CN106341419B - A kind of method that calling external encryption/decryption module and mobile terminal - Google Patents
A kind of method that calling external encryption/decryption module and mobile terminal Download PDFInfo
- Publication number
- CN106341419B CN106341419B CN201610905044.8A CN201610905044A CN106341419B CN 106341419 B CN106341419 B CN 106341419B CN 201610905044 A CN201610905044 A CN 201610905044A CN 106341419 B CN106341419 B CN 106341419B
- Authority
- CN
- China
- Prior art keywords
- encryption
- data
- decryption module
- decryption
- external encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
- G06F9/44526—Plug-ins; Add-ons
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention relates to a kind of method for calling external encryption/decryption module and mobile terminals, belong to field of communication technology.This method is driven by the way that external encryption/decryption module is arranged between the protocol stack of mobile terminal and external encryption/decryption module; and define the signal primitive of protocol stack sofeware and the driving communication of external encryption/decryption module; external encryption/decryption module is called to realize data encryption, data deciphering, signaling data integrity protection and signaling data integrity checking by the driving of external encryption/decryption module; this method can quickly complete the encryption and decryption of data, and do not influence protocol stack and handle other task process.
Description
Technical field
The invention belongs to field of communication technology, it is related to a kind of method for calling external encryption/decryption module and mobile terminal.
Background technique
In mobile communication field, due to being transmitted between terminal and network by open radio open, so communicating
Secure context is there are certain hidden danger, and the content on radio open is easy to be monitored and distorted by lawless people, so wireless
In communication network, the safety problem of air interface is increasingly paid attention to by people.In Generic Mobile Web, carried out using SIM card
Authentication and encryption, in private network application, each field also increases oneself exclusive demand for security, in practical projects, usually increases
Add dedicated deciphering chip module, as shown in Figure 1.
Mobile terminal system is generally made of three parts, application processor, baseband processor and Radio Frequency Subsystem.It answers
The various application programs of mobile terminal are mainly carried with processor, communications baseband processor is mainly responsible for logical between terminal and network
Letter, Radio Frequency Subsystem are then to be emitted to baseband signal aerial or receive wireless signal from aerial.In common mobile terminal,
Safety relies primarily on the encryption source code (referred to as: K code) being stored in SIM card, and enciphering and deciphering algorithm and encryption and decryption process are public
It opens, can satisfy common demand for security substantially.But in the application of some special industries, in order to increase security performance, then exist
External encryption/decryption module is also added on the basis of mobile terminal basic structure, which has oneself exclusive and unjust
The encryption mechanism and Encryption Algorithm opened, this greatly improves the security performance of communication.
In mobile communication field, it can be accounted in terms of three safely.It is authentication process, terminal and network first
Between complete mutual validity checking;The integrity protection of signaling data followed by between terminal and network, receiving end can be just
Really determine whether the signaling data received is modified in transmission process, which terminal is the data that send be;It is finally plus solves
Close process, the encryption process of mobile terminal are mainly what application data carried out, such as voice data, Internet data etc..
In special industry, external encryption/decryption module is increased, then all data for sending data and receiving all need
Want external encryption/decryption module that operation is encrypted and decrypted.All signaling datas sent and received require external encryption and decryption mould
Block carries out integrity checking.This has upset original mobile terminal protocol design cycle, brings much to mobile terminal design
It is difficult.
In order to clearly illustrate the above problem, mobile communication terminal in fixed statellite communication system (referred to as: GMR) is given below
Base-band software architecture diagram, as shown in Figure 2.
The air interface of GMR system be develop on the basis of existing Digital Radio mobile communication system (referred to as: GSM) and
Come, the air interface of GMR is as shown in Figure 2.Non-Access Stratum (referred to as: NAS layers) is mainly responsible for processing core net related content, this
Part is not directly dependent upon with access net.Wireless heterogeneous networks (referred to as: RRC) are mainly responsible for the distribution, use, Shen of radio resource
Please, modify, and access net related mobility management, system message interpret, such as carry out cell update, GRA renewal process,
The processes such as cell selection and gravity treatment.Wireless spread-spectrum technology (referred to as: RLC) is mainly responsible for the reliable biography of data between network and terminal
It is defeated, guarantee the correctness of data transmission using automatic repeat request (referred to as: ARQ).Media access control (referred to as: MAC) is main
High level data or signaling are completed to the mapping of physical layer, furthermore MAC layer is also responsible for the radio resource pipe of processing Packet data service
Reason and control.Packet Data Convergence Protocol (referred to as: PDCP) is main to complete the processing of packet data to RLC.
Within the system, the integrity protection of signaling data mainly protects RRC signaling message, and the encryption and decryption of voice data is then
It is completed in MAC layer, the encryption and decryption of packet data is then completed in rlc layer, so in the concrete realization, rrc layer, rlc layer and MAC
Layer requires to carry out data interaction with external encryption/decryption module.
In previous design, external encryption/decryption module is designed using hardware accelerator mode, external encryption/decryption module
Bus and communications baseband processor bus are connected directly, so traffic rate is high, are postponed smaller.It is straight before transmitting data
Calling hardware accelerator is connect, transmits data to physical layer again after waiting hardware accelerator to complete, is then mapped to physics money
On source, finally it is emitted on radio frequency interface.In receiving end, the data received, first calling hardware accelerator solves data
It is close, it is then normally handled again, but this mode is of problems for the realization of external encryption/decryption module.
First: between external encryption/decryption module and communications baseband using physical hardware connect, generally use High Speed Serial or
Parallel port realizes, compared to using for hardware accelerator, this rate or slow very much.
Second: since the realization of communication protocol stack is completed in real time operating system, using calling directly mode,
So there is entire process all and can hang up just can be carried out other signals of later period after waiting the processing of external encryption/decryption module to complete
The problem of processing, may cause the task blocking of real-time multi-task operating system, will affect the stability of the protocol software.
The problem of the invention patent aiming at existing above, proposes a solution, has in practical applications very
Good effect.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of method for calling external encryption/decryption module and mobile terminal,
By the way that external encryption/decryption module driving is arranged between the protocol stack of mobile terminal and external encryption/decryption module, pass through external plus solution
Close module drive calls external encryption/decryption module to realize data encryption, data deciphering, signaling data integrity protection and signaling number
According to integrity checking, this method can quickly complete the encryption and decryption of data, and do not influence protocol stack and handle other task process.
In order to achieve the above objectives, the invention provides the following technical scheme:
A method of calling external encryption/decryption module, comprising the following steps:
S1: external encryption/decryption module driving is set between protocol stack and external encryption/decryption module;
S2: data encryption process: protocol stack sends request coded signal to external encryption/decryption module and drives;External encryption and decryption
Module drive receives request coded signal, carries out data encryption process by external encryption/decryption module, sends after to be encrypted
Encryption completes signal to protocol stack;
S3: data decrypting process: protocol stack sends request decryption signal to external encryption/decryption module and drives;External encryption and decryption
Module drive receives request decryption signal, carries out data decrypting process by external encryption/decryption module, sends after to be decrypted
Decryption completes signal to protocol stack.
During this period, the modules of protocol stack can carry out other task processing.
Further, the parameter needed in the request coded signal containing the data block in need encrypted and encryption.
Further, the parameter needed in the request decryption signal containing the data block in need being decrypted and decryption.
Further, the method also includes signaling data integrity protection process, protocol stack sends request integrity protection
Signal to external encryption/decryption module drives;External encryption/decryption module driving receives request integrity protection signal, is added by external
Deciphering module carries out integrality calculating to signaling data, and complete preservation is sent after to be calculated and completes signal to protocol stack.
It further, include the signaling data bag not comprising integrity protection information in the request integrity protection signal
And the parameter of integrity protection.
Further, the method also includes signaling data integrity checking processes, protocol stack sends request integrity protection
Check that signal to external encryption/decryption module drives;External encryption/decryption module driving receives request integrity protection and checks signal, leads to
It crosses external encryption/decryption module and integrity checking is carried out to signaling data, send complete preservation after to be checked and checked signal
To protocol stack.
Further, after to be checked, if signaling data integrity checking is correctly, to send complete preservation and checked
Signal is to protocol stack, if signaling data integrity checking is non-correct, directly discarding.
Further, the request integrity protection checks that in signal include that the RRC not comprising integrity protection parameter disappears
Breath, the integrity data parsed from RRC information and the parameter for signaling integrity checking.
A kind of mobile terminal calling external encryption/decryption module, including communication of mobile terminal protocol stack, external encryption and decryption mould
Block driving, external encryption/decryption module;The external encryption/decryption module driving is led between protocol stack and external encryption/decryption module
Crossing external encryption/decryption module driving calls external encryption/decryption module to realize data encryption, data deciphering.
The beneficial effects of the present invention are: a kind of method for calling external encryption/decryption module provided by the invention and mobile end
End is driven by the way that external encryption/decryption module is arranged between the protocol stack of mobile terminal and external encryption/decryption module, by external
Encryption/decryption module driving calls external encryption/decryption module to realize data encryption, data deciphering and signaling data integrity protection, letter
Data integrity inspection is enabled, this method can quickly finish the encryption and decryption and signaling data integrity protection, signaling number of data
It according to integrity checking, and does not influence protocol stack during this period and handles other task process, do not influence the stability of the protocol software.
Detailed description of the invention
In order to keep the purpose of the present invention, technical scheme and beneficial effects clearer, the present invention provides following attached drawing and carries out
Illustrate:
Fig. 1 is the architecture diagram of external encrypting module;
Fig. 2 is mobile communication terminal architecture diagram;
Fig. 3 is the architecture diagram of terminal of the present invention;
Fig. 4 is data encryption flow chart;
Fig. 5 is data deciphering flow chart
Fig. 6 is signaling data integrality generating process;
Fig. 7 is signaling data integrity checking processes;
Fig. 8 is the implementation method of signaling data integrity protection;
Fig. 9 is the implementation method of rlc layer encryption and decryption;
Figure 10 is the implementation method of MAC layer encryption and decryption;
Specific embodiment
Below in conjunction with attached drawing, a preferred embodiment of the present invention will be described in detail.
A kind of mobile terminal calling external encryption/decryption module provided by the invention, including communication of mobile terminal protocol stack,
External encryption/decryption module driving, external encryption/decryption module.Wherein, external encryption/decryption module driving is located at protocol stack and external plus solution
Between close module, external encryption/decryption module is called to realize data encryption, data deciphering by the driving of external encryption/decryption module.
A method of external encryption/decryption module being called, by the way that one is arranged between protocol stack and external encryption/decryption module
The driving of external encryption/decryption module, the drive module belong to real time operating system a task (referred to as:
SecurityModuleTask) management of process uses real-time operation between protocol stack sofeware and the driving of external encryption/decryption module
The signal primitive of system is communicated, specific as shown in Figure 3.
Encrypting and decrypting process is by between rlc layer and the driving of external encryption/decryption module and MAC layer and external encryption and decryption
Encryption and decryption primitive between module drive calls the external encryption/decryption module to realize data encryption, data deciphering.
