key of calling UE to session key It is encrypted and the session key after encryption is sent to calling UE, session key is entered using called UE corresponding transmission key Row is encrypted and the session key after encryption is sent into called UE.
So, so that calling UE and called UE are carried out using session key to the conversation message transmitted during secret communication Encrypt and Decrypt.
It is preferred that after the corresponding transmission keys of the UE are generated, this method also includes:
The corresponding relation set up between transmission key UE corresponding with transmission key user's mark;
Using the user password of the UE, transmission key corresponding to the UE is encrypted, and the transmission preserved after encryption is close Key and corresponding relation.
So, so as to subsequently according to the corresponding transmission key of UE user's identifier lookup UE.
It is preferred that the corresponding initial key groups of the UE are generated according to the security module of UE mark, including:
According to security module mark the first random array of generation, and the UE corresponding first is generated according to the first random array Initial key group;
Set up the first initial key group UE corresponding with the first initial key group security module mark between it is corresponding Relation;
Using the user password of the UE, each initial key in the first initial key group is encrypted respectively, and protects Deposit the first initial key group and corresponding relation after encryption.
So, so as to subsequently according to the corresponding initial key group of the UE security module identifier lookup UE.
It is preferred that this method also includes:
The second random array of random generation, and the corresponding second initial key groups of the UE are generated according to the second random array, The quantity of random number is identical with the quantity of random number in the first random array in wherein second random array;
The first initial key group is replaced with the second initial key group;
The second random array is encrypted using the corresponding transmission keys of the UE, and by the second random array after encryption The UE is sent to, to update the corresponding initial key groups of the UE.
So, by updating the corresponding initial key groups of UE, the security of the corresponding initial key groups of UE is improved.
It is preferred that after the corresponding transmission keys of the UE are generated, this method also includes:
The corresponding transmission keys of the UE after the encryption that network side equipment is sent are received, the corresponding initial keys of the UE are utilized Transmission key after encryption is decrypted;
Using the user password of the UE, the transmission key after decryption is encrypted, and preserves the transmission key after encryption.
So, so that session key is decrypted later use transmission key.
It is preferred that the corresponding initial key groups of the UE are generated according to the security module of UE mark, including:
According to security module mark the first random array of generation, and the UE corresponding first is generated according to the first random array Initial key group;
Using the user password of the UE, each initial key in the first initial key group is encrypted respectively, and protects Deposit the first initial key group after encryption.
So, so that the user password according to UE selects initial key from initial key group.
It is preferred that this method also includes:
The second random array after the encryption that network side equipment is sent is received, the corresponding transmission key pair encryptions of the UE are utilized The second random array afterwards is decrypted, wherein the quantity of random number and random number in the first random array in the second random array Quantity it is identical;
The corresponding second initial key groups of the UE are generated according to the second random array after decryption;
The first initial key group is replaced with the second initial key group.
So, by updating the corresponding initial key groups of UE, the security of the corresponding initial key groups of UE is improved.
It is preferred that being selected to enter for transmission key corresponding to the UE from initial key group according to the user password of the UE The initial key of row encryption, including:
According to the user password of the UE, the corresponding Key Sequence Number of an initial key in initial key group is determined;
An initial key in initial key group is determined according to Key Sequence Number.
So, so as to utilize initial key it is corresponding to the UE transmission key carry out Encrypt and Decrypt.
The embodiment of the present invention provides a kind of key generating device, and the device includes:
Information determination unit, for determining that the security module of user equipment (UE) is identified and user password;
Key generating unit, for generating the corresponding initial key groups of the UE according to the security module of UE mark, according to The user password of the UE selects the initial key for the corresponding transmission keys of the UE to be encrypted from initial key group, its In, transmission key is used to the corresponding session keys of the UE are encrypted.
It is preferred that Key generating unit is additionally operable to:
By rear, the corresponding transmission keys of the UE are being generated to UE security module certification, it is corresponding initial using the UE Key transmission key corresponding to the UE is encrypted, and the transmission key after encryption is sent into the UE.
So, so that session key is encrypted later use transmission key.
It is preferred that Key generating unit is additionally operable to:
When the UE initiates session establishment request as calling UE, generate at random between calling UE and called UE The session key that the conversation message transmitted in conversation procedure is encrypted, using the corresponding transmission key of calling UE to session key It is encrypted and the session key after encryption is sent to calling UE, session key is entered using called UE corresponding transmission key Row is encrypted and the session key after encryption is sent into called UE.
So, so that calling UE and called UE are carried out using session key to the conversation message transmitted during secret communication Encrypt and Decrypt.
It is preferred that Key generating unit is additionally operable to after the corresponding transmission keys of the UE are generated:
The corresponding relation set up between transmission key UE corresponding with transmission key user's mark;
