CN106341419A - Method and mobile terminal for invoking external encryption and decryption module - Google Patents

Method and mobile terminal for invoking external encryption and decryption module Download PDF

Info

Publication number
CN106341419A
CN106341419A CN201610905044.8A CN201610905044A CN106341419A CN 106341419 A CN106341419 A CN 106341419A CN 201610905044 A CN201610905044 A CN 201610905044A CN 106341419 A CN106341419 A CN 106341419A
Authority
CN
China
Prior art keywords
encryption
decryption module
data
external encryption
protocol stack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610905044.8A
Other languages
Chinese (zh)
Other versions
CN106341419B (en
Inventor
段红光
郑建宏
罗静
罗一静
周朋光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN201610905044.8A priority Critical patent/CN106341419B/en
Publication of CN106341419A publication Critical patent/CN106341419A/en
Application granted granted Critical
Publication of CN106341419B publication Critical patent/CN106341419B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • G06F9/44526Plug-ins; Add-ons
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to a method and mobile terminal for invoking an external encryption and decryption module, and belongs to the technical field of communication. According to the invention, an external encryption and decryption module driver is arranged between a protocol stack of the mobile terminal and the external encryption and decryption module, protocol stack software and signal primitives for communication of the external encryption and decryption module driver are defined, the external encryption and decryption module is invoked through the external encryption and decryption module driver for realizing data encryption, data decryption, signaling data integrity protection and signaling data integrity inspection, and the method can rapidly complete data encryption and decryption and does not affect the protocol stack in processing other task processes.