Encryption and decryption primitive include request cryptographic primitives (referred to as: data_cipher_req), encryption complete primitive (referred to as:
Data_cipher_cnf), request decryption primitive (referred to as: data_decipher_req) and decryption complete primitive (abbreviation:
data_decipher_cnf).Wherein, data_cipher_req Primitive Members have: the data block that needs to encrypt (referred to as:
) and the parameter (referred to as: cipherKcode) that needs of encryption dataBlock;Data_decipher_req Primitive Members have:
The parameter (referred to as: cipherKcode) that the data block (referred to as: cipherredDataBlock) of encryption and decryption need.
Signaling data integrity protection and signaling data integrity checking processes pass through in rrc layer and external encryption/decryption module
Integrity protection primitive between driving realizes signaling data integrity protection and signaling number to call external encryption/decryption module
According to integrity checking.
The primitive of integrity protection has: request integrity protection (referred to as: data_integrity_req), complete preservation are complete
At (referred to as: data_integrity_cnf), request integrity protection inspection (referred to as: data_integrity_check_req)
It has been checked (referred to as: data_integrity_check_cnf) with complete preservation.
Wherein, data_integrity_req Primitive Members have: comprising integrity protection RRC information (referred to as:
RrcMsgBlkWithoutIntegrityInfo), integrality calculates the parameter (referred to as: integrityKcode) needed;
Data_integrity_check_req Primitive Members have: comprising complete preservation RRC information (referred to as:
RrcMsgBlkWithoutIntegrityInfo), integrality calculate the parameter (referred to as: integrityKcode) needed and
The integrity protection data (referred to as: integrityData) of the RRC information.
Data encryption process, as shown in figure 4, protocol stack sofeware sends encryption and decryption using the signal primitive of real time operating system
After data drive to external encryption/decryption module, protocol stack sofeware continues subsequent normal flow operation, until protocol stack is soft
It receives the encryption completion signal primitive from the driving of external encryption/decryption module in the task queue of part just to be handled, by what is received
Signal is sent to physical layer;Specifically includes the following steps:
Step 1: whether carrying out data encryption process and be network controlled, and it is also by net which class data, which needs to encrypt,
What network determined.In this scenario, if network needs to carry out data encryption, terminal needs to encrypt data, this mistake
It also needs to initialize peripheral hardware encryption/decryption module before journey.
Step 2: protocol stack is by the data block encrypted (referred to as: dataBlockWithUncipher) and adds
The parameter (referred to as: cipherKcode) of close needs, it is carried along request cryptographic primitives (referred to as: data_cipher_req)
In, it is sent in external encryption/decryption module driving.
Wherein, the parameter cipherKcode for encrypting needs defines difference in different modules and scene.
It is rlcCipherKcode that cipherKcode parameter is defined in RLC module.If channel type is dedicated channel
(referred to as: DCH), then encryption and decryption cipherKcode by the high frame number (referred to as: RLC HFN) of RLC, block sequence number (referred to as: BSN),
Fragmented blocks sequence number (referred to as: SPBN), radio bearer identification (referred to as: Rbid), satellite spot-beam mark (referred to as: Spotbeam)
And sense (referred to as: Dir) is constituted;If channel type is grouped channels (referred to as: PDCH), encryption and decryption
CipherKcode is made of RLC HFN, BSN, SPBN, Rbid, Spotbeam and Dir.
It is macCipherKcode that cipherKcode parameter is defined in MAC module, by HFN, time division multiplexing frame number (letter
Claim: TDMA frame number), Rbid, Spotbeam and Dir constitute.
Step 3,4: after external encryption/decryption module driving receives request, log-on data process, and encrypted result is (simple
Claim: dataBlockWithCipherred) protocol stack is sent back by data_cipher_cnf.During this period, protocol stack is each
A module can carry out other task processing.
Step 5: after protocol stack receives the data dataBlockWithCipherred that encryption is completed, according to radio resource
Using priciple carries out corresponding Physical layer procedures, finally by physical layer channel encoding and decoding, is emitted to by Radio Frequency Subsystem
In the air.
Data decrypting process adopts the data received as shown in figure 5, protocol stack sofeware receives the data from physical layer
It is sent in external encryption/decryption module driving with real time operating system signal primitive, then protocol stack sofeware normally handles other phases
Process is closed, until external encryption/decryption module, which drives, completes decryption, is received in the queue of real time operating system from external
The decryption of encryption and decryption drive module completes signal primitive and just carries out the Message Processing.Specifically includes the following steps:
Step 1: after completing radio configuration between terminal and network, terminal is received on down physical layer channel from net
The encryption data of network generates the procedure parameter that ciphertext data needs.
Step 2: the procedure parameter (referred to as: cipherKcode) that protocol stack needs decryption, and the data encrypted
(referred to as: dataBlockWithCipherred) is sent in external encryption/decryption module driving by data_decipher_req.
Wherein, the parameter cipherKcode for decrypting needs is different with different scenes generating mode according to different modules.
It is rlcCipherKcode that rlc layer, which defines cipherKcode parameter, if channel type is DCH, encryption and decryption
RlcCipherKcode is made of RLC HFN, BSN, SPBN, Rbid, Spotbeam and Dir;If channel type is PDCH,
Then encryption and decryption rlcCipherKcode is made of RLC HFN, BSN, SPBN, Rbid, Spotbeam and Dir.
Defined in MAC layer cipherKcode parameter be macCipherKcode, by HFN, TDMA frame number, Rbid,
Spotbeam and Dir is constituted.
Step 3: external encryption/decryption module driving carries out data decrypting process using external encryption/decryption module, generates decryption number
According to block (referred to as: dataBlockWithUncipher), the processing of protocol stack state machine is unaffected during being somebody's turn to do.
Step 4: after data deciphering is completed in external encryption/decryption module driving processing, by ciphertext data
DataBlockWithUncipher feeds back to protocol stack by data_decipher_cnf.
Step 5: after protocol stack receives dataBlockWithUncipher, carrying out normal flow chart of data processing.
The integrity protection process of signaling data, as shown in fig. 6, protocol stack sofeware is former using the signal of real time operating system
The signaling data that language transmission needs to carry out integrity protection drives to external encryption/decryption module, and then protocol stack sofeware continues
Subsequent normal flow operation, until receiving the signaling number from the driving of external encryption/decryption module in the task queue of protocol stack sofeware
Completion primitive is handled according to integrality just to be handled, and specifically re-assemblies signaling data, assembled signaling data is sent
To physical layer subsystem.Specifically includes the following steps:
Step 1: protocol stack needs to send signaling data to network, and needs to carry out integrity protection process, protocol stack
The signaling data bag (abbreviation rrcMsgBlkWithoutIntegrityInfo) not comprising integrity protection information is firstly generated,
The data packet does not include any integrity-related information, then generates signaling data bag according to protocol requirement and needs to carry out completely
Property protection parameter (referred to as: integrityKcode).
Wherein, integrityKcode parameter by the high frame number (referred to as: RRC HFN) of rrc layer, RRC serial number (referred to as: RRC
SN), Spotbeam and Dir is constituted.
Step 2: protocol stack uses data_integrity_req primitive, by signaling data bag
The rrcMsgBlkWithoutIntegrityInfo and parameter integrityKcode for carrying out integrity protection is sent to external add
In deciphering module driving.
Step 3: external encryption/decryption module drives the signaling data that will be received
RrcMsgBlkWithoutIntegrityInfo and integrity protection parameter integrityKcode is sent to external plus solution
Close module carries out integrality calculating.
Step 4: external encryption/decryption module drives the integrality calculated result of signaling data bag
IntegrityDataResult feeds back to protocol stack by data_integrity_cnf.
Step 5: protocol stack uses the integrality calculated result in data_integrity_cnf
IntegrityDataResult and signaling data content rrcMsgBlkWithoutIntegrityInfo, re-assemblies generation
It is sent to the signaling data bag rrcMsgBlkWithIntegrityInfo of network.
The integrity protection checking process of signaling data, as shown in fig. 7, protocol stack sofeware is received from Radio Frequency Subsystem
Signaling data sends the signaling data received in external encryption/decryption module driving using real time operating system signal primitive,
Then protocol stack sofeware normally handles other related procedures, until external encryption/decryption module drives completion integrity protection to check it
Afterwards, the signaling data integrity checking from external encryption and decryption drive module is received in the queue in real time operating system to complete
Primitive just carries out the message content processing.Specifically includes the following steps:
Step 1: terminal receives the signaling data for carrying out automatic network, needs to carry out integrity protection inspection, checks signaling data
Legitimacy.Protocol stack parse first the RRC information for containing complete preservation parameter (referred to as:
RrcMsgBlkWithIntegrityInfo), complete preservation data (abbreviation integrityData) therein are taken out, are then given birth to
At the RRC information (abbreviation rrcMsgBlkWithoutIntegrityInfo) for not including integrity protection parameter, then calculates and receive
The relevant parameter (referred to as: integrityKcode) of the signaling data arrived, for carrying out signaling data integrity checking.
Wherein, integrityKcode parameter is made of RRC HFN, RRC SN, Spotbeam and Dir.
Step 2: the signaling data bag that protocol stack will be received using data_integrity_check_req primitive
RrcMsgBlkWithoutIntegrityInfo, the integrity data integrityData parsed from RRC information, with
And the parameter integrityKcode for signaling integrity checking is sent in external encryption/decryption module driving.
Step 3: external encryption/decryption module driving uses signaling data bag and the parameter for signaling integrity checking, outside
Connect the integrity protection data (abbreviation that rrcMsgBlkWithoutIntegrityInfo data block is calculated in encryption/decryption module
IntegrityDataResult), if integrityDataResult is identical with integrityData, integrity checking
Correctly, otherwise integrity checking fails.
Step 4: external encryption/decryption module driving uses data_integrity_check_cnf by signaling data integrality
Inspection result feeds back to protocol stack.
Step 5,6: if indicating that signaling data integrity checking is just in data_integrity_check_cnf primitive
True, then protocol stack thinks that the signaling data is legal, normal signaling procedure will be carried out, otherwise it is assumed that the signaling data is deposited
In problem, direct discard processing.
Illustrate that the invention is mobile eventually in specific GMR (the static earth satellite mobile communication system of a new generation) to be more clear
The application in product is held, illustrates implementation method of the invention about mobile terminal safety first, realizes software frame such as
Shown in Fig. 2, entire software architecture is the specific implementation operated in a real time operating system.
Using three independent embodiments illustrate design and use of the invention in GMR mobile terminal, i.e. RRC information
Integrity protection function, the data encrypting and deciphering and MAC layer data encrypting and deciphering of RLC.
Embodiment 1
The realization of the integrity protection function of RRC information, detailed process are as shown in Figure 8.In this example, network makes first
With security mode control message (referred to as: SMC) starting integrity protection function, then to receive the RRC information of carrying out automatic network into
Row integrity checking increases integrity protection information to the RRC information for being sent to network.
It is as follows that terminal carries out integrity protection process:
Step 1: terminal rrc layer receives security mode control SECURITY MODE COMMAND (referred to as: SMC) message, net
Network starts the encryption process to business datum, while network will be provided when carrying out encryption process parameter and encryption and decryption activation
Between.
Step 2,3,4:RRC layers RRC information is received by primitive RLC_AM_DATA_IND, judge its RRC information sequence number
Whether (referred to as: RRC SN) reaches the activationary time of downlink integrity protection.If not reaching activationary time, 4 are thened follow the steps,
Integrity checking is not carried out to the message, directly carries out normal Message Processing;If reaching downlink activationary time, walked
Rapid 5.
After step 5:RRC module receives RLC_AM_DATA_IND, the RRC signaling data block in the primitive is parsed, is taken out
Integrity protection data integrityData therein, then deletes integrity protection information therein, generates RRC again and disappears
Data rrcMsgBlkWithoutIntegrityInfo is ceased, while RRC generation needs to carry out integrity protection calculating
IntegrityKcode code finally uses data_integrity_check_req primitive will
RrcMsgBlkWithoutIntegrityInfo, integrityData and integrityKcode are sent to external encryption and decryption mould
In block driving.
Wherein, integrityKcode parameter, by the high frame number (referred to as: RRC HFN) of the rrc layer of 49 bits, 4 bits
The Dir of RRC serial number (referred to as: RRC SN), the Spotbeam of 10 bits and 1 bit is constituted.
Step 6: external encryption/decryption module driving uses rrcMsgBlkWithoutIntegrityInfo, and for believing
The parameter integrityKcode for enabling data integrity inspection carries out integrality calculating in external encryption/decryption module, it is assumed that meter
It calculates the result is that integrityDataResult, and result is fed back into external encryption/decryption module and is driven, if
IntegrityDataResult is identical with integrityData, then integrity checking is correct, and otherwise integrity checking fails.?
During this, RRC module can carry out other task processing.
Step 7: external encryption/decryption module driving is complete by signaling data using data_integrity_check_cnf primitive
Whole property inspection result feeds back to RRC module.
After step 8:RRC receives message, if indicating signaling data in data_integrity_check_cnf primitive
Integrity checking is incorrect, then RRC module thinks that the signaling data is illegal, executes step 9, it is believed that the signaling data
There are problem, direct discard processing;It is no to then follow the steps 10, normal signaling procedure will be carried out.
Step 10: terminal, which receives, carrys out the instruction of rlc layer RLC_AM_DATA_IND signaling data, if integrity protection inspection
There is no problem, then is normally handled RRC information.Needs are handled according to RRC information, if rrc layer needs to send RRC response
Message is to network, then RRC constitutes the RRC information without integrity protection information first
rrcMsgBlkWithoutIntegrityInfo。
11:RRC layers of step are filled uplink RRC information according to network requirement, and judge whether its uplink RRC SN reaches
Row integrity protection activationary time.If not reaching activationary time, 12 are thened follow the steps, passes through RLC_AM_DATA_REQ primitive
Rlc layer will be issued without the rrcMsgBlkWithoutIntegrityInfo message of integrity protection information;If reaching downlink
Activationary time then carries out step 13.
Step 13: if necessary to carry out integrity protection process, then RRC module, which firstly generates, carries out integrity protection calculating
IntegrityKcode code, then use data_integrity_req primitive, by signaling data
RrcMsgBlkWithoutIntegrityInfo and progress integrity protection parameter integrityKcode are sent to external plus solution
In close module drive.
Wherein integrityKcode parameter, by the high frame number (referred to as: RRC HFN) of the rrc layer of 49 bits, 4 bits
The Dir of RRC serial number (referred to as: RRC SN), the Spotbeam of 10 bits and 1 bit is constituted.
Step 14: external encryption/decryption module drives the signaling data that will be received
RrcMsgBlkWithoutIntegrityInfo and integrity protection calculating parameter integrityKcode, is sent to external
Integrality calculating is carried out in encryption/decryption module, and result integrityResult is fed back into external encryption/decryption module and is driven.
The processing of RRC module status machine is unaffected during being somebody's turn to do.
Step 15: external encryption/decryption module drives the integrality calculated result integrityResult of signaling data bag
RRC module is fed back to by data_integrity_cnf primitive.
Step 16,17:RRC module use the integrality calculated result in data_integrity_cnf primitive
IntegrityResult and signaling data content rrcMsgBlkWithoutIntegrityInfo re-assemblies generation and sends
To the signaling data bag rrcMsgBlkWithIntegrityInfo of network, RLC is sent to by primitive RLC_AM_DATA_REQ
Layer.
Embodiment 2
The data encrypting and deciphering of GMR mobile terminal is in RLC and MAC layer, and rlc layer encryption and decryption detailed process is as shown in figure 9, first
It is that RRC receives the SMC message calls terminal log-on data encryption and decryption for carrying out automatic network.After rrc layer parses SMC message, by network
The encryption/decryption parameter of configuration is configured to RLC module.If RLC receives the encryption data from MAC layer, start decrypting process;
If RLC sends data to MAC layer, MAC layer is re-send to after needing to encrypt data.
Rlc layer data encrypting and deciphering process is as follows:
Steps 1 and 2: terminal rrc layer receives SMC message, parses the message and saves encryption relevant parameter, such as: decryption swashs
Live time, Encryption Algorithm.RRC is done by interface primitives CRLC_CIPHER_REQ configuration encryption relevant parameter to rlc layer, rlc layer
It is corresponding to save.
Step 3,4,5,6:RLC layers pass through interface primitives MAC_DCH_DATA_IND or primitive MAC_PDCH_DATA_IND
Data block is received, judges whether its BSN reaches decryption activationary time.If not reaching activationary time, 5 are executed, not to the number
It is decrypted according to block, after having received all data blocks, executes step 6, recombinate the message and by interface primitives RLC_AM_
DATA_IND is reported to rrc layer;If reaching downlink activationary time, carries out step 7 and data are decrypted.
Step 7: according to network requirement, if protocol stack need RLC module to encrypted data block (referred to as:
DataBlockWithCipherred data deciphering) is carried out.Firstly, the relevant parameter of data block decryption is collected, calculated to RLC module
RlcCipherKcode code, for carrying out data deciphering use.Then, the data block that RLC module decrypts needs
The parameter rlcCipherKcode that dataBlockWithCipherred and decryption need, it is carried along in data_
In decipher_req signal primitive, it is sent in external encryption/decryption module driving.
Wherein, rlcCipherKcode parameter definition are as follows: if channel type is DCH, encryption and decryption
RlcCipherKcode is by RLC HFN of 39 bits, the BSN of 7 bits, the SPBN of 2 bits, the Rbid of 5 bits, 10 bits
The Dir of Spotbeam and 1 bit is constituted;If channel type is PDCH, encryption and decryption rlcCipherKcode is by 36 bits
RLC HFN, the BSN of 10 bits, the SPBN of 2 bits, the Rbid of 5 bits, the Spotbeam of 10 bits and the Dir of 1 bit
It constitutes.
Step 8,9: after external encryption/decryption module driving receives decoding request, external encryption/decryption module log-on data is used
Decrypting process generates business ciphertext data rlcDataBlkWithUncipher, and by decrypted result
RlcDataBlkWithUncipher sends back RLC module by data_decipher_cnf signal primitive.During this period, RLC
Module can carry out other task processing.
Step 10,11,12: the message is recombinated after rlc layer has received all data blocks and by interface primitives RLC_AM_
DATA_IND is reported to rrc layer.After rrc layer carries out respective handling to RRC information, according to protocol requirement, if necessary to receipts
It is replied to RRC information, data block is assumed to rlcDataBlkWithUncipher, then rrc layer passes through RLC_AM_DATA_
RlcDataBlkWithUncipher data block is sent rlc layer by REQ primitive.
Step 13:RLC carries out caching process to the message from rrc layer, and waiting, which is dispatched to, to be come, then will be sent out after message extraction
It send.
Step 14,15,16,17:RLC layers transmission data block request, RLC are received by interface primitives MAC_STATUS_IND
Filling data block simultaneously judges whether its BSN reaches ciphering activation time.If not reaching activationary time, 16 are thened follow the steps, no
The data block is encrypted, directly execution step 17, passes through interface primitives MAC_DCH_DATA_REQ or primitive MAC_PDCH_
DATA_REQ is sent to MAC layer;If reaching ciphering activation time, step 18 is carried out.
Step 18: if necessary to encrypt to rrc layer data, then RLC module will generate the encryption of ciphering process needs
Parameter rlcCipherKcode, then rrc layer believes rlcDataBlkWithUncipher data by data_cipher_req
Number primitive is sent in external encryption/decryption module driving.
Wherein, rlcCipherKcode parameter can be with is defined as: if channel type is DCH, encryption and decryption
RlcCipherKcode is by RLC HFN of 39 bits, the BSN of 7 bits, the SPBN of 2 bits, the Rbid of 5 bits, 10 bits
The Dir of Spotbeam and 1 bit is constituted;If channel type is PDCH, encryption and decryption rlcCipherKcode is by 36 bits
RLC HFN, the BSN of 10 bits, the SPBN of 2 bits, the Rbid of 5 bits, the Spotbeam of 10 bits and the Dir of 1 bit
It constitutes.
Step 19: external encryption/decryption module driving carries out data encryption process using external encryption/decryption module, generates encryption
Data dataBlockWithCipherred.The processing of RLC module state machine is unaffected during being somebody's turn to do.
Step 20: after data encryption is completed in external encryption/decryption module driving processing, by encryption data
DataBlockWithCipherred feeds back to RLC module by data_cipher_cnf primitive.
After step 21:RLC module receives the data dataBlockWithCipherred that encryption is completed, carry out normal
Then flow chart of data processing is sent to MAC by interface primitives MAC_DCH_DATA_REQ or primitive MAC_PDCH_DATA_REQ
Layer.
Embodiment 3
In GMR system, not every business datum can all be forwarded to RLC processing, such as the transparent moulds such as voice data
The data of formula need to complete the encryption and decryption of data in MAC layer.Specific as shown in Figure 10, rrc layer, which receives, first carrys out automatic network
SMC message, it is desirable that terminal mac layer log-on data encryption and decryption, after rrc layer receives message, by the encryption/decryption parameter of MAC layer needs
It is configured to MAC layer, if MAC receives the encryption data of network, data are decrypted in MAC starting decryption process, if MAC
Need to send data, then MAC needs to start encryption flow and encrypts to data, and data encryption re-sends to physics after completing
Layer.
MAC layer encryption and decryption data process is as follows:
Steps 1 and 2: terminal rrc layer receives SMC message, parses the message and saves encryption relevant parameter, such as: decryption swashs
Live time, Encryption Algorithm.
Step 3:RRC does phase by interface primitives CMAC_CIPHER_REQ configuration encryption relevant parameter to MAC layer, MAC layer
The preservation answered.
Step 4,5:MAC layers receive data block by interface primitives MAC_DCH_DATA_IND, judge that its TDMA frame number is
It is no to arrive decryption activationary time.If not reaching activationary time, 6,7 are thened follow the steps, which is not decrypted, by connecing
Mouth primitive MAC_TM_DATA_IND is sent to rlc layer;If reaching downlink activationary time, step 8 is carried out.
Step 8: according to network requirement, protocol stack need MAC module carry out data block (referred to as:
MacDataBlkWithCipherred it) decrypts.The relevant parameter of data block decryption is collected, calculated to MAC module
MacCipherKcode, for carrying out data deciphering use.The data block that MAC module decrypts needs
The parameter macCipherKcode that macDataBlkWithCipherred and decryption need, it is carried along in data_
In decipher_req signal primitive, it is sent in external encryption/decryption module driving.
Wherein macCipherKcode parameter is, by the HFN of 29 bits, the TDMA frame number of 19 bits, 5 bits Rbid,
The Dir of the Spotbeam of 10 bits and 1 bit is constituted.
Step 9,10,11: after external encryption/decryption module driving receives request, using external encryption/decryption module log-on data
Decrypting process generates MAC layer ciphertext data macDataBlkWithUncipher, and decrypted result is passed through data_
Decipher_cnf signal primitive sends back MAC module, and then MAC is sent to RLC by interface primitives MAC_TM_DATA_IND
Layer.During this period, MAC module can carry out other task processing.
After step 12:MAC module receives the data macDataBlkWithUncipher that decryption is completed, according to wireless money
Source using priciple, carries out opposite Physical layer procedures, is emitted to air interface finally by Radio Frequency Subsystem.
13:MAC layers of transmission data block of step, judge whether currently transmitted TDMA frame number reaches ciphering activation time.If
Activationary time is not reached, thens follow the steps 14,15, which is not encrypted, and interface primitives MAC_TM_ is directly passed through
DATA_REQ is sent to physical layer;If reaching ciphering activation time, step 16 is carried out.
The procedure parameter macCipherKcode and data that step 16:MAC module needs encryption
MacDataBlkWithUncipher is sent in external encryption/decryption module driving by data_cipher_req signal primitive.
Wherein, macCipherKcode parameter is, by the HFN of 29 bits, the TDMA frame number of 19 bits, 5 bits Rbid,
The Dir of the Spotbeam of 10 bits and 1 bit is constituted.
Step 17: external encryption/decryption module driving carries out data encryption process using external encryption/decryption module, generates encryption
Data block macDataBlkWithCipherred.The processing of MAC module state machine is unaffected during being somebody's turn to do.
Step 18: after data encryption is completed in external encryption/decryption module driving processing, by encryption data
MacDataBlkWithCipherred feeds back to MAC module by data_cipher_cnf primitive.
After step 19:MAC module receives the data macDataBlkWithCipherred that encryption is completed, carry out normal
Flow chart of data processing, physical layer is then sent to by interface primitives MAC_TM_DATA_REQ.
Finally, it is stated that preferred embodiment above is only used to illustrate the technical scheme of the present invention and not to limit it, although logical
It crosses above preferred embodiment the present invention is described in detail, however, those skilled in the art should understand that, can be
Various changes are made to it in form and in details, without departing from claims of the present invention limited range.
Claims (7)
1. a method of call external encryption/decryption module, it is characterised in that: the following steps are included:
S1: external encryption/decryption module driving is set between protocol stack and external encryption/decryption module;
S2: data encryption process: protocol stack sends request coded signal to external encryption/decryption module and drives;External encryption/decryption module
Driving receives request coded signal, carries out data encryption process by external encryption/decryption module, sends encryption after to be encrypted
Signal is completed to protocol stack;
S3: data decrypting process: protocol stack sends request decryption signal to external encryption/decryption module and drives;External encryption/decryption module
Driving receives request decryption signal, carries out data decrypting process by external encryption/decryption module, sends decryption after to be decrypted
Signal is completed to protocol stack;
The method also includes signaling data integrity protection process, protocol stack sends request integrity protection signal and adds to external
Deciphering module driving;External encryption/decryption module driving receives request integrity protection signal, by external encryption/decryption module to letter
It enables data carry out integrality calculating, complete preservation is sent after to be calculated and completes signal to protocol stack;
The method also includes signaling data integrity checking processes, protocol stack sends request integrity protection and checks signal to outer
Connect encryption/decryption module driving;External encryption/decryption module driving receives request integrity protection and checks signal, passes through external encryption and decryption
Module carries out integrity checking to signaling data, sends complete preservation after to be checked and has checked signal to protocol stack;
Encrypting and decrypting process is by between rlc layer and the driving of external encryption/decryption module and MAC layer and external encryption/decryption module
Encryption and decryption primitive between driving calls the external encryption/decryption module to realize data encryption, data deciphering;
Data encryption process, protocol stack sofeware send encryption and decryption data to external plus solution using the signal primitive of real time operating system
After close module drive, protocol stack sofeware continues subsequent normal flow operation, until in the task queue of protocol stack sofeware
It receives the encryption completion signal primitive from the driving of external encryption/decryption module just to be handled, sends physics for the signal received
Layer;
The integrity protection process of signaling data, protocol stack sofeware need to carry out using the signal primitive transmission of real time operating system
The signaling data of integrity protection drives to external encryption/decryption module, and then protocol stack sofeware continues subsequent normal flow behaviour
Make, has been handled until receiving the signaling data integrality from the driving of external encryption/decryption module in the task queue of protocol stack sofeware
It is just handled at primitive, specifically re-assemblies signaling data, send physical layer subsystem for assembled signaling data;
Signaling data integrity checking processes pass through the integrity protection primitive between rrc layer and the driving of external encryption/decryption module
Signaling data integrity protection and signaling data integrity checking are realized to call external encryption/decryption module;Signaling data it is complete
Whole property protection check process, protocol stack sofeware receive the signaling data from Radio Frequency Subsystem, and the signaling data received is used
Real time operating system signal primitive is sent in external encryption/decryption module driving, and then protocol stack sofeware normally handles other correlations
Process is received in the queue in real time operating system until external encryption/decryption module, which drives, completes integrity protection inspection
Primitive, which is completed, to the signaling data integrity checking from external encryption and decryption drive module just carries out message content processing.
2. a kind of method for calling external encryption/decryption module according to claim 1, it is characterised in that: the request encryption
The parameter needed in signal containing the data block in need encrypted and encryption.
3. a kind of method for calling external encryption/decryption module according to claim 1, it is characterised in that: the request decryption
The parameter needed in signal containing the data block in need being decrypted and decryption.
4. a kind of method for calling external encryption/decryption module according to claim 1, it is characterised in that: the request is complete
Property protection signal in include signaling data bag and integrity protection not comprising integrity protection information parameter.
5. a kind of method for calling external encryption/decryption module according to claim 1, it is characterised in that: end to be checked
Afterwards, if signaling data integrity checking is correctly, to send complete preservation and checked signal to protocol stack, if signaling data is complete
Whole property inspection is non-correct, then directly discarding.
6. a kind of method for calling external encryption/decryption module according to claim 1, it is characterised in that: the request is complete
Include in property protection check signal RRC information not comprising integrity protection parameter, parsed from RRC information it is complete
Property data and the parameter for signaling integrity checking.
7. a kind of mobile terminal for calling external encryption/decryption module based on any one of claim 1~6 the method, special
Sign is: including communication of mobile terminal protocol stack, the driving of external encryption/decryption module, external encryption/decryption module;Described external plus solution
Close module drive calls external encryption and decryption between protocol stack and external encryption/decryption module, through the driving of external encryption/decryption module
Module realizes data encryption, data deciphering.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610905044.8A CN106341419B (en) | 2016-10-17 | 2016-10-17 | A kind of method that calling external encryption/decryption module and mobile terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610905044.8A CN106341419B (en) | 2016-10-17 | 2016-10-17 | A kind of method that calling external encryption/decryption module and mobile terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106341419A CN106341419A (en) | 2017-01-18 |
CN106341419B true CN106341419B (en) | 2019-04-19 |
Family
ID=57839968
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610905044.8A Active CN106341419B (en) | 2016-10-17 | 2016-10-17 | A kind of method that calling external encryption/decryption module and mobile terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106341419B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108111525A (en) * | 2017-12-29 | 2018-06-01 | 成都三零嘉微电子有限公司 | A kind of method that SD card communication protocol using extension realizes data encrypting and deciphering business |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1701586A (en) * | 2003-10-01 | 2005-11-23 | 株式会社东芝 | Flexible protocol stack |
CN1969258A (en) * | 2004-06-16 | 2007-05-23 | 先进微装置公司 | Multipurpose media access data processing system |
CN101996285A (en) * | 2009-08-26 | 2011-03-30 | 联想(北京)有限公司 | Electronic equipment |
CN103873245A (en) * | 2012-12-14 | 2014-06-18 | 华为技术有限公司 | Virtual machine system data encryption method and apparatus |
CN103905192A (en) * | 2012-12-26 | 2014-07-02 | 重庆重邮信科通信技术有限公司 | Encryption authentication method, device and system |
CN104852798A (en) * | 2015-05-11 | 2015-08-19 | 清华大学深圳研究生院 | Data encryption and decryption system and method thereof |
-
2016
- 2016-10-17 CN CN201610905044.8A patent/CN106341419B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1701586A (en) * | 2003-10-01 | 2005-11-23 | 株式会社东芝 | Flexible protocol stack |
CN1969258A (en) * | 2004-06-16 | 2007-05-23 | 先进微装置公司 | Multipurpose media access data processing system |
CN101996285A (en) * | 2009-08-26 | 2011-03-30 | 联想(北京)有限公司 | Electronic equipment |
CN103873245A (en) * | 2012-12-14 | 2014-06-18 | 华为技术有限公司 | Virtual machine system data encryption method and apparatus |
CN103905192A (en) * | 2012-12-26 | 2014-07-02 | 重庆重邮信科通信技术有限公司 | Encryption authentication method, device and system |
CN104852798A (en) * | 2015-05-11 | 2015-08-19 | 清华大学深圳研究生院 | Data encryption and decryption system and method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN106341419A (en) | 2017-01-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103199971B (en) | The data safety that is implemented by WTRU and the method for automatic repeat request and WTRU | |
CN105577364B (en) | A kind of encryption method, decryption method and relevant apparatus | |
CN103856485B (en) | System and method for initializing safety indicator of credible user interface | |
CN201286113Y (en) | Wireless emission/receiving unit | |
CN109951823A (en) | Method and apparatus for vehicle-to-vehicle communication | |
CN105357218B (en) | A kind of router and its encipher-decipher method having hardware enciphering and deciphering function | |
CN101933387B (en) | Communications node and method for executing when communications node | |
CN104994112A (en) | Method for encrypting communication data chain between unmanned aerial vehicle and ground station | |
CN103746962B (en) | GOOSE electric real-time message encryption and decryption method | |
CN111447276B (en) | Encryption continuous transmission method with key agreement function | |
CN106357400A (en) | Method and system for establishing channel between TBOX terminal and TSP platform | |
CN104579679B (en) | Wireless public network data forwarding method for agriculture distribution communication equipment | |
CN108377495A (en) | A kind of data transmission method, relevant device and system | |
CN113868672B (en) | Module wireless firmware upgrading method, security chip and wireless firmware upgrading platform | |
CN103428204A (en) | Data security implementation method capable of resisting timing attacks and devices | |
CN112020038A (en) | Domestic encryption terminal suitable for rail transit mobile application | |
CN109714360A (en) | A kind of intelligent gateway and gateway communication processing method | |
CN105281910A (en) | Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method | |
CN108650096A (en) | A kind of industrial field bus control system | |
CN113591109B (en) | Method and system for communication between trusted execution environment and cloud | |
TWI452887B (en) | Method and apparatus for performing ciphering in a wireless communications system | |
CN1980122B (en) | Method for increasing information transmission safety | |
CN106341419B (en) | A kind of method that calling external encryption/decryption module and mobile terminal | |
CN104010310A (en) | Heterogeneous network unified authentication method based on physical layer safety | |
CN108174344A (en) | GIS location informations transmission encryption method and device in a kind of cluster communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |