CN106341419B - A kind of method that calling external encryption/decryption module and mobile terminal - Google Patents

A kind of method that calling external encryption/decryption module and mobile terminal Download PDF

Info

Publication number
CN106341419B
CN106341419B CN201610905044.8A CN201610905044A CN106341419B CN 106341419 B CN106341419 B CN 106341419B CN 201610905044 A CN201610905044 A CN 201610905044A CN 106341419 B CN106341419 B CN 106341419B
Authority
CN
China
Prior art keywords
encryption
data
decryption module
decryption
external encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610905044.8A
Other languages
Chinese (zh)
Other versions
CN106341419A (en
Inventor
段红光
郑建宏
罗静
罗一静
周朋光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN201610905044.8A priority Critical patent/CN106341419B/en
Publication of CN106341419A publication Critical patent/CN106341419A/en
Application granted granted Critical
Publication of CN106341419B publication Critical patent/CN106341419B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • G06F9/44526Plug-ins; Add-ons
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to a kind of method for calling external encryption/decryption module and mobile terminals, belong to field of communication technology.This method is driven by the way that external encryption/decryption module is arranged between the protocol stack of mobile terminal and external encryption/decryption module; and define the signal primitive of protocol stack sofeware and the driving communication of external encryption/decryption module; external encryption/decryption module is called to realize data encryption, data deciphering, signaling data integrity protection and signaling data integrity checking by the driving of external encryption/decryption module; this method can quickly complete the encryption and decryption of data, and do not influence protocol stack and handle other task process.

Description

A kind of method that calling external encryption/decryption module and mobile terminal
Technical field
The invention belongs to field of communication technology, it is related to a kind of method for calling external encryption/decryption module and mobile terminal.
Background technique
In mobile communication field, due to being transmitted between terminal and network by open radio open, so communicating Secure context is there are certain hidden danger, and the content on radio open is easy to be monitored and distorted by lawless people, so wireless In communication network, the safety problem of air interface is increasingly paid attention to by people.In Generic Mobile Web, carried out using SIM card Authentication and encryption, in private network application, each field also increases oneself exclusive demand for security, in practical projects, usually increases Add dedicated deciphering chip module, as shown in Figure 1.
Mobile terminal system is generally made of three parts, application processor, baseband processor and Radio Frequency Subsystem.It answers The various application programs of mobile terminal are mainly carried with processor, communications baseband processor is mainly responsible for logical between terminal and network Letter, Radio Frequency Subsystem are then to be emitted to baseband signal aerial or receive wireless signal from aerial.In common mobile terminal, Safety relies primarily on the encryption source code (referred to as: K code) being stored in SIM card, and enciphering and deciphering algorithm and encryption and decryption process are public It opens, can satisfy common demand for security substantially.But in the application of some special industries, in order to increase security performance, then exist External encryption/decryption module is also added on the basis of mobile terminal basic structure, which has oneself exclusive and unjust The encryption mechanism and Encryption Algorithm opened, this greatly improves the security performance of communication.
In mobile communication field, it can be accounted in terms of three safely.It is authentication process, terminal and network first Between complete mutual validity checking;The integrity protection of signaling data followed by between terminal and network, receiving end can be just Really determine whether the signaling data received is modified in transmission process, which terminal is the data that send be;It is finally plus solves Close process, the encryption process of mobile terminal are mainly what application data carried out, such as voice data, Internet data etc..
In special industry, external encryption/decryption module is increased, then all data for sending data and receiving all need Want external encryption/decryption module that operation is encrypted and decrypted.All signaling datas sent and received require external encryption and decryption mould Block carries out integrity checking.This has upset original mobile terminal protocol design cycle, brings much to mobile terminal design It is difficult.
In order to clearly illustrate the above problem, mobile communication terminal in fixed statellite communication system (referred to as: GMR) is given below Base-band software architecture diagram, as shown in Figure 2.
The air interface of GMR system be develop on the basis of existing Digital Radio mobile communication system (referred to as: GSM) and Come, the air interface of GMR is as shown in Figure 2.Non-Access Stratum (referred to as: NAS layers) is mainly responsible for processing core net related content, this Part is not directly dependent upon with access net.Wireless heterogeneous networks (referred to as: RRC) are mainly responsible for the distribution, use, Shen of radio resource Please, modify, and access net related mobility management, system message interpret, such as carry out cell update, GRA renewal process, The processes such as cell selection and gravity treatment.Wireless spread-spectrum technology (referred to as: RLC) is mainly responsible for the reliable biography of data between network and terminal It is defeated, guarantee the correctness of data transmission using automatic repeat request (referred to as: ARQ).Media access control (referred to as: MAC) is main High level data or signaling are completed to the mapping of physical layer, furthermore MAC layer is also responsible for the radio resource pipe of processing Packet data service Reason and control.Packet Data Convergence Protocol (referred to as: PDCP) is main to complete the processing of packet data to RLC.
Within the system, the integrity protection of signaling data mainly protects RRC signaling message, and the encryption and decryption of voice data is then It is completed in MAC layer, the encryption and decryption of packet data is then completed in rlc layer, so in the concrete realization, rrc layer, rlc layer and MAC Layer requires to carry out data interaction with external encryption/decryption module.
In previous design, external encryption/decryption module is designed using hardware accelerator mode, external encryption/decryption module Bus and communications baseband processor bus are connected directly, so traffic rate is high, are postponed smaller.It is straight before transmitting data Calling hardware accelerator is connect, transmits data to physical layer again after waiting hardware accelerator to complete, is then mapped to physics money On source, finally it is emitted on radio frequency interface.In receiving end, the data received, first calling hardware accelerator solves data It is close, it is then normally handled again, but this mode is of problems for the realization of external encryption/decryption module.
First: between external encryption/decryption module and communications baseband using physical hardware connect, generally use High Speed Serial or Parallel port realizes, compared to using for hardware accelerator, this rate or slow very much.
Second: since the realization of communication protocol stack is completed in real time operating system, using calling directly mode, So there is entire process all and can hang up just can be carried out other signals of later period after waiting the processing of external encryption/decryption module to complete The problem of processing, may cause the task blocking of real-time multi-task operating system, will affect the stability of the protocol software.
The problem of the invention patent aiming at existing above, proposes a solution, has in practical applications very Good effect.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of method for calling external encryption/decryption module and mobile terminal, By the way that external encryption/decryption module driving is arranged between the protocol stack of mobile terminal and external encryption/decryption module, pass through external plus solution Close module drive calls external encryption/decryption module to realize data encryption, data deciphering, signaling data integrity protection and signaling number According to integrity checking, this method can quickly complete the encryption and decryption of data, and do not influence protocol stack and handle other task process.
In order to achieve the above objectives, the invention provides the following technical scheme:
A method of calling external encryption/decryption module, comprising the following steps:
S1: external encryption/decryption module driving is set between protocol stack and external encryption/decryption module;
S2: data encryption process: protocol stack sends request coded signal to external encryption/decryption module and drives;External encryption and decryption Module drive receives request coded signal, carries out data encryption process by external encryption/decryption module, sends after to be encrypted Encryption completes signal to protocol stack;
S3: data decrypting process: protocol stack sends request decryption signal to external encryption/decryption module and drives;External encryption and decryption Module drive receives request decryption signal, carries out data decrypting process by external encryption/decryption module, sends after to be decrypted Decryption completes signal to protocol stack.
During this period, the modules of protocol stack can carry out other task processing.
Further, the parameter needed in the request coded signal containing the data block in need encrypted and encryption.
Further, the parameter needed in the request decryption signal containing the data block in need being decrypted and decryption.