Description

A kind of method calling external encryption/decryption module and mobile terminal
Technical field
The invention belongs to communication technical field, it is related to a kind of method calling external encryption/decryption module and mobile terminal.
Background technology
In moving communicating field, due to passing through open radio open transmission between terminal and network, so in communication There is certain hidden danger in secure context, the content on radio open is easily monitored by lawless people and distorted, so wireless In communication network, the safety problem of air interface is increasingly paid attention to by people.In Generic Mobile Web, carried out using sim card Authentication and encryption, in private network application, each field also increases oneself exclusive demand for security, in Practical Project, generally increases Plus special deciphering chip module, as shown in Figure 1.
Mobile terminal system is typically made up of three parts, application processor, baseband processor and Radio Frequency Subsystem.Should Mainly carry the various application program of mobile terminal with processor, communications baseband processor is mainly responsible for logical between terminal and network Letter, Radio Frequency Subsystem is then to be transmitted in the air baseband signal or receive wireless signal from aerial.In common mobile terminal, Safety relies primarily on the encryption source code (referred to as: k code) being saved in sim card, and enciphering and deciphering algorithm and encryption and decryption flow process are public Open, substantially disclosure satisfy that common demand for security.But in the application of some special industries, in order to increase security performance, then exist External encryption/decryption module is also add, this encryption/decryption module has oneself exclusive and unjust on the basis of mobile terminal basic structure The encryption mechanism opened and AES, this greatly improves the security performance of communication.
In moving communicating field, can account in terms of three safely.It is authentication process, terminal and network first Between complete mutual validity checking;Next to that between terminal and network signaling data integrity protection, receiving terminal can be just Which terminal is the data really judge whether the signaling data receiving is modified in transmitting procedure, sending be;It is finally plus solution Close process, the encryption process of mobile terminal is mainly what application data was carried out, such as voice data, Internet data etc..
In special industry, increased external encryption/decryption module, then all transmission data and the data receiving all need External encryption/decryption module to encrypt and decrypt operation.All signaling datas sending and receiving are required for external encryption and decryption mould Block carries out integrity checking.This has upset original mobile terminal protocol design cycle, brings much to mobile terminal design Difficult.
For clear explanation the problems referred to above, in fixed statellite communication system (referred to as: gmr) mobile communication terminal is given below Base-band software Organization Chart, as shown in Figure 2.
The air interface of gmr system be on the basis of existing Digital Radio mobile communication system (referred to as: gsm) development and Come, the air interface of gmr is as shown in Figure 2.Non-Access Stratum (referred to as: nas layer) is mainly responsible for processing core net related content, this Part is not directly dependent upon with access network.Wireless heterogeneous networks (referred to as: rrc) the mainly distribution of responsible Radio Resource, use, Shen Please, change, and access network related mobility management, system message understand, for example carry out cell update, gra renewal process, Cell selects and the processes such as gravity treatment.The reliability that wireless spread-spectrum technology (referred to as: rlc) is mainly responsible for data between network and terminal passes Defeated, ensure the correctness of data transfer using HARQ (referred to as: arq).Medium education (referred to as: mac) is main Complete high level data or signaling to the mapping of physical layer, mac layer is also responsible for processing the Radio Resource pipe of Packet data service in addition Reason and control.PDCP (referred to as: pdcp) mainly completes grouped data to the process of rlc.
Within the system, the integrity protection of signaling data mainly protects rrc signaling message, and the encryption and decryption of voice data is then Complete in mac layer, the encryption and decryption of grouped data then completes in rlc layer, so in implementing, rrc layer, rlc layer and mac Layer is required for carrying out data interaction with external encryption/decryption module.
In conventional design, external encryption/decryption module is designed using hardware accelerator mode, external encryption/decryption module Bus and communications baseband processor bus are joined directly together and connect, so traffic rate is high, postpone smaller.Straight before transmitting data Connect and call hardware accelerator, wait hardware accelerator to transmit data to physical layer again after completing, be then mapped to physics money On source, finally it is transmitted on radio frequency interface.In receiving terminal, the data receiving, call hardware accelerator that data is solved first Close, then normally processed again, but this mode is of problems for the realization of external encryption/decryption module.
First: adopt physical hardware to connect between external encryption/decryption module and communications baseband, generally adopt High Speed Serial or Realizing, for comparing using hardware accelerator, this speed is still a lot of slowly for parallel port.
Second: the realization due to communication protocol stack all completes in real time operating system, using directly invoking mode, So exist whole process all can hang up wait the process of external encryption/decryption module complete after just can carry out other signals of later stage The problem processing, is likely to result in the task blocking of real-time multi-task operating system, by the stability of the impact protocol software.
Patent of the present invention is aiming at the problem existing above it is proposed that a solution, has in actual applications very Good effect.
Content of the invention
In view of this, it is an object of the invention to provide a kind of method calling external encryption/decryption module and mobile terminal, Driven by arranging external encryption/decryption module between the protocol stack of mobile terminal and external encryption/decryption module, by external plus solution Close module drive calls external encryption/decryption module to realize data encryption, data deciphering, signaling data integrity protection and signaling number According to integrity checking, the method can quickly complete the encryption and decryption of data, and does not affect the other task process of protocol stack process.
For reaching above-mentioned purpose, the present invention following technical scheme of offer:
A kind of method calling external encryption/decryption module, comprises the following steps:
S1: the external encryption/decryption module of setting drives and is located between protocol stack and external encryption/decryption module;
S2: data encryption process: protocol stack sends request coded signal and drives to external encryption/decryption module;External encryption and decryption Module drive receives request coded signal, carries out data encryption process by external encryption/decryption module, sends after end to be encrypted Encryption completes signal to protocol stack;
S3: data decrypting process: protocol stack sends request deciphering signal and drives to external encryption/decryption module;External encryption and decryption Module drive receives request deciphering signal, carries out data decrypting process by external encryption/decryption module, sends after end to be decrypted Deciphering completes signal to protocol stack.
During this period, the modules of protocol stack can carry out other task process.
Further, the parameter needing containing the data block being encrypted in need and encryption in described request coded signal.
Further, the parameter needing containing the data block being decrypted in need and deciphering in described request deciphering signal.
Further, methods described also includes signaling data integrity protection process, and protocol stack sends request integrity protection Signal drives to external encryption/decryption module;External encryption/decryption module drives and receives request integrity protection signal, is added by external Deciphering module carries out integrity calculating to signaling data, sends complete preservation and complete signal to protocol stack after end to be calculated.
Further, include, in described request integrity protection signal, the signaling data bag not comprising integrity protection information And the parameter of integrity protection.
Further, methods described also includes signaling data integrity checking processes, and protocol stack sends request integrity protection Check that signal drives to external encryption/decryption module;External encryption/decryption module drives and receives request integrity protection inspection signal, leads to Cross external encryption/decryption module and integrity checking is carried out to signaling data, send complete preservation after end to be checked and checked signal To protocol stack.
Further, after end to be checked, if signaling data integrity checking is correct, sends complete preservation and checked Signal, to protocol stack, if signaling data integrity checking is non-correct, directly abandons.
Further, described request integrity protection checks to include in signal and does not comprise the rrc of integrity protection parameter and disappear Breath, the integrity data parsing from rrc message and the parameter for signaling integrity checking.
A kind of mobile terminal calling external encryption/decryption module, including communication of mobile terminal protocol stack, external encryption and decryption mould Block drives, external encryption/decryption module;Described external encryption/decryption module drives and is located between protocol stack and external encryption/decryption module, leads to Crossing external encryption/decryption module driving calls external encryption/decryption module to realize data encryption, data deciphering.
The beneficial effects of the present invention is: a kind of of present invention offer calls the method for external encryption/decryption module and moves eventually End, is driven by arranging external encryption/decryption module between the protocol stack of mobile terminal and external encryption/decryption module, by external Encryption/decryption module drives calls external encryption/decryption module to realize data encryption, data deciphering and signaling data integrity protection, letter Make data integrity inspection, the method can quickly finish the encryption and decryption of data, and signaling data integrity protection, signaling number According to integrity checking, and do not affect the other task process of protocol stack process during this period, do not affect the stability of the protocol software.
Brief description
In order that the purpose of the present invention, technical scheme and beneficial effect are clearer, the present invention provides drawings described below to carry out Illustrate:
Fig. 1 is the Organization Chart of external encrypting module;
Fig. 2 is mobile communication terminal architecture diagram;
Fig. 3 is the Organization Chart of terminal of the present invention;
Fig. 4 is data encryption flow chart;
Fig. 5 is data deciphering flow chart
Fig. 6 is signaling data integrity generating process;
Fig. 7 is signaling data integrity checking processes;
Fig. 8 is the implementation method of signaling data integrity protection;
Fig. 9 is the implementation method of rlc layer encryption and decryption;
Figure 10 is the implementation method of mac layer encryption and decryption;
Specific embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described in detail.
The present invention provide a kind of mobile terminal calling external encryption/decryption module, including communication of mobile terminal protocol stack, External encryption/decryption module drives, external encryption/decryption module.Wherein, external encryption/decryption module drives and is located at protocol stack and external plus solution Between close module, driven by external encryption/decryption module and call external encryption/decryption module to realize data encryption, data deciphering.
A kind of method calling external encryption/decryption module, by arranging one between protocol stack and external encryption/decryption module External encryption/decryption module drives, this drive module belong to real time operating system a task (referred to as: Securitymoduletask) management of process, adopts real-time operation between protocol stack sofeware and external encryption/decryption module drive The signal primitive of system is communicated, specifically as shown in Figure 3.
Encrypting and decrypting process is passed through between rlc layer and external encryption/decryption module drive, and mac layer and external encryption and decryption Encryption and decryption primitive between module drive realizes data encryption, data deciphering calling external encryption/decryption module.
Encryption and decryption primitive include ask cryptographic primitives (referred to as: data_cipher_req), encryption complete primitive (referred to as: Data_cipher_cnf), request deciphering primitive (referred to as: data_decipher_req) and deciphering complete primitive (referred to as: data_decipher_cnf).Wherein, data_cipher_req Primitive Members have: need encryption data block (referred to as: Datablock) and encryption need parameter (referred to as: cipherkcode);Data_decipher_req Primitive Members have: The data block (referred to as: cipherreddatablock) of encryption and the parameter (referred to as: cipherkcode) of deciphering needs.
Signaling data integrity protection and signaling data integrity checking processes pass through in rrc layer and external encryption/decryption module Integrity protection primitive between driving to realize signaling data integrity protection and signaling number to call external encryption/decryption module According to integrity checking.
The primitive of integrity protection has: request integrity protection (referred to as: data_integrity_req), complete preservation are complete Become (referred to as: data_integrity_cnf), request integrity protection inspection (referred to as: data_integrity_check_req) Check (referred to as: data_integrity_check_cnf) with complete preservation.
Wherein, data_integrity_req Primitive Members have: do not comprise integrity protection rrc message (referred to as: Rrcmsgblkwithoutintegrityinfo), integrity calculates the parameter (referred to as: integritykcode) needing; Data_integrity_check_req Primitive Members have: do not comprise complete preservation rrc message (referred to as: Rrcmsgblkwithoutintegrityinfo), integrity calculate need parameter (referred to as: integritykcode) and The integrity protection data (referred to as: integritydata) of this rrc message.
Data encryption process, as shown in figure 4, protocol stack sofeware adopts the signal primitive of real time operating system to send encryption and decryption After data drives to external encryption/decryption module, protocol stack sofeware proceeds follow-up normal flow operation, until protocol stack is soft Receive the encryption driving from external encryption/decryption module in the task queue of part to complete signal primitive and just processed, by receive Signal is sent to physical layer;Specifically include following steps:
Step 1: whether carry out data encryption process and be network controlled, and any class data to need encryption be also by net Network determines.In this scenario, if network needs to carry out data encryption, terminal needs data is encrypted, this mistake Also need to before journey peripheral hardware encryption/decryption module is initialized.
Step 2: protocol stack by the data block (referred to as: datablockwithuncipher) needing to be encrypted and adds The parameter (referred to as: cipherkcode) of close needs, carried along request cryptographic primitives (referred to as: data_cipher_req) In, it is sent in external encryption/decryption module driving.
Wherein, parameter cipherkcode that encryption needs is different defined in different modules and scene.
Cipherkcode parameter defined in rlc module is rlccipherkcode.If channel type is dedicated channel (referred to as: dch), then encryption and decryption cipherkcode by the high frame number (referred to as: rlc hfn) of rlc, block serial number (referred to as: bsn), Fragmented blocks serial number (referred to as: spbn), radio bearer identification (referred to as: rbid), satellite spot-beam mark (referred to as: spotbeam) And sense (referred to as: dir) is constituted;If channel type is grouped channels (referred to as: pdch), encryption and decryption Cipherkcode is made up of rlc hfn, bsn, spbn, rbid, spotbeam and dir.
Cipherkcode parameter defined in mac module is maccipherkcode, by the hfn, (letter of time division multiplex frame number Claim: tdma frame number), rbid, spotbeam and dir constitute.
Step 3,4: external encryption/decryption module drives after receiving request, log-on data process, and encrypted result is (simple Claim: datablockwithcipherred) protocol stack is sent back by data_cipher_cnf.During this period, protocol stack is each Individual module can carry out other task process.
Step 5: after protocol stack receives data datablockwithcipherred that encryption completes, according to Radio Resource Using priciple, carries out corresponding Physical layer procedures, finally by physical layer channel encoding and decoding, is transmitted into by Radio Frequency Subsystem In the air.
Data decrypting process, as shown in figure 5, protocol stack sofeware receives the data from physical layer, the data receiving is adopted It is sent in external encryption/decryption module driving with real time operating system signal primitive, then other phases of protocol stack sofeware normal process Close flow process, after the driving of external encryption/decryption module completes deciphering, receive from external in the queue of real time operating system The deciphering of encryption and decryption drive module completes signal primitive and just carries out this Message Processing.Specifically include following steps:
Step 1: after completing radio configuration between terminal and network, terminal receives from net on down physical layer channel The encryption data of network, generates the procedure parameter that ciphertext data needs.
Step 2: protocol stack will decipher the procedure parameter (referred to as: cipherkcode) needing, and the data encrypted (referred to as: datablockwithcipherred) is sent in external encryption/decryption module driving by data_decipher_req.
Wherein, parameter cipherkcode that deciphering needs is different with different scenes generating mode according to different modules.
It is rlccipherkcode that rlc layer defines cipherkcode parameter, if channel type is dch, encryption and decryption Rlccipherkcode is made up of rlc hfn, bsn, spbn, rbid, spotbeam and dir;If channel type is pdch, Then encryption and decryption rlccipherkcode is made up of rlc hfn, bsn, spbn, rbid, spotbeam and dir.
Defined in mac layer cipherkcode parameter be maccipherkcode, by hfn, tdma frame number, rbid, Spotbeam and dir is constituted.
Step 3: external encryption/decryption module drives and carries out data decrypting process using external encryption/decryption module, generates deciphering number According to block (referred to as: datablockwithuncipher), during being somebody's turn to do, the process of protocol stack state machine is unaffected.
Step 4: external encryption/decryption module driving is processed after completing data deciphering, by ciphertext data Datablockwithuncipher feeds back to protocol stack by data_decipher_cnf.
Step 5: after protocol stack receives datablockwithuncipher, carry out normal flow chart of data processing.
The integrity protection process of signaling data, as shown in fig. 6, protocol stack sofeware adopts the signal of real time operating system former Language sends needs the signaling data carrying out integrity protection to drive to external encryption/decryption module, and then protocol stack sofeware proceeds Follow-up normal flow operation, receives the signaling number driving from external encryption/decryption module in the task queue of protocol stack sofeware Complete primitive according to integrity process just to be processed, specifically re-assembly signaling data, the signaling data assembling is sent To physical layer subsystem.Specifically include following steps:
Step 1: protocol stack needs to send signaling data to network, and needs to carry out integrity protection process, protocol stack Firstly generate the signaling data bag (abbreviation rrcmsgblkwithoutintegrityinfo) not comprising integrity protection information, This packet does not include any integrity-related information, and then generating signaling data bag according to protocol requirement needs to carry out completely Property protection parameter (referred to as: integritykcode).
Wherein, integritykcode parameter is by the high frame number (referred to as: rrc hfn) of rrc layer, rrc sequence number (referred to as: rrc Sn), spotbeam and dir is constituted.
Step 2: protocol stack uses data_integrity_req primitive, by signaling data bag Rrcmsgblkwithoutintegrityinfo and parameter integritykcode carrying out integrity protection are sent to external adding During deciphering module drives.
Step 3: external encryption/decryption module drives the signaling data receiving Rrcmsgblkwithoutintegrityinfo, and integrity protection parameter integritykcode, are sent to external plus solution Close module carries out integrity calculating.
Step 4: external encryption/decryption module drives the integrity result of calculation of signaling data bag Integritydataresult feeds back to protocol stack by data_integrity_cnf.
Step 5: protocol stack uses the integrity result of calculation in data_integrity_cnf Integritydataresult and signaling data content rrcmsgblkwithoutintegrityinfo, re-assemblies generation It is sent to signaling data bag rrcmsgblkwithintegrityinfo of network.
The integrity protection checking process of signaling data, as shown in fig. 7, protocol stack sofeware receives from Radio Frequency Subsystem Signaling data, the signaling data receiving is sent in external encryption/decryption module driving using real time operating system signal primitive, Then other related procedure of protocol stack sofeware normal process, check it until the driving of external encryption/decryption module completes integrity protection Afterwards, receive the signaling data integrity checking from external encryption and decryption drive module in the queue in real time operating system to complete Primitive just carries out this message content process.Specifically include following steps:
Step 1: terminal receives the signaling data of automatic network, needs to carry out integrity protection inspection, checks signaling data Legitimacy.Protocol stack parse first this rrc message containing complete preservation parameter (referred to as: Rrcmsgblkwithintegrityinfo), complete preservation data therein (abbreviation integritydata), Ran Housheng are taken out Become not comprising the rrc message (abbreviation rrcmsgblkwithoutintegrityinfo) of integrity protection parameter, then calculate and receive The relevant parameter (referred to as: integritykcode) of the signaling data arriving, is used for carrying out signaling data integrity checking.
Wherein, integritykcode parameter, is made up of rrc hfn, rrc sn, spotbeam and dir.
Step 2: protocol stack is using data_integrity_check_req primitive by the signaling data bag receiving Rrcmsgblkwithoutintegrityinfo, integrity data integritydata parsing from rrc message, with And be sent to during external encryption/decryption module drives for parameter integritykcode of signaling integrity checking.
Step 3: external encryption/decryption module drives the parameter using signaling data bag with for signaling integrity checking, outside Connect and calculate the integrity protection data of rrcmsgblkwithoutintegrityinfo data block in encryption/decryption module (referred to as Integritydataresult), if integritydataresult with integritydata is identical, integrity checking Correctly, otherwise integrity checking failure.
Step 4: external encryption/decryption module drives signaling data integrity using data_integrity_check_cnf Inspection result feeds back to protocol stack.
