CN105307159A - Air interface encryption method for cluster communication group calling service - Google Patents
Air interface encryption method for cluster communication group calling service Download PDFInfo
- Publication number
- CN105307159A CN105307159A CN201410291202.6A CN201410291202A CN105307159A CN 105307159 A CN105307159 A CN 105307159A CN 201410291202 A CN201410291202 A CN 201410291202A CN 105307159 A CN105307159 A CN 105307159A
- Authority
- CN
- China
- Prior art keywords
- encryption
- air interface
- control message
- group calling
- wine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses an air interface encryption method for a cluster communication group calling service. The air interface encryption method comprises the following steps that: A, a user judges whether a control message for starting air interface group calling encryption is received or not; the step B is performed if the control message for starting air interface group calling encryption is received; and otherwise, the step A is continuously performed; B, user equipment judges whether an air interface encryption cell is carried in the control message or not; the step C is performed if the air interface encryption cell is carried in the control message; and otherwise, the step E is performed; C, whether an encryption algorithm is not null or not is judged; the step D is performed if the encryption algorithm is not null; and otherwise, the step E is performed; D, the user equipment receives a first wireless control message; an appointed extension serial number length in the first wireless control message is used in a packet data convergence protocol PDCP data packet born by cluster data; and then, the step F is performed; E, a non-extensional serial number length is used in the PDCP data packet born by the cluster data; and then, the process is ended; and F, a synchronous code is structured according to the serial number; and a PDCP grouped data unit of the cluster communication group calling service is encrypted by using the synchronous code. According to the technical scheme provided by the invention, the cluster communication group calling service is subjected to air interface encryption and achieves LTE unicast safety standards.
Description
Technical field
The application relates to mobile communication technology field, particularly the encryption method of eating dishes without rice or wine of trunking communication group-calling service.
Background technology
Fig. 1 is wideband multimedia cluster network downlink logical channel mapping relations schematic diagrames.Utilizing on existing LTE logic channel basis, also needing to increase the special logic channel of cluster: TCCH, TTCH and TPCCH.Wherein, TCCH is the down channel of group user transmitting control information, adopts point to multipoint mode; TCCH is mapped to downlink shared transmission channel (DL-SCH), and then is mapped to Physical Downlink Shared Channel (PDSCH).TTCH is the shared downlink traffic channel of listening user in group, and adopt point to multipoint mode, TTCH is mapped to transmission channel DL-SCH, and then is mapped to PDSCH physical channel; TPCCH channel is used for the beep-page message of transmission trunking group calling and individual calling, and TPCCH is the common down channel of point to multipoint mode, and TPCCH mapping logical channels is at newly-increased TPCH transmission channel.
The information of wideband multimedia cluster network transmission has higher confidentiality requirement, and this just requires that broadband multimedia cluster system has healthy and strong encryption function of eating dishes without rice or wine.In a service communication process, it is constant for eating dishes without rice or wine to encrypt the key K EY used, the keystream block difference utilizing the conversion of synchronous code (COUNT) that key stream generator is generated often to wrap.
In prior art, according to the description of 3GPPLTE agreement, synchronous code COUNT is PDCP (PDCP, PacketDataConvergenceProtocol) Packet Data Unit (PDU) frame counter, be made up of Hyper Frame Number (HFN)+sequence number (SN), wherein SN is included in PDCPPDU data packet head, HFN by base station (eNB) and subscriber equipment (UE) in local maintenance.In 3GPP agreement, for wireless connection control without response modes (RLCUM, RadioLinkControlUnacknowledgedMode) pattern, the length of PDCP is also specify the sequence number length of PDCP to be 7 bits or 12 bits by RRC information cell (PDCP-Config).
The encryption system of eating dishes without rice or wine of 3GPP is for individual calling and multicast broadcast multimedia service (MBMS, MultimediaBroadcastMulticastService) scene, and the group calling scene for one-to-many is not considered.TTCH in Fig. 1, Deta bearer (DRB) encryption of TCCH, cluster multi call adopt 3GPP eat dishes without rice or wine encryption method time, because LTE safety encipher system requires that in a ciphering process, synchronous code must not repeat, once repeat, this call cipher safety will be subject to very large threat.In order to ensure the requirement that group-calling service is ageing, generally in a communication process, do not carry out key backrush, namely HFN is constant.So get maximum 12bit length according to SN, each PDU wraps the longest call 20ms and calculates, and adopts in this way, and each call is the longest must not more than 82S, and the duration of call is too short, cannot meet the demand of trunking communication safety.
Summary of the invention
This application provides a kind of encryption method of eating dishes without rice or wine of trunking communication group-calling service, make trunking communication group-calling service carry out eating dishes without rice or wine to encrypt and reach LTE unicast security standard.
The encryption method of eating dishes without rice or wine of a kind of trunking communication group-calling service that the embodiment of the present application provides, comprises the steps:
The encryption method of eating dishes without rice or wine of a kind of trunking communication group-calling service that the embodiment of the present application provides, comprises the steps:
A, subscriber equipment judge whether the control message received for starting group calling encryption of eating dishes without rice or wine, if perform step B, otherwise continue to perform this step;
Whether B, subscriber equipment judge to carry in described control message eats dishes without rice or wine to encrypt cell, if perform step C, otherwise performs step e;
C, judge cryptographic algorithm whether for empty, if so, perform step D, otherwise perform step e;
D, subscriber equipment receive the first controlled in wireless message [? ], the PDCP PDCP packet of company-data carrying uses the sequence number length of the expansion of specifying in described first controlled in wireless message, then performs step F;
The PDCP packet of E, company-data carrying uses the sequence number length of non-expanding, then process ends;
F, according to sequence number structure synchronous code, and the PDCP Packet Data Unit of described synchronous code to trunking communication group-calling service is used to be encrypted.
Preferably, the described control message for starting group calling encryption of eating dishes without rice or wine is clustered paging message, group calling sets up message or cluster encrypting messages.
Preferably, the figure place of sequence number expansion is 8 bits.
Preferably, comprise further after step F: subscriber equipment receives the second controlled in wireless message, the PDCP packet of company-data carrying uses the sequence number length of the non-expanding of specifying in described second controlled in wireless message.
As can be seen from the above technical solutions, by the SN of controlled in wireless message indication extension, construct synchronous code according to the SN of expansion and realize encryption of eating dishes without rice or wine, thus ensure cluster safety communication time, base station and subscriber equipment Maintenance free HFN, thus solve cluster multi call and to lag the secure communication of access, service switchover.In addition because SN is elongated, communication system step-out probability also reduces greatly.Use the SN length of expansion if current, can also have been reshuffled DRB by controlled in wireless message again, make SN recover default-length.Technical scheme is applicable to the communication system that trunking communication etc. needs to expand PDCP agreement SN length.In addition, the application's scheme also compatible LTE air protocol standard and encryption method.
Accompanying drawing explanation
Fig. 1 is wideband multimedia cluster network downlink logical channel mapping relations schematic diagrames;
Fig. 2 is the PDCPDataPDU head-coating structure schematic diagram of 3GPP standard 12bitSN value;
Fig. 3 is the PDCPDataPDU head-coating structure schematic diagram that in the embodiment of the present application, group service eats dishes without rice or wine to encrypt 20bitSN value;
Fig. 4 is the ciphering process schematic diagram of eating dishes without rice or wine of cluster multi call business in the embodiment of the present application;
The encryption method schematic flow sheet of eating dishes without rice or wine of the trunking communication group-calling service that Fig. 5 provides for the embodiment of the present application.
Embodiment
Safety of eating dishes without rice or wine is carried out at PDCP layer, and its safety encipher is the PDU for three types: the PDCPDataPDU of the PDCPDataPDU of control plane SRB data, the PDCPDataPDU using 12bitSN value, use 7bitSN value.
The fundamental design idea of the application is: by SN figure place expansion N position in PDU data packet head (N neglect greatly the call of group calling single in limited time length and determine, if expansion 8 can be selected within five hours).Synchronous code (COUNT) is made up of the SN after expanding.To keep synchronous code length same as the prior art, arbitrary value or other numerical value can be inserted in the position of original HFN.
Preferably, use controlled in wireless message arrangement or reshuffle the SN length of PDCP protocol package, the numerical value of expansion SN figure place N can set according to the actual requirements.As the special realization of one, if SN extended length is fixing in certain communication protocol, so also can without the explicit instruction of controlled in wireless message, as long as receiving-transmitting sides adopts the length of agreement.This is a kind of mode of recessiveness instruction SN extended length.Recessive instruction can complete by starting the control message of eating dishes without rice or wine to encrypt, and start and eat dishes without rice or wine to encrypt the SN length just using expansion, not starting encryption of eating dishes without rice or wine is exactly original PDCP protocol format.
For making the know-why of technical scheme, feature and technique effect clearly, below in conjunction with specific embodiment, technical scheme is described in detail.
Below for the PDCPDataPDU of the most frequently used use 12bitSN value arrived, as shown in Figure 2, wherein the length of PDCPSN is that 12 bits (bit), R represent reservation position to its data packet head form.Package head format PDCP packet header of cluster multi call carrying when Fig. 3 only illustrates that SN expands to 20bit length extends 8bits except PDCPSN, and other all need not change.
Group calling secure cryptographic algorithm adopts 128-EEA3.Eat dishes without rice or wine ciphering process as shown in Figure 4, and the input parameter of transmit leg is as shown in table 1:
Table 1
Output parameter: the ciphertext inserted in data field (data).
The processing procedure of recipient is similar, and just output parameter is the plaintext inserted in data field.
To use the PDCPDataPDU of 12bitSN value, get N=8, after improving PDU data packet head, its SN length becomes 20bit.HFN gets fixed value: the mould remainder number of cluster group number and 2^12.
In a calling talk process, because SN is that the mode adding according to each PDU bag increases progressively, can count 220 times so the longest in a communication process, calculate according to each PDU bag call 20ms, the duration of call can reach 5.825h.In addition, the synchronization loss minimum time that may cause due to packet loss that is to say that SN overflows time: 5.825h.And the duration of call calculated before SN does not improve is 82S, the synchronization loss minimum time that may cause due to packet loss is also 82S.So the application well improves the problem of safety call duration, also greatly reduce the probability of synchronization loss in addition.
The trunking communication group-calling service that the embodiment of the present application provides eat dishes without rice or wine encryption method flow process as shown in Figure 5, comprise the steps:
Step 501:UE judges whether the control message received for starting group calling encryption of eating dishes without rice or wine, and if so, performs step 502, otherwise continues to perform this step.The eat dishes without rice or wine control message of group calling encryption of described startup can be possible encrypt the various signaling messages of cell containing eating dishes without rice or wine.Such as, message or cluster encrypting messages are set up in clustered paging message or group calling;
Step 502:UE judges whether to carry in described control message encryption cell of eating dishes without rice or wine, if perform step 503, otherwise performs step 505.Described encryption cell of eating dishes without rice or wine can be comprise the cell of cryptographic algorithm and/or comprise the cell of secret key.
Step 503: judge that whether cryptographic algorithm is not for empty, if so, performs step 504, otherwise performs step 505.
Step 504: subscriber equipment receives the first controlled in wireless message, the PDCP packet of cluster DRB uses the sequence number length of the expansion of specifying in described first controlled in wireless message, then performs step 506;
Step 505: the PDCP packet of cluster DRB uses the SN length of non-expanding, and do not carry out encryption of eating dishes without rice or wine, then process ends, proceeds to the follow-up processing flow of cluster multi call.
Step 506: construct synchronous code according to SN, and use the PDCPPDU of described synchronous code to trunking communication group-calling service to be encrypted, then carry out the follow-up processing flow of cluster multi call.
Can further include after described step 506: subscriber equipment receives the second controlled in wireless message, the PDCP packet of company-data carrying uses the sequence number length of the non-expanding of specifying in described second controlled in wireless message
Described PDCP packet uses the SN length of expansion can be realized by recessive instruction or dominant instruction.Recessive instruction can complete by starting the control message of eating dishes without rice or wine to encrypt, and start and eat dishes without rice or wine to encrypt the SN length just using expansion, not starting encryption of eating dishes without rice or wine is exactly original PDCP protocol format.Dominantly to be designated as: by increasing the extension length that a special cell indicates SN at described control message.
Table 2 provides an example, is carried out the extension length of dominant instruction SN by the cell of " pdcp-SN-Size " by name:
Table 2
Payload data portion byte after former SN is for expanding SN.In PDCPPDU head, SN extended length figure place to be prescribed a time limit length depending on calling talk, if can select expansion 8 within five hours; The SN extension length that safety call is for more time corresponding longer.
Use the PDCPSN length of expansion if current, ited is desirable to recover original SN length, then by dominant instruction, again sent controlled in wireless message to terminal and corresponding DRB is reshuffled; Or by recessive instruction, stop the control message of eating dishes without rice or wine to encrypt can recover the non-expanding SN length of 3GPPPDCP agreement acquiescence.
According to technical scheme, eNB and UE Maintenance free HFN value, when constructing synchronous code, arbitrary value can be inserted in the position of original HFN, or certain algorithm calculates a pseudo-Hyper Frame Number for parameter adopts according to the group calling number (Group-Num) of current group calling.The application is not limited the concrete form of this algorithm.
The application gives a kind of trunking communication group-calling service and reuses LTE and to eat dishes without rice or wine the method for encipherment scheme.Group service fail safe reaches LTE unicast security standard completely.The application utilizes the reservation position of PDCP agreement to expand, compatible with LTE standard, reliable and stable; ENB and UE can safeguard HFN value again, and the program solves cluster multi call and to lag the secure communication of access, service switchover, and communication time also meets group calling needs, and in addition because SN is elongated, communication system step-out probability also reduces greatly.Technical scheme is applicable to the communication system that trunking communication etc. needs to expand PDCP agreement SN length.
The foregoing is only the preferred embodiment of the application; not in order to limit the protection range of the application; within all spirit in technical scheme and principle, any amendment made, equivalent replacements, improvement etc., all should be included within scope that the application protects.
Claims (4)
1. an encryption method of eating dishes without rice or wine for trunking communication group-calling service, is characterized in that, comprise the steps:
A, subscriber equipment judge whether the control message received for starting group calling encryption of eating dishes without rice or wine, if perform step B, otherwise continue to perform this step;
Whether B, subscriber equipment judge to carry in described control message eats dishes without rice or wine to encrypt cell, if perform step C, otherwise performs step e;
C, judge cryptographic algorithm whether for empty, if so, perform step D, otherwise perform step e;
D, subscriber equipment receive the first controlled in wireless message, and the PDCP PDCP packet of company-data carrying uses the sequence number length of the expansion of specifying in described first controlled in wireless message, then performs step F;
The PDCP packet of E, company-data carrying uses the sequence number length of non-expanding, then process ends;
F, according to sequence number structure synchronous code, and the PDCP Packet Data Unit of described synchronous code to trunking communication group-calling service is used to be encrypted.
2. method according to claim 1, is characterized in that, the described control message for starting group calling encryption of eating dishes without rice or wine is clustered paging message, message or cluster encrypting messages are set up in group calling.
3. method according to claim 1, is characterized in that, the figure place of sequence number expansion is 8 bits.
4. method according to claim 1, it is characterized in that, comprise further after step F: subscriber equipment receives the second controlled in wireless message, the PDCP packet of company-data carrying uses the sequence number length of the non-expanding of specifying in described second controlled in wireless message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410291202.6A CN105307159A (en) | 2014-06-25 | 2014-06-25 | Air interface encryption method for cluster communication group calling service |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410291202.6A CN105307159A (en) | 2014-06-25 | 2014-06-25 | Air interface encryption method for cluster communication group calling service |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105307159A true CN105307159A (en) | 2016-02-03 |
Family
ID=55203802
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410291202.6A Pending CN105307159A (en) | 2014-06-25 | 2014-06-25 | Air interface encryption method for cluster communication group calling service |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105307159A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107529159A (en) * | 2016-06-22 | 2017-12-29 | 中兴通讯股份有限公司 | The Access Layer encryption of broadband cluster DSCH Downlink Shared Channel, decryption, completeness protection method and device, safety implementation method |
WO2018098687A1 (en) * | 2016-11-30 | 2018-06-07 | 华为技术有限公司 | Method and device for security processing |
CN108282292A (en) * | 2017-01-06 | 2018-07-13 | 华为技术有限公司 | Method, transmitting terminal and receiving terminal for handling data |
CN108631921A (en) * | 2017-03-24 | 2018-10-09 | 电信科学技术研究院 | A kind of method and apparatus handled for SN length |
CN113473563A (en) * | 2021-07-05 | 2021-10-01 | 中国联合网络通信集团有限公司 | Distribution method, mobile network switching method, system, server and medium |
WO2022267478A1 (en) * | 2021-06-22 | 2022-12-29 | 中兴通讯股份有限公司 | Data transmission method, pdcp sending entity, pdcp receiving entity, and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2007109994A1 (en) * | 2006-03-25 | 2007-10-04 | Huawei Technologies Co., Ltd. | Method and apparatus for generating sequence number of encryption key in network |
CN103686616A (en) * | 2012-09-24 | 2014-03-26 | 普天信息技术研究院有限公司 | Cluster group call security encryption synchronization method |
CN103813272A (en) * | 2012-11-14 | 2014-05-21 | 普天信息技术研究院有限公司 | Cluster group calling downlink transmission method |
-
2014
- 2014-06-25 CN CN201410291202.6A patent/CN105307159A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2007109994A1 (en) * | 2006-03-25 | 2007-10-04 | Huawei Technologies Co., Ltd. | Method and apparatus for generating sequence number of encryption key in network |
CN103686616A (en) * | 2012-09-24 | 2014-03-26 | 普天信息技术研究院有限公司 | Cluster group call security encryption synchronization method |
CN103813272A (en) * | 2012-11-14 | 2014-05-21 | 普天信息技术研究院有限公司 | Cluster group calling downlink transmission method |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107529159A (en) * | 2016-06-22 | 2017-12-29 | 中兴通讯股份有限公司 | The Access Layer encryption of broadband cluster DSCH Downlink Shared Channel, decryption, completeness protection method and device, safety implementation method |
WO2018098687A1 (en) * | 2016-11-30 | 2018-06-07 | 华为技术有限公司 | Method and device for security processing |
CN109863769A (en) * | 2016-11-30 | 2019-06-07 | 华为技术有限公司 | The method and apparatus of safe handling |
CN108282292A (en) * | 2017-01-06 | 2018-07-13 | 华为技术有限公司 | Method, transmitting terminal and receiving terminal for handling data |
CN108282292B (en) * | 2017-01-06 | 2020-10-23 | 华为技术有限公司 | Method, sending end and receiving end for processing data |
CN108631921A (en) * | 2017-03-24 | 2018-10-09 | 电信科学技术研究院 | A kind of method and apparatus handled for SN length |
CN108631921B (en) * | 2017-03-24 | 2020-10-20 | 电信科学技术研究院 | Method and device for processing SN length |
WO2022267478A1 (en) * | 2021-06-22 | 2022-12-29 | 中兴通讯股份有限公司 | Data transmission method, pdcp sending entity, pdcp receiving entity, and device |
CN113473563A (en) * | 2021-07-05 | 2021-10-01 | 中国联合网络通信集团有限公司 | Distribution method, mobile network switching method, system, server and medium |
CN113473563B (en) * | 2021-07-05 | 2022-09-02 | 中国联合网络通信集团有限公司 | Distribution method, mobile network switching method, system, server and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10887942B2 (en) | Method and apparatus for transmitting/receiving data in mobile communication system | |
CN105307159A (en) | Air interface encryption method for cluster communication group calling service | |
US8743905B2 (en) | Method and apparatus for bundling and ciphering data | |
ES2901374T3 (en) | Method and apparatus for performing an efficient layer 2 function in a mobile communication system | |
KR20090101829A (en) | A method for configuring different data block formats in uplink and downlink | |
CN103402198B (en) | A kind of method that radio communication terminal encryption parameter transmits | |
KR20100116132A (en) | Efficient security related procedure | |
CN102026174A (en) | Method and device for maintaining secrecy of user identification in paging procedure | |
CN110771205B (en) | Refreshing security keys in 5G wireless systems | |
EP2932642B1 (en) | Downlink physical layer processing in wireless networks with symbol rate mapping | |
CN103945371A (en) | End to end encryption synchronization method | |
GB2446044A (en) | Communication system for transmitting data from a data source to a mobile station | |
KR20180049888A (en) | Method and apparatus to efficiently support both PDCP and DRX operations in the mobile communication system | |
US20160285834A1 (en) | Techniques for encrypting fields of a frame header for wi-fi privacy | |
CN103607261A (en) | Data transmission method and device | |
KR20150055004A (en) | Streaming alignment of key stream to unaligned data stream | |
CN115362692A (en) | Communication method, device and system | |
CN103813272A (en) | Cluster group calling downlink transmission method | |
CN105323725A (en) | Air interface encryption method for cluster communication group calling service | |
CN103686616B (en) | A kind of method of cluster group call security encryption synchronization | |
CN102348203A (en) | Method for realizing encryption synchronization | |
WO2022134089A1 (en) | Method and apparatus for generating security context, and computer-readable storage medium | |
US10419249B2 (en) | Scrambling for downlink signaling in wireless communication network | |
WO2021056464A1 (en) | Data safety processing method and communication apparatus | |
KR20100081902A (en) | Method for transmitting and receiving data using random linear coding |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160203 |
|
RJ01 | Rejection of invention patent application after publication |