Further, the method also includes signaling data integrity protection process, protocol stack sends request integrity protection Signal to external encryption/decryption module drives;External encryption/decryption module driving receives request integrity protection signal, is added by external Deciphering module carries out integrality calculating to signaling data, and complete preservation is sent after to be calculated and completes signal to protocol stack.
It further, include the signaling data bag not comprising integrity protection information in the request integrity protection signal And the parameter of integrity protection.
Further, the method also includes signaling data integrity checking processes, protocol stack sends request integrity protection Check that signal to external encryption/decryption module drives;External encryption/decryption module driving receives request integrity protection and checks signal, leads to It crosses external encryption/decryption module and integrity checking is carried out to signaling data, send complete preservation after to be checked and checked signal To protocol stack.
Further, after to be checked, if signaling data integrity checking is correctly, to send complete preservation and checked Signal is to protocol stack, if signaling data integrity checking is non-correct, directly discarding.
Further, the request integrity protection checks that in signal include that the RRC not comprising integrity protection parameter disappears Breath, the integrity data parsed from RRC information and the parameter for signaling integrity checking.
A kind of mobile terminal calling external encryption/decryption module, including communication of mobile terminal protocol stack, external encryption and decryption mould Block driving, external encryption/decryption module;The external encryption/decryption module driving is led between protocol stack and external encryption/decryption module Crossing external encryption/decryption module driving calls external encryption/decryption module to realize data encryption, data deciphering.
The beneficial effects of the present invention are: a kind of method for calling external encryption/decryption module provided by the invention and mobile end End is driven by the way that external encryption/decryption module is arranged between the protocol stack of mobile terminal and external encryption/decryption module, by external Encryption/decryption module driving calls external encryption/decryption module to realize data encryption, data deciphering and signaling data integrity protection, letter Data integrity inspection is enabled, this method can quickly finish the encryption and decryption and signaling data integrity protection, signaling number of data It according to integrity checking, and does not influence protocol stack during this period and handles other task process, do not influence the stability of the protocol software.
Detailed description of the invention
In order to keep the purpose of the present invention, technical scheme and beneficial effects clearer, the present invention provides following attached drawing and carries out Illustrate:
Fig. 1 is the architecture diagram of external encrypting module;
Fig. 2 is mobile communication terminal architecture diagram;
Fig. 3 is the architecture diagram of terminal of the present invention;
Fig. 4 is data encryption flow chart;
Fig. 5 is data deciphering flow chart
Fig. 6 is signaling data integrality generating process;
Fig. 7 is signaling data integrity checking processes;
Fig. 8 is the implementation method of signaling data integrity protection;
Fig. 9 is the implementation method of rlc layer encryption and decryption;
Figure 10 is the implementation method of MAC layer encryption and decryption;
Specific embodiment
Below in conjunction with attached drawing, a preferred embodiment of the present invention will be described in detail.
A kind of mobile terminal calling external encryption/decryption module provided by the invention, including communication of mobile terminal protocol stack, External encryption/decryption module driving, external encryption/decryption module.Wherein, external encryption/decryption module driving is located at protocol stack and external plus solution Between close module, external encryption/decryption module is called to realize data encryption, data deciphering by the driving of external encryption/decryption module.
A method of external encryption/decryption module being called, by the way that one is arranged between protocol stack and external encryption/decryption module The driving of external encryption/decryption module, the drive module belong to real time operating system a task (referred to as: SecurityModuleTask) management of process uses real-time operation between protocol stack sofeware and the driving of external encryption/decryption module The signal primitive of system is communicated, specific as shown in Figure 3.
Encrypting and decrypting process is by between rlc layer and the driving of external encryption/decryption module and MAC layer and external encryption and decryption Encryption and decryption primitive between module drive calls the external encryption/decryption module to realize data encryption, data deciphering.
Encryption and decryption primitive include request cryptographic primitives (referred to as: data_cipher_req), encryption complete primitive (referred to as: Data_cipher_cnf), request decryption primitive (referred to as: data_decipher_req) and decryption complete primitive (abbreviation: data_decipher_cnf).Wherein, data_cipher_req Primitive Members have: the data block that needs to encrypt (referred to as: ) and the parameter (referred to as: cipherKcode) that needs of encryption dataBlock;Data_decipher_req Primitive Members have: The parameter (referred to as: cipherKcode) that the data block (referred to as: cipherredDataBlock) of encryption and decryption need.
Signaling data integrity protection and signaling data integrity checking processes pass through in rrc layer and external encryption/decryption module Integrity protection primitive between driving realizes signaling data integrity protection and signaling number to call external encryption/decryption module According to integrity checking.
The primitive of integrity protection has: request integrity protection (referred to as: data_integrity_req), complete preservation are complete At (referred to as: data_integrity_cnf), request integrity protection inspection (referred to as: data_integrity_check_req) It has been checked (referred to as: data_integrity_check_cnf) with complete preservation.
Wherein, data_integrity_req Primitive Members have: comprising integrity protection RRC information (referred to as: RrcMsgBlkWithoutIntegrityInfo), integrality calculates the parameter (referred to as: integrityKcode) needed; Data_integrity_check_req Primitive Members have: comprising complete preservation RRC information (referred to as: RrcMsgBlkWithoutIntegrityInfo), integrality calculate the parameter (referred to as: integrityKcode) needed and The integrity protection data (referred to as: integrityData) of the RRC information.
Data encryption process, as shown in figure 4, protocol stack sofeware sends encryption and decryption using the signal primitive of real time operating system After data drive to external encryption/decryption module, protocol stack sofeware continues subsequent normal flow operation, until protocol stack is soft It receives the encryption completion signal primitive from the driving of external encryption/decryption module in the task queue of part just to be handled, by what is received Signal is sent to physical layer;Specifically includes the following steps:
Step 1: whether carrying out data encryption process and be network controlled, and it is also by net which class data, which needs to encrypt, What network determined.In this scenario, if network needs to carry out data encryption, terminal needs to encrypt data, this mistake It also needs to initialize peripheral hardware encryption/decryption module before journey.
Step 2: protocol stack is by the data block encrypted (referred to as: dataBlockWithUncipher) and adds The parameter (referred to as: cipherKcode) of close needs, it is carried along request cryptographic primitives (referred to as: data_cipher_req) In, it is sent in external encryption/decryption module driving.
Wherein, the parameter cipherKcode for encrypting needs defines difference in different modules and scene.
It is rlcCipherKcode that cipherKcode parameter is defined in RLC module.If channel type is dedicated channel (referred to as: DCH), then encryption and decryption cipherKcode by the high frame number (referred to as: RLC HFN) of RLC, block sequence number (referred to as: BSN), Fragmented blocks sequence number (referred to as: SPBN), radio bearer identification (referred to as: Rbid), satellite spot-beam mark (referred to as: Spotbeam) And sense (referred to as: Dir) is constituted;If channel type is grouped channels (referred to as: PDCH), encryption and decryption CipherKcode is made of RLC HFN, BSN, SPBN, Rbid, Spotbeam and Dir.
It is macCipherKcode that cipherKcode parameter is defined in MAC module, by HFN, time division multiplexing frame number (letter Claim: TDMA frame number), Rbid, Spotbeam and Dir constitute.
Step 3,4: after external encryption/decryption module driving receives request, log-on data process, and encrypted result is (simple Claim: dataBlockWithCipherred) protocol stack is sent back by data_cipher_cnf.During this period, protocol stack is each A module can carry out other task processing.
Step 5: after protocol stack receives the data dataBlockWithCipherred that encryption is completed, according to radio resource Using priciple carries out corresponding Physical layer procedures, finally by physical layer channel encoding and decoding, is emitted to by Radio Frequency Subsystem In the air.
Data decrypting process adopts the data received as shown in figure 5, protocol stack sofeware receives the data from physical layer It is sent in external encryption/decryption module driving with real time operating system signal primitive, then protocol stack sofeware normally handles other phases Process is closed, until external encryption/decryption module, which drives, completes decryption, is received in the queue of real time operating system from external The decryption of encryption and decryption drive module completes signal primitive and just carries out the Message Processing.Specifically includes the following steps:
Step 1: after completing radio configuration between terminal and network, terminal is received on down physical layer channel from net The encryption data of network generates the procedure parameter that ciphertext data needs.
Step 2: the procedure parameter (referred to as: cipherKcode) that protocol stack needs decryption, and the data encrypted (referred to as: dataBlockWithCipherred) is sent in external encryption/decryption module driving by data_decipher_req.
Wherein, the parameter cipherKcode for decrypting needs is different with different scenes generating mode according to different modules.
It is rlcCipherKcode that rlc layer, which defines cipherKcode parameter, if channel type is DCH, encryption and decryption RlcCipherKcode is made of RLC HFN, BSN, SPBN, Rbid, Spotbeam and Dir;If channel type is PDCH, Then encryption and decryption rlcCipherKcode is made of RLC HFN, BSN, SPBN, Rbid, Spotbeam and Dir.
Defined in MAC layer cipherKcode parameter be macCipherKcode, by HFN, TDMA frame number, Rbid, Spotbeam and Dir is constituted.
Step 3: external encryption/decryption module driving carries out data decrypting process using external encryption/decryption module, generates decryption number According to block (referred to as: dataBlockWithUncipher), the processing of protocol stack state machine is unaffected during being somebody's turn to do.
Step 4: after data deciphering is completed in external encryption/decryption module driving processing, by ciphertext data DataBlockWithUncipher feeds back to protocol stack by data_decipher_cnf.
Step 5: after protocol stack receives dataBlockWithUncipher, carrying out normal flow chart of data processing.
The integrity protection process of signaling data, as shown in fig. 6, protocol stack sofeware is former using the signal of real time operating system The signaling data that language transmission needs to carry out integrity protection drives to external encryption/decryption module, and then protocol stack sofeware continues Subsequent normal flow operation, until receiving the signaling number from the driving of external encryption/decryption module in the task queue of protocol stack sofeware Completion primitive is handled according to integrality just to be handled, and specifically re-assemblies signaling data, assembled signaling data is sent To physical layer subsystem.Specifically includes the following steps:
Step 1: protocol stack needs to send signaling data to network, and needs to carry out integrity protection process, protocol stack The signaling data bag (abbreviation rrcMsgBlkWithoutIntegrityInfo) not comprising integrity protection information is firstly generated, The data packet does not include any integrity-related information, then generates signaling data bag according to protocol requirement and needs to carry out completely Property protection parameter (referred to as: integrityKcode).
Wherein, integrityKcode parameter by the high frame number (referred to as: RRC HFN) of rrc layer, RRC serial number (referred to as: RRC SN), Spotbeam and Dir is constituted.
Step 2: protocol stack uses data_integrity_req primitive, by signaling data bag The rrcMsgBlkWithoutIntegrityInfo and parameter integrityKcode for carrying out integrity protection is sent to external add In deciphering module driving.
Step 3: external encryption/decryption module drives the signaling data that will be received RrcMsgBlkWithoutIntegrityInfo and integrity protection parameter integrityKcode is sent to external plus solution Close module carries out integrality calculating.
Step 4: external encryption/decryption module drives the integrality calculated result of signaling data bag IntegrityDataResult feeds back to protocol stack by data_integrity_cnf.
Step 5: protocol stack uses the integrality calculated result in data_integrity_cnf IntegrityDataResult and signaling data content rrcMsgBlkWithoutIntegrityInfo, re-assemblies generation It is sent to the signaling data bag rrcMsgBlkWithIntegrityInfo of network.
The integrity protection checking process of signaling data, as shown in fig. 7, protocol stack sofeware is received from Radio Frequency Subsystem Signaling data sends the signaling data received in external encryption/decryption module driving using real time operating system signal primitive, Then protocol stack sofeware normally handles other related procedures, until external encryption/decryption module drives completion integrity protection to check it Afterwards, the signaling data integrity checking from external encryption and decryption drive module is received in the queue in real time operating system to complete Primitive just carries out the message content processing.Specifically includes the following steps:
Step 1: terminal receives the signaling data for carrying out automatic network, needs to carry out integrity protection inspection, checks signaling data Legitimacy.Protocol stack parse first the RRC information for containing complete preservation parameter (referred to as: RrcMsgBlkWithIntegrityInfo), complete preservation data (abbreviation integrityData) therein are taken out, are then given birth to At the RRC information (abbreviation rrcMsgBlkWithoutIntegrityInfo) for not including integrity protection parameter, then calculates and receive The relevant parameter (referred to as: integrityKcode) of the signaling data arrived, for carrying out signaling data integrity checking.
Wherein, integrityKcode parameter is made of RRC HFN, RRC SN, Spotbeam and Dir.
Step 2: the signaling data bag that protocol stack will be received using data_integrity_check_req primitive RrcMsgBlkWithoutIntegrityInfo, the integrity data integrityData parsed from RRC information, with And the parameter integrityKcode for signaling integrity checking is sent in external encryption/decryption module driving.
Step 3: external encryption/decryption module driving uses signaling data bag and the parameter for signaling integrity checking, outside Connect the integrity protection data (abbreviation that rrcMsgBlkWithoutIntegrityInfo data block is calculated in encryption/decryption module IntegrityDataResult), if integrityDataResult is identical with integrityData, integrity checking Correctly, otherwise integrity checking fails.
Step 4: external encryption/decryption module driving uses data_integrity_check_cnf by signaling data integrality Inspection result feeds back to protocol stack.
Step 5,6: if indicating that signaling data integrity checking is just in data_integrity_check_cnf primitive True, then protocol stack thinks that the signaling data is legal, normal signaling procedure will be carried out, otherwise it is assumed that the signaling data is deposited In problem, direct discard processing.
Illustrate that the invention is mobile eventually in specific GMR (the static earth satellite mobile communication system of a new generation) to be more clear The application in product is held, illustrates implementation method of the invention about mobile terminal safety first, realizes software frame such as Shown in Fig. 2, entire software architecture is the specific implementation operated in a real time operating system.
Using three independent embodiments illustrate design and use of the invention in GMR mobile terminal, i.e. RRC information Integrity protection function, the data encrypting and deciphering and MAC layer data encrypting and deciphering of RLC.
Embodiment 1
The realization of the integrity protection function of RRC information, detailed process are as shown in Figure 8.In this example, network makes first With security mode control message (referred to as: SMC) starting integrity protection function, then to receive the RRC information of carrying out automatic network into Row integrity checking increases integrity protection information to the RRC information for being sent to network.
It is as follows that terminal carries out integrity protection process:
Step 1: terminal rrc layer receives security mode control SECURITY MODE COMMAND (referred to as: SMC) message, net Network starts the encryption process to business datum, while network will be provided when carrying out encryption process parameter and encryption and decryption activation Between.
Step 2,3,4:RRC layers RRC information is received by primitive RLC_AM_DATA_IND, judge its RRC information sequence number Whether (referred to as: RRC SN) reaches the activationary time of downlink integrity protection.If not reaching activationary time, 4 are thened follow the steps, Integrity checking is not carried out to the message, directly carries out normal Message Processing;If reaching downlink activationary time, walked Rapid 5.
After step 5:RRC module receives RLC_AM_DATA_IND, the RRC signaling data block in the primitive is parsed, is taken out Integrity protection data integrityData therein, then deletes integrity protection information therein, generates RRC again and disappears Data rrcMsgBlkWithoutIntegrityInfo is ceased, while RRC generation needs to carry out integrity protection calculating IntegrityKcode code finally uses data_integrity_check_req primitive will RrcMsgBlkWithoutIntegrityInfo, integrityData and integrityKcode are sent to external encryption and decryption mould In block driving.
Wherein, integrityKcode parameter, by the high frame number (referred to as: RRC HFN) of the rrc layer of 49 bits, 4 bits The Dir of RRC serial number (referred to as: RRC SN), the Spotbeam of 10 bits and 1 bit is constituted.
Step 6: external encryption/decryption module driving uses rrcMsgBlkWithoutIntegrityInfo, and for believing The parameter integrityKcode for enabling data integrity inspection carries out integrality calculating in external encryption/decryption module, it is assumed that meter It calculates the result is that integrityDataResult, and result is fed back into external encryption/decryption module and is driven, if IntegrityDataResult is identical with integrityData, then integrity checking is correct, and otherwise integrity checking fails.? During this, RRC module can carry out other task processing.
Step 7: external encryption/decryption module driving is complete by signaling data using data_integrity_check_cnf primitive Whole property inspection result feeds back to RRC module.
After step 8:RRC receives message, if indicating signaling data in data_integrity_check_cnf primitive Integrity checking is incorrect, then RRC module thinks that the signaling data is illegal, executes step 9, it is believed that the signaling data There are problem, direct discard processing;It is no to then follow the steps 10, normal signaling procedure will be carried out.
Step 10: terminal, which receives, carrys out the instruction of rlc layer RLC_AM_DATA_IND signaling data, if integrity protection inspection There is no problem, then is normally handled RRC information.Needs are handled according to RRC information, if rrc layer needs to send RRC response Message is to network, then RRC constitutes the RRC information without integrity protection information first rrcMsgBlkWithoutIntegrityInfo。
11:RRC layers of step are filled uplink RRC information according to network requirement, and judge whether its uplink RRC SN reaches Row integrity protection activationary time.If not reaching activationary time, 12 are thened follow the steps, passes through RLC_AM_DATA_REQ primitive Rlc layer will be issued without the rrcMsgBlkWithoutIntegrityInfo message of integrity protection information;If reaching downlink Activationary time then carries out step 13.
Step 13: if necessary to carry out integrity protection process, then RRC module, which firstly generates, carries out integrity protection calculating IntegrityKcode code, then use data_integrity_req primitive, by signaling data RrcMsgBlkWithoutIntegrityInfo and progress integrity protection parameter integrityKcode are sent to external plus solution In close module drive.
Wherein integrityKcode parameter, by the high frame number (referred to as: RRC HFN) of the rrc layer of 49 bits, 4 bits The Dir of RRC serial number (referred to as: RRC SN), the Spotbeam of 10 bits and 1 bit is constituted.
Step 14: external encryption/decryption module drives the signaling data that will be received RrcMsgBlkWithoutIntegrityInfo and integrity protection calculating parameter integrityKcode, is sent to external Integrality calculating is carried out in encryption/decryption module, and result integrityResult is fed back into external encryption/decryption module and is driven. The processing of RRC module status machine is unaffected during being somebody's turn to do.
Step 15: external encryption/decryption module drives the integrality calculated result integrityResult of signaling data bag RRC module is fed back to by data_integrity_cnf primitive.
Step 16,17:RRC module use the integrality calculated result in data_integrity_cnf primitive IntegrityResult and signaling data content rrcMsgBlkWithoutIntegrityInfo re-assemblies generation and sends To the signaling data bag rrcMsgBlkWithIntegrityInfo of network, RLC is sent to by primitive RLC_AM_DATA_REQ Layer.
Embodiment 2
The data encrypting and deciphering of GMR mobile terminal is in RLC and MAC layer, and rlc layer encryption and decryption detailed process is as shown in figure 9, first It is that RRC receives the SMC message calls terminal log-on data encryption and decryption for carrying out automatic network.After rrc layer parses SMC message, by network The encryption/decryption parameter of configuration is configured to RLC module.If RLC receives the encryption data from MAC layer, start decrypting process; If RLC sends data to MAC layer, MAC layer is re-send to after needing to encrypt data.
Rlc layer data encrypting and deciphering process is as follows:
Steps 1 and 2: terminal rrc layer receives SMC message, parses the message and saves encryption relevant parameter, such as: decryption swashs Live time, Encryption Algorithm.RRC is done by interface primitives CRLC_CIPHER_REQ configuration encryption relevant parameter to rlc layer, rlc layer It is corresponding to save.
Step 3,4,5,6:RLC layers pass through interface primitives MAC_DCH_DATA_IND or primitive MAC_PDCH_DATA_IND Data block is received, judges whether its BSN reaches decryption activationary time.If not reaching activationary time, 5 are executed, not to the number It is decrypted according to block, after having received all data blocks, executes step 6, recombinate the message and by interface primitives RLC_AM_ DATA_IND is reported to rrc layer;If reaching downlink activationary time, carries out step 7 and data are decrypted.
Step 7: according to network requirement, if protocol stack need RLC module to encrypted data block (referred to as: DataBlockWithCipherred data deciphering) is carried out.Firstly, the relevant parameter of data block decryption is collected, calculated to RLC module RlcCipherKcode code, for carrying out data deciphering use.Then, the data block that RLC module decrypts needs The parameter rlcCipherKcode that dataBlockWithCipherred and decryption need, it is carried along in data_ In decipher_req signal primitive, it is sent in external encryption/decryption module driving.
Wherein, rlcCipherKcode parameter definition are as follows: if channel type is DCH, encryption and decryption RlcCipherKcode is by RLC HFN of 39 bits, the BSN of 7 bits, the SPBN of 2 bits, the Rbid of 5 bits, 10 bits The Dir of Spotbeam and 1 bit is constituted;If channel type is PDCH, encryption and decryption rlcCipherKcode is by 36 bits RLC HFN, the BSN of 10 bits, the SPBN of 2 bits, the Rbid of 5 bits, the Spotbeam of 10 bits and the Dir of 1 bit It constitutes.
Step 8,9: after external encryption/decryption module driving receives decoding request, external encryption/decryption module log-on data is used Decrypting process generates business ciphertext data rlcDataBlkWithUncipher, and by decrypted result RlcDataBlkWithUncipher sends back RLC module by data_decipher_cnf signal primitive.During this period, RLC Module can carry out other task processing.
Step 10,11,12: the message is recombinated after rlc layer has received all data blocks and by interface primitives RLC_AM_ DATA_IND is reported to rrc layer.After rrc layer carries out respective handling to RRC information, according to protocol requirement, if necessary to receipts It is replied to RRC information, data block is assumed to rlcDataBlkWithUncipher, then rrc layer passes through RLC_AM_DATA_ RlcDataBlkWithUncipher data block is sent rlc layer by REQ primitive.
Step 13:RLC carries out caching process to the message from rrc layer, and waiting, which is dispatched to, to be come, then will be sent out after message extraction It send.
Step 14,15,16,17:RLC layers transmission data block request, RLC are received by interface primitives MAC_STATUS_IND Filling data block simultaneously judges whether its BSN reaches ciphering activation time.If not reaching activationary time, 16 are thened follow the steps, no The data block is encrypted, directly execution step 17, passes through interface primitives MAC_DCH_DATA_REQ or primitive MAC_PDCH_ DATA_REQ is sent to MAC layer;If reaching ciphering activation time, step 18 is carried out.
Step 18: if necessary to encrypt to rrc layer data, then RLC module will generate the encryption of ciphering process needs Parameter rlcCipherKcode, then rrc layer believes rlcDataBlkWithUncipher data by data_cipher_req Number primitive is sent in external encryption/decryption module driving.
Wherein, rlcCipherKcode parameter can be with is defined as: if channel type is DCH, encryption and decryption RlcCipherKcode is by RLC HFN of 39 bits, the BSN of 7 bits, the SPBN of 2 bits, the Rbid of 5 bits, 10 bits The Dir of Spotbeam and 1 bit is constituted;If channel type is PDCH, encryption and decryption rlcCipherKcode is by 36 bits RLC HFN, the BSN of 10 bits, the SPBN of 2 bits, the Rbid of 5 bits, the Spotbeam of 10 bits and the Dir of 1 bit It constitutes.
Step 19: external encryption/decryption module driving carries out data encryption process using external encryption/decryption module, generates encryption Data dataBlockWithCipherred.The processing of RLC module state machine is unaffected during being somebody's turn to do.
Step 20: after data encryption is completed in external encryption/decryption module driving processing, by encryption data DataBlockWithCipherred feeds back to RLC module by data_cipher_cnf primitive.
After step 21:RLC module receives the data dataBlockWithCipherred that encryption is completed, carry out normal Then flow chart of data processing is sent to MAC by interface primitives MAC_DCH_DATA_REQ or primitive MAC_PDCH_DATA_REQ Layer.
Embodiment 3
In GMR system, not every business datum can all be forwarded to RLC processing, such as the transparent moulds such as voice data The data of formula need to complete the encryption and decryption of data in MAC layer.Specific as shown in Figure 10, rrc layer, which receives, first carrys out automatic network SMC message, it is desirable that terminal mac layer log-on data encryption and decryption, after rrc layer receives message, by the encryption/decryption parameter of MAC layer needs It is configured to MAC layer, if MAC receives the encryption data of network, data are decrypted in MAC starting decryption process, if MAC Need to send data, then MAC needs to start encryption flow and encrypts to data, and data encryption re-sends to physics after completing Layer.
MAC layer encryption and decryption data process is as follows:
Steps 1 and 2: terminal rrc layer receives SMC message, parses the message and saves encryption relevant parameter, such as: decryption swashs Live time, Encryption Algorithm.
Step 3:RRC does phase by interface primitives CMAC_CIPHER_REQ configuration encryption relevant parameter to MAC layer, MAC layer The preservation answered.
Step 4,5:MAC layers receive data block by interface primitives MAC_DCH_DATA_IND, judge that its TDMA frame number is It is no to arrive decryption activationary time.If not reaching activationary time, 6,7 are thened follow the steps, which is not decrypted, by connecing Mouth primitive MAC_TM_DATA_IND is sent to rlc layer;If reaching downlink activationary time, step 8 is carried out.
Step 8: according to network requirement, protocol stack need MAC module carry out data block (referred to as: MacDataBlkWithCipherred it) decrypts.The relevant parameter of data block decryption is collected, calculated to MAC module MacCipherKcode, for carrying out data deciphering use.The data block that MAC module decrypts needs The parameter macCipherKcode that macDataBlkWithCipherred and decryption need, it is carried along in data_ In decipher_req signal primitive, it is sent in external encryption/decryption module driving.
Wherein macCipherKcode parameter is, by the HFN of 29 bits, the TDMA frame number of 19 bits, 5 bits Rbid, The Dir of the Spotbeam of 10 bits and 1 bit is constituted.
Step 9,10,11: after external encryption/decryption module driving receives request, using external encryption/decryption module log-on data Decrypting process generates MAC layer ciphertext data macDataBlkWithUncipher, and decrypted result is passed through data_ Decipher_cnf signal primitive sends back MAC module, and then MAC is sent to RLC by interface primitives MAC_TM_DATA_IND Layer.During this period, MAC module can carry out other task processing.
After step 12:MAC module receives the data macDataBlkWithUncipher that decryption is completed, according to wireless money Source using priciple, carries out opposite Physical layer procedures, is emitted to air interface finally by Radio Frequency Subsystem.
13:MAC layers of transmission data block of step, judge whether currently transmitted TDMA frame number reaches ciphering activation time.If Activationary time is not reached, thens follow the steps 14,15, which is not encrypted, and interface primitives MAC_TM_ is directly passed through DATA_REQ is sent to physical layer;If reaching ciphering activation time, step 16 is carried out.
The procedure parameter macCipherKcode and data that step 16:MAC module needs encryption MacDataBlkWithUncipher is sent in external encryption/decryption module driving by data_cipher_req signal primitive.
Wherein, macCipherKcode parameter is, by the HFN of 29 bits, the TDMA frame number of 19 bits, 5 bits Rbid, The Dir of the Spotbeam of 10 bits and 1 bit is constituted.
Step 17: external encryption/decryption module driving carries out data encryption process using external encryption/decryption module, generates encryption Data block macDataBlkWithCipherred.The processing of MAC module state machine is unaffected during being somebody's turn to do.
Step 18: after data encryption is completed in external encryption/decryption module driving processing, by encryption data MacDataBlkWithCipherred feeds back to MAC module by data_cipher_cnf primitive.
After step 19:MAC module receives the data macDataBlkWithCipherred that encryption is completed, carry out normal Flow chart of data processing, physical layer is then sent to by interface primitives MAC_TM_DATA_REQ.
Finally, it is stated that preferred embodiment above is only used to illustrate the technical scheme of the present invention and not to limit it, although logical It crosses above preferred embodiment the present invention is described in detail, however, those skilled in the art should understand that, can be Various changes are made to it in form and in details, without departing from claims of the present invention limited range.

Claims (7)

1. a method of call external encryption/decryption module, it is characterised in that: the following steps are included:
S1: external encryption/decryption module driving is set between protocol stack and external encryption/decryption module;
S2: data encryption process: protocol stack sends request coded signal to external encryption/decryption module and drives;External encryption/decryption module Driving receives request coded signal, carries out data encryption process by external encryption/decryption module, sends encryption after to be encrypted Signal is completed to protocol stack;
S3: data decrypting process: protocol stack sends request decryption signal to external encryption/decryption module and drives;External encryption/decryption module Driving receives request decryption signal, carries out data decrypting process by external encryption/decryption module, sends decryption after to be decrypted Signal is completed to protocol stack;
The method also includes signaling data integrity protection process, protocol stack sends request integrity protection signal and adds to external Deciphering module driving;External encryption/decryption module driving receives request integrity protection signal, by external encryption/decryption module to letter It enables data carry out integrality calculating, complete preservation is sent after to be calculated and completes signal to protocol stack;
The method also includes signaling data integrity checking processes, protocol stack sends request integrity protection and checks signal to outer Connect encryption/decryption module driving;External encryption/decryption module driving receives request integrity protection and checks signal, passes through external encryption and decryption Module carries out integrity checking to signaling data, sends complete preservation after to be checked and has checked signal to protocol stack;
Encrypting and decrypting process is by between rlc layer and the driving of external encryption/decryption module and MAC layer and external encryption/decryption module Encryption and decryption primitive between driving calls the external encryption/decryption module to realize data encryption, data deciphering;
Data encryption process, protocol stack sofeware send encryption and decryption data to external plus solution using the signal primitive of real time operating system After close module drive, protocol stack sofeware continues subsequent normal flow operation, until in the task queue of protocol stack sofeware It receives the encryption completion signal primitive from the driving of external encryption/decryption module just to be handled, sends physics for the signal received Layer;
The integrity protection process of signaling data, protocol stack sofeware need to carry out using the signal primitive transmission of real time operating system The signaling data of integrity protection drives to external encryption/decryption module, and then protocol stack sofeware continues subsequent normal flow behaviour Make, has been handled until receiving the signaling data integrality from the driving of external encryption/decryption module in the task queue of protocol stack sofeware It is just handled at primitive, specifically re-assemblies signaling data, send physical layer subsystem for assembled signaling data;
Signaling data integrity checking processes pass through the integrity protection primitive between rrc layer and the driving of external encryption/decryption module Signaling data integrity protection and signaling data integrity checking are realized to call external encryption/decryption module;Signaling data it is complete Whole property protection check process, protocol stack sofeware receive the signaling data from Radio Frequency Subsystem, and the signaling data received is used Real time operating system signal primitive is sent in external encryption/decryption module driving, and then protocol stack sofeware normally handles other correlations Process is received in the queue in real time operating system until external encryption/decryption module, which drives, completes integrity protection inspection Primitive, which is completed, to the signaling data integrity checking from external encryption and decryption drive module just carries out message content processing.
2. a kind of method for calling external encryption/decryption module according to claim 1, it is characterised in that: the request encryption The parameter needed in signal containing the data block in need encrypted and encryption.
3. a kind of method for calling external encryption/decryption module according to claim 1, it is characterised in that: the request decryption The parameter needed in signal containing the data block in need being decrypted and decryption.
4. a kind of method for calling external encryption/decryption module according to claim 1, it is characterised in that: the request is complete Property protection signal in include signaling data bag and integrity protection not comprising integrity protection information parameter.
5. a kind of method for calling external encryption/decryption module according to claim 1, it is characterised in that: end to be checked Afterwards, if signaling data integrity checking is correctly, to send complete preservation and checked signal to protocol stack, if signaling data is complete Whole property inspection is non-correct, then directly discarding.
6. a kind of method for calling external encryption/decryption module according to claim 1, it is characterised in that: the request is complete Include in property protection check signal RRC information not comprising integrity protection parameter, parsed from RRC information it is complete Property data and the parameter for signaling integrity checking.
7. a kind of mobile terminal for calling external encryption/decryption module based on any one of claim 1~6 the method, special Sign is: including communication of mobile terminal protocol stack, the driving of external encryption/decryption module, external encryption/decryption module;Described external plus solution Close module drive calls external encryption and decryption between protocol stack and external encryption/decryption module, through the driving of external encryption/decryption module Module realizes data encryption, data deciphering.
CN201610905044.8A 2016-10-17 2016-10-17 A kind of method that calling external encryption/decryption module and mobile terminal Active CN106341419B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610905044.8A CN106341419B (en) 2016-10-17 2016-10-17 A kind of method that calling external encryption/decryption module and mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610905044.8A CN106341419B (en) 2016-10-17 2016-10-17 A kind of method that calling external encryption/decryption module and mobile terminal

Publications (2)

Publication Number Publication Date
CN106341419A CN106341419A (en) 2017-01-18
CN106341419B true CN106341419B (en) 2019-04-19

Family

ID=57839968

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610905044.8A Active CN106341419B (en) 2016-10-17 2016-10-17 A kind of method that calling external encryption/decryption module and mobile terminal

Country Status (1)

Country Link
CN (1) CN106341419B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108111525A (en) * 2017-12-29 2018-06-01 成都三零嘉微电子有限公司 A kind of method that SD card communication protocol using extension realizes data encrypting and deciphering business

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1701586A (en) * 2003-10-01 2005-11-23 株式会社东芝 Flexible protocol stack
CN1969258A (en) * 2004-06-16 2007-05-23 先进微装置公司 Multipurpose media access data processing system
CN101996285A (en) * 2009-08-26 2011-03-30 联想(北京)有限公司 Electronic equipment
CN103873245A (en) * 2012-12-14 2014-06-18 华为技术有限公司 Virtual machine system data encryption method and apparatus
CN103905192A (en) * 2012-12-26 2014-07-02 重庆重邮信科通信技术有限公司 Encryption authentication method, device and system
CN104852798A (en) * 2015-05-11 2015-08-19 清华大学深圳研究生院 Data encryption and decryption system and method thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1701586A (en) * 2003-10-01 2005-11-23 株式会社东芝 Flexible protocol stack
CN1969258A (en) * 2004-06-16 2007-05-23 先进微装置公司 Multipurpose media access data processing system
CN101996285A (en) * 2009-08-26 2011-03-30 联想(北京)有限公司 Electronic equipment
CN103873245A (en) * 2012-12-14 2014-06-18 华为技术有限公司 Virtual machine system data encryption method and apparatus
CN103905192A (en) * 2012-12-26 2014-07-02 重庆重邮信科通信技术有限公司 Encryption authentication method, device and system
CN104852798A (en) * 2015-05-11 2015-08-19 清华大学深圳研究生院 Data encryption and decryption system and method thereof

Also Published As

Publication number Publication date
CN106341419A (en) 2017-01-18

Similar Documents

Publication Publication Date Title
CN103199971B (en) The data safety that is implemented by WTRU and the method for automatic repeat request and WTRU
CN105577364B (en) A kind of encryption method, decryption method and relevant apparatus
CN103856485B (en) System and method for initializing safety indicator of credible user interface
CN201286113Y (en) Wireless emission/receiving unit
CN109951823A (en) Method and apparatus for vehicle-to-vehicle communication
CN105357218B (en) A kind of router and its encipher-decipher method having hardware enciphering and deciphering function
CN101933387B (en) Communications node and method for executing when communications node
CN104994112A (en) Method for encrypting communication data chain between unmanned aerial vehicle and ground station
CN103746962B (en) GOOSE electric real-time message encryption and decryption method
CN111447276B (en) Encryption continuous transmission method with key agreement function
CN106357400A (en) Method and system for establishing channel between TBOX terminal and TSP platform
CN104579679B (en) Wireless public network data forwarding method for agriculture distribution communication equipment
CN108377495A (en) A kind of data transmission method, relevant device and system
CN113868672B (en) Module wireless firmware upgrading method, security chip and wireless firmware upgrading platform
CN103428204A (en) Data security implementation method capable of resisting timing attacks and devices
CN112020038A (en) Domestic encryption terminal suitable for rail transit mobile application
CN109714360A (en) A kind of intelligent gateway and gateway communication processing method
CN105281910A (en) Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method
CN108650096A (en) A kind of industrial field bus control system
CN113591109B (en) Method and system for communication between trusted execution environment and cloud
TWI452887B (en) Method and apparatus for performing ciphering in a wireless communications system
CN1980122B (en) Method for increasing information transmission safety
CN106341419B (en) A kind of method that calling external encryption/decryption module and mobile terminal
CN104010310A (en) Heterogeneous network unified authentication method based on physical layer safety
CN108174344A (en) GIS location informations transmission encryption method and device in a kind of cluster communication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant