CN105307159A - Air interface encryption method for cluster communication group calling service - Google Patents

Air interface encryption method for cluster communication group calling service Download PDF

Info

Publication number
CN105307159A
CN105307159A CN201410291202.6A CN201410291202A CN105307159A CN 105307159 A CN105307159 A CN 105307159A CN 201410291202 A CN201410291202 A CN 201410291202A CN 105307159 A CN105307159 A CN 105307159A
Authority
CN
China
Prior art keywords
encryption
air interface
control message
group calling
wine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410291202.6A
Other languages
Chinese (zh)
Inventor
强剑锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Potevio Information Technology Co Ltd
Putian Information Technology Co Ltd
Original Assignee
Putian Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Putian Information Technology Co Ltd filed Critical Putian Information Technology Co Ltd
Priority to CN201410291202.6A priority Critical patent/CN105307159A/en
Publication of CN105307159A publication Critical patent/CN105307159A/en
Pending legal-status Critical Current

Links

Abstract

The invention discloses an air interface encryption method for a cluster communication group calling service. The air interface encryption method comprises the following steps that: A, a user judges whether a control message for starting air interface group calling encryption is received or not; the step B is performed if the control message for starting air interface group calling encryption is received; and otherwise, the step A is continuously performed; B, user equipment judges whether an air interface encryption cell is carried in the control message or not; the step C is performed if the air interface encryption cell is carried in the control message; and otherwise, the step E is performed; C, whether an encryption algorithm is not null or not is judged; the step D is performed if the encryption algorithm is not null; and otherwise, the step E is performed; D, the user equipment receives a first wireless control message; an appointed extension serial number length in the first wireless control message is used in a packet data convergence protocol PDCP data packet born by cluster data; and then, the step F is performed; E, a non-extensional serial number length is used in the PDCP data packet born by the cluster data; and then, the process is ended; and F, a synchronous code is structured according to the serial number; and a PDCP grouped data unit of the cluster communication group calling service is encrypted by using the synchronous code. According to the technical scheme provided by the invention, the cluster communication group calling service is subjected to air interface encryption and achieves LTE unicast safety standards.

Description

A kind of encryption method of eating dishes without rice or wine of trunking communication group-calling service
Technical field
The application relates to mobile communication technology field, particularly the encryption method of eating dishes without rice or wine of trunking communication group-calling service.
Background technology
Fig. 1 is wideband multimedia cluster network downlink logical channel mapping relations schematic diagrames.Utilizing on existing LTE logic channel basis, also needing to increase the special logic channel of cluster: TCCH, TTCH and TPCCH.Wherein, TCCH is the down channel of group user transmitting control information, adopts point to multipoint mode; TCCH is mapped to downlink shared transmission channel (DL-SCH), and then is mapped to Physical Downlink Shared Channel (PDSCH).TTCH is the shared downlink traffic channel of listening user in group, and adopt point to multipoint mode, TTCH is mapped to transmission channel DL-SCH, and then is mapped to PDSCH physical channel; TPCCH channel is used for the beep-page message of transmission trunking group calling and individual calling, and TPCCH is the common down channel of point to multipoint mode, and TPCCH mapping logical channels is at newly-increased TPCH transmission channel.
The information of wideband multimedia cluster network transmission has higher confidentiality requirement, and this just requires that broadband multimedia cluster system has healthy and strong encryption function of eating dishes without rice or wine.In a service communication process, it is constant for eating dishes without rice or wine to encrypt the key K EY used, the keystream block difference utilizing the conversion of synchronous code (COUNT) that key stream generator is generated often to wrap.
In prior art, according to the description of 3GPPLTE agreement, synchronous code COUNT is PDCP (PDCP, PacketDataConvergenceProtocol) Packet Data Unit (PDU) frame counter, be made up of Hyper Frame Number (HFN)+sequence number (SN), wherein SN is included in PDCPPDU data packet head, HFN by base station (eNB) and subscriber equipment (UE) in local maintenance.In 3GPP agreement, for wireless connection control without response modes (RLCUM, RadioLinkControlUnacknowledgedMode) pattern, the length of PDCP is also specify the sequence number length of PDCP to be 7 bits or 12 bits by RRC information cell (PDCP-Config).
The encryption system of eating dishes without rice or wine of 3GPP is for individual calling and multicast broadcast multimedia service (MBMS, MultimediaBroadcastMulticastService) scene, and the group calling scene for one-to-many is not considered.TTCH in Fig. 1, Deta bearer (DRB) encryption of TCCH, cluster multi call adopt 3GPP eat dishes without rice or wine encryption method time, because LTE safety encipher system requires that in a ciphering process, synchronous code must not repeat, once repeat, this call cipher safety will be subject to very large threat.In order to ensure the requirement that group-calling service is ageing, generally in a communication process, do not carry out key backrush, namely HFN is constant.So get maximum 12bit length according to SN, each PDU wraps the longest call 20ms and calculates, and adopts in this way, and each call is the longest must not more than 82S, and the duration of call is too short, cannot meet the demand of trunking communication safety.
Summary of the invention
This application provides a kind of encryption method of eating dishes without rice or wine of trunking communication group-calling service, make trunking communication group-calling service carry out eating dishes without rice or wine to encrypt and reach LTE unicast security standard.
The encryption method of eating dishes without rice or wine of a kind of trunking communication group-calling service that the embodiment of the present application provides, comprises the steps:
The encryption method of eating dishes without rice or wine of a kind of trunking communication group-calling service that the embodiment of the present application provides, comprises the steps:
A, subscriber equipment judge whether the control message received for starting group calling encryption of eating dishes without rice or wine, if perform step B, otherwise continue to perform this step;
Whether B, subscriber equipment judge to carry in described control message eats dishes without rice or wine to encrypt cell, if perform step C, otherwise performs step e;
C, judge cryptographic algorithm whether for empty, if so, perform step D, otherwise perform step e;
D, subscriber equipment receive the first controlled in wireless message [? ], the PDCP PDCP packet of company-data carrying uses the sequence number length of the expansion of specifying in described first controlled in wireless message, then performs step F;
The PDCP packet of E, company-data carrying uses the sequence number length of non-expanding, then process ends;
F, according to sequence number structure synchronous code, and the PDCP Packet Data Unit of described synchronous code to trunking communication group-calling service is used to be encrypted.
Preferably, the described control message for starting group calling encryption of eating dishes without rice or wine is clustered paging message, group calling sets up message or cluster encrypting messages.
Preferably, the figure place of sequence number expansion is 8 bits.
Preferably, comprise further after step F: subscriber equipment receives the second controlled in wireless message, the PDCP packet of company-data carrying uses the sequence number length of the non-expanding of specifying in described second controlled in wireless message.
As can be seen from the above technical solutions, by the SN of controlled in wireless message indication extension, construct synchronous code according to the SN of expansion and realize encryption of eating dishes without rice or wine, thus ensure cluster safety communication time, base station and subscriber equipment Maintenance free HFN, thus solve cluster multi call and to lag the secure communication of access, service switchover.In addition because SN is elongated, communication system step-out probability also reduces greatly.Use the SN length of expansion if current, can also have been reshuffled DRB by controlled in wireless message again, make SN recover default-length.Technical scheme is applicable to the communication system that trunking communication etc. needs to expand PDCP agreement SN length.In addition, the application's scheme also compatible LTE air protocol standard and encryption method.
Accompanying drawing explanation
Fig. 1 is wideband multimedia cluster network downlink logical channel mapping relations schematic diagrames;
Fig. 2 is the PDCPDataPDU head-coating structure schematic diagram of 3GPP standard 12bitSN value;
Fig. 3 is the PDCPDataPDU head-coating structure schematic diagram that in the embodiment of the present application, group service eats dishes without rice or wine to encrypt 20bitSN value;
Fig. 4 is the ciphering process schematic diagram of eating dishes without rice or wine of cluster multi call business in the embodiment of the present application;
The encryption method schematic flow sheet of eating dishes without rice or wine of the trunking communication group-calling service that Fig. 5 provides for the embodiment of the present application.
Embodiment
Safety of eating dishes without rice or wine is carried out at PDCP layer, and its safety encipher is the PDU for three types: the PDCPDataPDU of the PDCPDataPDU of control plane SRB data, the PDCPDataPDU using 12bitSN value, use 7bitSN value.
The fundamental design idea of the application is: by SN figure place expansion N position in PDU data packet head (N neglect greatly the call of group calling single in limited time length and determine, if expansion 8 can be selected within five hours).Synchronous code (COUNT) is made up of the SN after expanding.To keep synchronous code length same as the prior art, arbitrary value or other numerical value can be inserted in the position of original HFN.
Preferably, use controlled in wireless message arrangement or reshuffle the SN length of PDCP protocol package, the numerical value of expansion SN figure place N can set according to the actual requirements.As the special realization of one, if SN extended length is fixing in certain communication protocol, so also can without the explicit instruction of controlled in wireless message, as long as receiving-transmitting sides adopts the length of agreement.This is a kind of mode of recessiveness instruction SN extended length.Recessive instruction can complete by starting the control message of eating dishes without rice or wine to encrypt, and start and eat dishes without rice or wine to encrypt the SN length just using expansion, not starting encryption of eating dishes without rice or wine is exactly original PDCP protocol format.
For making the know-why of technical scheme, feature and technique effect clearly, below in conjunction with specific embodiment, technical scheme is described in detail.
Below for the PDCPDataPDU of the most frequently used use 12bitSN value arrived, as shown in Figure 2, wherein the length of PDCPSN is that 12 bits (bit), R represent reservation position to its data packet head form.Package head format PDCP packet header of cluster multi call carrying when Fig. 3 only illustrates that SN expands to 20bit length extends 8bits except PDCPSN, and other all need not change.
Group calling secure cryptographic algorithm adopts 128-EEA3.Eat dishes without rice or wine ciphering process as shown in Figure 4, and the input parameter of transmit leg is as shown in table 1:
Table 1
Output parameter: the ciphertext inserted in data field (data).
The processing procedure of recipient is similar, and just output parameter is the plaintext inserted in data field.
To use the PDCPDataPDU of 12bitSN value, get N=8, after improving PDU data packet head, its SN length becomes 20bit.HFN gets fixed value: the mould remainder number of cluster group number and 2^12.
In a calling talk process, because SN is that the mode adding according to each PDU bag increases progressively, can count 220 times so the longest in a communication process, calculate according to each PDU bag call 20ms, the duration of call can reach 5.825h.In addition, the synchronization loss minimum time that may cause due to packet loss that is to say that SN overflows time: 5.825h.And the duration of call calculated before SN does not improve is 82S, the synchronization loss minimum time that may cause due to packet loss is also 82S.So the application well improves the problem of safety call duration, also greatly reduce the probability of synchronization loss in addition.
The trunking communication group-calling service that the embodiment of the present application provides eat dishes without rice or wine encryption method flow process as shown in Figure 5, comprise the steps:
Step 501:UE judges whether the control message received for starting group calling encryption of eating dishes without rice or wine, and if so, performs step 502, otherwise continues to perform this step.The eat dishes without rice or wine control message of group calling encryption of described startup can be possible encrypt the various signaling messages of cell containing eating dishes without rice or wine.Such as, message or cluster encrypting messages are set up in clustered paging message or group calling;
Step 502:UE judges whether to carry in described control message encryption cell of eating dishes without rice or wine, if perform step 503, otherwise performs step 505.Described encryption cell of eating dishes without rice or wine can be comprise the cell of cryptographic algorithm and/or comprise the cell of secret key.
Step 503: judge that whether cryptographic algorithm is not for empty, if so, performs step 504, otherwise performs step 505.
Step 504: subscriber equipment receives the first controlled in wireless message, the PDCP packet of cluster DRB uses the sequence number length of the expansion of specifying in described first controlled in wireless message, then performs step 506;
Step 505: the PDCP packet of cluster DRB uses the SN length of non-expanding, and do not carry out encryption of eating dishes without rice or wine, then process ends, proceeds to the follow-up processing flow of cluster multi call.
Step 506: construct synchronous code according to SN, and use the PDCPPDU of described synchronous code to trunking communication group-calling service to be encrypted, then carry out the follow-up processing flow of cluster multi call.
Can further include after described step 506: subscriber equipment receives the second controlled in wireless message, the PDCP packet of company-data carrying uses the sequence number length of the non-expanding of specifying in described second controlled in wireless message
Described PDCP packet uses the SN length of expansion can be realized by recessive instruction or dominant instruction.Recessive instruction can complete by starting the control message of eating dishes without rice or wine to encrypt, and start and eat dishes without rice or wine to encrypt the SN length just using expansion, not starting encryption of eating dishes without rice or wine is exactly original PDCP protocol format.Dominantly to be designated as: by increasing the extension length that a special cell indicates SN at described control message.
Table 2 provides an example, is carried out the extension length of dominant instruction SN by the cell of " pdcp-SN-Size " by name:
Table 2
Payload data portion byte after former SN is for expanding SN.In PDCPPDU head, SN extended length figure place to be prescribed a time limit length depending on calling talk, if can select expansion 8 within five hours; The SN extension length that safety call is for more time corresponding longer.
Use the PDCPSN length of expansion if current, ited is desirable to recover original SN length, then by dominant instruction, again sent controlled in wireless message to terminal and corresponding DRB is reshuffled; Or by recessive instruction, stop the control message of eating dishes without rice or wine to encrypt can recover the non-expanding SN length of 3GPPPDCP agreement acquiescence.
According to technical scheme, eNB and UE Maintenance free HFN value, when constructing synchronous code, arbitrary value can be inserted in the position of original HFN, or certain algorithm calculates a pseudo-Hyper Frame Number for parameter adopts according to the group calling number (Group-Num) of current group calling.The application is not limited the concrete form of this algorithm.
The application gives a kind of trunking communication group-calling service and reuses LTE and to eat dishes without rice or wine the method for encipherment scheme.Group service fail safe reaches LTE unicast security standard completely.The application utilizes the reservation position of PDCP agreement to expand, compatible with LTE standard, reliable and stable; ENB and UE can safeguard HFN value again, and the program solves cluster multi call and to lag the secure communication of access, service switchover, and communication time also meets group calling needs, and in addition because SN is elongated, communication system step-out probability also reduces greatly.Technical scheme is applicable to the communication system that trunking communication etc. needs to expand PDCP agreement SN length.
The foregoing is only the preferred embodiment of the application; not in order to limit the protection range of the application; within all spirit in technical scheme and principle, any amendment made, equivalent replacements, improvement etc., all should be included within scope that the application protects.

Claims (4)

1. an encryption method of eating dishes without rice or wine for trunking communication group-calling service, is characterized in that, comprise the steps:
A, subscriber equipment judge whether the control message received for starting group calling encryption of eating dishes without rice or wine, if perform step B, otherwise continue to perform this step;
Whether B, subscriber equipment judge to carry in described control message eats dishes without rice or wine to encrypt cell, if perform step C, otherwise performs step e;
C, judge cryptographic algorithm whether for empty, if so, perform step D, otherwise perform step e;
D, subscriber equipment receive the first controlled in wireless message, and the PDCP PDCP packet of company-data carrying uses the sequence number length of the expansion of specifying in described first controlled in wireless message, then performs step F;
The PDCP packet of E, company-data carrying uses the sequence number length of non-expanding, then process ends;
F, according to sequence number structure synchronous code, and the PDCP Packet Data Unit of described synchronous code to trunking communication group-calling service is used to be encrypted.
2. method according to claim 1, is characterized in that, the described control message for starting group calling encryption of eating dishes without rice or wine is clustered paging message, message or cluster encrypting messages are set up in group calling.
3. method according to claim 1, is characterized in that, the figure place of sequence number expansion is 8 bits.
4. method according to claim 1, it is characterized in that, comprise further after step F: subscriber equipment receives the second controlled in wireless message, the PDCP packet of company-data carrying uses the sequence number length of the non-expanding of specifying in described second controlled in wireless message.
CN201410291202.6A 2014-06-25 2014-06-25 Air interface encryption method for cluster communication group calling service Pending CN105307159A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410291202.6A CN105307159A (en) 2014-06-25 2014-06-25 Air interface encryption method for cluster communication group calling service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410291202.6A CN105307159A (en) 2014-06-25 2014-06-25 Air interface encryption method for cluster communication group calling service

Publications (1)

Publication Number Publication Date
CN105307159A true CN105307159A (en) 2016-02-03

Family

ID=55203802

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410291202.6A Pending CN105307159A (en) 2014-06-25 2014-06-25 Air interface encryption method for cluster communication group calling service

Country Status (1)

Country Link
CN (1) CN105307159A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107529159A (en) * 2016-06-22 2017-12-29 中兴通讯股份有限公司 The Access Layer encryption of broadband cluster DSCH Downlink Shared Channel, decryption, completeness protection method and device, safety implementation method
WO2018098687A1 (en) * 2016-11-30 2018-06-07 华为技术有限公司 Method and device for security processing
CN108282292A (en) * 2017-01-06 2018-07-13 华为技术有限公司 Method, transmitting terminal and receiving terminal for handling data
CN108631921A (en) * 2017-03-24 2018-10-09 电信科学技术研究院 A kind of method and apparatus handled for SN length
CN113473563A (en) * 2021-07-05 2021-10-01 中国联合网络通信集团有限公司 Distribution method, mobile network switching method, system, server and medium
WO2022267478A1 (en) * 2021-06-22 2022-12-29 中兴通讯股份有限公司 Data transmission method, pdcp sending entity, pdcp receiving entity, and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007109994A1 (en) * 2006-03-25 2007-10-04 Huawei Technologies Co., Ltd. Method and apparatus for generating sequence number of encryption key in network
CN103686616A (en) * 2012-09-24 2014-03-26 普天信息技术研究院有限公司 Cluster group call security encryption synchronization method
CN103813272A (en) * 2012-11-14 2014-05-21 普天信息技术研究院有限公司 Cluster group calling downlink transmission method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007109994A1 (en) * 2006-03-25 2007-10-04 Huawei Technologies Co., Ltd. Method and apparatus for generating sequence number of encryption key in network
CN103686616A (en) * 2012-09-24 2014-03-26 普天信息技术研究院有限公司 Cluster group call security encryption synchronization method
CN103813272A (en) * 2012-11-14 2014-05-21 普天信息技术研究院有限公司 Cluster group calling downlink transmission method

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107529159A (en) * 2016-06-22 2017-12-29 中兴通讯股份有限公司 The Access Layer encryption of broadband cluster DSCH Downlink Shared Channel, decryption, completeness protection method and device, safety implementation method
WO2018098687A1 (en) * 2016-11-30 2018-06-07 华为技术有限公司 Method and device for security processing
CN109863769A (en) * 2016-11-30 2019-06-07 华为技术有限公司 The method and apparatus of safe handling
CN108282292A (en) * 2017-01-06 2018-07-13 华为技术有限公司 Method, transmitting terminal and receiving terminal for handling data
CN108282292B (en) * 2017-01-06 2020-10-23 华为技术有限公司 Method, sending end and receiving end for processing data
CN108631921A (en) * 2017-03-24 2018-10-09 电信科学技术研究院 A kind of method and apparatus handled for SN length
CN108631921B (en) * 2017-03-24 2020-10-20 电信科学技术研究院 Method and device for processing SN length
WO2022267478A1 (en) * 2021-06-22 2022-12-29 中兴通讯股份有限公司 Data transmission method, pdcp sending entity, pdcp receiving entity, and device
CN113473563A (en) * 2021-07-05 2021-10-01 中国联合网络通信集团有限公司 Distribution method, mobile network switching method, system, server and medium
CN113473563B (en) * 2021-07-05 2022-09-02 中国联合网络通信集团有限公司 Distribution method, mobile network switching method, system, server and medium

Similar Documents

Publication Publication Date Title
US10887942B2 (en) Method and apparatus for transmitting/receiving data in mobile communication system
CN105307159A (en) Air interface encryption method for cluster communication group calling service
US8743905B2 (en) Method and apparatus for bundling and ciphering data
ES2901374T3 (en) Method and apparatus for performing an efficient layer 2 function in a mobile communication system
KR20090101829A (en) A method for configuring different data block formats in uplink and downlink
CN103402198B (en) A kind of method that radio communication terminal encryption parameter transmits
KR20100116132A (en) Efficient security related procedure
CN102026174A (en) Method and device for maintaining secrecy of user identification in paging procedure
CN110771205B (en) Refreshing security keys in 5G wireless systems
EP2932642B1 (en) Downlink physical layer processing in wireless networks with symbol rate mapping
CN103945371A (en) End to end encryption synchronization method
GB2446044A (en) Communication system for transmitting data from a data source to a mobile station
KR20180049888A (en) Method and apparatus to efficiently support both PDCP and DRX operations in the mobile communication system
US20160285834A1 (en) Techniques for encrypting fields of a frame header for wi-fi privacy
CN103607261A (en) Data transmission method and device
KR20150055004A (en) Streaming alignment of key stream to unaligned data stream
CN115362692A (en) Communication method, device and system
CN103813272A (en) Cluster group calling downlink transmission method
CN105323725A (en) Air interface encryption method for cluster communication group calling service
CN103686616B (en) A kind of method of cluster group call security encryption synchronization
CN102348203A (en) Method for realizing encryption synchronization
WO2022134089A1 (en) Method and apparatus for generating security context, and computer-readable storage medium
US10419249B2 (en) Scrambling for downlink signaling in wireless communication network
WO2021056464A1 (en) Data safety processing method and communication apparatus
KR20100081902A (en) Method for transmitting and receiving data using random linear coding

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160203

RJ01 Rejection of invention patent application after publication