Step 5,6: if indicating in data_integrity_check_cnf primitive that signaling data integrity checking is just True, then protocol stack thinks that this signaling data is legal, will carry out normal signaling procedure, otherwise it is assumed that this signaling data is deposited In problem, direct discard processing.
In order to become apparent from illustrating that this invention is mobile eventually in concrete gmr (static earth satellite mobile communication system of new generation) Application in the product of end, illustrates the implementation method with regard to mobile terminal safety for this invention, it realizes software frame such as first Shown in Fig. 2, whole software architecture is to operate in implementing in a real time operating system.
Using three independent embodiments, design and use in gmr mobile terminal for this invention are described, i.e. rrc message Integrity protection function, the data encrypting and deciphering of rlc and mac layer data encryption and decryption.
Embodiment 1
The realization of the integrity protection function of rrc message, idiographic flow is as shown in Figure 8.In this example, network makes first Start integrity protection function with security mode control message (referred to as: smc), then the rrc message receiving automatic network is entered Row integrity checking, increases integrity protection information to the rrc message being sent to network.
It is as follows that terminal carries out integrity protection flow process:
Step 1: terminal rrc layer receives security mode control security mode command (referred to as: smc) message, net Network starts the encryption process to business datum, when offer is carried out encryption process parameter and encryption and decryption activation by network simultaneously Between.
Step 2,3,4:rrc layer rrc message is received by primitive rlc_am_data_ind, judge its rrc message SN Whether (referred to as: rrc sn) reaches the activationary time of descending integrity protection.If not reaching activationary time, execution step 4, Integrity checking is not carried out to this message, directly carry out normal Message Processing;If reaching descending activationary time, walked Rapid 5.
After step 5:rrc module receives rlc_am_data_ind, parse the rrc signaling data block in this primitive, take out Integrity protection data integritydata therein, then deletes integrity protection information therein, generates rrc again and disappears Breath data rrcmsgblkwithoutintegrityinfo, rrc generation simultaneously needs to carry out integrity protection calculating Integritykcode code, finally will using data_integrity_check_req primitive Rrcmsgblkwithoutintegrityinfo, integritydata and integritykcode are sent to external encryption and decryption mould During block drives.
Wherein, integritykcode parameter, by the high frame number (referred to as: rrc hfn) of the rrc layer of 49 bits, 4 bits The dir of rrc sequence number (referred to as: rrc sn), the spotbeam of 10 bits and 1 bit is constituted.
Step 6: external encryption/decryption module drives and uses rrcmsgblkwithoutintegrityinfo, and is used for believing Parameter integritykcode making data integrity check, carries out integrity calculating it is assumed that counting in external encryption/decryption module Calculating result is integritydataresult, and result is fed back to external encryption/decryption module driving, if Integritydataresult with integritydata is identical, then integrity checking is correct, otherwise integrity checking failure.? During this, rrc module can carry out other task process.
Step 7: external encryption/decryption module drives using data_integrity_check_cnf primitive, signaling data is complete Whole property inspection result feeds back to rrc module.
After step 8:rrc receives message, if indicating signaling data in data_integrity_check_cnf primitive Integrity checking is incorrect, then rrc module thinks that this signaling data is illegal, and execution step 9 is it is believed that this signaling data Existing problems, direct discard processing;Otherwise execution step 10, will carry out normal signaling procedure.
Step 10: terminal receives the instruction of rlc layer rlc_am_data_ind signaling data, if integrity protection inspection Have no problem, then normal process is carried out to rrc message.According to rrc Message Processing needs, if rrc layer needs to send rrc response Message constitutes the rrc message without integrity protection information first to network, then rrc rrcmsgblkwithoutintegrityinfo.
Step 11:rrc layer fills up rrc message according to network requirement, and judges whether its up rrc sn reaches Row integrity protection activationary time.If not reaching activationary time, execution step 12, by rlc_am_data_req primitive Rrcmsgblkwithoutintegrityinfo message without integrity protection information is issued rlc layer;If reaching descending Activationary time, then carry out step 13.
Step 13: carry out integrity protection process if necessary, then rrc module firstly generates and carries out integrity protection calculating Integritykcode code, then using data_integrity_req primitive, by signaling data Rrcmsgblkwithoutintegrityinfo is sent to external plus solution with carrying out integrity protection parameter integritykcode In close module drive.
Wherein integritykcode parameter, by the high frame number (referred to as: rrc hfn) of the rrc layer of 49 bits, 4 bits The dir of rrc sequence number (referred to as: rrc sn), the spotbeam of 10 bits and 1 bit is constituted.
Step 14: external encryption/decryption module drives the signaling data receiving Rrcmsgblkwithoutintegrityinfo, and integrity protection calculating parameter integritykcode, are sent to external Carry out integrity calculating in encryption/decryption module, and result integrityresult fed back to external encryption/decryption module driving. During being somebody's turn to do, the process of rrc module status machine is unaffected.
Step 15: external encryption/decryption module drives integrity result of calculation integrityresult of signaling data bag Rrc module is fed back to by data_integrity_cnf primitive.
Step 16,17:rrc module use the integrity result of calculation in data_integrity_cnf primitive Integrityresult and signaling data content rrcmsgblkwithoutintegrityinfo, re-assemblies generation and sends To signaling data bag rrcmsgblkwithintegrityinfo of network, rlc is sent to by primitive rlc_am_data_req Layer.
Embodiment 2
, in rlc and mac layer, rlc layer encryption and decryption idiographic flow is as shown in figure 9, first for the data encrypting and deciphering of gmr mobile terminal It is the smc message calls terminal log-on data encryption and decryption that rrc receives automatic network.After rrc layer parsing smc message, by network The encryption/decryption parameter of configuration is configured to rlc module.If rlc receives the encryption data from mac layer, start decrypting process; If rlc sends data to mac layer, after needing data is encrypted, re-send to mac layer.
Rlc layer data encryption process is as follows:
Step 1,2: terminal rrc layer receives smc message, parses this message and preserves encryption relevant parameter, for example: deciphering swash Live time, AES.Rrc passes through interface primitives crlc_cipher_req configuration encryption relevant parameter to rlc layer, and rlc layer does Corresponding preservation.
Step 3,4,5,6:rlc layer pass through interface primitives mac_dch_data_ind or primitive mac_pdch_data_ind Receive data block, judge whether its bsn reaches deciphering activationary time.If not reaching activationary time, execute 5, not to this number It is decrypted according to block, after having received all data blocks, execution step 6, this message of recombinating simultaneously passes through interface primitives rlc_am_ Data_ind reports rrc layer;If reaching descending activationary time, carrying out step 7 and data is decrypted.
Step 7: according to network requirement, if protocol stack need rlc module to the data block of encryption (referred to as: Datablockwithcipherred) carry out data deciphering.First, rlc module collection, the relevant parameter of calculating data block deciphering Rlccipherkcode code, is used for carrying out data deciphering use.Then, rlc module will need the data block of deciphering Datablockwithcipherred and deciphering need parameter rlccipherkcode, carried along in data_ In decipher_req signal primitive, it is sent in external encryption/decryption module driving.
Wherein, rlccipherkcode parameter is defined as: if channel type is dch, encryption and decryption Rlccipherkcode is by the rlc hfn of 39 bits, the bsn of 7 bits, the spbn of 2 bits, the rbid of 5 bits, 10 bits The dir of spotbeam and 1 bit is constituted;If channel type is pdch, encryption and decryption rlccipherkcode is by 36 bits Rlc hfn, the bsn of 10 bits, the spbn of 2 bits, the dir of the rbid of 5 bits, the spotbeam of 10 bits and 1 bit Constitute.
Step 8,9: external encryption/decryption module drives after receiving decoding request, using external encryption/decryption module log-on data Decrypting process, generates business ciphertext data rlcdatablkwithuncipher, and by decrypted result Rlcdatablkwithuncipher sends back rlc module by data_decipher_cnf signal primitive.During this period, rlc Module can carry out other task process.
Step 10,11,12: this message of recombinating after rlc layer has received all data blocks simultaneously passes through interface primitives rlc_am_ Data_ind reports rrc layer.After rrc layer carries out respective handling to rrc message, according to protocol requirement, if necessary to receipts Replied to rrc message, data block is assumed to rlcdatablkwithuncipher, then rrc layer passes through rlc_am_data_ Rlcdatablkwithuncipher data block is sent to rlc layer by req primitive.
Step 13:rlc carries out caching process to the message from rrc layer, waits scheduling to arrive, then will send out after message extraction Send.
Step 14,15,16,17:rlc layer transmission data block request, rlc are received by interface primitives mac_status_ind Filling data block simultaneously judges whether its bsn reaches ciphering activation time.If not reaching activationary time, execution step 16, no This data block is encrypted, direct execution step 17, by interface primitives mac_dch_data_req or primitive mac_pdch_ Data_req is sent to mac layer;If arrival ciphering activation time, carry out step 18.
Step 18: if necessary to be encrypted to rrc layer data, then rlc module will generate the encryption that ciphering process needs Parameter rlccipherkcode, then rrc layer rlcdatablkwithuncipher data is believed by data_cipher_req Number primitive is sent to during external encryption/decryption module drives.
Wherein, rlccipherkcode parameter can be defined as: if channel type is dch, encryption and decryption Rlccipherkcode is by the rlc hfn of 39 bits, the bsn of 7 bits, the spbn of 2 bits, the rbid of 5 bits, 10 bits The dir of spotbeam and 1 bit is constituted;If channel type is pdch, encryption and decryption rlccipherkcode is by 36 bits Rlc hfn, the bsn of 10 bits, the spbn of 2 bits, the dir of the rbid of 5 bits, the spotbeam of 10 bits and 1 bit Constitute.
Step 19: external encryption/decryption module drives and carries out data encryption process using external encryption/decryption module, generates encryption Data datablockwithcipherred.During being somebody's turn to do, the process of rlc module status machine is unaffected.
Step 20: external encryption/decryption module driving is processed after completing data encryption, by encryption data Datablockwithcipherred feeds back to rlc module by data_cipher_cnf primitive.
After step 21:rlc module receives data datablockwithcipherred that encryption completes, carry out normal Flow chart of data processing, is then sent to mac by interface primitives mac_dch_data_req or primitive mac_pdch_data_req Layer.
Embodiment 3
In gmr system, not every business datum all can be forwarded to rlc process, the transparent mould such as such as voice data The data of formula, needs to complete the encryption and decryption of data in mac layer.Specifically as shown in Figure 10, rrc layer first receives automatic network Smc message it is desirable to terminal mac layer log-on data encryption and decryption, after rrc layer receives message, encryption/decryption parameter that mac layer is needed It is configured to mac layer, if mac receives the encryption data of network, mac starts deciphering flow process and data is decrypted, if mac Need to send data, then mac needs startup encryption flow that data is encrypted, and data encryption re-sends to physics after completing Layer.
Mac layer encryption and decryption data flow process is as follows:
Step 1,2: terminal rrc layer receives smc message, parses this message and preserves encryption relevant parameter, for example: deciphering swash Live time, AES.
Step 3:rrc passes through interface primitives cmac_cipher_req configuration encryption relevant parameter to mac layer, and mac layer does phase The preservation answered.
Step 4,5:mac layer receive data block by interface primitives mac_dch_data_ind, judge that its tdma frame number is No to deciphering activationary time.If not reaching activationary time, execution step 6,7, this data block is not decrypted, by connecing Mouth primitive mac_tm_data_ind is sent to rlc layer;If reaching descending activationary time, carry out step 8.
Step 8: according to network requirement, protocol stack need mac module carry out data block (referred to as: Macdatablkwithcipherred) decipher.Mac module collection, the relevant parameter of calculating data block deciphering Maccipherkcode, is used for carrying out data deciphering use.Mac module will need the data block of deciphering Macdatablkwithcipherred and deciphering need parameter maccipherkcode, carried along in data_ In decipher_req signal primitive, it is sent in external encryption/decryption module driving.
Wherein maccipherkcode parameter is, by the hfn of 29 bits, the tdma frame number of 19 bits, the rbid of 5 bits, The dir of the spotbeam of 10 bits and 1 bit is constituted.
Step 9,10,11: external encryption/decryption module drives after receiving request, using external encryption/decryption module log-on data Decrypting process, generates mac layer ciphertext data macdatablkwithuncipher, and decrypted result is passed through data_ Decipher_cnf signal primitive sends back mac module, and then mac is sent to rlc by interface primitives mac_tm_data_ind Layer.During this period, mac module can carry out other task process.
After step 12:mac module receives data macdatablkwithuncipher that deciphering completes, provided according to wireless Source using priciple, carries out relative Physical layer procedures, is transmitted into air interface finally by Radio Frequency Subsystem.
Step 13:mac layer sends data block, judges whether currently transmitted tdma frame number reaches ciphering activation time.If Do not reach activationary time, then execution step 14,15, this data block is not encrypted, directly pass through interface primitives mac_tm_ Data_req is sent to physical layer;If arrival ciphering activation time, carry out step 16.
Step 16:mac module will encrypt the procedure parameter maccipherkcode needing, and data Macdatablkwithuncipher is sent in external encryption/decryption module driving by data_cipher_req signal primitive.
Wherein, maccipherkcode parameter is, by the hfn of 29 bits, the tdma frame number of 19 bits, the rbid of 5 bits, The dir of the spotbeam of 10 bits and 1 bit is constituted.
Step 17: external encryption/decryption module drives and carries out data encryption process using external encryption/decryption module, generates encryption Data block macdatablkwithcipherred.During being somebody's turn to do, the process of mac module status machine is unaffected.
Step 18: external encryption/decryption module driving is processed after completing data encryption, by encryption data Macdatablkwithcipherred feeds back to mac module by data_cipher_cnf primitive.
After step 19:mac module receives data macdatablkwithcipherred that encryption completes, carry out normal Flow chart of data processing, then physical layer is sent to by interface primitives mac_tm_data_req.
Finally illustrate, preferred embodiment above only in order to technical scheme to be described and unrestricted, although logical Cross above preferred embodiment the present invention to be described in detail, it is to be understood by those skilled in the art that can be In form and various changes are made to it, without departing from claims of the present invention limited range in details.

Claims (9)

1. a kind of method calling external encryption/decryption module it is characterised in that: comprise the following steps:
S1: the external encryption/decryption module of setting drives and is located between protocol stack and external encryption/decryption module;
S2: data encryption process: protocol stack sends request coded signal and drives to external encryption/decryption module;External encryption/decryption module Driving receives request coded signal, carries out data encryption process by external encryption/decryption module, sends encryption after end to be encrypted Complete signal to protocol stack;
S3: data decrypting process: protocol stack sends request deciphering signal and drives to external encryption/decryption module;External encryption/decryption module Driving receives request deciphering signal, carries out data decrypting process by external encryption/decryption module, sends deciphering after end to be decrypted Complete signal to protocol stack.
2. a kind of method calling external encryption/decryption module according to claim 1 it is characterised in that: described request encryption The parameter that the data block being encrypted in need and encryption need is contained in signal.
3. a kind of method calling external encryption/decryption module according to claim 1 it is characterised in that: described request deciphering The parameter that the data block being decrypted in need and deciphering need is contained in signal.
4. a kind of method calling external encryption/decryption module according to claim 1 it is characterised in that: methods described is also wrapped Include signaling data integrity protection process, protocol stack sends request integrity protection signal and drives to external encryption/decryption module;Outward Connect encryption/decryption module driving and receive request integrity protection signal, integrity is carried out to signaling data by external encryption/decryption module Calculate, send complete preservation after end to be calculated and complete signal to protocol stack.
5. a kind of method calling external encryption/decryption module according to claim 4 it is characterised in that: described request is complete The signaling data bag not comprising integrity protection information and the parameter of integrity protection is included in property protection signal.
6. a kind of method calling external encryption/decryption module according to claim 4 it is characterised in that: methods described is also wrapped Include signaling data integrity checking processes, protocol stack sends request integrity protection and checks that signal drives to external encryption/decryption module Dynamic;External encryption/decryption module drives and receives request integrity protection inspection signal, by external encryption/decryption module to signaling data Carry out integrity checking, send complete preservation after end to be checked and checked signal to protocol stack.
7. a kind of method calling external encryption/decryption module according to claim 6 it is characterised in that: end to be checked Afterwards, if signaling data integrity checking is correct, send complete preservation and checked signal to protocol stack, if signaling data is complete The inspection of whole property is non-correct, then directly abandon.
8. a kind of method calling external encryption/decryption module according to claim 6 or 7 it is characterised in that: described request Integrity protection checks to include in signal and does not comprise the rrc message of integrity protection parameter, parses from rrc message Integrity data and the parameter for signaling integrity checking.
9. a kind of mobile terminal calling external encryption/decryption module it is characterised in that: include communication of mobile terminal protocol stack, external Encryption/decryption module drives, external encryption/decryption module;Described external encryption/decryption module drives and is located at protocol stack and external encryption and decryption mould Between block, driven by external encryption/decryption module and call external encryption/decryption module to realize data encryption, data deciphering.
CN201610905044.8A 2016-10-17 2016-10-17 A kind of method that calling external encryption/decryption module and mobile terminal Active CN106341419B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610905044.8A CN106341419B (en) 2016-10-17 2016-10-17 A kind of method that calling external encryption/decryption module and mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610905044.8A CN106341419B (en) 2016-10-17 2016-10-17 A kind of method that calling external encryption/decryption module and mobile terminal

Publications (2)

Publication Number Publication Date
CN106341419A true CN106341419A (en) 2017-01-18
CN106341419B CN106341419B (en) 2019-04-19

Family

ID=57839968

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610905044.8A Active CN106341419B (en) 2016-10-17 2016-10-17 A kind of method that calling external encryption/decryption module and mobile terminal

Country Status (1)

Country Link
CN (1) CN106341419B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108111525A (en) * 2017-12-29 2018-06-01 成都三零嘉微电子有限公司 A kind of method that SD card communication protocol using extension realizes data encrypting and deciphering business

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1701586A (en) * 2003-10-01 2005-11-23 株式会社东芝 Flexible protocol stack
CN1969258A (en) * 2004-06-16 2007-05-23 先进微装置公司 Multipurpose media access data processing system
CN101996285A (en) * 2009-08-26 2011-03-30 联想(北京)有限公司 Electronic equipment
CN103873245A (en) * 2012-12-14 2014-06-18 华为技术有限公司 Virtual machine system data encryption method and apparatus
CN103905192A (en) * 2012-12-26 2014-07-02 重庆重邮信科通信技术有限公司 Encryption authentication method, device and system
CN104852798A (en) * 2015-05-11 2015-08-19 清华大学深圳研究生院 Data encryption and decryption system and method thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1701586A (en) * 2003-10-01 2005-11-23 株式会社东芝 Flexible protocol stack
CN1969258A (en) * 2004-06-16 2007-05-23 先进微装置公司 Multipurpose media access data processing system
CN101996285A (en) * 2009-08-26 2011-03-30 联想(北京)有限公司 Electronic equipment
CN103873245A (en) * 2012-12-14 2014-06-18 华为技术有限公司 Virtual machine system data encryption method and apparatus
CN103905192A (en) * 2012-12-26 2014-07-02 重庆重邮信科通信技术有限公司 Encryption authentication method, device and system
CN104852798A (en) * 2015-05-11 2015-08-19 清华大学深圳研究生院 Data encryption and decryption system and method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108111525A (en) * 2017-12-29 2018-06-01 成都三零嘉微电子有限公司 A kind of method that SD card communication protocol using extension realizes data encrypting and deciphering business

Also Published As

Publication number Publication date
CN106341419B (en) 2019-04-19

Similar Documents

Publication Publication Date Title
CN109951823A (en) Method and apparatus for vehicle-to-vehicle communication
US20240064003A1 (en) Encryption Method, Decryption Method, and Related Apparatus
CN100401792C (en) Method for building-up radio carrier in mobile communication system
CN201286113Y (en) Wireless emission/receiving unit
CN106357400B (en) Establish the method and system in channel between TBOX terminal and TSP platform
CN101933387B (en) Communications node and method for executing when communications node
CN105357218B (en) A kind of router and its encipher-decipher method having hardware enciphering and deciphering function
CN106973056B (en) Object-oriented security chip and encryption method thereof
CN111447276B (en) Encryption continuous transmission method with key agreement function
CN101502040A (en) Reducing security protocol overhead in low data rate applications over a wireless link
CN103428896A (en) Evolved universal terrestrial radio access network (E-UTRAN) and communication method thereof, and user equipment
CN106572106A (en) Method of transmitting message between TBOX terminal and TSP platform
CN103428204A (en) Data security implementation method capable of resisting timing attacks and devices
CN102638328B (en) A kind of method of transfer of data and device
CN101170392A (en) Method and apparatus for handling protocol error in a wireless communications system
CN103458401B (en) A kind of voice encryption communication system and communication means
TWI452887B (en) Method and apparatus for performing ciphering in a wireless communications system
CN1980122B (en) Method for increasing information transmission safety
CN109543452A (en) Data transmission method, device, electronic equipment and computer readable storage medium
CN106341419B (en) A kind of method that calling external encryption/decryption module and mobile terminal
US7933597B2 (en) Method of registering a network, and mobile station and communication system using the same
CN108174344A (en) GIS location informations transmission encryption method and device in a kind of cluster communication
CN211046952U (en) Internet of things safety communication device based on NB-IoT
CN103581034A (en) Message mirroring and encrypted transmitting method
CN106357403A (en) Device and method for encryption protection of link communication and safety message processing system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant