CN104796397B - A method of transmitting a data encryption - Google Patents

A method of transmitting a data encryption Download PDF

Info

Publication number
CN104796397B
CN104796397B CN201510006841.8A CN201510006841A CN104796397B CN 104796397 B CN104796397 B CN 104796397B CN 201510006841 A CN201510006841 A CN 201510006841A CN 104796397 B CN104796397 B CN 104796397B
Authority
CN
China
Prior art keywords
data
step
service
mobile terminal
number
Prior art date
Application number
CN201510006841.8A
Other languages
Chinese (zh)
Other versions
CN104796397A (en
Inventor
苏长君
段彬
Original Assignee
北京思普崚技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京思普崚技术有限公司 filed Critical 北京思普崚技术有限公司
Priority to CN201510006841.8A priority Critical patent/CN104796397B/en
Publication of CN104796397A publication Critical patent/CN104796397A/en
Application granted granted Critical
Publication of CN104796397B publication Critical patent/CN104796397B/en

Links

Abstract

本发明中,提供了一种数据加密的方法,通过设置若干个扰码,在发送端对数据进行加扰和CRC运算,然后在接收端进行解扰尝试和CRC校验的方式,并结合扰码和IMSI的对应关系,对传送的数据进行验证,以此使用比较简单的运算来保证数据的安全;通过选取业务数据前M个比特来进行加密传输并将解密后的数据与原始数据比对的方式进行验证,减小了加/解密数据的量,减轻了加/解密运算复杂度,提高了运行速度;在解密前使用扰码加CRC码的验证方式进行数据验证,只有在验证通过后再进行解密,避免了数据错误时不必要的解密尝试,减轻了接收端的资源占用,提高了运行速度。 In the present invention, there is provided a data encryption method of data scrambling and CRC operation on the transmitting side by providing a plurality of scrambling code and descrambling at the receiving end, and CRC check attempts manner, scrambled and combined the IMSI code and the correspondence relationship, data transfer is performed by authenticating the use of relatively simple operations to ensure data security; for data transmission and to decrypt the encrypted data with the original ratio of the former to the traffic data by selecting bits M after authentication using authentication data scrambling code CRC code prior to decryption by only verified; validates performed, it reduces the amount of encryption / decryption of data, reducing the encryption / decryption complexity, increased speed and then decrypted, avoiding unnecessary data decryption error when trying to reduce the footprint receiving end to improve the operating speed.

Description

一种数据加密发送的方法 A method of transmitting a data encryption

技术领域 FIELD

[0001] 本发明涉及通信网络安全技术领域,尤其涉及一种数据加密发送的方法。 [0001] The present invention relates to communications network security technology, particularly to a method of transmitting encrypted data.

背景技术 Background technique

[0002] 随着GSM移动通信技术(2G)和第三代移动通信技术C3G)在全球范围内的深入推广,移动通信己经深入人心,受到广大用户的青睐。 [0002] With the GSM mobile communication technology (2G) and third generation mobile communication technology C3G) to promote in-depth worldwide mobile communications has gained, by the majority of users of all ages. 目前,GSM网络是全球最大的手机用户群体使用的移动通信网络,其端到端安全通信一直以来都受到手机用户密切关注。 Currently, GSM network is the world's largest mobile communications network using a mobile phone user population, and its end secure communication has always been closely watched by mobile phone users. 而宽带码分多址复用(WCDMA)技术作为3G的最成熟技术之一,已经成为越来越多的3G用户的首选网络。 The Wideband Code Division Multiple Access (WCDMA) technology as one of the most mature 3G technology has become more and more 3G user's preferred network. 因此,WCDMA系统的安全性能也与其资费、通信质量等一样,受到手机用户的不断关注。 Therefore, the safety performance of WCDMA system is also its tariff, as communication quality, by the constant attention of mobile phone users. 虽然WCDMA系统采用了无线信道的加密技术,但只能保证语音信号在手机至基站间无线传输过程中的安全通信,而基站与基站的中继传输仍是以明文形式进行传输,无法保证安全通信。 Although the WCDMA system uses a wireless channel encryption technology, but only to ensure that the voice signal in the mobile phone to a secure wireless communication during transmission between the base station and relay transmission station and the base station is still transmitted in clear text, we can not guarantee secure communication . 一旦运营商被攻击者入侵,或者运营商本身对用户进行监控,将严重威胁用户的通信安全。 Once the operator is invaded attacker, the user or operator to monitor itself, would seriously threaten the user's communication security. 因此,需要采用端到端加密来保证用户的通信安全。 Thus, the need for secure communication end encryption users.

[0003] 现有的解决服务器端、客户端业务交互安全的方案主要使用简单的密钥加密的方式进行,通过静态密钥和动态密钥来完成数据的加密传输。 [0003] existing solutions on the server side, client service interaction safety program primarily uses a simple key encryption manner, to complete the encrypted transmission of data through the static and dynamic key key.

[0004] 静态密钥一般是在客户端、服务器端放置静态密钥,通信时双方约定采用该密钥进行加解密;动态密钥方式则是开始使用明文传输密钥,在通讯初期双方动态约定密钥,一般是服务端生成,明文传送给客户端,通信时双方约定采用该密钥进行加解密。 [0004] static key is generally placed at the client, the server-side static keys, agreed by both the encryption and decryption key for communication; dynamic mode key is transmitted in clear text key is started, the two sides agreed in the initial dynamic communication key, the server is typically generated, the plaintext to the client, the communication parties agreed by the decryption key.

[0005] 这种密钥加密传输的方式有其存在的固有缺陷:在发送端必须将发送的所有数据进行加密,使得发送端耗费大量的资源用于加密计算,延迟了数据发送速度;同样,在接收端,将所有接收到的数据进行解密计算耗费了接收端的资源用于解密计算,延迟了接收速度。 [0005] Such key encrypted transfer its shortcomings inherent: encrypt all data transmitted by the transmitting side must be such that the transmitting side is resource intensive calculations for encryption, the data transmission speed delay; Similarly, at the receiving end, all the received data is decrypted to calculate the cost of the receiving end for decrypting the calculated resources, the reception delay speed. 并且,现有的密钥加密技术由于要保证密钥不会被破解,必须使得加/解密算法异常复杂,同样加大了发送/接收的系统资源的使用,不利于进行大数据量的通信。 Further, since the conventional key encryption techniques to ensure that the key will not be cracked, so that the necessary encryption / decryption algorithm is very complex, also increase the transmission / reception system resources, it is not conducive to a large amount of data communication.

发明内容 SUMMARY

[0006]本发明提供了一种数据加密发送的方法,应用于移动终端通过接入节点访问业务服务器的数据传递过程,其特征在于,该方法包括; [0006] The present invention provides a method of transmitting encrypted data, the transfer process applied to a mobile terminal via the access node to access the data service server, wherein, the method comprising;

[0007] 步骤20、业务注册阶段,具体包括以下步骤: [0007] Step 20, the service registration phase includes the following steps:

[0008]步骤200、业务服务器预设IMSI号码的分组规则,将移动终端的IMS;[号码分为N组, 分别为每组IMSI号码预设1个对应的扰码,并将IMSI号码分组号以及每个分组号对应的扰码存储在业务服务器上,所述扰码为M个比特; [0008] Step 200, the default packet service server rules IMSI number, the mobile IMS terminal; [number into N groups, each group respectively corresponding to a preset number IMSI scrambling code group number and the IMSI number and a packet number corresponding to each scrambling code stored in the service server, the scrambling code is M bits;

[0009]步骤202、第一移动终端向业务服务器发起业务注册请求,其中携带所述第一移动终端的MSI; [0009] Step 202, the first mobile terminal initiates a service registration request to the service server, which carries the first mobile terminal MSI;

[0010]步骤2〇4、业务服务器接收该业务请求,从中获取所述第一移动终端的IMSI,根据IMSI号码的分组规则,找到该IMSI号码对应的扰码,将该扰码发送给第一移动终端,并向所述第一移动终端下发公共密钥; ' ' LUUMJ步骤所还弟一栘动终端接收并存储业务服务器下发的扰码和公共密钥; [0010] Step 2〇4 service server receives the service request, from the first acquiring IMSI of the mobile terminal, the IMSI number according to the grouping rule, the IMSI number to find a corresponding scrambling code, the scrambling code is transmitted to the first mobile terminal, and sends a first public key in said mobile terminal; '' LUUMJ step further moved southward brother a movable terminal receives and delivered by the scrambling code and the public key storage service server;

[0012]步骤30、业务数据发送阶段,具体包括以下步骤: [0012] Step 30, the service data transmission phase, comprises the steps of:

[0013]步骤300、所述第一移动终端通过接入节点和业务服务器建立无线连接; [0013] Step 300, the first mobile terminal establishes a wireless connection through the access node and the service server;

[0014]步骤302、将待发送的业务数据的前M个比特使用公共密钥进行加密,生成个比特组成的加密数据; [0014] Step 302, the service data to be transmitted using the first M-bit public key for encryption, to generate an encrypted data bits;

[0015]步骤304、对加密数据进行循环冗余校验CRC计算,生成CRC码; [0015] Step 304, the encrypted data is a cyclic redundancy check CRC calculation, CRC code is generated;

[0016]步骤306、对加密数据使用所述第一移动终端上存储的扰码进行加扰,生成加扰数据; [0016] Step 306, using the scrambling code stored on the first mobile terminal scrambling the encrypted data, generating a scrambled data;

[0017] 步骤308、依次将所述第一移动终端的IMSI、加扰数据、CRC码、所述业务数据组成待发送的数据净荷,将其打包在所述无线连接使用的协议报文中发送给业务服务器; [0017] Step 308, in turn, the first mobile terminal IMSI, data scrambling, CRC code, said service data consisting of payload data to be transmitted, which is packaged in the wireless connection protocol packets used in the sent to the application server;

[0018] 步骤40、数据校验接收阶段,具体包括以下步骤: [0018] Step 40, the data parity reception stage, includes the following steps:

[0019]步骤400、业务服务器接收所述第一移动终端发送的业务报文,解析出其中的数据净荷,由此得到所述第一移动终端的IMSI、加扰数据、CRC码、所述业务数据; [0019] Step 400, the service server receives the service packet sent by the first mobile terminal, wherein the parsed data payload, whereby IMSI is the first mobile terminal, data scrambling, CRC code, the business data;

[0020]步骤402、根据所述第一移动终端的IMSI号码,使用预设的分组规则得到该号码所在的頂SI号码分组号,由此获取该分组对应的扰码; [0020] Step 402, according to the IMSI number of the first mobile terminal, using a preset rule to obtain a top SI packet number where the number of packet numbers, thereby obtaining a scrambling code corresponding to the packet;

[0021]步骤404、使用存储在业务服务器上的N个扰码依次对加扰数据进行解扰尝试,然后根据解扰后的数据以及所述CRC码进行CRC校验,直至CRC校验通过为止,若对所有N个扰码进行尝试后未通过CRC校验,则丢弃该业务报文; [0021] Step 404, the service server on the N scrambling codes sequentially stored descrambled scrambled data attempt, then descrambled in accordance with the CRC data and the CRC code, the CRC check passes up until after all, if an attempt is N scrambling codes does not pass the CRC check, the service packet is discarded;

[0022]步骤4〇6、CRC校验通过后,记录所使用的扰码及其对应的IMSI号码分组号,以及解扰后的解扰数据; [0022] Step 4〇6, CRC checking by the scrambling code corresponding to the IMSI number and packet number used for recording, descrambled, and the descrambled data;

[0023] 步骤4〇8、判断CRC校验通过时的頂SI号码分组号与根据分组规则得到的IMSI号码分组号是否一致,若不一致的丢弃该业务报文,若一致则继续; [0023] Step 4〇8, SI number is determined the top coincides with the packet number of packet number IMSI number obtained from the packet by a CRC check rules, if the inconsistency of the service packet is discarded, if they are consistent continue;

[0024]步骤410、对所述解扰数据使用公共密钥解密,得到解密数据; [0024] Step 410, the public key to decrypt the descrambled data to obtain decrypted data;

[0025] 步骤412、判断所述解密数据和业务数据前M个比特是否一致,若不一致的丢弃该业务报文,若一致则使用该业务报文继续业务过程。 [0025] Step 412, determining that the decrypted data and traffic data before the M bits are the same, if inconsistent discards the service packet, when the same packet is used to continue the service business process.

[0026]与现有技术相比,采用本发明的数据加密传输的方法,具有以下优点: [0026] Compared with the prior art, the use of data encryption transmission method of the present invention has the following advantages:

[0027] 1.本发明中,通过设置若干个扰码,在发送端对数据进行加扰和CRC运算,然后在接收端进行解扰尝试和CRC校验的方式,并结合扰码和IMSI的对应关系,对传送的数据进行验证,以此使用比较简单的运算来保证数据的安全; [0027] 1. The present invention, by providing a plurality of scrambling codes, the transmitting side scramble the data and the CRC calculation, then the receiving side descramble way to try and CRC check, and the combined scrambling and IMSI the correspondence relationship, data transfer is performed by authenticating a simple operation using a comparator to ensure data security;

[0028] 2.本发明中,通过选取业务数据前M个比特来进行加密传输并将解密后的数据f 原始数据比对的方式进行验证,减小了加/解密数据的量,减轻了加/解密运算复杂度,提高了运行速度; [0028] 2. In the present invention, the decrypted data and the original data f before the traffic data by selecting bits M to encrypt transmission ratio verified way, it reduces the amount of encryption / decryption of data, plus reduced / decryption computation complexity, increased speed;

[0029] 3.本发明中,在解密前使用扰码加CRC码的验证方式进行数据验证,只有在验^ 通过后再进行解密,避免了数据错误时不必要的解密尝试,减轻了接收端的资源占用,提高了运行速度。 [0029] 3. The present invention, authentication scrambling code CRC code before decrypted data validation, only after inspection by decrypting ^, to avoid unnecessary attempts to decrypt the data error, reduce the receiving end resource consumption, increase the operating speed.

附图说明> ^ BRIEF DESCRIPTION> ^

[0030] 为了更清楚地说明本发明实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍。 [0030] In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings for illustrating the prior art or the need to use the description will be briefly described embodiment.

[0031]显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。 [0031] Apparently, the drawings in the following description are only some embodiments of the present invention, those of ordinary skill in the art is concerned, without creative efforts, we can derive from these drawings other drawings .

[0032]图1为本发明总体流程图; [0032] The present invention is a general flowchart of FIG. 1;

[0033]图2为本发明实施例一业务注册阶段流程图; [0033] Figure 2 a flowchart illustrating a service registration phase embodiment of the present invention;

[0034]图3为本发明实施例一业务数据发送阶段流程图; [0034] FIG 3 a flow chart diagram of a traffic data transmission phase embodiment of the present invention;

[0035]图4为本发明实施例一数据校验接收阶段流程图。 [0035] Figure 4 a flowchart parity reception data phase embodiment of the present invention.

具体实施方式 Detailed ways

[0036]为使本发明的目的、技术方案及优点更加清楚明白,以下将通过具体实施例和相关附图,对本发明作进一步详细说明。 [0036] To make the objectives, technical solutions and advantages of the present invention will become more apparent, embodiments and related drawings below by way of specific embodiments, the present invention is described in further detail.

[0037] 实施例一 [0037] Example a

[0038] 本发明实施例一提供了一种数据加密发送的方法,应用于移动终端通过接入节点访问业务服务器的数据传递过程,其特征在于,该方法包括; Example [0038] The present invention provides a method of transmitting encrypted data, the transfer process applied to a mobile terminal via the access node to access the data service server, wherein, the method comprising;

[0039]步骤20、业务注册阶段,具体包括以下步骤: [0039] Step 20, the service registration phase includes the following steps:

[0040]步骤200、业务服务器预设IMSI号码的分组规则,将移动终端的頂^号码分为N组, 分别为每组IMSI号码预设1个对应的扰码,并将IMSI号码分组号以及每个分组号对应的扰码存储在业务服务器上,所述扰码为M个比特; [0040] Step 200, the default packet service server rules IMSI number, the top number of the mobile terminal ^ into N groups, each group respectively corresponding to the IMSI number of a predetermined scrambling code, and the packet number and the IMSI number each packet number corresponding to the scramble code is stored on the service server, the scrambling code is M bits;

[0041]步骤202、第一移动终端向业务服务器发起业务注册请求,其中携带所述第一移动终端的IMSI; [0041] Step 202, the first mobile terminal initiates a service registration request to the service server, wherein the first carries the IMSI of the mobile terminal;

[OO42]步骤204、业务服务器接收该业务请求,从中获取所述第一移动终端的頂SI,根据頂SI号码的分组规则,找到该頂SI号码对应的扰码,将该扰码发送给第一移动终端,并向所述第一移动终端下发公共密钥; [OO42] Step 204, the service server receives the service request, obtain from the top a first mobile terminal SI, SI according to the packet number of rules top, top to find the scrambling code corresponding number SI, and transmits the scrambling code to the first a mobile terminal, the public key sent to the first mobile terminal;

[0043]步骤206、所述第一移动终端接收并存储业务服务器下发的扰码和公共密钥; [0043] Step 206, the first mobile terminal received and delivered by the scrambling code and the public key storage service server;

[0044]步骤30、业务数据发送阶段,具体包括以下步骤: [0044] Step 30, the service data transmission phase, comprises the steps of:

[0045]步骤300、所述第一移动终端通过接入节点和业务服务器建立无线连接; [0045] Step 300, the first mobile terminal establishes a wireless connection through the access node and the service server;

[0046]步骤302、将待发送的业务数据的前M个比特使用公共密钥进行加密,生成由M个比特组成的加密数据; [0046] Step 302, the use of bits of service data to be transmitted before the M encrypted common key, the encrypted data generated by the M bits thereof;

[0047]步骤304、对加密数据进行循环冗余校验CRC计算,生成CRC码; [0047] Step 304, the encrypted data is a cyclic redundancy check CRC calculation, CRC code is generated;

[0048]步骤306、对加密数据使用所述第一移动终端上存储的扰码进行加扰,生成加扰数据; [0048] Step 306, using the scrambling code stored on the first mobile terminal scrambling the encrypted data, generating a scrambled data;

[0049]步骤308、依次将所述第一移动终端的頂SI、加扰数据、CRC码、所述业务数据组成待发送的数据净荷,将其打包在所述无线连接使用的协议报文中发送给业务服务器; [0049] Step 308, a top turn of the first mobile terminal SI, data scrambling, CRC code, the traffic data consisting of payload data to be transmitted, which is packaged in packets using the wireless connection transmitted to the service server;

[0050]步骤40、数据校验接收阶段,具体包括以下步骤: [0050] Step 40, the data parity reception stage, includes the following steps:

[0051]步骤400、业务服务器接收所述第一移动终端发送的业务报文,解析出其中的数据净荷,由此得到所述第一移动终端的顶SI、加扰数据、CRC码、所述业务数据; [0051] Step 400, the service server receives the service packet sent by the first mobile terminal, wherein the parsed data payload, thereby obtaining a top of the first mobile terminal SI, data scrambling, CRC code, the said service data;

[0052]步骤402、根据所述第一移动终端的IMSI号码,使用预设的分组规则得到该号码所在的IMSI号码分组号,由此获取该分组对应的扰码; [0052] Step 402, according to the IMSI number of the first mobile terminal, a packet using a preset rule to obtain the IMSI number of the packet number is located, thereby obtaining a scrambling code corresponding to the packet;

[0053]步骤404、使用存储在业务服务器上的N个扰码依次对加扰数据进行解扰尝试,然后根据解扰后的数据以及所述CRC码进行CRC校验,直至CRC校验通过为止,若对所有N个扰妈进仃丟试庙禾通过CKC校验,则丢弃该业务报文; [0053] Step 404, the service server on the N scrambling codes sequentially stored descrambled scrambled data attempt, then descrambled in accordance with the CRC data and the CRC code, the CRC check passes up until If the sample lost all the temple Wo N scrambling into the Ding mother of CKC check, it discards the service packet;

[0054]步骤406、CRC校验通过后,记录所使用的扰码及其对应的頂SI号码分组号,以及解扰后的解扰数据; [0054] Step 406, CRC check passes after the recording of the scrambling code used and the number corresponding top SI packet number, and the descrambled data descrambled;

[0055]步骤408、判断CRC校验通过时的〗MSI号码分组号与根据分组^!则得到的IMSI号码分组号是否一致,若不一致的丢弃该业务报文,若一致则继续; [0055] Step 408, when the CRC is determined by〗 MSI in accordance with the packet number of the packet number is obtained ^ packet number IMSI number are the same, if inconsistent discards the packet service, if they are consistent continues!;

[0056]步骤410、对所述解扰数据使用公共密钥解密,得到解密数据; [0056] Step 410, the public key to decrypt the descrambled data to obtain decrypted data;

[0057]步骤412、判断所述解密数据和业务数据前M个比特是否一致,若不一致的丢弃该业务报文,若一致则使用该业务报文继续业务过程。 [0057] Step 412, determining that the decrypted data and traffic data before the M bits are the same, if inconsistent discards the service packet, when the same packet is used to continue the service business process.

[0058]本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。 [0058] Those of ordinary skill in the art may understand that the above-described method embodiments all or part of the processes may be related hardware instructed by a computer program, the program may be stored in a computer readable storage medium. when the program is executed, the processes of the foregoing method embodiments. 其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。 Wherein the storage medium may be a magnetic disk, an optical disk, read-only memory (Read-Only Memory, ROM) or a random access memory (Random Access Memory, RAM) and the like.

[0059]上列较佳实施例,对本发明的目的、技术方案和优点进行了进一步详细说明,所应理解的是,以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 [0059] The preferred embodiments listed above, the objectives, technical solutions, and advantages of the present invention will be further described in detail, it should be understood that the above description is only preferred embodiments of the present invention, but not intended to limit the present any modifications to the invention, within the spirit and principle of the present invention, the, equivalent substitutions, improvements should be included within the scope of the present invention.

Claims (1)

1.一种数据加®的方法,应用于移动终端通过接入节点访问业务服务器的数据传递过程,其特征在于,该方法包括; 步骤20、业务注册阶段,具体包括以下步骤: 步骤200、业务服务器预设顶SI号码的分组规则,将移动终端的IMSI号码分为财且,分别为每组IMSI号码预设1个对应的扰码,并将IMSI号码分组号以及每个分组号对应的扰码存储在业务服务器上,所述扰码为M个比特; 步骤202、第一移动终端向业务服务器发起业务注册请求,其中携带所述第一移动终端的IMSI; 步骤204、业务服务器接收该业务请求,从中获取所述第一移动终端的IMSI,根据IMSI 号码的分组规则,找到该IMSI号码对应的扰码,将该扰码发送给第一移动终端,并向所述第一移动终端下发公共密钥; 步骤206、所述第一移动终端接收并存储业务服务器下发的扰码和公共密钥; 步骤30、业务数据发 A method of data encryption ®, is applied to the data transfer process by the mobile terminal to access the service server to the access node, wherein, the method comprising; a step 20, the service registration phase includes the following steps: Step 200, the service server preset rules top SI packet number, the IMSI number of the mobile terminal into the financial and, respectively, for each set of IMSI numbers corresponding to a predetermined scrambling code, the IMSI number and the packet number and packet number to each corresponding scramble code stored on the service server, the scrambling code is M bits; step 202, the first mobile terminal initiates a service request to the service registration server, wherein the first carries the IMSI of the mobile terminal; a step 204, the service server receives the service request, from a first acquiring IMSI of the mobile terminal, the IMSI number according to the grouping rule, the IMSI number to find a corresponding scrambling code, the scrambling code is transmitted to the first mobile terminal, issued to the first mobile terminal public key; step 206, the first mobile terminal received and delivered by the scrambling code and the public key storage service server; step 30, the service data sent 阶段,具体包括以下步骤: 步骤300、所述第一移动终端通过接入节点和业务服务器建立无线连接; 步骤302、将待发送的业务数据的前M个比特使用公共密钥进行加密,生成比特组成的加密数据; 步骤304、对加密数据进行循环冗余校验CRC计算,生成CRC码; 步骤306、对加密数据使用所述第一移动终端上存储的扰码进行加扰,生成加扰数据; 步骤308、依次将所述第一移动终端的IMSI、加扰数据、CRC码、所述业务数据组成待发送的数据净荷,将其打包在所述无线连接使用的协议报文中发送给业务服务器; 步骤40、数据校验接收阶段,具体包括以下步骤: 步骤400、业务服务器接收所述第一移动终端发送的业务报文,解析出其中的数据净荷,由此得到所述第一移动终端的IMSI、加扰数据、CRC码、所述业务数据; 步骤402、根据所述第一移动终端的IMSI号码,使用 Phase includes the following steps: Step 300, the first mobile terminal establishes a wireless connection through the access node and the service server; step 302, using the first M bits of data traffic to be transmitted is encrypted public key, generate a bit encrypted data; the step 304, the encrypted data is a cyclic redundancy check CRC calculation, CRC code is generated; step 306, the scrambling code for the encrypted data stored on the mobile terminal using the first scrambled, generating a scrambled data ; data payload in step 308, the sequence of the first mobile terminal IMSI, data scrambling, CRC code, consisting of the service data to be transmitted, which is packaged in the wireless connection protocol message used to send service server; step 40, the received data validation stage includes the following steps: step 400, the service server receives the first mobile terminal transmits the service packets, wherein the parsed data payload, whereby said first IMSI of the mobile terminal, the scrambled data, CRC code, said service data; a step 402, according to the IMSI number of the first mobile terminal using 预设的分组规则得到该号码所在的IMSI号码分组号,由此获取该分组对应的扰码; 步骤404、使用存储在业务服务器上的N个扰码依次对加扰数据进行解扰尝试,然后根据解扰后的数据以及所述CRC码进行CRC校验,直至CRC校验通过为止,若对所有N个扰码进行尝试后未通过CRC校验,则丢弃该业务报文; 步骤406、CRC校验通过后,记录所使用的扰码及其对应的顶SI号码分组号,以及解扰后的解扰数据; 步骤408、判断CRC校验通过时的顶SI号码分组号与根据分组规则得到的IMSI号码分组号是否一致,若不一致的丢弃该业务报文,若一致则继续; 步骤410、对所述解扰数据使用公共密钥解密,得到解密数据; 步骤412、判断所述解密数据和业务数据前M个比特是否一致,若不一致的丢弃该业务报文,若一致则使用该业务报文继续业务过程。 Grouping rules are preset number IMSI number where the packet number, thereby obtaining a scrambling code corresponding to the packet; step 404, the service server on the N scrambling codes sequentially stored descrambled scrambled data attempt, then according to the descrambled data and the CRC code CRC checking until the CRC check by far, the attempt if all the N scrambling codes does not pass the CRC check, discards the service packet; step 406, CRC after the check is passed, the scrambling code used for recording the number and the corresponding top SI packet number, and the descrambled data descrambled; step 408, it is determined when the top SI number of CRC check packet number obtained by grouping according to the rules whether the same packet number IMSI number, if the inconsistency of the service packet is discarded, if they are consistent continue; step 410, using the public key to decrypt the descrambled data to obtain decrypted data; step 412, determines whether the decrypted data and before the service data of M bits are the same, if inconsistent discards the service packet, when the same packet is used to continue the service business process.
CN201510006841.8A 2015-01-08 2015-01-08 A method of transmitting a data encryption CN104796397B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510006841.8A CN104796397B (en) 2015-01-08 2015-01-08 A method of transmitting a data encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510006841.8A CN104796397B (en) 2015-01-08 2015-01-08 A method of transmitting a data encryption

Publications (2)

Publication Number Publication Date
CN104796397A CN104796397A (en) 2015-07-22
CN104796397B true CN104796397B (en) 2017-09-19

Family

ID=53560909

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510006841.8A CN104796397B (en) 2015-01-08 2015-01-08 A method of transmitting a data encryption

Country Status (1)

Country Link
CN (1) CN104796397B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1282475A (en) * 1997-12-19 2001-01-31 英国电讯有限公司 Data communications
CN101399662A (en) * 2008-09-27 2009-04-01 北京创毅视讯科技有限公司 Method, system, conditional receiving module and customer terminal for obtaining service key
CN102413144A (en) * 2011-12-05 2012-04-11 中国电力科学研究院 Secure access system for C/S architecture service and related access method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1282475A (en) * 1997-12-19 2001-01-31 英国电讯有限公司 Data communications
CN101399662A (en) * 2008-09-27 2009-04-01 北京创毅视讯科技有限公司 Method, system, conditional receiving module and customer terminal for obtaining service key
CN102413144A (en) * 2011-12-05 2012-04-11 中国电力科学研究院 Secure access system for C/S architecture service and related access method

Also Published As

Publication number Publication date
CN104796397A (en) 2015-07-22

Similar Documents

Publication Publication Date Title
JP4649513B2 (en) Authentication method and related key generation method of wireless mobile Internet system
US9668230B2 (en) Security integration between a wireless and a wired network using a wireless gateway proxy
JP5307220B2 (en) Method and apparatus for secure data transmission in a mobile communication system
US7797745B2 (en) MAC security entity for link security entity and transmitting and receiving method therefor
JP4732687B2 (en) METHOD AND APPARATUS security in a data processing system
US8412157B2 (en) Method and apparatus for security protection of an original user identity in an initial signaling message
US8331567B2 (en) Methods and apparatuses for generating dynamic pairwise master keys using an image
JP5043006B2 (en) How to distribute the security key during handoff in a wireless communication system
CN101433010B (en) Method and system for securing wireless communications
US8245039B2 (en) Extensible authentication protocol authentication and key agreement (EAP-AKA) optimization
CN101578893B (en) Method and apparatus for base station self configuration
KR101468352B1 (en) Methods and apparatus to implement non-access stratum(nas) security in a long term evolution wireless device
JP4282992B2 (en) Method and apparatus for security in a data processing system
CN101822082B (en) Techniques for secure channelization between UICC and terminal
CN101523797B (en) Communication network cryptographic key management
EP1897268B1 (en) Method for refreshing a pairwise master key
RU2480925C2 (en) Generation of cryptographic key
JP4105339B2 (en) The methods and password protocols for establishing key using the air communication and password
KR101097709B1 (en) Authenticating access to a wireless local area network based on security value(s) associated with a cellular system
CN101641976B (en) An authentication method
WO2013040046A1 (en) Systems and methods for encoding exchanges with a set of shared ephemeral key data
US20120226906A1 (en) Protocol And Method For Client-Server Mutual Authentication Using Event-Based OTP
CN1198278A (en) Method for encryption of information
CN101453732B (en) Method of handling security key change and related communication device
EP2341724A2 (en) System and method for secure transaction of data between wireless communication device and server

Legal Events

Date Code Title Description
C06 Publication
EXSB Decision made by sipo to initiate substantive examination
CB02
GR01