Using the user password of the UE, transmission key corresponding to the UE is encrypted, and the transmission preserved after encryption is close Key and corresponding relation.
So, so as to subsequently according to the corresponding transmission key of UE user's identifier lookup UE.
It is preferred that Key generating unit is generating the corresponding initial key groups of the UE according to the security module of UE mark When, specifically for:
According to security module mark the first random array of generation, and the UE corresponding first is generated according to the first random array Initial key group;
Set up the first initial key group UE corresponding with the first initial key group security module mark between it is corresponding Relation;
Using the user password of the UE, each initial key in the first initial key group is encrypted respectively, and protects Deposit the first initial key group and corresponding relation after encryption.
So, to be selected from initial key group for the corresponding initial keys that are encrypted of transmission key of UE.
It is preferred that Key generating unit is additionally operable to:
The second random array of random generation, and the corresponding second initial key groups of the UE are generated according to the second random array, The quantity of random number is identical with the quantity of random number in the first random array in wherein second random array;
The first initial key group is replaced with the second initial key group;
The second random array is encrypted using the corresponding transmission keys of the UE, and by the second random array after encryption The UE is sent to, to update the corresponding initial key groups of the UE.
So, by updating the corresponding initial key groups of UE, the security of the corresponding initial key groups of UE is improved.
It is preferred that Key generating unit is additionally operable to after the corresponding transmission keys of the UE are generated:
The corresponding transmission keys of the UE after the encryption that network side equipment is sent are received, the corresponding initial keys of the UE are utilized Transmission key after encryption is decrypted;
Using the user password of the UE, the transmission key after decryption is encrypted, and preserves the transmission key after encryption.
So, so that session key is decrypted later use transmission key.
It is preferred that Key generating unit is generating the corresponding initial key groups of the UE according to the security module of UE mark When, specifically for:
According to security module mark the first random array of generation, and the UE corresponding first is generated according to the first random array Initial key group;
Using the user password of the UE, each initial key in the first initial key group is encrypted respectively, and protects Deposit the first initial key group after encryption.
So, so as to subsequently according to the corresponding initial key group of the UE security module identifier lookup UE.
It is preferred that Key generating unit is additionally operable to:
The second random array after the encryption that network side equipment is sent is received, the corresponding transmission key pair encryptions of the UE are utilized The second random array afterwards is decrypted, wherein the quantity of random number and random number in the first random array in the second random array Quantity it is identical;
The corresponding second initial key groups of the UE are generated according to the second random array after decryption;
The first initial key group is replaced with the second initial key group.
So, by updating the corresponding initial key groups of UE, the security of the corresponding initial key groups of UE is improved.
It is preferred that Key generating unit selects to be used for this UE pairs in the user password according to the UE from initial key group During the initial key that the transmission key answered is encrypted, specifically for:
According to the user password of the UE, the corresponding Key Sequence Number of an initial key in initial key group is determined;
An initial key in initial key group is determined according to Key Sequence Number.
So, so as to utilize initial key it is corresponding to the UE transmission key carry out Encrypt and Decrypt.
Brief description of the drawings
Fig. 1 is the Principle of Communication schematic diagram of the end-to-end commercial secret signalling using fixed key;
Fig. 2 is the Principle of Communication schematic diagram of the end-to-end secret signalling using dynamic key negotiation mechanism;
Fig. 3 is to be shown by the Principle of Communication for the end-to-end secret signalling that KMC is terminal dynamically distributes key It is intended to;
Fig. 4 is a kind of key generation method schematic flow sheet provided in an embodiment of the present invention;
Fig. 5 is the update method schematic flow sheet of initial key group provided in an embodiment of the present invention;
Fig. 6 is the destroying method schematic flow sheet of initial key group provided in an embodiment of the present invention;
Fig. 7 is the transmission mechanism schematic flow sheet provided in an embodiment of the present invention for transmitting key;
Fig. 8 is the destroying method schematic flow sheet provided in an embodiment of the present invention for transmitting key;
Fig. 9 is encryption VoIP operation flow schematic diagrames provided in an embodiment of the present invention;
Figure 10 is a kind of encryption instant messaging schematic flow sheet provided in an embodiment of the present invention;
Figure 11 is a kind of key generating device structural representation provided in an embodiment of the present invention.
Embodiment
The present invention provides a kind of key generation method and device, is deposited to solve key application in commercial secret signalling Safety issue.
As shown in figure 4, the embodiments of the invention provide a kind of key generation method, this method includes:
S41, the security module mark and user password for determining user equipment (UE);
S42, the corresponding initial key groups of the UE are generated according to the security module of UE mark, according to the user password of the UE The initial key for the corresponding transmission keys of the UE to be encrypted is selected from initial key group, wherein, transmission key is used It is encrypted in the corresponding session keys of the UE.
It is preferred that after step S42, this method also includes:
By rear, the corresponding transmission keys of the UE are being generated to UE security module certification, it is corresponding initial using the UE Key transmission key corresponding to the UE is encrypted, and the transmission key after encryption is sent into the UE.
It is preferred that after step S42, this method also includes:
When the UE initiates session establishment request as calling UE, generate at random between calling UE and called UE The session key that the conversation message transmitted in conversation procedure is encrypted, using the corresponding transmission key of calling UE to session key It is encrypted and the session key after encryption is sent to calling UE, session key is entered using called UE corresponding transmission key Row is encrypted and the session key after encryption is sent into called UE.
It is preferred that after the corresponding transmission keys of the UE are generated, this method also includes:
The corresponding relation set up between transmission key UE corresponding with transmission key user's mark;
Using the user password of the UE, transmission key corresponding to the UE is encrypted, and the transmission preserved after encryption is close Key and corresponding relation.
It is preferred that the corresponding initial key groups of the UE are generated according to the security module of UE mark, including:
According to security module mark the first random array of generation, and the UE corresponding first is generated according to the first random array Initial key group;
Set up the first initial key group UE corresponding with the first initial key group security module mark between it is corresponding Relation;
Using the user password of the UE, each initial key in the first initial key group is encrypted respectively, and protects Deposit the first initial key group and corresponding relation after encryption.
It is preferred that this method also includes:
The second random array of random generation, and the corresponding second initial key groups of the UE are generated according to the second random array, The quantity of random number is identical with the quantity of random number in the first random array in wherein second random array;
The first initial key group is replaced with the second initial key group;
The second random array is encrypted using the corresponding transmission keys of the UE, and by the second random array after encryption The UE is sent to, to update the corresponding initial key groups of UE.
It is preferred that after the corresponding transmission keys of the UE are generated, this method also includes:
The corresponding transmission keys of the UE after the encryption that network side equipment is sent are received, the corresponding initial keys of the UE are utilized Transmission key after encryption is decrypted;
Using the user password of the UE, the transmission key after decryption is encrypted, and preserves the transmission key after encryption.
It is preferred that the corresponding initial key groups of the UE are generated according to the security module of UE mark in step S42, including:
According to security module mark the first random array of generation, and the UE corresponding first is generated according to the first random array Initial key group;
Using the user password of the UE, each initial key in the first initial key group is encrypted respectively, and protects Deposit the first initial key group after encryption.
It is preferred that this method also includes:
The second random array after the encryption that network side equipment is sent is received, the corresponding transmission key pair encryptions of the UE are utilized The second random array afterwards is decrypted, wherein the quantity of random number and random number in the first random array in the second random array Quantity it is identical;
The corresponding second initial key groups of the UE are generated according to the second random array after decryption;
The first initial key group is replaced with the second initial key group.
It is preferred that being selected in step S42 according to the user password of the UE from initial key group for corresponding to the UE The initial key that transmission key is encrypted, including:
According to the user password of the UE, the corresponding Key Sequence Number of an initial key in initial key group is determined;
An initial key in initial key group is determined according to Key Sequence Number.
Secret signalling in the embodiment of the present invention devises three kinds of keys, respectively initial key, transmission key with And session key, describe the secret communication system that the embodiment of the present invention is proposed in detail with reference to the specific embodiment of these three keys Network side equipment in system, the embodiment of the present invention includes key management system (Key Manager System, KMC) and maintained secrecy many Media communication system (Secret Multimedia Communication System, SMCS).
Embodiment one:Effect, generation, renewal and destruction of the initial key in secret signalling.
The effect of initial key:For carrying out Encrypt and Decrypt to the corresponding transmission keys of UE, to improve transmission key in transmission During security.
The generating process of initial key:
Network side equipment:UE is in registration, and its security module needs to be initialized in KMC sides.Now, KMC is according to UE Security module mark one random array (the i.e. first random array) of generation, and it is corresponding using the random array to generate the UE One initial key group (i.e. the first initial key group);
Due to the corresponding initial key group of the security module that multiple UE are preserved in KMC, to ensure that KMC can during follow-up use With the security module identifier lookup according to UE to the corresponding initial key groups of the UE, KMC sets up the first initial key group and first Corresponding relation between the corresponding UE of initial key group security module mark;To improve the security of key storage, this is utilized UE user password, each initial key in the first initial key group is encrypted respectively, and KMC preserves first after encryption It is corresponding between initial key group and the first initial key group UE corresponding with the first initial key group security module mark Relation, the first initial key group is stored in KMC with ciphertext form;
To UE security module certification, by rear, KMC is used for according to UE according to UE user password by using with UE User password determine the corresponding Key Sequence Number identical preset algorithm of an initial key in initial key group, it is determined that initial close The corresponding Key Sequence Number of an initial key in key group, and according to the Key Sequence Number determine in initial key group one it is initial close Key, the initial key is the corresponding initial keys of UE.
Wherein, the verification process that KMC is carried out to UE security module is, and what KMC received UE transmissions carries the UE User mark and security module identify security module authentication request message after, pass through user's identifier lookup locally preserve should User identifies corresponding security module mark, and the security module mark and the security module authentication request of UE transmissions of comparison query The security module carried in message is identified whether unanimously;If consistent, security module certifications of the KMC to UE passes through;Otherwise KMC To UE security module authentification failure.
UE sides:UE determines that the method for initial key and network side equipment determine the method class of the corresponding initial keys of the UE Seemingly, i.e. UE is according to one random array of its security module mark generation (the i.e. first random array, the with network side equipment generation One random array is identical), and using with KMC be used for according to random array generate initial key group identical algorithm, using this with Machine array generates the corresponding initial key group of the UE (i.e. the first initial key group);
UE utilizes its user password, and each initial key in the first initial key group is encrypted respectively, and preserves The first initial key group after encryption, the first initial key group is stored in UE with ciphertext form;
To UE security module certification, by rear, UE is used for according to UE's according to its user password by using with KMC User password determines the corresponding Key Sequence Number identical preset algorithm of an initial key in initial key group, determines initial key The corresponding Key Sequence Number of an initial key in group, and an initial key in initial key group is determined according to the Key Sequence Number, The initial key is the corresponding initial keys of UE.
The renewal process of initial key:In order to ensure the security of secret signalling, it is necessary to when UE security module is pacified When full property is low (administrative staff carry out safe sex determination to UE security module) or periodically to UE and network side equipment The initial key group preserved in KMC enters Mobile state renewal.As shown in figure 5, the initial key group preserved in UE and KMC is updated Journey is as follows:
S501, KMC generate the second random array at random;
Wherein, the quantity of random number is identical with the quantity of random number in the first random array in the second random array;
The second random array is encrypted using the corresponding transmission keys of the UE by S502, KMC;
S503, the initial key for carrying the second random array after encryption is updated into request UE is transmitted to by SMCS;
S504, UE are received after the initial key renewal request for carrying the second random array after encryption, utilize the UE Second random array is decrypted corresponding transmission key;
S505, UE generate the corresponding second initial key groups of the UE according to the second random array after decryption, and UE utilizes it User password, each initial key in the second initial key group is encrypted respectively, and initial close with second after encryption Key group replaces the first initial key group after encryption;
Initial key is updated response message and is transmitted to KMC by SMCS by S506, UE;
S507, KMC receive initial key and updated after response message, and the UE corresponding the is generated according to the second random array Two initial key groups, preserve pair between the second initial key group UE corresponding with the second initial key group security module mark It should be related to, using the user password of the UE, each initial key in the second initial key group is encrypted respectively, KMC is used The second initial key group after encryption replaces the first initial key group after encryption.
Wherein, KMC uses identical for generating the corresponding second initial key groups of the UE according to the second random array with UE Algorithm, the corresponding second initial key groups of the UE are generated according to the second random array.
After step S507, UE will initiate security module identifying procedure to network side equipment, to obtain new this UE pairs The transmission key answered.
The Destruction of initial key group:If UE security module is under insecure environments, system can be to UE in KMC Corresponding encryption initial password group and the encryption initial password group of UE sides carry out remote destroying.
As shown in fig. 6, the Destruction of initial key group is as follows:
Cipher key destruction request message is sent to UE by S601, KMC by SMCS, and being carried in the cipher key destruction request message should UE user's mark and security module mark;
Specifically, if UE is registered, SMCS indicates that UE carries out cipher key destruction;If UE is canceled, SMCS feeds back to KMC Registration failure order, KMC preserves the cipher key destruction request message of the UE;When the UE initiates identification log to KMC, KMC leads to again Cross SMCS and cipher key destruction request message is sent to UE;
S602, UE are received after cipher key destruction request message, destroy the encryption initial key group locally preserved and encryption is passed Defeated key;
S603, UE send cipher key destruction response message by SMCS to KMC;
S604, KMC are received after cipher key destruction response message, destroy the corresponding encryption initial keys of the UE locally preserved Group and encrypted transmission key.
Embodiment two:Transmit effect, transmission mechanism and destruction of the key in secret signalling.
Transmit the effect of key:For the corresponding session keys of UE to be encrypted, to ensure that session key is being transmitted across Safety in journey.
Transmit the transmission mechanism of key:As shown in fig. 7, transmitting key in secret signalling provided in an embodiment of the present invention Transmission mechanism it is as follows:
S701, KMC, by rear, are generating corresponding transmission key in the UE registration periods to UE security module certification;
S702, KMC preserve the corresponding relation between transmission key UE corresponding with transmission key user's mark, utilize UE user password, transmission key corresponding to the UE is encrypted, and preserves the transmission key after encryption;
S703, KMC are encrypted using the corresponding initial keys of UE transmission key corresponding to the UE;
Encrypted transmission key is sent to UE by S704, KMC by SMCS;
S705, UE are received after the corresponding encrypted transmission keys of the UE, close to transmitting using the corresponding initial keys of the UE Key is decrypted, and using the user password of the UE, the transmission key after decryption is encrypted, and is preserved after this time encryption Transmit key.
Transmit the Destruction of key:The Destruction of transmission key is divided into two kinds, and a kind of is when UE security module exists Under insecure environments, the cipher key destruction process initiated from KMC to UE, specific cipher key destruction process are as shown in fig. 6, no longer go to live in the household of one's in-laws on getting married herein State;Another is the cipher key destruction process actively initiated by UE, as shown in figure 8, transmission is close when UE initiates user log off flow Key Destruction is as follows:
S801, UE send user log off request message to SMCS;
S802, SMCS send user log off response message to UE, to indicate that UE is transmitted cipher key destruction process;
S803, UE are received after user log off response message, destroy the encrypted transmission key locally preserved;
S804, SMCS send user log off request message to KMC, and the user log off request message carries UE user's mark Know;
S805, KMC are received after user log off request message, this UE pairs locally preserved according to UE user's identifier lookup The encrypted transmission key answered, and destroy;
S806, KMC return to user log off response message to SMCS;
S807, SMCS are received after user log off response message, and SMCS carries out user log off to UE, and discharges the phase of the UE Answer resource.
Embodiment three:Effect of the session key in secret signalling, transmission mechanism, use and destroy.
The effect of session key:Business datum (audio medium stream) is carried out during for being conversated between UE Encrypt and Decrypt, is the real work key of Business Stream.
As shown in figure 9, by encrypting IP-based voice transfer (Voice over IP, VoIP), operation flow is specifically The transmission mechanism of bright session key, using and Destruction, encryption VoIP operation flows it is as follows:
S901, calling UE send encryption conversation request message by SMCS to KMC, and the encryption conversation request message is carried User's mark of calling UE and the user of called UE identify;
S902, KMC are received after encryption conversation request message, are this encryption session generation session key;
S903, KMC are according to the corresponding transmission key of user's identifier lookup calling UE of calling UE, according to the user of called UE The corresponding transmission key of identifier lookup called UE, and it is utilized respectively the corresponding transmission key of calling UE biography corresponding with called UE Session key is encrypted defeated key;
S904, KMC send encryption conversational response message to calling UE and called UE respectively by SMCS;Wherein, to caller UE send encryption conversational response message carry using calling UE it is corresponding transmission key encryption after session key, to be called The encryption conversational response message that UE is sent, which is carried, utilizes the session key after the corresponding transmission key encryption of called UE;
S905, calling UE are received after encryption conversational response message, according to the transmission key pair encryption session key of local terminal It is decrypted, obtains the session key of this encryption session, and preserves;
S906, called UE are received after encryption conversational response message, according to the transmission key pair encryption session key of local terminal It is decrypted, obtains the session key of this encryption session, and preserves;
It is preferred that after step S905 and S906, calling UE and called UE can disappear to SMCS feedback encryptions conversational response Breath, to indicate whether UE successfully obtains the session key of this encryption session;If SMCS does not receive master at the appointed time The encryption conversational response message for making UE or called UE feed back, then SMCS is resend to calling UE or called UE carries encryption meeting The encryption conversational response message of key is talked about, transmission times is repeated by default.
Business datum is encrypted using session key for S907, calling UE, and the business datum after encryption is sent to Called UE;
S908, called UE receive the encrypted transaction data that calling UE is sent, and using session key to encrypted transaction data It is decrypted, obtains this business datum;
The process that called UE sends business datum to calling UE is identical with step S907 and S908, and here is omitted.
S909, when this encryption conversation end, calling UE and called UE destroy the session key locally preserved;
S910, calling UE send encryption conversation end message by SMCS to KMC;
S911, KMC are received after encryption conversation end message, destroy the session key of this encryption session.
Step S910 and S911 are optional step, when KMC does not preserve the session key of this encryption session, it is not necessary to Carry out step S910 and S911.
Example IV:As shown in Figure 10, instant messaging flow is encrypted in secret signalling as follows:
S1001, when calling UE initiate instant messaging when, calling UE generates the first random number at random, and utilizes local terminal It is corresponding transmission key the first random number is encrypted obtains encrypt the first random number, using local terminal it is corresponding transmission key and Instant message is encrypted first random number obtains the first encryption instant message;
S1002, calling UE will encrypt the first random number and the first encryption instant message is sent to KMC by SMCS;
S1003, KMC receive the random number of encryption first and the first encryption instant message that calling UE is sent, and utilize calling UE The corresponding transmission random number of key pair encryption first is decrypted, and utilizes the corresponding transmission key of calling UE and the first random number pair First encryption instant message is decrypted, and obtains instant message;
S1004, KMC generate the second random number at random, and the second random number is entered using the corresponding transmission key of called UE Row encryption is obtained encrypting the second random number, and instant message is added using the corresponding transmission key of called UE and the second random number It is close to obtain the second encryption instant message;
S1005, KMC will encrypt the second random number by SMCS and the second encryption instant message is sent to called UE;
S1006, called UE receive the second random number of encryption and the second encryption instant message, close using the corresponding transmission of local terminal The second random number of encryption is decrypted key, and the second encryption is disappeared immediately using the corresponding transmission key of local terminal and the second random number Breath is decrypted, and obtains instant message.
Corresponding with the above method, as shown in figure 11, the embodiment of the present invention provides a kind of key generating device, the device Including:
Information determination unit 111, for determining that the security module of user equipment (UE) is identified and user password;
Key generating unit 112, for generating the corresponding initial key groups of the UE, root according to the security module of UE mark The initial key for the corresponding transmission keys of the UE to be encrypted is selected from initial key group according to the user password of the UE, Wherein, transmission key is used to the corresponding session keys of the UE are encrypted.
It is preferred that Key generating unit 112 is additionally operable to:
By rear, the corresponding transmission keys of the UE are being generated to UE security module certification, it is corresponding initial using the UE Key transmission key corresponding to the UE is encrypted, and the transmission key after encryption is sent into the UE.
It is preferred that Key generating unit 112 is additionally operable to:
When the UE initiates session establishment request as calling UE, generate at random between calling UE and called UE The session key that the conversation message transmitted in conversation procedure is encrypted, using the corresponding transmission key of calling UE to session key It is encrypted and the session key after encryption is sent to calling UE, session key is entered using called UE corresponding transmission key Row is encrypted and the session key after encryption is sent into called UE.
It is preferred that Key generating unit 112 is additionally operable to after the corresponding transmission keys of the UE are generated:
The corresponding relation set up between transmission key UE corresponding with transmission key user's mark;
Using the user password of the UE, transmission key corresponding to the UE is encrypted, and the transmission preserved after encryption is close Key and corresponding relation.
It is preferred that Key generating unit 112 is generating the corresponding initial keys of the UE according to the security module of UE mark During group, specifically for:
According to security module mark the first random array of generation, and the UE corresponding first is generated according to the first random array Initial key group;
Set up the first initial key group UE corresponding with the first initial key group security module mark between it is corresponding Relation;
Using the user password of the UE, each initial key in the first initial key group is encrypted respectively, and protects Deposit the first initial key group and corresponding relation after encryption.
It is preferred that Key generating unit 112 is additionally operable to:
The second random array of random generation, and the corresponding second initial key groups of the UE are generated according to the second random array, The quantity of random number is identical with the quantity of random number in the first random array in wherein second random array;
The first initial key group is replaced with the second initial key group;
The second random array is encrypted using the corresponding transmission keys of the UE, and by the second random array after encryption The UE is sent to, to update the corresponding initial key groups of the UE.
It is preferred that Key generating unit 112 is additionally operable to after the corresponding transmission keys of the UE are generated:
The corresponding transmission keys of the UE after the encryption that network side equipment is sent are received, the corresponding initial keys of the UE are utilized Transmission key after encryption is decrypted;
Using the user password of the UE, the transmission key after decryption is encrypted, and preserves the transmission key after encryption.
It is preferred that Key generating unit 112 is generating the corresponding initial keys of the UE according to the security module of UE mark During group, specifically for:
According to security module mark the first random array of generation, and the UE corresponding first is generated according to the first random array Initial key group;
Using the user password of the UE, each initial key in the first initial key group is encrypted respectively, and protects Deposit the first initial key group after encryption.
It is preferred that Key generating unit 112 is additionally operable to:
The second random array after the encryption that network side equipment is sent is received, the corresponding transmission key pair encryptions of the UE are utilized The second random array afterwards is decrypted, wherein the quantity of random number and random number in the first random array in the second random array Quantity it is identical;
The corresponding second initial key groups of the UE are generated according to the second random array after decryption;
The first initial key group is replaced with the second initial key group.
It is preferred that Key generating unit 112 selects to be used for this in the user password according to the UE from initial key group During the initial key that the corresponding transmission keys of UE are encrypted, specifically for:
According to the user password of the UE, the corresponding Key Sequence Number of an initial key in initial key group is determined;
An initial key in initial key group is determined according to Key Sequence Number.
Specifically, information determination unit 111 and Key generating unit 112 can be by processors and the biography with transmission-receiving function Defeated module realization, the transport module with transmission-receiving function equipment, this hair such as transport module can be special chip and antenna The bright entity for being not limited to realize these units.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, device or computer program Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.Moreover, the present invention can be used in one or more computers for wherein including computer usable program code The shape for the computer program product that usable storage medium is implemented on (including but is not limited to magnetic disk storage and optical memory etc.) Formula.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (device) and computer program product Figure and/or block diagram are described.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to comprising including these changes and modification.

Claims (20)

1. a kind of key generation method, it is characterised in that this method includes:
Determine the security module mark and user password of user equipment (UE);
The corresponding initial key groups of the UE are generated according to the security module of UE mark, according to the user password of the UE from it is described just The initial key for the corresponding transmission keys of the UE to be encrypted is selected in beginning key group, wherein, the transmission key is used It is encrypted in the corresponding session keys of the UE.
2. the method as described in claim 1, it is characterised in that this method also includes:
UE security module certification, by rear, is being generated by the corresponding transmission keys of the UE, the corresponding initial keys of the UE are utilized Transmission key corresponding to the UE is encrypted, and the transmission key after encryption is sent into the UE.
3. method as claimed in claim 2, it is characterised in that this method also includes:
When the UE initiates session establishment request as calling UE, generate at random for the meeting between calling UE and called UE The session key that the conversation message transmitted during words is encrypted, is entered using the corresponding transmission key of calling UE to session key Row is encrypted and the session key after encryption is sent into calling UE, and session key is carried out using called UE corresponding transmission key Encrypt and the session key after encryption is sent to called UE.
4. method as claimed in claim 2, it is characterised in that after the corresponding transmission keys of the UE are generated, this method is also Including:
The corresponding relation set up between transmission key UE corresponding with transmission key user's mark;
Using the user password of the UE, it is corresponding to the UE transmission key be encrypted, and preserve encryption after transmission key, with And the corresponding relation.
5. method as claimed in claim 2, it is characterised in that described that UE correspondences are generated according to the security module of UE mark Initial key group, including:
According to security module mark the first random array of generation, and the UE corresponding first is generated according to the first random array Initial key group;
The corresponding relation set up between the first initial key group UE corresponding with the first initial key group security module mark;
Using the user password of the UE, each initial key in the first initial key group is encrypted respectively, and preservation adds The first initial key group and the corresponding relation after close.
6. method as claimed in claim 5, it is characterised in that this method also includes:
The second random array of random generation, and the corresponding second initial key groups of the UE are generated according to the second random array, wherein The quantity of random number is identical with the quantity of random number in the first random array in second random array;
The first initial key group is replaced with the second initial key group;
The second random array is encrypted using the corresponding transmission keys of the UE, and the second random array after encryption is sent The UE is given, to update the corresponding initial key groups of the UE.
7. method as claimed in claim 6, it is characterised in that after the corresponding transmission keys of the UE are generated, this method is also Including:
The corresponding transmission keys of the UE after the encryption that network side equipment is sent are received, are added using the corresponding initial keys pair of the UE Transmission key after close is decrypted;
Using the user password of the UE, the transmission key after decryption is encrypted, and preserves the transmission key after encryption.
8. method as claimed in claim 7, it is characterised in that described that UE correspondences are generated according to the security module of UE mark Initial key group, including:
According to security module mark the first random array of generation, and it is corresponding first initial according to the first random array to generate the UE Key group;
Using the user password of the UE, each initial key in the first initial key group is encrypted respectively, and preservation adds The first initial key group after close.
9. method as claimed in claim 8, it is characterised in that this method also includes:
The second random array after the encryption that the network side equipment is sent is received, the corresponding transmission key pair encryptions of the UE are utilized The second random array afterwards is decrypted, wherein the quantity of random number and random number in the first random array in the second random array Quantity it is identical;
The corresponding second initial key groups of the UE are generated according to the second random array after decryption;
The first initial key group is replaced with the second initial key group.
10. the method as described in any one in claim 1,4,5,8 or 9, it is characterised in that the use according to the UE Registered permanent residence order selects the initial key for the corresponding transmission keys of the UE to be encrypted from the initial key group, including:
According to the user password of the UE, the corresponding Key Sequence Number of an initial key in initial key group is determined;
An initial key in initial key group is determined according to the Key Sequence Number.
11. a kind of key generating device, it is characterised in that the device includes:
Information determination unit, for determining that the security module of user equipment (UE) is identified and user password;
Key generating unit, for generating the corresponding initial key groups of the UE according to the security module of UE mark, according to the UE User password selected from the initial key group for the corresponding initial keys that are encrypted of transmission key of the UE, its In, the transmission key is used to the corresponding session keys of the UE are encrypted.
12. device as claimed in claim 11, it is characterised in that the Key generating unit is additionally operable to:
UE security module certification, by rear, is being generated by the corresponding transmission keys of the UE, the corresponding initial keys of the UE are utilized Transmission key corresponding to the UE is encrypted, and the transmission key after encryption is sent into the UE.
13. device as claimed in claim 12, it is characterised in that the Key generating unit is additionally operable to:
When the UE initiates session establishment request as calling UE, generate at random for the meeting between calling UE and called UE The session key that the conversation message transmitted during words is encrypted, is entered using the corresponding transmission key of calling UE to session key Row is encrypted and the session key after encryption is sent into calling UE, and session key is carried out using called UE corresponding transmission key Encrypt and the session key after encryption is sent to called UE.
14. device as claimed in claim 12, it is characterised in that the Key generating unit is generating the corresponding transmission of the UE After key, it is additionally operable to:
The corresponding relation set up between transmission key UE corresponding with transmission key user's mark;
Using the user password of the UE, it is corresponding to the UE transmission key be encrypted, and preserve encryption after transmission key, with And the corresponding relation.
15. device as claimed in claim 12, it is characterised in that the Key generating unit is in the security module according to the UE When mark generates the UE corresponding initial key groups, specifically for:
According to security module mark the first random array of generation, and the UE corresponding first is generated according to the first random array Initial key group;
The corresponding relation set up between the first initial key group UE corresponding with the first initial key group security module mark;
Using the user password of the UE, each initial key in the first initial key group is encrypted respectively, and preservation adds The first initial key group and the corresponding relation after close.
16. device as claimed in claim 15, it is characterised in that the Key generating unit is additionally operable to:
The second random array of random generation, and the corresponding second initial key groups of the UE are generated according to the second random array, wherein The quantity of random number is identical with the quantity of random number in the first random array in second random array;
The first initial key group is replaced with the second initial key group;
The second random array is encrypted using the corresponding transmission keys of the UE, and the second random array after encryption is sent The UE is given, to update the corresponding initial key groups of the UE.
17. device as claimed in claim 16, it is characterised in that the Key generating unit is generating the corresponding transmission of the UE After key, it is additionally operable to:
The corresponding transmission keys of the UE after the encryption that network side equipment is sent are received, are added using the corresponding initial keys pair of the UE Transmission key after close is decrypted;
Using the user password of the UE, the transmission key after decryption is encrypted, and preserves the transmission key after encryption.
18. device as claimed in claim 17, it is characterised in that the Key generating unit is in the security module according to the UE When mark generates the UE corresponding initial key groups, specifically for:
According to security module mark the first random array of generation, and it is corresponding first initial according to the first random array to generate the UE Key group;
Using the user password of the UE, each initial key in the first initial key group is encrypted respectively, and preservation adds The first initial key group after close.
19. device as claimed in claim 18, it is characterised in that the Key generating unit is additionally operable to:
The second random array after the encryption that network side equipment is sent is received, after the corresponding transmission key pair encryptions of the UE Second random array is decrypted, wherein in the second random array in the quantity of random number and the first random array random number number Amount is identical;
The corresponding second initial key groups of the UE are generated according to the second random array after decryption;
The first initial key group is replaced with the second initial key group.
20. the device as described in any one in claim 11,14,15,18 or 19, it is characterised in that the key life Select to be used for transmission key progress corresponding to the UE from the initial key group in the user password according to the UE into unit During the initial key of encryption, specifically for:
According to the user password of the UE, the corresponding Key Sequence Number of an initial key in initial key group is determined;
An initial key in initial key group is determined according to the Key Sequence Number.
CN201410232624.6A 2014-05-28 2014-05-28 A kind of key generation method and device Active CN103997405B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410232624.6A CN103997405B (en) 2014-05-28 2014-05-28 A kind of key generation method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410232624.6A CN103997405B (en) 2014-05-28 2014-05-28 A kind of key generation method and device

Publications (2)

Publication Number Publication Date
CN103997405A CN103997405A (en) 2014-08-20
CN103997405B true CN103997405B (en) 2017-10-17

Family

ID=51311416

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410232624.6A Active CN103997405B (en) 2014-05-28 2014-05-28 A kind of key generation method and device

Country Status (1)

Country Link
CN (1) CN103997405B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103986723B (en) * 2014-05-28 2017-12-05 大唐移动通信设备有限公司 A kind of secret communication control, secret communication method and device
CN108154038B (en) * 2016-12-06 2022-04-26 北京京东尚科信息技术有限公司 Data processing method and device
CN110166426A (en) * 2019-04-11 2019-08-23 北京媒球信息科技有限公司 Information sends terminal, receives terminal and its secret communication method, storage medium
CN111641636A (en) * 2020-05-28 2020-09-08 中国联合网络通信集团有限公司 Method, system, equipment and storage medium for data security communication of Internet of things
CN112861116B (en) * 2021-02-03 2022-12-27 浪潮云信息技术股份公司 Method and tool for realizing dynamic password loading based on sidecar mode

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101471943A (en) * 2007-12-20 2009-07-01 英特尔公司 Methods for authenticating a hardware device and providing a secure channel to deliver data
CN103152362A (en) * 2013-03-28 2013-06-12 胡祥义 Cloud-computing-based encrypted transmission method for large data files

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1204236A4 (en) * 2000-06-15 2008-03-05 Sony Corp System and method for processing information using encryption key block
JP2006108903A (en) * 2004-10-01 2006-04-20 Hiromi Fukaya Encryption data distribution method, encryption device, decryption device, encryption program, and decryption program
US7885412B2 (en) * 2005-09-29 2011-02-08 International Business Machines Corporation Pre-generation of generic session keys for use in communicating within communications environments
CN102804676A (en) * 2009-06-23 2012-11-28 松下电器产业株式会社 Cryptogram-key distribution system
CN101635924B (en) * 2009-08-27 2012-01-18 成都卫士通信息产业股份有限公司 CDMA port-to-port encryption communication system and key distribution method thereof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101471943A (en) * 2007-12-20 2009-07-01 英特尔公司 Methods for authenticating a hardware device and providing a secure channel to deliver data
CN103152362A (en) * 2013-03-28 2013-06-12 胡祥义 Cloud-computing-based encrypted transmission method for large data files

Also Published As

Publication number Publication date
CN103997405A (en) 2014-08-20

Similar Documents

Publication Publication Date Title
US10785019B2 (en) Data transmission method and apparatus
CN103986723B (en) A kind of secret communication control, secret communication method and device
CN104219051B (en) The communication means and system of a kind of inner group message
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
CN107040369A (en) Data transmission method, apparatus and system
US20140052989A1 (en) Secure data exchange using messaging service
CN109981584B (en) Block chain-based distributed social contact method
CN103997405B (en) A kind of key generation method and device
CN103493427A (en) Discovery of security associations
CN105307165A (en) Communication method based on mobile application, server and client
CN101971559A (en) Method and apparatus to enable lawful intercept of encrypted traffic
Groves MIKEY-SAKKE: sakai-kasahara key encryption in multimedia internet keying (MIKEY)
CN104917807A (en) Resource transfer method, apparatus and system
US20180115535A1 (en) Blind En/decryption for Multiple Clients Using a Single Key Pair
CN104901803A (en) Data interaction safety protection method based on CPK identity authentication technology
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
CN107590396A (en) Data processing method and device, storage medium, electronic equipment
CN107483429A (en) A kind of data ciphering method and device
CN113365264B (en) Block chain wireless network data transmission method, device and system
CN111246407A (en) Data encryption and decryption method and device for short message transmission
US11368436B2 (en) Communication protocol
CN114173328A (en) Key exchange method and device and electronic equipment
CN110035083A (en) Communication means, equipment and the computer readable storage medium of dialogue-based key
CN106487761B (en) Message transmission method and network equipment
CN112217862A (en) Data communication method, device, terminal equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant